10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5*10598SGlenn.Barry@Sun.COM * Common Development and Distribution License (the "License").
6*10598SGlenn.Barry@Sun.COM * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
200Sstevel@tonic-gate */
210Sstevel@tonic-gate /*
22*10598SGlenn.Barry@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
230Sstevel@tonic-gate * Use is subject to license terms.
240Sstevel@tonic-gate */
250Sstevel@tonic-gate
260Sstevel@tonic-gate /*
270Sstevel@tonic-gate * GSSAPI library stub module for gssd.
280Sstevel@tonic-gate */
290Sstevel@tonic-gate
300Sstevel@tonic-gate #include <stdio.h>
310Sstevel@tonic-gate #include <stdlib.h>
320Sstevel@tonic-gate #include <mechglueP.h>
330Sstevel@tonic-gate #include "gssd.h"
340Sstevel@tonic-gate #include <rpc/rpc.h>
350Sstevel@tonic-gate
360Sstevel@tonic-gate #ifdef _KERNEL
370Sstevel@tonic-gate #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
380Sstevel@tonic-gate #define FREE(x, n) kmem_free((x), (n))
390Sstevel@tonic-gate #define memcpy(dst, src, n) bcopy((src), (dst), (n))
400Sstevel@tonic-gate #define clnt_pcreateerror(srv) printf("Cannot connect to server on %s\n", srv)
410Sstevel@tonic-gate
420Sstevel@tonic-gate #ifdef DEBUG
430Sstevel@tonic-gate #ifndef _SYS_CMN_ERR_H
440Sstevel@tonic-gate #define _SYS_CMN_ERR_H
450Sstevel@tonic-gate #define CE_NOTE 1
460Sstevel@tonic-gate #endif
470Sstevel@tonic-gate #include <sys/types.h>
480Sstevel@tonic-gate #include <sys/devops.h>
490Sstevel@tonic-gate #include <sys/open.h>
500Sstevel@tonic-gate #include <sys/stat.h>
510Sstevel@tonic-gate #include <sys/conf.h>
520Sstevel@tonic-gate #include <sys/ddi.h>
530Sstevel@tonic-gate #include <sys/sunddi.h>
540Sstevel@tonic-gate #include <sys/uio.h>
550Sstevel@tonic-gate #endif /* DEBUG */
560Sstevel@tonic-gate
570Sstevel@tonic-gate #else /* !_KERNEL */
580Sstevel@tonic-gate #define MALLOC(n) malloc(n)
590Sstevel@tonic-gate #define FREE(x, n) free(x)
600Sstevel@tonic-gate #endif /* _KERNEL */
610Sstevel@tonic-gate #define DEFAULT_MINOR_STAT ((OM_uint32) ~0)
620Sstevel@tonic-gate
630Sstevel@tonic-gate CLIENT *clnt, *getgssd_handle();
640Sstevel@tonic-gate char *server = "localhost";
650Sstevel@tonic-gate
660Sstevel@tonic-gate OM_uint32
kgss_acquire_cred_wrapped(minor_status,desired_name,time_req,desired_mechs,cred_usage,output_cred_handle,actual_mechs,time_rec,uid,gssd_cred_verifier)670Sstevel@tonic-gate kgss_acquire_cred_wrapped(minor_status,
680Sstevel@tonic-gate desired_name,
690Sstevel@tonic-gate time_req,
700Sstevel@tonic-gate desired_mechs,
710Sstevel@tonic-gate cred_usage,
720Sstevel@tonic-gate output_cred_handle,
730Sstevel@tonic-gate actual_mechs,
740Sstevel@tonic-gate time_rec,
750Sstevel@tonic-gate uid,
760Sstevel@tonic-gate gssd_cred_verifier)
770Sstevel@tonic-gate OM_uint32 *minor_status;
780Sstevel@tonic-gate gss_name_t desired_name;
790Sstevel@tonic-gate OM_uint32 time_req;
800Sstevel@tonic-gate gss_OID_set desired_mechs;
810Sstevel@tonic-gate int cred_usage;
820Sstevel@tonic-gate gssd_cred_id_t *output_cred_handle;
830Sstevel@tonic-gate gss_OID_set *actual_mechs;
