10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5*1914Scasper * Common Development and Distribution License (the "License").
6*1914Scasper * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
200Sstevel@tonic-gate */
210Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
220Sstevel@tonic-gate
230Sstevel@tonic-gate /*
24*1914Scasper * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
250Sstevel@tonic-gate * Use is subject to license terms.
260Sstevel@tonic-gate *
270Sstevel@tonic-gate * A module that implements a dummy security mechanism.
280Sstevel@tonic-gate * It's mainly used to test GSS-API application. Multiple tokens
290Sstevel@tonic-gate * exchanged during security context establishment can be
300Sstevel@tonic-gate * specified through dummy_mech.conf located in /etc.
310Sstevel@tonic-gate *
320Sstevel@tonic-gate */
330Sstevel@tonic-gate /* EXPORT DELETE START */ /* CRYPT DELETE START */
340Sstevel@tonic-gate #ifndef lint
350Sstevel@tonic-gate #define dummy_gss_accept_sec_context \
360Sstevel@tonic-gate dummy_867227349
370Sstevel@tonic-gate #define dummy_gss_acquire_cred \
380Sstevel@tonic-gate dummy_352458907
390Sstevel@tonic-gate #define dummy_gss_add_cred \
400Sstevel@tonic-gate dummy_911432290
410Sstevel@tonic-gate #define dummy_gss_compare_name \
420Sstevel@tonic-gate dummy_396663848
430Sstevel@tonic-gate #define dummy_gss_context_time \
440Sstevel@tonic-gate dummy_955669998
450Sstevel@tonic-gate #define dummy_gss_delete_sec_context \
460Sstevel@tonic-gate dummy_440868788
470Sstevel@tonic-gate #define dummy_gss_display_name \
480Sstevel@tonic-gate dummy_999874939
490Sstevel@tonic-gate #define dummy_gss_display_status \
500Sstevel@tonic-gate dummy_485073729
510Sstevel@tonic-gate #define dummy_gss_export_sec_context \
520Sstevel@tonic-gate dummy_1044079879
530Sstevel@tonic-gate #define dummy_gss_import_name \
540Sstevel@tonic-gate dummy_529311438
550Sstevel@tonic-gate #define dummy_gss_import_sec_context \
560Sstevel@tonic-gate dummy_14542996
570Sstevel@tonic-gate #define dummy_gss_indicate_mechs \
580Sstevel@tonic-gate dummy_573516378
590Sstevel@tonic-gate #define dummy_gss_init_sec_context \
600Sstevel@tonic-gate dummy_58780705
610Sstevel@tonic-gate #define dummy_gss_inquire_context \
620Sstevel@tonic-gate dummy_617721319
630Sstevel@tonic-gate #define dummy_gss_inquire_cred \
640Sstevel@tonic-gate dummy_102985645
650Sstevel@tonic-gate #define dummy_gss_inquire_cred_by_mech \
660Sstevel@tonic-gate dummy_661926260
670Sstevel@tonic-gate #define dummy_gss_inquire_names_for_mech \
680Sstevel@tonic-gate dummy_147190586
690Sstevel@tonic-gate #define dummy_gss_internal_release_oid \
700Sstevel@tonic-gate dummy_706163968
710Sstevel@tonic-gate #define dummy_gss_process_context_token \
720Sstevel@tonic-gate dummy_191395526
730Sstevel@tonic-gate #define dummy_gss_release_cred \
740Sstevel@tonic-gate dummy_750368909
750Sstevel@tonic-gate #define dummy_gss_release_name \
760Sstevel@tonic-gate dummy_235600467
770Sstevel@tonic-gate #define dummy_gss_seal \
780Sstevel@tonic-gate dummy_794573849
790Sstevel@tonic-gate #define dummy_gss_sign \
800Sstevel@tonic-gate dummy_279838176
810Sstevel@tonic-gate #define dummy_gss_unseal \
820Sstevel@tonic-gate dummy_838778790
830Sstevel@tonic-gate #define dummy_gss_verify \
840Sstevel@tonic-gate dummy_324010348
850Sstevel@tonic-gate #define dummy_gss_wrap_size_limit \
860Sstevel@tonic-gate dummy_882983731
870Sstevel@tonic-gate #define dummy_pname_to_uid \
880Sstevel@tonic-gate dummy_345475423
890Sstevel@tonic-gate #endif
900Sstevel@tonic-gate /* EXPORT DELETE END */ /* CRYPT DELETE END */
910Sstevel@tonic-gate
920Sstevel@tonic-gate #include <stdio.h>
930Sstevel@tonic-gate #include <stdlib.h>
940Sstevel@tonic-gate #include <gssapiP_dummy.h>
950Sstevel@tonic-gate #include <mechglueP.h>
960Sstevel@tonic-gate #include <gssapi_err_generic.h>
970Sstevel@tonic-gate
980Sstevel@tonic-gate #define dummy_context_name_len 19
990Sstevel@tonic-gate /* private routines for dummy_mechanism */
1000Sstevel@tonic-gate static dummy_token_t make_dummy_token(char *name);
1010Sstevel@tonic-gate static void free_dummy_token(dummy_token_t *token);
1020Sstevel@tonic-gate static gss_buffer_desc make_dummy_token_buffer(char *name);
1030Sstevel@tonic-gate static gss_buffer_desc make_dummy_token_msg(void *data, int datalen);
1040Sstevel@tonic-gate static int der_length_size(int length);
1050Sstevel@tonic-gate static void der_write_length(unsigned char ** buf, int length);
1060Sstevel@tonic-gate static int der_read_length(unsigned char **buf, int *bufsize);
1070Sstevel@tonic-gate static int g_token_size(gss_OID mech, unsigned int body_size);
1080Sstevel@tonic-gate static void g_make_token_header(gss_OID mech, int body_size,
1090Sstevel@tonic-gate unsigned char **buf, int tok_type);
1100Sstevel@tonic-gate static int g_verify_token_header(gss_OID mech, int *body_size,
1110Sstevel@tonic-gate unsigned char **buf_in, int tok_type,
1120Sstevel@tonic-gate int toksize);
1130Sstevel@tonic-gate
1140Sstevel@tonic-gate
1150Sstevel@tonic-gate /* private global variables */
1160Sstevel@tonic-gate static char dummy_srcname[] = "dummy source";
1170Sstevel@tonic-gate static OM_uint32 dummy_flags;
1180Sstevel@tonic-gate static int token_nums;
1190Sstevel@tonic-gate
1200Sstevel@tonic-gate /*
1210Sstevel@tonic-gate * The Mech OID:
1220Sstevel@tonic-gate * { iso(1) org(3) internet(6) dod(1) private(4) enterprises(1) sun(42)
1230Sstevel@tonic-gate * products(2) gssapi(26) mechtypes(1) dummy(2) }
1240Sstevel@tonic-gate */
1250Sstevel@tonic-gate static struct gss_config dummy_mechanism =
1260Sstevel@tonic-gate {{10, "\053\006\001\004\001\052\002\032\001\002"},
1270Sstevel@tonic-gate NULL,
1280Sstevel@tonic-gate dummy_gss_acquire_cred,
1290Sstevel@tonic-gate dummy_gss_release_cred,
1300Sstevel@tonic-gate dummy_gss_init_sec_context,
1310Sstevel@tonic-gate dummy_gss_accept_sec_context,
1320Sstevel@tonic-gate /* EXPORT DELETE START */ /* CRYPT DELETE START */
1330Sstevel@tonic-gate dummy_gss_unseal,
1340Sstevel@tonic-gate /* EXPORT DELETE END */ /* CRYPT DELETE END */
1350Sstevel@tonic-gate dummy_gss_process_context_token,
1360Sstevel@tonic-gate dummy_gss_delete_sec_context,
1370Sstevel@tonic-gate dummy_gss_context_time,
1380Sstevel@tonic-gate dummy_gss_display_status,
1390Sstevel@tonic-gate dummy_gss_indicate_mechs,
1400Sstevel@tonic-gate dummy_gss_compare_name,
1410Sstevel@tonic-gate dummy_gss_display_name,
1420Sstevel@tonic-gate dummy_gss_import_name,
1430Sstevel@tonic-gate dummy_gss_release_name,
1440Sstevel@tonic-gate dummy_gss_inquire_cred,
1450Sstevel@tonic-gate dummy_gss_add_cred,
1460Sstevel@tonic-gate /* EXPORT DELETE START */ /* CRYPT DELETE START */
1470Sstevel@tonic-gate dummy_gss_seal,
1480Sstevel@tonic-gate /* EXPORT DELETE END */ /* CRYPT DELETE END */
1490Sstevel@tonic-gate dummy_gss_export_sec_context,
1500Sstevel@tonic-gate dummy_gss_import_sec_context,
1510Sstevel@tonic-gate dummy_gss_inquire_cred_by_mech,
1520Sstevel@tonic-gate dummy_gss_inquire_names_for_mech,
1530Sstevel@tonic-gate dummy_gss_inquire_context,
1540Sstevel@tonic-gate dummy_gss_internal_release_oid,
1550Sstevel@tonic-gate dummy_gss_wrap_size_limit,
1560Sstevel@tonic-gate dummy_pname_to_uid,
1570Sstevel@tonic-gate NULL, /* __gss_userok */
1580Sstevel@tonic-gate NULL, /* _export name */
1590Sstevel@tonic-gate /* EXPORT DELETE START */
1600Sstevel@tonic-gate /* CRYPT DELETE START */
1610Sstevel@tonic-gate #if 0
1620Sstevel@tonic-gate /* CRYPT DELETE END */
1630Sstevel@tonic-gate dummy_gss_seal,
1640Sstevel@tonic-gate dummy_gss_unseal,
1650Sstevel@tonic-gate /* CRYPT DELETE START */
1660Sstevel@tonic-gate #endif
1670Sstevel@tonic-gate /* CRYPT DELETE END */
1680Sstevel@tonic-gate /* EXPORT DELETE END */
1690Sstevel@tonic-gate dummy_gss_sign,
1700Sstevel@tonic-gate dummy_gss_verify,
1710Sstevel@tonic-gate NULL, /* _store_cred */
1720Sstevel@tonic-gate };
1730Sstevel@tonic-gate
1740Sstevel@tonic-gate gss_mechanism
gss_mech_initialize(oid)1750Sstevel@tonic-gate gss_mech_initialize(oid)
1760Sstevel@tonic-gate const gss_OID oid;
1770Sstevel@tonic-gate {
1780Sstevel@tonic-gate FILE *fp;
1790Sstevel@tonic-gate
1800Sstevel@tonic-gate dprintf("Entering gss_mech_initialize\n");
1810Sstevel@tonic-gate
1820Sstevel@tonic-gate if (oid == NULL ||
1830Sstevel@tonic-gate !g_OID_equal(oid, &dummy_mechanism.mech_type)) {
1840Sstevel@tonic-gate fprintf(stderr, "invalid dummy mechanism oid.\n");