840Sstevel@tonic-gate OM_uint32 *time_rec;
850Sstevel@tonic-gate uid_t uid;
860Sstevel@tonic-gate OM_uint32 *gssd_cred_verifier;
870Sstevel@tonic-gate {
880Sstevel@tonic-gate OM_uint32 minor_status_temp;
890Sstevel@tonic-gate gss_buffer_desc external_name;
900Sstevel@tonic-gate gss_OID name_type;
910Sstevel@tonic-gate int i;
920Sstevel@tonic-gate
930Sstevel@tonic-gate gss_acquire_cred_arg arg;
940Sstevel@tonic-gate gss_acquire_cred_res res;
950Sstevel@tonic-gate
960Sstevel@tonic-gate /* get the client handle to GSSD */
970Sstevel@tonic-gate
980Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
990Sstevel@tonic-gate clnt_pcreateerror(server);
1000Sstevel@tonic-gate return (GSS_S_FAILURE);
1010Sstevel@tonic-gate }
1020Sstevel@tonic-gate
1030Sstevel@tonic-gate /* convert the desired name from internal to external format */
1040Sstevel@tonic-gate
1050Sstevel@tonic-gate if (gss_display_name(&minor_status_temp, desired_name, &external_name,
1060Sstevel@tonic-gate &name_type) != GSS_S_COMPLETE) {
1070Sstevel@tonic-gate
1080Sstevel@tonic-gate *minor_status = (OM_uint32) minor_status_temp;
1090Sstevel@tonic-gate gss_release_buffer(&minor_status_temp, &external_name);
1100Sstevel@tonic-gate return ((OM_uint32) GSS_S_FAILURE);
1110Sstevel@tonic-gate }
1120Sstevel@tonic-gate
1130Sstevel@tonic-gate
1140Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
1150Sstevel@tonic-gate
1160Sstevel@tonic-gate arg.uid = (OM_uint32)uid;
1170Sstevel@tonic-gate
1180Sstevel@tonic-gate arg.desired_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
1190Sstevel@tonic-gate arg.desired_name.GSS_BUFFER_T_val = (char *)external_name.value;
1200Sstevel@tonic-gate
1210Sstevel@tonic-gate arg.name_type.GSS_OID_len =
1220Sstevel@tonic-gate name_type == GSS_C_NULL_OID ?
1230Sstevel@tonic-gate 0 : (uint_t)name_type->length;
1240Sstevel@tonic-gate
1250Sstevel@tonic-gate arg.name_type.GSS_OID_val =
1260Sstevel@tonic-gate name_type == GSS_C_NULL_OID ?
1270Sstevel@tonic-gate (char *)NULL : (char *)name_type->elements;
1280Sstevel@tonic-gate
1290Sstevel@tonic-gate arg.time_req = time_req;
1300Sstevel@tonic-gate
1310Sstevel@tonic-gate if (desired_mechs != GSS_C_NULL_OID_SET) {
1320Sstevel@tonic-gate arg.desired_mechs.GSS_OID_SET_len =
1330Sstevel@tonic-gate (uint_t)desired_mechs->count;
1340Sstevel@tonic-gate arg.desired_mechs.GSS_OID_SET_val = (GSS_OID *)
1350Sstevel@tonic-gate MALLOC(sizeof (GSS_OID) * desired_mechs->count);
1360Sstevel@tonic-gate
1370Sstevel@tonic-gate for (i = 0; i < desired_mechs->count; i++) {
1380Sstevel@tonic-gate arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len =
1390Sstevel@tonic-gate (uint_t)desired_mechs->elements[i].length;
1400Sstevel@tonic-gate arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val =
1410Sstevel@tonic-gate (char *)
1420Sstevel@tonic-gate MALLOC(desired_mechs->elements[i].length);
1430Sstevel@tonic-gate memcpy(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
1440Sstevel@tonic-gate desired_mechs->elements[i].elements,
1450Sstevel@tonic-gate desired_mechs->elements[i].length);
1460Sstevel@tonic-gate }
1470Sstevel@tonic-gate } else