1850Sstevel@tonic-gate return (NULL);
1860Sstevel@tonic-gate }
1870Sstevel@tonic-gate
188*1914Scasper fp = fopen("/etc/dummy_mech_token.conf", "rF");
1890Sstevel@tonic-gate if (fp == NULL) {
1900Sstevel@tonic-gate fprintf(stderr, "dummy_mech.conf is not found.\n");
1910Sstevel@tonic-gate fprintf(stderr, "Setting number tokens exchanged to 1\n");
1920Sstevel@tonic-gate token_nums = 1;
1930Sstevel@tonic-gate } else {
1940Sstevel@tonic-gate fscanf(fp, "%d", &token_nums);
1950Sstevel@tonic-gate fclose(fp);
1960Sstevel@tonic-gate dprintf("dummy_mech.conf is found.\n");
1970Sstevel@tonic-gate dprintf1("Setting number tokens exchanged to %d\n", token_nums);
1980Sstevel@tonic-gate }
1990Sstevel@tonic-gate
2000Sstevel@tonic-gate if (token_nums == 1)
2010Sstevel@tonic-gate dummy_flags = GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG;
2020Sstevel@tonic-gate else
2030Sstevel@tonic-gate dummy_flags = GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG
2040Sstevel@tonic-gate | GSS_C_MUTUAL_FLAG;
2050Sstevel@tonic-gate
2060Sstevel@tonic-gate dprintf("Leaving gss_mech_initialize\n");
2070Sstevel@tonic-gate return (&dummy_mechanism);
2080Sstevel@tonic-gate }
2090Sstevel@tonic-gate
2100Sstevel@tonic-gate /*ARGSUSED*/
2110Sstevel@tonic-gate OM_uint32
dummy_gss_acquire_cred(ctx,minor_status,desired_name,time_req,desired_mechs,cred_usage,output_cred_handle,actual_mechs,time_rec)2120Sstevel@tonic-gate dummy_gss_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
2130Sstevel@tonic-gate cred_usage, output_cred_handle,
2140Sstevel@tonic-gate actual_mechs, time_rec)
2150Sstevel@tonic-gate void *ctx;
2160Sstevel@tonic-gate OM_uint32 *minor_status;
2170Sstevel@tonic-gate gss_name_t desired_name;
2180Sstevel@tonic-gate OM_uint32 time_req;
2190Sstevel@tonic-gate gss_OID_set desired_mechs;
2200Sstevel@tonic-gate gss_cred_usage_t cred_usage;
2210Sstevel@tonic-gate gss_cred_id_t *output_cred_handle;
2220Sstevel@tonic-gate gss_OID_set *actual_mechs;
2230Sstevel@tonic-gate OM_uint32 *time_rec;
2240Sstevel@tonic-gate {
2250Sstevel@tonic-gate dprintf("Entering dummy_gss_acquire_cred\n");
2260Sstevel@tonic-gate
2270Sstevel@tonic-gate if (actual_mechs)
2280Sstevel@tonic-gate *actual_mechs = NULL;
2290Sstevel@tonic-gate if (time_rec)
2300Sstevel@tonic-gate *time_rec = 0;
2310Sstevel@tonic-gate
2320Sstevel@tonic-gate *output_cred_handle = (gss_cred_id_t)
2330Sstevel@tonic-gate make_dummy_token("dummy_gss_acquire_cred");
2340Sstevel@tonic-gate if (time_rec) /* user may pass a null pointer */
2350Sstevel@tonic-gate *time_rec = GSS_C_INDEFINITE;
2360Sstevel@tonic-gate if (actual_mechs) {
2370Sstevel@tonic-gate if (gss_copy_oid_set(minor_status, gss_mech_set_dummy,
2380Sstevel@tonic-gate actual_mechs) == GSS_S_FAILURE) {
2390Sstevel@tonic-gate return (GSS_S_FAILURE);
2400Sstevel@tonic-gate }
2410Sstevel@tonic-gate }
2420Sstevel@tonic-gate
2430Sstevel@tonic-gate dprintf("Leaving dummy_gss_acquire_cred\n");
2440Sstevel@tonic-gate return (GSS_S_COMPLETE);
2450Sstevel@tonic-gate }
2460Sstevel@tonic-gate
2470Sstevel@tonic-gate /*ARGSUSED*/
2480Sstevel@tonic-gate OM_uint32
dummy_gss_release_cred(ctx,minor_status,cred_handle)2490Sstevel@tonic-gate dummy_gss_release_cred(ctx, minor_status, cred_handle)
2500Sstevel@tonic-gate void *ctx;
2510Sstevel@tonic-gate OM_uint32 *minor_status;
2520Sstevel@tonic-gate gss_cred_id_t *cred_handle;
2530Sstevel@tonic-gate {
2540Sstevel@tonic-gate dprintf("Entering dummy_gss_release_cred\n");
2550Sstevel@tonic-gate
2560Sstevel@tonic-gate free_dummy_token((dummy_token_t *)(cred_handle));
2570Sstevel@tonic-gate *cred_handle = NULL;
2580Sstevel@tonic-gate
2590Sstevel@tonic-gate dprintf("Leaving dummy_gss_release_cred\n");
2600Sstevel@tonic-gate return (GSS_S_COMPLETE);
2610Sstevel@tonic-gate }
2620Sstevel@tonic-gate
2630Sstevel@tonic-gate /*ARGSUSED*/
2640Sstevel@tonic-gate OM_uint32
dummy_gss_init_sec_context(ct,minor_status,claimant_cred_handle,context_handle,target_name,mech_type,req_flags,time_req,input_chan_bindings,input_token,actual_mech_type,output_token,ret_flags,time_rec)2650Sstevel@tonic-gate dummy_gss_init_sec_context(ct, minor_status, claimant_cred_handle,
2660Sstevel@tonic-gate context_handle, target_name, mech_type,
2670Sstevel@tonic-gate req_flags, time_req, input_chan_bindings,
2680Sstevel@tonic-gate input_token, actual_mech_type, output_token,
2690Sstevel@tonic-gate ret_flags, time_rec)
2700Sstevel@tonic-gate void *ct;
2710Sstevel@tonic-gate OM_uint32 *minor_status;
2720Sstevel@tonic-gate gss_cred_id_t claimant_cred_handle;
2730Sstevel@tonic-gate gss_ctx_id_t *context_handle;
2740Sstevel@tonic-gate gss_name_t target_name;
2750Sstevel@tonic-gate gss_OID mech_type;
2760Sstevel@tonic-gate OM_uint32 req_flags;
2770Sstevel@tonic-gate OM_uint32 time_req;
2780Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings;
2790Sstevel@tonic-gate gss_buffer_t input_token;
2800Sstevel@tonic-gate gss_OID *actual_mech_type;
2810Sstevel@tonic-gate gss_buffer_t output_token;
2820Sstevel@tonic-gate OM_uint32 *ret_flags;
2830Sstevel@tonic-gate OM_uint32 *time_rec;
2840Sstevel@tonic-gate {
2850Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
2860Sstevel@tonic-gate char token_string[64];
2870Sstevel@tonic-gate OM_uint32 ret;
2880Sstevel@tonic-gate OM_uint32 aret;
2890Sstevel@tonic-gate int send_token = 0;
2900Sstevel@tonic-gate
2910Sstevel@tonic-gate dprintf("Entering init_sec_context\n");
2920Sstevel@tonic-gate
2930Sstevel@tonic-gate output_token->length = 0;
2940Sstevel@tonic-gate output_token->value = NULL;
2950Sstevel@tonic-gate if (actual_mech_type)
2960Sstevel@tonic-gate *actual_mech_type = NULL;
2970Sstevel@tonic-gate
2980Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
2990Sstevel@tonic-gate
3000Sstevel@tonic-gate if (input_token != NULL && input_token->value != NULL)
3010Sstevel@tonic-gate return (GSS_S_FAILURE);
3020Sstevel@tonic-gate
3030Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)malloc(sizeof (dummy_gss_ctx_id_rec));
3040Sstevel@tonic-gate ctx->established = 0;
3050Sstevel@tonic-gate ctx->last_stat = 0xffffffff;
3060Sstevel@tonic-gate *context_handle = (gss_ctx_id_t)ctx;
3070Sstevel@tonic-gate /*
3080Sstevel@tonic-gate * Initiator interpretation of config file. If 2 or more
3090Sstevel@tonic-gate * the client returns CONTINUE_NNED on the first call.
3100Sstevel@tonic-gate */
3110Sstevel@tonic-gate if (token_nums >= 2) {
3120Sstevel@tonic-gate ret = GSS_S_CONTINUE_NEEDED;
3130Sstevel@tonic-gate } else {
3140Sstevel@tonic-gate ret = GSS_S_COMPLETE;
3150Sstevel@tonic-gate }
3160Sstevel@tonic-gate send_token = 1;
3170Sstevel@tonic-gate } else {
3180Sstevel@tonic-gate unsigned char *ptr;
3190Sstevel@tonic-gate int bodysize;
3200Sstevel@tonic-gate int err;
3210Sstevel@tonic-gate
3220Sstevel@tonic-gate if (input_token == NULL || input_token->value == NULL) {
3230Sstevel@tonic-gate ctx->last_stat = GSS_S_FAILURE;
3240Sstevel@tonic-gate return (GSS_S_FAILURE);
3250Sstevel@tonic-gate }
3260Sstevel@tonic-gate
3270Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)(*context_handle);
3280Sstevel@tonic-gate
3290Sstevel@tonic-gate
3300Sstevel@tonic-gate ptr = (unsigned char *) input_token->value;
3310Sstevel@tonic-gate if (err = g_verify_token_header((gss_OID)gss_mech_dummy,
3320Sstevel@tonic-gate &bodysize, &ptr, 0, input_token->length)) {
3330Sstevel@tonic-gate
3340Sstevel@tonic-gate *minor_status = err;
3350Sstevel@tonic-gate ctx->last_stat = GSS_S_DEFECTIVE_TOKEN;
3360Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
3370Sstevel@tonic-gate }
3380Sstevel@tonic-gate
3390Sstevel@tonic-gate if (sscanf((char *)ptr, "%d", &aret) < 1) {
3400Sstevel@tonic-gate *minor_status = 1;
3410Sstevel@tonic-gate ctx->last_stat = GSS_S_DEFECTIVE_TOKEN;
3420Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
3430Sstevel@tonic-gate }
3440Sstevel@tonic-gate
3450Sstevel@tonic-gate if (aret == GSS_S_CONTINUE_NEEDED) {
3460Sstevel@tonic-gate if (ctx->last_stat == GSS_S_COMPLETE) {
3470Sstevel@tonic-gate /*
3480Sstevel@tonic-gate * RFC 2078, page 36, under GSS_S_COMPLETE
3490Sstevel@tonic-gate * says that acceptor (target) has sufficient
3500Sstevel@tonic-gate * information to perform per-message
3510Sstevel@tonic-gate * processing. So if initiator previously
3520Sstevel@tonic-gate * returned GSS_S_COMPLETE, and acceptor
3530Sstevel@tonic-gate * says he needs more, then we have
3540Sstevel@tonic-gate * a problem.
3550Sstevel@tonic-gate */
3560Sstevel@tonic-gate ctx->last_stat = GSS_S_FAILURE;
3570Sstevel@tonic-gate return (GSS_S_FAILURE);
3580Sstevel@tonic-gate }
3590Sstevel@tonic-gate ret = GSS_S_CONTINUE_NEEDED;
3600Sstevel@tonic-gate send_token = 1;
3610Sstevel@tonic-gate } else {
3620Sstevel@tonic-gate ret = GSS_S_COMPLETE;
3630Sstevel@tonic-gate send_token = 0;
3640Sstevel@tonic-gate }
3650Sstevel@tonic-gate }
3660Sstevel@tonic-gate if (ret_flags) /* user may pass a null pointer */
3670Sstevel@tonic-gate *ret_flags = dummy_flags;
3680Sstevel@tonic-gate if (time_rec) /* user may pass a null pointer */
3690Sstevel@tonic-gate *time_rec = GSS_C_INDEFINITE;
3700Sstevel@tonic-gate if (actual_mech_type)
3710Sstevel@tonic-gate *actual_mech_type = (gss_OID) gss_mech_dummy;
3720Sstevel@tonic-gate
3730Sstevel@tonic-gate if (send_token == 1) {
3740Sstevel@tonic-gate sprintf(token_string, "%d", ret);
3750Sstevel@tonic-gate
3760Sstevel@tonic-gate *output_token = make_dummy_token_msg(
3770Sstevel@tonic-gate token_string, strlen(token_string) + 1);
3780Sstevel@tonic-gate } else {
3790Sstevel@tonic-gate *output_token = make_dummy_token_msg(NULL, 0);
3800Sstevel@tonic-gate }
3810Sstevel@tonic-gate
3820Sstevel@tonic-gate if (ret == GSS_S_COMPLETE)
3830Sstevel@tonic-gate ctx->established = 1;
3840Sstevel@tonic-gate
3850Sstevel@tonic-gate ctx->last_stat = ret;
3860Sstevel@tonic-gate return (ret);
3870Sstevel@tonic-gate }
3880Sstevel@tonic-gate
3890Sstevel@tonic-gate /*ARGSUSED*/
3900Sstevel@tonic-gate OM_uint32
dummy_gss_accept_sec_context(ct,minor_status,context_handle,verifier_cred_handle,input_token,input_chan_bindings,src_name,mech_type,output_token,ret_flags,time_rec,delegated_cred_handle)3910Sstevel@tonic-gate dummy_gss_accept_sec_context(ct, minor_status, context_handle,
3920Sstevel@tonic-gate verifier_cred_handle, input_token,
3930Sstevel@tonic-gate input_chan_bindings, src_name, mech_type,
3940Sstevel@tonic-gate output_token, ret_flags, time_rec,
3950Sstevel@tonic-gate delegated_cred_handle)
3960Sstevel@tonic-gate void *ct;
3970Sstevel@tonic-gate OM_uint32 *minor_status;
3980Sstevel@tonic-gate gss_ctx_id_t *context_handle;
3990Sstevel@tonic-gate gss_cred_id_t verifier_cred_handle;
4000Sstevel@tonic-gate gss_buffer_t input_token;
4010Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings;
4020Sstevel@tonic-gate gss_name_t *src_name;
4030Sstevel@tonic-gate gss_OID *mech_type;
4040Sstevel@tonic-gate gss_buffer_t output_token;
4050Sstevel@tonic-gate OM_uint32 *ret_flags;
4060Sstevel@tonic-gate OM_uint32 *time_rec;
4070Sstevel@tonic-gate gss_cred_id_t *delegated_cred_handle;
4080Sstevel@tonic-gate {
4090Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
4100Sstevel@tonic-gate char token_string[64];
4110Sstevel@tonic-gate gss_buffer_desc name;
4120Sstevel@tonic-gate OM_uint32 status;
4130Sstevel@tonic-gate gss_name_t temp;
4140Sstevel@tonic-gate unsigned char *ptr;
4150Sstevel@tonic-gate int bodysize;
4160Sstevel@tonic-gate int err;
4170Sstevel@tonic-gate OM_uint32 iret;
4180Sstevel@tonic-gate int return_token = 0;
4190Sstevel@tonic-gate
4200Sstevel@tonic-gate dprintf("Entering accept_sec_context\n");
4210Sstevel@tonic-gate
4220Sstevel@tonic-gate if (src_name)
4230Sstevel@tonic-gate *src_name = (gss_name_t)NULL;
4240Sstevel@tonic-gate output_token->length = 0;
4250Sstevel@tonic-gate output_token->value = NULL;
4260Sstevel@tonic-gate if (mech_type)
4270Sstevel@tonic-gate *mech_type = GSS_C_NULL_OID;
4280Sstevel@tonic-gate /* return a bogus cred handle */
4290Sstevel@tonic-gate if (delegated_cred_handle)
4300Sstevel@tonic-gate *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
4310Sstevel@tonic-gate
4320Sstevel@tonic-gate /* Check for defective input token. */
4330Sstevel@tonic-gate ptr = (unsigned char *) input_token->value;
4340Sstevel@tonic-gate if (err = g_verify_token_header((gss_OID)gss_mech_dummy, &bodysize,
4350Sstevel@tonic-gate &ptr, 0,
4360Sstevel@tonic-gate input_token->length)) {
4370Sstevel@tonic-gate *minor_status = err;
4380Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
4390Sstevel@tonic-gate }
4400Sstevel@tonic-gate
4410Sstevel@tonic-gate if (sscanf((char *)ptr, "%d", &iret) < 1) {
4420Sstevel@tonic-gate *minor_status = 1;
4430Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
4440Sstevel@tonic-gate }
4450Sstevel@tonic-gate
4460Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
4470Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)malloc(sizeof (dummy_gss_ctx_id_rec));
4480Sstevel@tonic-gate ctx->token_number = token_nums;
4490Sstevel@tonic-gate ctx->established = 0;
4500Sstevel@tonic-gate *context_handle = (gss_ctx_id_t)ctx;
4510Sstevel@tonic-gate } else {
4520Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)(*context_handle);
4530Sstevel@tonic-gate }
4540Sstevel@tonic-gate
4550Sstevel@tonic-gate if (ret_flags) /* user may pass a null pointer */
4560Sstevel@tonic-gate *ret_flags = dummy_flags;
4570Sstevel@tonic-gate if (time_rec) /* user may pass a null pointer */
4580Sstevel@tonic-gate *time_rec = GSS_C_INDEFINITE;
4590Sstevel@tonic-gate if (mech_type)
4600Sstevel@tonic-gate *mech_type = (gss_OID)gss_mech_dummy;
4610Sstevel@tonic-gate
4620Sstevel@tonic-gate /*
4630Sstevel@tonic-gate * RFC 2078, page 36, under GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED
4640Sstevel@tonic-gate * tells us whether to return a token or not.
4650Sstevel@tonic-gate */
4660Sstevel@tonic-gate
4670Sstevel@tonic-gate if (iret == GSS_S_CONTINUE_NEEDED)
4680Sstevel@tonic-gate return_token = 1;
4690Sstevel@tonic-gate else
4700Sstevel@tonic-gate return_token = 0;
4710Sstevel@tonic-gate
4720Sstevel@tonic-gate
4730Sstevel@tonic-gate if (ctx->token_number > 1) {
4740Sstevel@tonic-gate /*
4750Sstevel@tonic-gate * RFC 2078, page 36, under GSS_S_COMPLETE, says that if
4760Sstevel@tonic-gate * initiator is done, the target (us) has what it needs, so
4770Sstevel@tonic-gate * it must return GSS_S_COMPLETE;
4780Sstevel@tonic-gate */
4790Sstevel@tonic-gate if (iret == GSS_S_CONTINUE_NEEDED)
4800Sstevel@tonic-gate status = GSS_S_CONTINUE_NEEDED;
4810Sstevel@tonic-gate else
4820Sstevel@tonic-gate status = GSS_S_COMPLETE;
4830Sstevel@tonic-gate
4840Sstevel@tonic-gate } else
4850Sstevel@tonic-gate status = GSS_S_COMPLETE;
4860Sstevel@tonic-gate
4870Sstevel@tonic-gate /* source name is ready at GSS_S_COMPLELE */
4880Sstevel@tonic-gate if ((status == GSS_S_COMPLETE) && src_name) {
4890Sstevel@tonic-gate name.length = strlen(dummy_srcname);
4900Sstevel@tonic-gate name.value = dummy_srcname;
4910Sstevel@tonic-gate status = dummy_gss_import_name(ct, minor_status, &name,
4920Sstevel@tonic-gate (gss_OID)GSS_C_NT_USER_NAME, &temp);
4930Sstevel@tonic-gate if (status != GSS_S_COMPLETE) {
4940Sstevel@tonic-gate free(*context_handle);
4950Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
4960Sstevel@tonic-gate return (status);
4970Sstevel@tonic-gate }
4980Sstevel@tonic-gate *src_name = temp;
4990Sstevel@tonic-gate }
5000Sstevel@tonic-gate
5010Sstevel@tonic-gate if (status == GSS_S_COMPLETE) {
5020Sstevel@tonic-gate ctx->established = 1;
5030Sstevel@tonic-gate }
5040Sstevel@tonic-gate
5050Sstevel@tonic-gate if (return_token == 1) {
5060Sstevel@tonic-gate sprintf(token_string, "%d", status);
5070Sstevel@tonic-gate
5080Sstevel@tonic-gate *output_token = make_dummy_token_msg(
5090Sstevel@tonic-gate token_string, strlen(token_string) + 1);
5100Sstevel@tonic-gate } else {
5110Sstevel@tonic-gate *output_token = make_dummy_token_msg(NULL, 0);
5120Sstevel@tonic-gate }
5130Sstevel@tonic-gate
5140Sstevel@tonic-gate if (ctx->token_number > 0)
5150Sstevel@tonic-gate ctx->token_number--;
5160Sstevel@tonic-gate
5170Sstevel@tonic-gate return (status);
5180Sstevel@tonic-gate }
5190Sstevel@tonic-gate
5200Sstevel@tonic-gate
5210Sstevel@tonic-gate /*ARGSUSED*/
5220Sstevel@tonic-gate OM_uint32
dummy_gss_process_context_token(ct,minor_status,context_handle,token_buffer)5230Sstevel@tonic-gate dummy_gss_process_context_token(ct, minor_status, context_handle, token_buffer)
5240Sstevel@tonic-gate void *ct;
5250Sstevel@tonic-gate OM_uint32 *minor_status;
5260Sstevel@tonic-gate gss_ctx_id_t context_handle;
5270Sstevel@tonic-gate gss_buffer_t token_buffer;
5280Sstevel@tonic-gate {
5290Sstevel@tonic-gate dprintf("In process_sec_context\n");
5300Sstevel@tonic-gate return (GSS_S_COMPLETE);
5310Sstevel@tonic-gate }
5320Sstevel@tonic-gate
5330Sstevel@tonic-gate /*ARGSUSED*/
5340Sstevel@tonic-gate OM_uint32
dummy_gss_delete_sec_context(ct,minor_status,context_handle,output_token)5350Sstevel@tonic-gate dummy_gss_delete_sec_context(ct, minor_status, context_handle, output_token)
5360Sstevel@tonic-gate void *ct;
5370Sstevel@tonic-gate OM_uint32 *minor_status;
5380Sstevel@tonic-gate gss_ctx_id_t *context_handle;
5390Sstevel@tonic-gate gss_buffer_t output_token;
5400Sstevel@tonic-gate {
5410Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