1480Sstevel@tonic-gate arg.desired_mechs.GSS_OID_SET_len = 0;
1490Sstevel@tonic-gate
1500Sstevel@tonic-gate arg.cred_usage = cred_usage;
1510Sstevel@tonic-gate
1520Sstevel@tonic-gate /* call the remote procedure */
1530Sstevel@tonic-gate
1540Sstevel@tonic-gate memset(&res, 0, sizeof (res));
1550Sstevel@tonic-gate if (gss_acquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
1560Sstevel@tonic-gate
1570Sstevel@tonic-gate /*
1580Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
1590Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
1600Sstevel@tonic-gate */
1610Sstevel@tonic-gate
1620Sstevel@tonic-gate if (minor_status != NULL)
163*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
1640Sstevel@tonic-gate if (output_cred_handle != NULL)
1650Sstevel@tonic-gate *output_cred_handle = NULL;
1660Sstevel@tonic-gate if (actual_mechs != NULL)
1670Sstevel@tonic-gate *actual_mechs = NULL;
1680Sstevel@tonic-gate if (time_rec != NULL)
1690Sstevel@tonic-gate *time_rec = 0;
1700Sstevel@tonic-gate
1710Sstevel@tonic-gate return (GSS_S_FAILURE);
1720Sstevel@tonic-gate }
1730Sstevel@tonic-gate
1740Sstevel@tonic-gate /* free the allocated memory for the flattened name and desire_mechs */
1750Sstevel@tonic-gate
1760Sstevel@tonic-gate gss_release_buffer(&minor_status_temp, &external_name);
1770Sstevel@tonic-gate for (i = 0; i < desired_mechs->count; i++)
1780Sstevel@tonic-gate FREE(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
1790Sstevel@tonic-gate arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len);
1800Sstevel@tonic-gate FREE(arg.desired_mechs.GSS_OID_SET_val,
1810Sstevel@tonic-gate arg.desired_mechs.GSS_OID_SET_len * sizeof (GSS_OID));
1820Sstevel@tonic-gate
1830Sstevel@tonic-gate /* copy the rpc results into the return arguments */
1840Sstevel@tonic-gate
1850Sstevel@tonic-gate if (minor_status != NULL)
1860Sstevel@tonic-gate *minor_status = res.minor_status;
1870Sstevel@tonic-gate
1880Sstevel@tonic-gate if (output_cred_handle != NULL) {
1890Sstevel@tonic-gate *output_cred_handle =
1900Sstevel@tonic-gate /*LINTED*/
1910Sstevel@tonic-gate *((gssd_cred_id_t *)res.output_cred_handle.GSS_CRED_ID_T_val);
1920Sstevel@tonic-gate *gssd_cred_verifier = res.gssd_cred_verifier;
1930Sstevel@tonic-gate }
1940Sstevel@tonic-gate
1950Sstevel@tonic-gate if (res.status == GSS_S_COMPLETE &&
1960Sstevel@tonic-gate res.actual_mechs.GSS_OID_SET_len != 0 &&
1970Sstevel@tonic-gate actual_mechs != NULL) {
1980Sstevel@tonic-gate *actual_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
1990Sstevel@tonic-gate (*actual_mechs)->count =
2000Sstevel@tonic-gate (int)res.actual_mechs.GSS_OID_SET_len;
2010Sstevel@tonic-gate (*actual_mechs)->elements = (gss_OID)
2020Sstevel@tonic-gate MALLOC(sizeof (gss_OID_desc) * (*actual_mechs)->count);
2030Sstevel@tonic-gate
2040Sstevel@tonic-gate for (i = 0; i < (*actual_mechs)->count; i++) {
2050Sstevel@tonic-gate (*actual_mechs)->elements[i].length = (OM_uint32)
2060Sstevel@tonic-gate res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_len;
2070Sstevel@tonic-gate (*actual_mechs)->elements[i].elements =
2080Sstevel@tonic-gate (void *) MALLOC((*actual_mechs)->elements[i].length);