5420Sstevel@tonic-gate
5430Sstevel@tonic-gate dprintf("Entering delete_sec_context\n");
5440Sstevel@tonic-gate
5450Sstevel@tonic-gate /* Make the length to 0, so the output token is not sent to peer */
5460Sstevel@tonic-gate if (output_token) {
5470Sstevel@tonic-gate output_token->length = 0;
5480Sstevel@tonic-gate output_token->value = NULL;
5490Sstevel@tonic-gate }
5500Sstevel@tonic-gate
5510Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
5520Sstevel@tonic-gate *minor_status = 0;
5530Sstevel@tonic-gate return (GSS_S_COMPLETE);
5540Sstevel@tonic-gate }
5550Sstevel@tonic-gate
5560Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)*context_handle;
5570Sstevel@tonic-gate free(ctx);
5580Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
5590Sstevel@tonic-gate
5600Sstevel@tonic-gate dprintf("Leaving delete_sec_context\n");
5610Sstevel@tonic-gate return (GSS_S_COMPLETE);
5620Sstevel@tonic-gate }
5630Sstevel@tonic-gate
5640Sstevel@tonic-gate
5650Sstevel@tonic-gate /*ARGSUSED*/
5660Sstevel@tonic-gate OM_uint32
dummy_gss_context_time(ct,minor_status,context_handle,time_rec)5670Sstevel@tonic-gate dummy_gss_context_time(ct, minor_status, context_handle, time_rec)
5680Sstevel@tonic-gate void *ct;
5690Sstevel@tonic-gate OM_uint32 *minor_status;
5700Sstevel@tonic-gate gss_ctx_id_t context_handle;
5710Sstevel@tonic-gate OM_uint32 *time_rec;
5720Sstevel@tonic-gate {
5730Sstevel@tonic-gate dprintf("In context_time\n");
5740Sstevel@tonic-gate if (time_rec) /* user may pass a null pointer */
5750Sstevel@tonic-gate return (GSS_S_FAILURE);
5760Sstevel@tonic-gate else
5770Sstevel@tonic-gate *time_rec = GSS_C_INDEFINITE;
5780Sstevel@tonic-gate return (GSS_S_COMPLETE);
5790Sstevel@tonic-gate }
5800Sstevel@tonic-gate
5810Sstevel@tonic-gate /*ARGSUSED*/
5820Sstevel@tonic-gate OM_uint32
dummy_gss_sign(ctx,minor_status,context_handle,qop_req,message_buffer,message_token)5830Sstevel@tonic-gate dummy_gss_sign(ctx, minor_status, context_handle,
5840Sstevel@tonic-gate qop_req, message_buffer, message_token)
5850Sstevel@tonic-gate void *ctx;
5860Sstevel@tonic-gate OM_uint32 *minor_status;
5870Sstevel@tonic-gate gss_ctx_id_t context_handle;
5880Sstevel@tonic-gate int qop_req;
5890Sstevel@tonic-gate gss_buffer_t message_buffer;
5900Sstevel@tonic-gate gss_buffer_t message_token;
5910Sstevel@tonic-gate {
5920Sstevel@tonic-gate char token_string[] = "dummy_gss_sign";
5930Sstevel@tonic-gate dummy_gss_ctx_id_t context;
5940Sstevel@tonic-gate
5950Sstevel@tonic-gate dprintf("Entering gss_sign\n");
5960Sstevel@tonic-gate
5970Sstevel@tonic-gate context = (dummy_gss_ctx_id_t)(context_handle);
5980Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
5990Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6000Sstevel@tonic-gate if (!context->established)
6010Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6020Sstevel@tonic-gate
6030Sstevel@tonic-gate *message_token = make_dummy_token_msg(
6040Sstevel@tonic-gate token_string, strlen(token_string));
6050Sstevel@tonic-gate
6060Sstevel@tonic-gate dprintf("Leaving gss_sign\n");
6070Sstevel@tonic-gate return (GSS_S_COMPLETE);
6080Sstevel@tonic-gate }
6090Sstevel@tonic-gate
6100Sstevel@tonic-gate /*ARGSUSED*/
6110Sstevel@tonic-gate OM_uint32
dummy_gss_verify(ctx,minor_status,context_handle,message_buffer,token_buffer,qop_state)6120Sstevel@tonic-gate dummy_gss_verify(ctx, minor_status, context_handle,
6130Sstevel@tonic-gate message_buffer, token_buffer, qop_state)
6140Sstevel@tonic-gate void *ctx;
6150Sstevel@tonic-gate OM_uint32 *minor_status;
6160Sstevel@tonic-gate gss_ctx_id_t context_handle;
6170Sstevel@tonic-gate gss_buffer_t message_buffer;
6180Sstevel@tonic-gate gss_buffer_t token_buffer;
6190Sstevel@tonic-gate int *qop_state;
6200Sstevel@tonic-gate {
6210Sstevel@tonic-gate unsigned char *ptr;
6220Sstevel@tonic-gate int bodysize;
6230Sstevel@tonic-gate int err;
6240Sstevel@tonic-gate dummy_gss_ctx_id_t context;
6250Sstevel@tonic-gate
6260Sstevel@tonic-gate dprintf("Entering gss_verify\n");
6270Sstevel@tonic-gate
6280Sstevel@tonic-gate context = (dummy_gss_ctx_id_t)(context_handle);
6290Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
6300Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6310Sstevel@tonic-gate if (!context->established)
6320Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6330Sstevel@tonic-gate
6340Sstevel@tonic-gate /* Check for defective input token. */
6350Sstevel@tonic-gate ptr = (unsigned char *) token_buffer->value;
6360Sstevel@tonic-gate if (err = g_verify_token_header((gss_OID)gss_mech_dummy, &bodysize,
6370Sstevel@tonic-gate &ptr, 0,
6380Sstevel@tonic-gate token_buffer->length)) {
6390Sstevel@tonic-gate *minor_status = err;
6400Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
6410Sstevel@tonic-gate }
6420Sstevel@tonic-gate
6430Sstevel@tonic-gate if (qop_state)
6440Sstevel@tonic-gate *qop_state = GSS_C_QOP_DEFAULT;
6450Sstevel@tonic-gate
6460Sstevel@tonic-gate dprintf("Leaving gss_verify\n");
6470Sstevel@tonic-gate return (GSS_S_COMPLETE);
6480Sstevel@tonic-gate }
6490Sstevel@tonic-gate
6500Sstevel@tonic-gate /*ARGSUSED*/
6510Sstevel@tonic-gate OM_uint32
dummy_gss_seal(ctx,minor_status,context_handle,conf_req_flag,qop_req,input_message_buffer,conf_state,output_message_buffer)6520Sstevel@tonic-gate dummy_gss_seal(ctx, minor_status, context_handle, conf_req_flag,
6530Sstevel@tonic-gate qop_req, input_message_buffer, conf_state,
6540Sstevel@tonic-gate output_message_buffer)
6550Sstevel@tonic-gate void *ctx;
6560Sstevel@tonic-gate OM_uint32 *minor_status;
6570Sstevel@tonic-gate gss_ctx_id_t context_handle;
6580Sstevel@tonic-gate int conf_req_flag;
6590Sstevel@tonic-gate int qop_req;
6600Sstevel@tonic-gate gss_buffer_t input_message_buffer;
6610Sstevel@tonic-gate int *conf_state;
6620Sstevel@tonic-gate gss_buffer_t output_message_buffer;
6630Sstevel@tonic-gate {
6640Sstevel@tonic-gate gss_buffer_desc output;
6650Sstevel@tonic-gate dummy_gss_ctx_id_t context;
6660Sstevel@tonic-gate
6670Sstevel@tonic-gate dprintf("Entering gss_seal\n");
6680Sstevel@tonic-gate
6690Sstevel@tonic-gate context = (dummy_gss_ctx_id_t)(context_handle);
6700Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
6710Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6720Sstevel@tonic-gate if (!context->established)
6730Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
6740Sstevel@tonic-gate
6750Sstevel@tonic-gate /* Copy the input message to output message */
6760Sstevel@tonic-gate output = make_dummy_token_msg(
6770Sstevel@tonic-gate input_message_buffer->value, input_message_buffer->length);
6780Sstevel@tonic-gate
6790Sstevel@tonic-gate if (conf_state)
6800Sstevel@tonic-gate *conf_state = 1;
6810Sstevel@tonic-gate
6820Sstevel@tonic-gate *output_message_buffer = output;
6830Sstevel@tonic-gate
6840Sstevel@tonic-gate dprintf("Leaving gss_seal\n");
6850Sstevel@tonic-gate return (GSS_S_COMPLETE);
6860Sstevel@tonic-gate }
6870Sstevel@tonic-gate
6880Sstevel@tonic-gate
6890Sstevel@tonic-gate
6900Sstevel@tonic-gate
6910Sstevel@tonic-gate /*ARGSUSED*/
6920Sstevel@tonic-gate OM_uint32
dummy_gss_unseal(ctx,minor_status,context_handle,input_message_buffer,output_message_buffer,conf_state,qop_state)6930Sstevel@tonic-gate dummy_gss_unseal(ctx, minor_status, context_handle,
6940Sstevel@tonic-gate input_message_buffer, output_message_buffer,
6950Sstevel@tonic-gate conf_state, qop_state)
6960Sstevel@tonic-gate void *ctx;
6970Sstevel@tonic-gate OM_uint32 *minor_status;
6980Sstevel@tonic-gate gss_ctx_id_t context_handle;
6990Sstevel@tonic-gate gss_buffer_t input_message_buffer;
7000Sstevel@tonic-gate gss_buffer_t output_message_buffer;
7010Sstevel@tonic-gate int *conf_state;
7020Sstevel@tonic-gate int *qop_state;
7030Sstevel@tonic-gate {
7040Sstevel@tonic-gate gss_buffer_desc output;
7050Sstevel@tonic-gate unsigned char *ptr;
7060Sstevel@tonic-gate int bodysize;
7070Sstevel@tonic-gate int err;
7080Sstevel@tonic-gate dummy_gss_ctx_id_t context;
7090Sstevel@tonic-gate
7100Sstevel@tonic-gate dprintf("Entering gss_unseal\n");
7110Sstevel@tonic-gate
7120Sstevel@tonic-gate context = (dummy_gss_ctx_id_t)(context_handle);
7130Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
7140Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
7150Sstevel@tonic-gate if (!context->established)
7160Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
7170Sstevel@tonic-gate
7180Sstevel@tonic-gate ptr = (unsigned char *) input_message_buffer->value;
7190Sstevel@tonic-gate if (err = g_verify_token_header((gss_OID)gss_mech_dummy, &bodysize,
7200Sstevel@tonic-gate &ptr, 0,
7210Sstevel@tonic-gate input_message_buffer->length)) {
7220Sstevel@tonic-gate *minor_status = err;
7230Sstevel@tonic-gate return (GSS_S_DEFECTIVE_TOKEN);
7240Sstevel@tonic-gate }
7250Sstevel@tonic-gate output.length = bodysize;
7260Sstevel@tonic-gate output.value = (void *)malloc(output.length);
7270Sstevel@tonic-gate memcpy(output.value, ptr, output.length);
7280Sstevel@tonic-gate
7290Sstevel@tonic-gate *output_message_buffer = output;
7300Sstevel@tonic-gate if (qop_state)
7310Sstevel@tonic-gate *qop_state = GSS_C_QOP_DEFAULT;
7320Sstevel@tonic-gate if (conf_state)
7330Sstevel@tonic-gate *conf_state = 1;
7340Sstevel@tonic-gate
7350Sstevel@tonic-gate dprintf("Leaving gss_unseal\n");
7360Sstevel@tonic-gate return (GSS_S_COMPLETE);
7370Sstevel@tonic-gate }
7380Sstevel@tonic-gate
7390Sstevel@tonic-gate /*ARGSUSED*/
7400Sstevel@tonic-gate OM_uint32
dummy_gss_display_status(ctx,minor_status,status_value,status_type,mech_type,message_context,status_string)7410Sstevel@tonic-gate dummy_gss_display_status(ctx, minor_status, status_value, status_type,
7420Sstevel@tonic-gate mech_type, message_context, status_string)
7430Sstevel@tonic-gate void *ctx;
7440Sstevel@tonic-gate OM_uint32 *minor_status;
7450Sstevel@tonic-gate OM_uint32 status_value;
7460Sstevel@tonic-gate int status_type;
7470Sstevel@tonic-gate gss_OID mech_type;
7480Sstevel@tonic-gate OM_uint32 *message_context;
7490Sstevel@tonic-gate gss_buffer_t status_string;
7500Sstevel@tonic-gate {
7510Sstevel@tonic-gate dprintf("Entering display_status\n");
7520Sstevel@tonic-gate
7530Sstevel@tonic-gate *message_context = 0;
7540Sstevel@tonic-gate *status_string = make_dummy_token_buffer("dummy_gss_display_status");
7550Sstevel@tonic-gate
7560Sstevel@tonic-gate dprintf("Leaving display_status\n");
7570Sstevel@tonic-gate return (GSS_S_COMPLETE);
7580Sstevel@tonic-gate }
7590Sstevel@tonic-gate
7600Sstevel@tonic-gate /*ARGSUSED*/
7610Sstevel@tonic-gate OM_uint32
dummy_gss_indicate_mechs(ctx,minor_status,mech_set)7620Sstevel@tonic-gate dummy_gss_indicate_mechs(ctx, minor_status, mech_set)
7630Sstevel@tonic-gate void *ctx;
7640Sstevel@tonic-gate OM_uint32 *minor_status;
7650Sstevel@tonic-gate gss_OID_set *mech_set;
7660Sstevel@tonic-gate {
7670Sstevel@tonic-gate dprintf("Entering indicate_mechs\n");
7680Sstevel@tonic-gate
7690Sstevel@tonic-gate *minor_status = 0;
7700Sstevel@tonic-gate if (mech_set) {
7710Sstevel@tonic-gate if (gss_copy_oid_set(minor_status, gss_mech_set_dummy,
7720Sstevel@tonic-gate mech_set) == GSS_S_FAILURE) {
7730Sstevel@tonic-gate return (GSS_S_FAILURE);
7740Sstevel@tonic-gate }
7750Sstevel@tonic-gate }
7760Sstevel@tonic-gate
7770Sstevel@tonic-gate dprintf("Leaving indicate_mechs\n");
7780Sstevel@tonic-gate return (GSS_S_COMPLETE);
7790Sstevel@tonic-gate }
7800Sstevel@tonic-gate
7810Sstevel@tonic-gate /*ARGSUSED*/
7820Sstevel@tonic-gate OM_uint32
dummy_gss_compare_name(ctx,minor_status,name1,name2,name_equal)7830Sstevel@tonic-gate dummy_gss_compare_name(ctx, minor_status, name1, name2, name_equal)
7840Sstevel@tonic-gate void *ctx;
7850Sstevel@tonic-gate OM_uint32 *minor_status;
7860Sstevel@tonic-gate gss_name_t name1;
7870Sstevel@tonic-gate gss_name_t name2;
7880Sstevel@tonic-gate int *name_equal;
7890Sstevel@tonic-gate {
7900Sstevel@tonic-gate dummy_name_t name_1 = (dummy_name_t)name1;
7910Sstevel@tonic-gate dummy_name_t name_2 = (dummy_name_t)name2;
7920Sstevel@tonic-gate
7930Sstevel@tonic-gate dprintf("Entering compare_name\n");
7940Sstevel@tonic-gate
7950Sstevel@tonic-gate if (g_OID_equal(name_1->type, name_2->type) &&
7960Sstevel@tonic-gate (name_1->buffer->length == name_2->buffer->length) &&
7970Sstevel@tonic-gate !memcmp(name_1->buffer->value, name_2->buffer->value,
7980Sstevel@tonic-gate name_1->buffer->length))
7990Sstevel@tonic-gate *name_equal = 1;
8000Sstevel@tonic-gate else
8010Sstevel@tonic-gate *name_equal = 0;
8020Sstevel@tonic-gate
8030Sstevel@tonic-gate dprintf("Leaving compare_name\n");
8040Sstevel@tonic-gate return (GSS_S_COMPLETE);
8050Sstevel@tonic-gate }
8060Sstevel@tonic-gate
8070Sstevel@tonic-gate /*ARGSUSED*/
8080Sstevel@tonic-gate OM_uint32
dummy_gss_display_name(ctx,minor_status,input_name,output_name_buffer,output_name_type)8090Sstevel@tonic-gate dummy_gss_display_name(ctx, minor_status, input_name, output_name_buffer,
8100Sstevel@tonic-gate output_name_type)
8110Sstevel@tonic-gate void *ctx;
8120Sstevel@tonic-gate OM_uint32 *minor_status;
8130Sstevel@tonic-gate gss_name_t input_name;
8140Sstevel@tonic-gate gss_buffer_t output_name_buffer;
8150Sstevel@tonic-gate gss_OID *output_name_type;
8160Sstevel@tonic-gate {
8170Sstevel@tonic-gate OM_uint32 status = GSS_S_COMPLETE;
8180Sstevel@tonic-gate dummy_name_t name = (dummy_name_t)input_name;
8190Sstevel@tonic-gate
8200Sstevel@tonic-gate dprintf("Entering display_name\n");
8210Sstevel@tonic-gate
8220Sstevel@tonic-gate if (g_OID_equal(name->type, GSS_C_NT_USER_NAME) ||
8230Sstevel@tonic-gate g_OID_equal(name->type, GSS_C_NT_MACHINE_UID_NAME) ||
8240Sstevel@tonic-gate g_OID_equal(name->type, GSS_C_NT_STRING_UID_NAME) ||
8250Sstevel@tonic-gate g_OID_equal(name->type, GSS_C_NT_HOSTBASED_SERVICE)) {
8260Sstevel@tonic-gate /*
8270Sstevel@tonic-gate * output_name_buffer = (gss_buffer_t)
8280Sstevel@tonic-gate * malloc(sizeof (gss_buffer_desc));
8290Sstevel@tonic-gate */
8300Sstevel@tonic-gate if (output_name_buffer == NULL)
8310Sstevel@tonic-gate return (GSS_S_FAILURE);
8320Sstevel@tonic-gate
8330Sstevel@tonic-gate output_name_buffer->length = name->buffer->length;
8340Sstevel@tonic-gate output_name_buffer->value = (void *)
8350Sstevel@tonic-gate malloc(name->buffer->length);
8360Sstevel@tonic-gate if (output_name_buffer->value == NULL)
8370Sstevel@tonic-gate return (GSS_S_FAILURE);
8380Sstevel@tonic-gate
8390Sstevel@tonic-gate memcpy(output_name_buffer->value, name->buffer->value,
8400Sstevel@tonic-gate name->buffer->length);
8410Sstevel@tonic-gate if (output_name_type)
8420Sstevel@tonic-gate *output_name_type = name->type;
8430Sstevel@tonic-gate
8440Sstevel@tonic-gate dprintf("Leaving display_name\n");
8450Sstevel@tonic-gate return (status);
8460Sstevel@tonic-gate }
8470Sstevel@tonic-gate
8480Sstevel@tonic-gate dprintf("Leaving display_name\n");
8490Sstevel@tonic-gate return (GSS_S_BAD_NAMETYPE);
8500Sstevel@tonic-gate }
8510Sstevel@tonic-gate
8520Sstevel@tonic-gate /*ARGSUSED*/
8530Sstevel@tonic-gate OM_uint32
dummy_gss_import_name(ctx,minor_status,input_name_buffer,input_name_type,output_name)8540Sstevel@tonic-gate dummy_gss_import_name(ctx, minor_status, input_name_buffer,
8550Sstevel@tonic-gate input_name_type, output_name)
8560Sstevel@tonic-gate void *ctx;
8570Sstevel@tonic-gate OM_uint32 *minor_status;
8580Sstevel@tonic-gate gss_buffer_t input_name_buffer;
8590Sstevel@tonic-gate gss_OID input_name_type;
8600Sstevel@tonic-gate gss_name_t *output_name;
8610Sstevel@tonic-gate {
8620Sstevel@tonic-gate OM_uint32 status;
8630Sstevel@tonic-gate
8640Sstevel@tonic-gate dprintf("Entering import_name\n");
8650Sstevel@tonic-gate
8660Sstevel@tonic-gate *output_name = NULL;
8670Sstevel@tonic-gate *minor_status = 0;
8680Sstevel@tonic-gate
8690Sstevel@tonic-gate if (input_name_type == GSS_C_NULL_OID)
8700Sstevel@tonic-gate return (GSS_S_BAD_NAMETYPE);
8710Sstevel@tonic-gate
8720Sstevel@tonic-gate if (g_OID_equal(input_name_type, GSS_C_NT_USER_NAME) ||
8730Sstevel@tonic-gate g_OID_equal(input_name_type, GSS_C_NT_MACHINE_UID_NAME) ||
8740Sstevel@tonic-gate g_OID_equal(input_name_type, GSS_C_NT_STRING_UID_NAME) ||
8750Sstevel@tonic-gate g_OID_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) {
8760Sstevel@tonic-gate dummy_name_t name = (dummy_name_t)
8770Sstevel@tonic-gate malloc(sizeof (dummy_name_desc));
8780Sstevel@tonic-gate name->buffer = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
8790Sstevel@tonic-gate name->buffer->length = input_name_buffer->length;
8800Sstevel@tonic-gate name->buffer->value = (void *)malloc(input_name_buffer->length);
8810Sstevel@tonic-gate if (name->buffer->value == NULL)
8820Sstevel@tonic-gate return (GSS_S_FAILURE);
8830Sstevel@tonic-gate
8840Sstevel@tonic-gate memcpy(name->buffer->value, input_name_buffer->value,
8850Sstevel@tonic-gate input_name_buffer->length);
8860Sstevel@tonic-gate
8870Sstevel@tonic-gate status = generic_gss_copy_oid(minor_status,
8880Sstevel@tonic-gate input_name_type, &(name->type));
8890Sstevel@tonic-gate *output_name = (gss_name_t)name;
8900Sstevel@tonic-gate dprintf("Leaving import_name\n");
8910Sstevel@tonic-gate return (status);
8920Sstevel@tonic-gate }
8930Sstevel@tonic-gate dprintf("Leaving import_name\n");
8940Sstevel@tonic-gate return (GSS_S_BAD_NAMETYPE);
8950Sstevel@tonic-gate }
8960Sstevel@tonic-gate
8970Sstevel@tonic-gate /*ARGSUSED*/
8980Sstevel@tonic-gate OM_uint32
dummy_gss_release_name(ctx,minor_status,input_name)8990Sstevel@tonic-gate dummy_gss_release_name(ctx, minor_status, input_name)
9000Sstevel@tonic-gate void *ctx;
9010Sstevel@tonic-gate OM_uint32 *minor_status;
9020Sstevel@tonic-gate gss_name_t *input_name;
9030Sstevel@tonic-gate {
9040Sstevel@tonic-gate dummy_name_t name = (dummy_name_t)*input_name;
9050Sstevel@tonic-gate
9060Sstevel@tonic-gate dprintf("Entering release_name\n");