2090Sstevel@tonic-gate memcpy((*actual_mechs)->elements[i].elements,
2100Sstevel@tonic-gate res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_val,
2110Sstevel@tonic-gate (*actual_mechs)->elements[i].length);
2120Sstevel@tonic-gate }
2130Sstevel@tonic-gate } else {
2140Sstevel@tonic-gate if (res.status == GSS_S_COMPLETE && actual_mechs != NULL)
2150Sstevel@tonic-gate (*actual_mechs)->count = 0;
2160Sstevel@tonic-gate }
2170Sstevel@tonic-gate
2180Sstevel@tonic-gate if (time_rec != NULL)
2190Sstevel@tonic-gate *time_rec = res.time_rec;
2200Sstevel@tonic-gate
2210Sstevel@tonic-gate /*
2220Sstevel@tonic-gate * free the memory allocated for the results and return with the status
2230Sstevel@tonic-gate * received in the rpc call
2240Sstevel@tonic-gate */
2250Sstevel@tonic-gate
2260Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_acquire_cred_res, (caddr_t)&res);
2270Sstevel@tonic-gate return (res.status);
2280Sstevel@tonic-gate }
2290Sstevel@tonic-gate
2300Sstevel@tonic-gate OM_uint32
kgss_acquire_cred(minor_status,desired_name,time_req,desired_mechs,cred_usage,output_cred_handle,actual_mechs,time_rec,uid)2310Sstevel@tonic-gate kgss_acquire_cred(minor_status,
2320Sstevel@tonic-gate desired_name,
2330Sstevel@tonic-gate time_req,
2340Sstevel@tonic-gate desired_mechs,
2350Sstevel@tonic-gate cred_usage,
2360Sstevel@tonic-gate output_cred_handle,
2370Sstevel@tonic-gate actual_mechs,
2380Sstevel@tonic-gate time_rec,
2390Sstevel@tonic-gate uid)
2400Sstevel@tonic-gate OM_uint32 *minor_status;
2410Sstevel@tonic-gate gss_name_t desired_name;
2420Sstevel@tonic-gate OM_uint32 time_req;
2430Sstevel@tonic-gate gss_OID_set desired_mechs;
2440Sstevel@tonic-gate int cred_usage;
2450Sstevel@tonic-gate gss_cred_id_t *output_cred_handle;
2460Sstevel@tonic-gate gss_OID_set *actual_mechs;
2470Sstevel@tonic-gate OM_uint32 *time_rec;
2480Sstevel@tonic-gate uid_t uid;
2490Sstevel@tonic-gate {
2500Sstevel@tonic-gate
2510Sstevel@tonic-gate OM_uint32 err;
2520Sstevel@tonic-gate struct kgss_cred *kcred;
2530Sstevel@tonic-gate
2540Sstevel@tonic-gate kcred = KGSS_CRED_ALLOC();
2550Sstevel@tonic-gate *output_cred_handle = (gss_cred_id_t)kcred;
2560Sstevel@tonic-gate err = kgss_acquire_cred_wrapped(minor_status,
2570Sstevel@tonic-gate desired_name, time_req,
2580Sstevel@tonic-gate desired_mechs, cred_usage,
2590Sstevel@tonic-gate &kcred->gssd_cred, actual_mechs,
2600Sstevel@tonic-gate time_rec, uid,
2610Sstevel@tonic-gate &kcred->gssd_cred_verifier);
2620Sstevel@tonic-gate if (GSS_ERROR(err)) {
2630Sstevel@tonic-gate KGSS_CRED_FREE(kcred);
2640Sstevel@tonic-gate *output_cred_handle = GSS_C_NO_CREDENTIAL;
2650Sstevel@tonic-gate }
2660Sstevel@tonic-gate return (err);
2670Sstevel@tonic-gate }
2680Sstevel@tonic-gate
2690Sstevel@tonic-gate OM_uint32
kgss_add_cred_wrapped(minor_status,input_cred_handle,gssd_cred_verifier,desired_name,desired_mech_type,cred_usage,initiator_time_req,acceptor_time_req,actual_mechs,initiator_time_rec,acceptor_time_rec,uid)2700Sstevel@tonic-gate kgss_add_cred_wrapped(minor_status,
2710Sstevel@tonic-gate input_cred_handle,
2720Sstevel@tonic-gate gssd_cred_verifier,