9070Sstevel@tonic-gate free(name->buffer->value);
9080Sstevel@tonic-gate generic_gss_release_oid(minor_status, &(name->type));
9090Sstevel@tonic-gate free(name->buffer);
9100Sstevel@tonic-gate free(name);
9110Sstevel@tonic-gate dprintf("Leaving release_name\n");
9120Sstevel@tonic-gate return (GSS_S_COMPLETE);
9130Sstevel@tonic-gate }
9140Sstevel@tonic-gate
9150Sstevel@tonic-gate /*ARGSUSED*/
9160Sstevel@tonic-gate OM_uint32
dummy_gss_inquire_cred(ctx,minor_status,cred_handle,name,lifetime_ret,cred_usage,mechanisms)9170Sstevel@tonic-gate dummy_gss_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
9180Sstevel@tonic-gate cred_usage, mechanisms)
9190Sstevel@tonic-gate void *ctx;
9200Sstevel@tonic-gate OM_uint32 *minor_status;
9210Sstevel@tonic-gate gss_cred_id_t cred_handle;
9220Sstevel@tonic-gate gss_name_t *name;
9230Sstevel@tonic-gate OM_uint32 *lifetime_ret;
9240Sstevel@tonic-gate gss_cred_usage_t *cred_usage;
9250Sstevel@tonic-gate gss_OID_set *mechanisms;
9260Sstevel@tonic-gate {
9270Sstevel@tonic-gate dprintf("Entering inquire_cred\n");
9280Sstevel@tonic-gate if (name)
9290Sstevel@tonic-gate *name = (gss_name_t)make_dummy_token
9300Sstevel@tonic-gate ("dummy gss credential");
9310Sstevel@tonic-gate if (lifetime_ret)
9320Sstevel@tonic-gate *lifetime_ret = GSS_C_INDEFINITE;
9330Sstevel@tonic-gate if (cred_usage)
9340Sstevel@tonic-gate *cred_usage = GSS_C_BOTH;
9350Sstevel@tonic-gate if (mechanisms) {
9360Sstevel@tonic-gate if (gss_copy_oid_set(minor_status, gss_mech_set_dummy,
9370Sstevel@tonic-gate mechanisms) == GSS_S_FAILURE)
9380Sstevel@tonic-gate return (GSS_S_FAILURE);
9390Sstevel@tonic-gate }
9400Sstevel@tonic-gate
9410Sstevel@tonic-gate dprintf("Leaving inquire_cred\n");
9420Sstevel@tonic-gate return (GSS_S_COMPLETE);
9430Sstevel@tonic-gate }
9440Sstevel@tonic-gate
9450Sstevel@tonic-gate /*ARGSUSED*/
9460Sstevel@tonic-gate OM_uint32
dummy_gss_add_cred(ctx,minor_status,input_cred_handle,desired_name,desired_mech,cred_usage,initiator_time_req,acceptor_time_req,output_cred_handle,actual_mechs,initiator_time_rec,acceptor_time_rec)9470Sstevel@tonic-gate dummy_gss_add_cred(ctx, minor_status, input_cred_handle,
9480Sstevel@tonic-gate desired_name, desired_mech, cred_usage,
9490Sstevel@tonic-gate initiator_time_req, acceptor_time_req,
9500Sstevel@tonic-gate output_cred_handle, actual_mechs,
9510Sstevel@tonic-gate initiator_time_rec, acceptor_time_rec)
9520Sstevel@tonic-gate void *ctx;
9530Sstevel@tonic-gate OM_uint32 *minor_status;
9540Sstevel@tonic-gate gss_cred_id_t input_cred_handle;
9550Sstevel@tonic-gate gss_name_t desired_name;
9560Sstevel@tonic-gate gss_OID desired_mech;
9570Sstevel@tonic-gate gss_cred_usage_t cred_usage;
9580Sstevel@tonic-gate OM_uint32 initiator_time_req;
9590Sstevel@tonic-gate OM_uint32 acceptor_time_req;
9600Sstevel@tonic-gate gss_cred_id_t *output_cred_handle;
9610Sstevel@tonic-gate gss_OID_set *actual_mechs;
9620Sstevel@tonic-gate OM_uint32 *initiator_time_rec;
9630Sstevel@tonic-gate OM_uint32 *acceptor_time_rec;
9640Sstevel@tonic-gate {
9650Sstevel@tonic-gate dprintf("Entering add_cred\n");
9660Sstevel@tonic-gate
9670Sstevel@tonic-gate if ((desired_mech != GSS_C_NULL_OID) &&
9680Sstevel@tonic-gate (g_OID_equal(desired_mech, gss_mech_dummy)))
9690Sstevel@tonic-gate return (GSS_S_BAD_MECH);
9700Sstevel@tonic-gate *minor_status = 0;
9710Sstevel@tonic-gate
9720Sstevel@tonic-gate dprintf("Leaving add_cred\n");
9730Sstevel@tonic-gate
9740Sstevel@tonic-gate /* This routine likes in kerberos V5 is never be used / called by */
9750Sstevel@tonic-gate /* the GSS_API. It simply returns GSS_S_DUPLICATE_ELEMENT to indicate */
9760Sstevel@tonic-gate /* this error */
9770Sstevel@tonic-gate
9780Sstevel@tonic-gate return (GSS_S_DUPLICATE_ELEMENT);
9790Sstevel@tonic-gate }
9800Sstevel@tonic-gate
9810Sstevel@tonic-gate /* Should I add the token structure to deal with import/export */
9820Sstevel@tonic-gate /* of sec_context. For now, I just create dummy interprocess token, and when */
9830Sstevel@tonic-gate /* the peer accept it, it calls the import_sec_context.The import_sec_context */
9840Sstevel@tonic-gate /* creates new sec_context with status established. (rather than get it */
9850Sstevel@tonic-gate /* from interprocess token. it can be done because the sec context in dummy */
9860Sstevel@tonic-gate /* mechanism is very simple (contains only status if it's established). */
9870Sstevel@tonic-gate /*ARGSUSED*/
9880Sstevel@tonic-gate OM_uint32
dummy_gss_export_sec_context(ct,minor_status,context_handle,interprocess_token)9890Sstevel@tonic-gate dummy_gss_export_sec_context(ct, minor_status, context_handle,
9900Sstevel@tonic-gate interprocess_token)
9910Sstevel@tonic-gate void *ct;
9920Sstevel@tonic-gate OM_uint32 *minor_status;
9930Sstevel@tonic-gate gss_ctx_id_t *context_handle;
9940Sstevel@tonic-gate gss_buffer_t interprocess_token;
9950Sstevel@tonic-gate {
9960Sstevel@tonic-gate char str[] = "dummy_gss_export_sec_context";
9970Sstevel@tonic-gate
9980Sstevel@tonic-gate dprintf("Entering export_sec_context\n");
9990Sstevel@tonic-gate
10000Sstevel@tonic-gate *interprocess_token = make_dummy_token_msg(str, strlen(str));
10010Sstevel@tonic-gate free(*context_handle);
10020Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
10030Sstevel@tonic-gate
10040Sstevel@tonic-gate dprintf("Leaving export_sec_context\n");
10050Sstevel@tonic-gate return (GSS_S_COMPLETE);
10060Sstevel@tonic-gate }
10070Sstevel@tonic-gate
10080Sstevel@tonic-gate /*ARGSUSED*/
10090Sstevel@tonic-gate OM_uint32
dummy_gss_import_sec_context(ct,minor_status,interprocess_token,context_handle)10100Sstevel@tonic-gate dummy_gss_import_sec_context(ct, minor_status, interprocess_token,
10110Sstevel@tonic-gate context_handle)
10120Sstevel@tonic-gate void *ct;
10130Sstevel@tonic-gate OM_uint32 *minor_status;
10140Sstevel@tonic-gate gss_buffer_t interprocess_token;
10150Sstevel@tonic-gate gss_ctx_id_t *context_handle;
10160Sstevel@tonic-gate {
10170Sstevel@tonic-gate /* Assume that we got ctx from the interprocess token. */
10180Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
10190Sstevel@tonic-gate
10200Sstevel@tonic-gate dprintf("Entering import_sec_context\n");
10210Sstevel@tonic-gate
10220Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)malloc(sizeof (dummy_gss_ctx_id_rec));
10230Sstevel@tonic-gate ctx->token_number = 0;
10240Sstevel@tonic-gate ctx->established = 1;
10250Sstevel@tonic-gate
10260Sstevel@tonic-gate *context_handle = (gss_ctx_id_t)ctx;
10270Sstevel@tonic-gate
10280Sstevel@tonic-gate dprintf("Leaving import_sec_context\n");
10290Sstevel@tonic-gate return (GSS_S_COMPLETE);
10300Sstevel@tonic-gate }
10310Sstevel@tonic-gate
10320Sstevel@tonic-gate /*ARGSUSED*/
10330Sstevel@tonic-gate OM_uint32
dummy_gss_inquire_cred_by_mech(ctx,minor_status,cred_handle,mech_type,name,initiator_lifetime,acceptor_lifetime,cred_usage)10340Sstevel@tonic-gate dummy_gss_inquire_cred_by_mech(ctx, minor_status, cred_handle,
10350Sstevel@tonic-gate mech_type, name, initiator_lifetime,
10360Sstevel@tonic-gate acceptor_lifetime, cred_usage)
10370Sstevel@tonic-gate void *ctx;
10380Sstevel@tonic-gate OM_uint32 *minor_status;
10390Sstevel@tonic-gate gss_cred_id_t cred_handle;
10400Sstevel@tonic-gate gss_OID mech_type;
10410Sstevel@tonic-gate gss_name_t *name;
10420Sstevel@tonic-gate OM_uint32 *initiator_lifetime;
10430Sstevel@tonic-gate OM_uint32 *acceptor_lifetime;
10440Sstevel@tonic-gate gss_cred_usage_t *cred_usage;
10450Sstevel@tonic-gate {
10460Sstevel@tonic-gate dprintf("Entering inquire_cred_by_mech\n");
10470Sstevel@tonic-gate if (name)
10480Sstevel@tonic-gate *name = (gss_name_t)make_dummy_token("dummy credential name");
10490Sstevel@tonic-gate if (initiator_lifetime)
10500Sstevel@tonic-gate *initiator_lifetime = GSS_C_INDEFINITE;
10510Sstevel@tonic-gate if (acceptor_lifetime)
10520Sstevel@tonic-gate *acceptor_lifetime = GSS_C_INDEFINITE;
10530Sstevel@tonic-gate if (cred_usage)
10540Sstevel@tonic-gate *cred_usage = GSS_C_BOTH;
10550Sstevel@tonic-gate
10560Sstevel@tonic-gate dprintf("Leaving inquire_cred_by_mech\n");
10570Sstevel@tonic-gate return (GSS_S_COMPLETE);
10580Sstevel@tonic-gate }
10590Sstevel@tonic-gate
10600Sstevel@tonic-gate /*ARGSUSED*/
10610Sstevel@tonic-gate OM_uint32
dummy_gss_inquire_names_for_mech(ctx,minor_status,mechanism,name_types)10620Sstevel@tonic-gate dummy_gss_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
10630Sstevel@tonic-gate void *ctx;
10640Sstevel@tonic-gate OM_uint32 *minor_status;
10650Sstevel@tonic-gate gss_OID mechanism;
10660Sstevel@tonic-gate gss_OID_set *name_types;
10670Sstevel@tonic-gate {
10680Sstevel@tonic-gate OM_uint32 major, minor;
10690Sstevel@tonic-gate
10700Sstevel@tonic-gate dprintf("Entering inquire_names_for_mech\n");
10710Sstevel@tonic-gate /*
10720Sstevel@tonic-gate * We only know how to handle our own mechanism.
10730Sstevel@tonic-gate */
10740Sstevel@tonic-gate if ((mechanism != GSS_C_NULL_OID) &&
10750Sstevel@tonic-gate !g_OID_equal(gss_mech_dummy, mechanism)) {
10760Sstevel@tonic-gate *minor_status = 0;
10770Sstevel@tonic-gate return (GSS_S_FAILURE);
10780Sstevel@tonic-gate }
10790Sstevel@tonic-gate
10800Sstevel@tonic-gate major = gss_create_empty_oid_set(minor_status, name_types);
10810Sstevel@tonic-gate if (major == GSS_S_COMPLETE) {
10820Sstevel@tonic-gate /* Now add our members. */
10830Sstevel@tonic-gate if (((major = gss_add_oid_set_member(minor_status,
10840Sstevel@tonic-gate (gss_OID) GSS_C_NT_USER_NAME, name_types))
10850Sstevel@tonic-gate == GSS_S_COMPLETE) &&
10860Sstevel@tonic-gate ((major = gss_add_oid_set_member(minor_status,
10870Sstevel@tonic-gate (gss_OID) GSS_C_NT_MACHINE_UID_NAME, name_types))
10880Sstevel@tonic-gate == GSS_S_COMPLETE) &&
10890Sstevel@tonic-gate ((major = gss_add_oid_set_member(minor_status,
10900Sstevel@tonic-gate (gss_OID) GSS_C_NT_STRING_UID_NAME, name_types))
10910Sstevel@tonic-gate == GSS_S_COMPLETE)) {
10920Sstevel@tonic-gate major = gss_add_oid_set_member(minor_status,
10930Sstevel@tonic-gate (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, name_types);
10940Sstevel@tonic-gate }
10950Sstevel@tonic-gate
10960Sstevel@tonic-gate if (major != GSS_S_COMPLETE)
10970Sstevel@tonic-gate (void) gss_release_oid_set(&minor, name_types);
10980Sstevel@tonic-gate }
10990Sstevel@tonic-gate
11000Sstevel@tonic-gate dprintf("Leaving inquire_names_for_mech\n");
11010Sstevel@tonic-gate return (major);
11020Sstevel@tonic-gate }
11030Sstevel@tonic-gate
11040Sstevel@tonic-gate /*ARGSUSED*/
11050Sstevel@tonic-gate OM_uint32
dummy_gss_inquire_context(ct,minor_status,context_handle,initiator_name,acceptor_name,lifetime_rec,mech_type,ret_flags,locally_initiated,open)11060Sstevel@tonic-gate dummy_gss_inquire_context(ct, minor_status, context_handle, initiator_name,
11070Sstevel@tonic-gate acceptor_name, lifetime_rec, mech_type, ret_flags,
11080Sstevel@tonic-gate locally_initiated, open)
11090Sstevel@tonic-gate void *ct;
11100Sstevel@tonic-gate OM_uint32 *minor_status;
11110Sstevel@tonic-gate gss_ctx_id_t context_handle;
11120Sstevel@tonic-gate gss_name_t *initiator_name;
11130Sstevel@tonic-gate gss_name_t *acceptor_name;
11140Sstevel@tonic-gate OM_uint32 *lifetime_rec;
11150Sstevel@tonic-gate gss_OID *mech_type;
11160Sstevel@tonic-gate OM_uint32 *ret_flags;
11170Sstevel@tonic-gate int *locally_initiated;
11180Sstevel@tonic-gate int *open;
11190Sstevel@tonic-gate {
11200Sstevel@tonic-gate dummy_gss_ctx_id_t ctx;
11210Sstevel@tonic-gate dummy_name_t name1, name2;
11220Sstevel@tonic-gate OM_uint32 status;
11230Sstevel@tonic-gate
11240Sstevel@tonic-gate dprintf("Entering inquire_context\n");
11250Sstevel@tonic-gate
11260Sstevel@tonic-gate ctx = (dummy_gss_ctx_id_t)(context_handle);
11270Sstevel@tonic-gate name1 = (dummy_name_t)
11280Sstevel@tonic-gate malloc(sizeof (dummy_name_desc));
11290Sstevel@tonic-gate name1->buffer = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
11300Sstevel@tonic-gate name1->buffer->length = dummy_context_name_len;
11310Sstevel@tonic-gate name1->buffer->value = make_dummy_token("dummy context name");
11320Sstevel@tonic-gate status = generic_gss_copy_oid(minor_status,
11330Sstevel@tonic-gate (gss_OID) GSS_C_NT_USER_NAME, &(name1->type));
11340Sstevel@tonic-gate if (status != GSS_S_COMPLETE)
11350Sstevel@tonic-gate return (status);
11360Sstevel@tonic-gate if (initiator_name)
11370Sstevel@tonic-gate *initiator_name = (gss_name_t)name1;
11380Sstevel@tonic-gate
11390Sstevel@tonic-gate name2 = (dummy_name_t)
11400Sstevel@tonic-gate malloc(sizeof (dummy_name_desc));
11410Sstevel@tonic-gate name2->buffer = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
11420Sstevel@tonic-gate name2->buffer->length = dummy_context_name_len;
11430Sstevel@tonic-gate name2->buffer->value = make_dummy_token("dummy context name");
11440Sstevel@tonic-gate status = generic_gss_copy_oid(minor_status,
11450Sstevel@tonic-gate (gss_OID) GSS_C_NT_USER_NAME, &(name2->type));
11460Sstevel@tonic-gate if (status != GSS_S_COMPLETE)
11470Sstevel@tonic-gate return (status);
11480Sstevel@tonic-gate if (acceptor_name)
11490Sstevel@tonic-gate *acceptor_name = (gss_name_t)name2;
11500Sstevel@tonic-gate
11510Sstevel@tonic-gate if (lifetime_rec) /* user may pass a null pointer */
11520Sstevel@tonic-gate *lifetime_rec = GSS_C_INDEFINITE;
11530Sstevel@tonic-gate if (mech_type)
11540Sstevel@tonic-gate *mech_type = (gss_OID)gss_mech_dummy;
11550Sstevel@tonic-gate if (ret_flags)
11560Sstevel@tonic-gate *ret_flags = dummy_flags;
11570Sstevel@tonic-gate if (open)
11580Sstevel@tonic-gate *open = ctx->established;
11590Sstevel@tonic-gate
11600Sstevel@tonic-gate dprintf("Leaving inquire_context\n");
11610Sstevel@tonic-gate return (GSS_S_COMPLETE);
11620Sstevel@tonic-gate }
11630Sstevel@tonic-gate
11640Sstevel@tonic-gate /*ARGSUSED*/
11650Sstevel@tonic-gate OM_uint32
dummy_gss_internal_release_oid(ct,minor_status,oid)11660Sstevel@tonic-gate dummy_gss_internal_release_oid(ct, minor_status, oid)
11670Sstevel@tonic-gate void *ct;
11680Sstevel@tonic-gate OM_uint32 *minor_status;
11690Sstevel@tonic-gate gss_OID *oid;
11700Sstevel@tonic-gate {
11710Sstevel@tonic-gate dprintf("Entering internal_release_oid\n");
11720Sstevel@tonic-gate
11730Sstevel@tonic-gate /* Similar to krb5_gss_internal_release_oid */
11740Sstevel@tonic-gate
11750Sstevel@tonic-gate if (*oid != gss_mech_dummy)
11760Sstevel@tonic-gate return (GSS_S_CONTINUE_NEEDED); /* We don't know this oid */
11770Sstevel@tonic-gate
11780Sstevel@tonic-gate *minor_status = 0;
11790Sstevel@tonic-gate *oid = GSS_C_NO_OID;
11800Sstevel@tonic-gate
11810Sstevel@tonic-gate dprintf("Leaving internal_release_oid\n");
11820Sstevel@tonic-gate return (GSS_S_COMPLETE);
11830Sstevel@tonic-gate }
11840Sstevel@tonic-gate
11850Sstevel@tonic-gate /*ARGSUSED*/
11860Sstevel@tonic-gate OM_uint32
dummy_gss_wrap_size_limit(ct,minor_status,context_handle,conf_req_flag,qop_req,req_output_size,max_input_size)11870Sstevel@tonic-gate dummy_gss_wrap_size_limit(ct, minor_status, context_handle, conf_req_flag,
11880Sstevel@tonic-gate qop_req, req_output_size, max_input_size)
11890Sstevel@tonic-gate void *ct;
11900Sstevel@tonic-gate OM_uint32 *minor_status;
11910Sstevel@tonic-gate gss_ctx_id_t context_handle;
11920Sstevel@tonic-gate int conf_req_flag;
11930Sstevel@tonic-gate gss_qop_t qop_req;
11940Sstevel@tonic-gate OM_uint32 req_output_size;
11950Sstevel@tonic-gate OM_uint32 *max_input_size;
11960Sstevel@tonic-gate {
11970Sstevel@tonic-gate dprintf("Entering wrap_size_limit\n");
11980Sstevel@tonic-gate *max_input_size = req_output_size;
11990Sstevel@tonic-gate dprintf("Leaving wrap_size_limit\n");
12000Sstevel@tonic-gate return (GSS_S_COMPLETE);
12010Sstevel@tonic-gate }
12020Sstevel@tonic-gate
12030Sstevel@tonic-gate /* ARGSUSED */
12040Sstevel@tonic-gate OM_uint32
dummy_pname_to_uid(ct,minor_status,name,uidOut)12050Sstevel@tonic-gate dummy_pname_to_uid(ct, minor_status, name, uidOut)
12060Sstevel@tonic-gate void *ct;
12070Sstevel@tonic-gate OM_uint32 *minor_status;
12080Sstevel@tonic-gate const gss_name_t name;
12090Sstevel@tonic-gate uid_t *uidOut;
12100Sstevel@tonic-gate {
12110Sstevel@tonic-gate dprintf("Entering pname_to_uid\n");
12120Sstevel@tonic-gate *minor_status = 0;
12130Sstevel@tonic-gate *uidOut = 60001;
12140Sstevel@tonic-gate dprintf("Leaving pname_to_uid\n");
12150Sstevel@tonic-gate return (GSS_S_COMPLETE);
12160Sstevel@tonic-gate }
12170Sstevel@tonic-gate
12180Sstevel@tonic-gate static dummy_token_t
make_dummy_token(char * name)12190Sstevel@tonic-gate make_dummy_token(char *name)
12200Sstevel@tonic-gate {
12210Sstevel@tonic-gate dummy_token_t token;
12220Sstevel@tonic-gate
12230Sstevel@tonic-gate token = (dummy_token_t)malloc(strlen(name)+1);
12240Sstevel@tonic-gate strcpy(token, name);
12250Sstevel@tonic-gate return (token);
12260Sstevel@tonic-gate }
12270Sstevel@tonic-gate
12280Sstevel@tonic-gate static void
free_dummy_token(dummy_token_t * token)12290Sstevel@tonic-gate free_dummy_token(dummy_token_t *token)
12300Sstevel@tonic-gate {
12310Sstevel@tonic-gate free(*token);
12320Sstevel@tonic-gate *token = NULL;
12330Sstevel@tonic-gate }
12340Sstevel@tonic-gate
12350Sstevel@tonic-gate static gss_buffer_desc
make_dummy_token_buffer(char * name)12360Sstevel@tonic-gate make_dummy_token_buffer(char *name)
12370Sstevel@tonic-gate {