2730Sstevel@tonic-gate desired_name,
2740Sstevel@tonic-gate desired_mech_type,
2750Sstevel@tonic-gate cred_usage,
2760Sstevel@tonic-gate initiator_time_req,
2770Sstevel@tonic-gate acceptor_time_req,
2780Sstevel@tonic-gate actual_mechs,
2790Sstevel@tonic-gate initiator_time_rec,
2800Sstevel@tonic-gate acceptor_time_rec,
2810Sstevel@tonic-gate uid)
2820Sstevel@tonic-gate OM_uint32 *minor_status;
2830Sstevel@tonic-gate gssd_cred_id_t input_cred_handle;
2840Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
2850Sstevel@tonic-gate gss_name_t desired_name;
2860Sstevel@tonic-gate gss_OID desired_mech_type;
2870Sstevel@tonic-gate int cred_usage;
2880Sstevel@tonic-gate int initiator_time_req;
2890Sstevel@tonic-gate int acceptor_time_req;
2900Sstevel@tonic-gate gss_OID_set *actual_mechs;
2910Sstevel@tonic-gate OM_uint32 *initiator_time_rec;
2920Sstevel@tonic-gate OM_uint32 *acceptor_time_rec;
2930Sstevel@tonic-gate uid_t uid;
2940Sstevel@tonic-gate {
2950Sstevel@tonic-gate CLIENT *clnt;
2960Sstevel@tonic-gate
2970Sstevel@tonic-gate OM_uint32 minor_status_temp;
2980Sstevel@tonic-gate gss_buffer_desc external_name;
2990Sstevel@tonic-gate gss_OID name_type;
3000Sstevel@tonic-gate int i;
3010Sstevel@tonic-gate
3020Sstevel@tonic-gate gss_add_cred_arg arg;
3030Sstevel@tonic-gate gss_add_cred_res res;
3040Sstevel@tonic-gate
3050Sstevel@tonic-gate /* get the client handle to GSSD */
3060Sstevel@tonic-gate
3070Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
3080Sstevel@tonic-gate clnt_pcreateerror(server);
3090Sstevel@tonic-gate return (GSS_S_FAILURE);
3100Sstevel@tonic-gate }
3110Sstevel@tonic-gate
3120Sstevel@tonic-gate
3130Sstevel@tonic-gate /* convert the desired name from internal to external format */
3140Sstevel@tonic-gate
3150Sstevel@tonic-gate if (gss_display_name(&minor_status_temp, desired_name, &external_name,
3160Sstevel@tonic-gate &name_type) != GSS_S_COMPLETE) {
3170Sstevel@tonic-gate
3180Sstevel@tonic-gate *minor_status = (OM_uint32) minor_status_temp;
3190Sstevel@tonic-gate (void) gss_release_buffer(&minor_status_temp, &external_name);
3200Sstevel@tonic-gate clnt_pcreateerror(server);
3210Sstevel@tonic-gate return ((OM_uint32) GSS_S_FAILURE);
3220Sstevel@tonic-gate }
3230Sstevel@tonic-gate
3240Sstevel@tonic-gate
3250Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
3260Sstevel@tonic-gate
3270Sstevel@tonic-gate arg.uid = (OM_uint32) uid;
3280Sstevel@tonic-gate arg.input_cred_handle.GSS_CRED_ID_T_len =
3290Sstevel@tonic-gate input_cred_handle ==
3300Sstevel@tonic-gate (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
3310Sstevel@tonic-gate 0 : (uint_t)sizeof (gssd_cred_id_t);
3320Sstevel@tonic-gate arg.input_cred_handle.GSS_CRED_ID_T_val =
3330Sstevel@tonic-gate (char *)&input_cred_handle;
3340Sstevel@tonic-gate arg.gssd_cred_verifier = gssd_cred_verifier;
3350Sstevel@tonic-gate arg.desired_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
3360Sstevel@tonic-gate arg.desired_name.GSS_BUFFER_T_val = (char *)external_name.value;
3370Sstevel@tonic-gate arg.name_type.GSS_OID_len =
3380Sstevel@tonic-gate name_type == GSS_C_NULL_OID ?