12380Sstevel@tonic-gate gss_buffer_desc buffer;
12390Sstevel@tonic-gate
12400Sstevel@tonic-gate if (name == NULL) {
12410Sstevel@tonic-gate buffer.length = 0;
12420Sstevel@tonic-gate buffer.value = NULL;
12430Sstevel@tonic-gate } else {
12440Sstevel@tonic-gate buffer.length = strlen(name)+1;
12450Sstevel@tonic-gate buffer.value = make_dummy_token(name);
12460Sstevel@tonic-gate }
12470Sstevel@tonic-gate return (buffer);
12480Sstevel@tonic-gate }
12490Sstevel@tonic-gate
12500Sstevel@tonic-gate static gss_buffer_desc
make_dummy_token_msg(void * data,int dataLen)12510Sstevel@tonic-gate make_dummy_token_msg(void *data, int dataLen)
12520Sstevel@tonic-gate {
12530Sstevel@tonic-gate gss_buffer_desc buffer;
12540Sstevel@tonic-gate int tlen;
12550Sstevel@tonic-gate unsigned char *t;
12560Sstevel@tonic-gate unsigned char *ptr;
12570Sstevel@tonic-gate
12580Sstevel@tonic-gate if (data == NULL) {
12590Sstevel@tonic-gate buffer.length = 0;
12600Sstevel@tonic-gate buffer.value = NULL;
12610Sstevel@tonic-gate return (buffer);
12620Sstevel@tonic-gate }
12630Sstevel@tonic-gate
12640Sstevel@tonic-gate tlen = g_token_size((gss_OID)gss_mech_dummy, dataLen);
12650Sstevel@tonic-gate t = (unsigned char *) malloc(tlen);
12660Sstevel@tonic-gate ptr = t;
12670Sstevel@tonic-gate
12680Sstevel@tonic-gate g_make_token_header((gss_OID)gss_mech_dummy, dataLen, &ptr, 0);
12690Sstevel@tonic-gate memcpy(ptr, data, dataLen);
12700Sstevel@tonic-gate
12710Sstevel@tonic-gate buffer.length = tlen;
12720Sstevel@tonic-gate buffer.value = (void *) t;
12730Sstevel@tonic-gate return (buffer);
12740Sstevel@tonic-gate }
12750Sstevel@tonic-gate
12760Sstevel@tonic-gate static int
der_length_size(length)12770Sstevel@tonic-gate der_length_size(length)
12780Sstevel@tonic-gate int length;
12790Sstevel@tonic-gate {
12800Sstevel@tonic-gate if (length < (1<<7))
12810Sstevel@tonic-gate return (1);
12820Sstevel@tonic-gate else if (length < (1<<8))
12830Sstevel@tonic-gate return (2);
12840Sstevel@tonic-gate else if (length < (1<<16))
12850Sstevel@tonic-gate return (3);
12860Sstevel@tonic-gate else if (length < (1<<24))
12870Sstevel@tonic-gate return (4);
12880Sstevel@tonic-gate else
12890Sstevel@tonic-gate return (5);
12900Sstevel@tonic-gate }
12910Sstevel@tonic-gate
12920Sstevel@tonic-gate static void
der_write_length(buf,length)12930Sstevel@tonic-gate der_write_length(buf, length)
12940Sstevel@tonic-gate unsigned char **buf;
12950Sstevel@tonic-gate int length;
12960Sstevel@tonic-gate {
12970Sstevel@tonic-gate if (length < (1<<7)) {
12980Sstevel@tonic-gate *(*buf)++ = (unsigned char) length;
12990Sstevel@tonic-gate } else {
13000Sstevel@tonic-gate *(*buf)++ = (unsigned char) (der_length_size(length)+127);
13010Sstevel@tonic-gate if (length >= (1<<24))
13020Sstevel@tonic-gate *(*buf)++ = (unsigned char) (length>>24);
13030Sstevel@tonic-gate if (length >= (1<<16))
13040Sstevel@tonic-gate *(*buf)++ = (unsigned char) ((length>>16)&0xff);
13050Sstevel@tonic-gate if (length >= (1<<8))
13060Sstevel@tonic-gate *(*buf)++ = (unsigned char) ((length>>8)&0xff);
13070Sstevel@tonic-gate *(*buf)++ = (unsigned char) (length&0xff);
13080Sstevel@tonic-gate }
13090Sstevel@tonic-gate }
13100Sstevel@tonic-gate
13110Sstevel@tonic-gate static int
der_read_length(buf,bufsize)13120Sstevel@tonic-gate der_read_length(buf, bufsize)
13130Sstevel@tonic-gate unsigned char **buf;
13140Sstevel@tonic-gate int *bufsize;
13150Sstevel@tonic-gate {
13160Sstevel@tonic-gate unsigned char sf;
13170Sstevel@tonic-gate int ret;
13180Sstevel@tonic-gate
13190Sstevel@tonic-gate if (*bufsize < 1)
13200Sstevel@tonic-gate return (-1);
13210Sstevel@tonic-gate
13220Sstevel@tonic-gate sf = *(*buf)++;
13230Sstevel@tonic-gate (*bufsize)--;
13240Sstevel@tonic-gate if (sf & 0x80) {
13250Sstevel@tonic-gate if ((sf &= 0x7f) > ((*bufsize)-1))
13260Sstevel@tonic-gate return (-1);
13270Sstevel@tonic-gate
13280Sstevel@tonic-gate if (sf > DUMMY_SIZE_OF_INT)
13290Sstevel@tonic-gate return (-1);
13300Sstevel@tonic-gate ret = 0;
13310Sstevel@tonic-gate for (; sf; sf--) {
13320Sstevel@tonic-gate ret = (ret<<8) + (*(*buf)++);
13330Sstevel@tonic-gate (*bufsize)--;
13340Sstevel@tonic-gate }
13350Sstevel@tonic-gate } else {
13360Sstevel@tonic-gate ret = sf;
13370Sstevel@tonic-gate }
13380Sstevel@tonic-gate
13390Sstevel@tonic-gate return (ret);
13400Sstevel@tonic-gate }
13410Sstevel@tonic-gate
13420Sstevel@tonic-gate static int
g_token_size(mech,body_size)13430Sstevel@tonic-gate g_token_size(mech, body_size)
13440Sstevel@tonic-gate gss_OID mech;
13450Sstevel@tonic-gate unsigned int body_size;
13460Sstevel@tonic-gate {
13470Sstevel@tonic-gate /* set body_size to sequence contents size */
13480Sstevel@tonic-gate body_size += 4 + (int)mech->length; /* NEED overflow check */
13490Sstevel@tonic-gate return (1 + der_length_size(body_size) + body_size);
13500Sstevel@tonic-gate }
13510Sstevel@tonic-gate
13520Sstevel@tonic-gate static void
g_make_token_header(mech,body_size,buf,tok_type)13530Sstevel@tonic-gate g_make_token_header(mech, body_size, buf, tok_type)
13540Sstevel@tonic-gate gss_OID mech;
13550Sstevel@tonic-gate int body_size;
13560Sstevel@tonic-gate unsigned char **buf;
13570Sstevel@tonic-gate int tok_type;
13580Sstevel@tonic-gate {
13590Sstevel@tonic-gate *(*buf)++ = 0x60;
13600Sstevel@tonic-gate der_write_length(buf, 4 + mech->length + body_size);
13610Sstevel@tonic-gate *(*buf)++ = 0x06;
13620Sstevel@tonic-gate *(*buf)++ = (unsigned char) mech->length;
13630Sstevel@tonic-gate TWRITE_STR(*buf, mech->elements, ((int)mech->length));
13640Sstevel@tonic-gate *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
13650Sstevel@tonic-gate *(*buf)++ = (unsigned char) (tok_type&0xff);
13660Sstevel@tonic-gate }
13670Sstevel@tonic-gate
13680Sstevel@tonic-gate static int
g_verify_token_header(mech,body_size,buf_in,tok_type,toksize)13690Sstevel@tonic-gate g_verify_token_header(mech, body_size, buf_in, tok_type, toksize)
13700Sstevel@tonic-gate gss_OID mech;
13710Sstevel@tonic-gate int *body_size;
13720Sstevel@tonic-gate unsigned char **buf_in;
13730Sstevel@tonic-gate int tok_type;
13740Sstevel@tonic-gate int toksize;
13750Sstevel@tonic-gate {
13760Sstevel@tonic-gate unsigned char *buf = *buf_in;
13770Sstevel@tonic-gate int seqsize;
13780Sstevel@tonic-gate gss_OID_desc toid;
13790Sstevel@tonic-gate int ret = 0;
13800Sstevel@tonic-gate
13810Sstevel@tonic-gate if ((toksize -= 1) < 0)
13820Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13830Sstevel@tonic-gate if (*buf++ != 0x60)
13840Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13850Sstevel@tonic-gate
13860Sstevel@tonic-gate if ((seqsize = der_read_length(&buf, &toksize)) < 0)
13870Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13880Sstevel@tonic-gate
13890Sstevel@tonic-gate if (seqsize != toksize)
13900Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13910Sstevel@tonic-gate
13920Sstevel@tonic-gate if ((toksize -= 1) < 0)
13930Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13940Sstevel@tonic-gate if (*buf++ != 0x06)
13950Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13960Sstevel@tonic-gate
13970Sstevel@tonic-gate if ((toksize -= 1) < 0)
13980Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
13990Sstevel@tonic-gate toid.length = *buf++;
14000Sstevel@tonic-gate
14010Sstevel@tonic-gate if ((toksize -= toid.length) < 0)
14020Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
14030Sstevel@tonic-gate toid.elements = buf;
14040Sstevel@tonic-gate buf += toid.length;
14050Sstevel@tonic-gate
14060Sstevel@tonic-gate if (!g_OID_equal(&toid, mech))
14070Sstevel@tonic-gate ret = G_WRONG_MECH;
14080Sstevel@tonic-gate
14090Sstevel@tonic-gate /*
14100Sstevel@tonic-gate * G_WRONG_MECH is not returned immediately because it's more important
14110Sstevel@tonic-gate * to return G_BAD_TOK_HEADER if the token header is in fact bad
14120Sstevel@tonic-gate */
14130Sstevel@tonic-gate
14140Sstevel@tonic-gate if ((toksize -= 2) < 0)
14150Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
14160Sstevel@tonic-gate
14170Sstevel@tonic-gate if ((*buf++ != ((tok_type>>8)&0xff)) ||
14180Sstevel@tonic-gate (*buf++ != (tok_type&0xff)))
14190Sstevel@tonic-gate return (G_BAD_TOK_HEADER);
14200Sstevel@tonic-gate
14210Sstevel@tonic-gate if (!ret) {
14220Sstevel@tonic-gate *buf_in = buf;
14230Sstevel@tonic-gate *body_size = toksize;
14240Sstevel@tonic-gate }
14250Sstevel@tonic-gate
14260Sstevel@tonic-gate return (ret);
14270Sstevel@tonic-gate }
1428