3390Sstevel@tonic-gate 0 : (uint_t)name_type->length;
3400Sstevel@tonic-gate arg.name_type.GSS_OID_val =
3410Sstevel@tonic-gate name_type == GSS_C_NULL_OID ?
3420Sstevel@tonic-gate (char *)NULL : (char *)name_type->elements;
3430Sstevel@tonic-gate
3440Sstevel@tonic-gate arg.desired_mech_type.GSS_OID_len =
3450Sstevel@tonic-gate (uint_t)(desired_mech_type != GSS_C_NULL_OID ?
3460Sstevel@tonic-gate desired_mech_type->length : 0);
3470Sstevel@tonic-gate arg.desired_mech_type.GSS_OID_val =
3480Sstevel@tonic-gate (char *)(desired_mech_type != GSS_C_NULL_OID ?
3490Sstevel@tonic-gate desired_mech_type->elements : 0);
3500Sstevel@tonic-gate arg.cred_usage = cred_usage;
3510Sstevel@tonic-gate arg.initiator_time_req = initiator_time_req;
3520Sstevel@tonic-gate arg.acceptor_time_req = acceptor_time_req;
3530Sstevel@tonic-gate
3540Sstevel@tonic-gate /* call the remote procedure */
3550Sstevel@tonic-gate
3560Sstevel@tonic-gate bzero((caddr_t)&res, sizeof (res));
3570Sstevel@tonic-gate if (gss_add_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
3580Sstevel@tonic-gate
3590Sstevel@tonic-gate /*
3600Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
3610Sstevel@tonic-gate * set minor_status to its maximum value, and return
3620Sstevel@tonic-gate * GSS_S_FAILURE
3630Sstevel@tonic-gate */
3640Sstevel@tonic-gate
3650Sstevel@tonic-gate if (minor_status != NULL)
3660Sstevel@tonic-gate *minor_status = DEFAULT_MINOR_STAT;
3670Sstevel@tonic-gate if (actual_mechs != NULL)
3680Sstevel@tonic-gate *actual_mechs = NULL;
3690Sstevel@tonic-gate if (initiator_time_rec != NULL)
3700Sstevel@tonic-gate *initiator_time_rec = 0;
3710Sstevel@tonic-gate if (acceptor_time_rec != NULL)
3720Sstevel@tonic-gate *acceptor_time_rec = 0;
3730Sstevel@tonic-gate return (GSS_S_FAILURE);
3740Sstevel@tonic-gate }
3750Sstevel@tonic-gate
3760Sstevel@tonic-gate /* free the allocated memory for the flattened name */
3770Sstevel@tonic-gate
3780Sstevel@tonic-gate (void) gss_release_buffer(&minor_status_temp, &external_name);
3790Sstevel@tonic-gate
3800Sstevel@tonic-gate /* copy the rpc results into the return arguments */
3810Sstevel@tonic-gate
3820Sstevel@tonic-gate if (minor_status != NULL)
3830Sstevel@tonic-gate *minor_status = res.minor_status;
3840Sstevel@tonic-gate
3850Sstevel@tonic-gate if (res.status == GSS_S_COMPLETE &&
3860Sstevel@tonic-gate res.actual_mechs.GSS_OID_SET_len != 0 &&
3870Sstevel@tonic-gate actual_mechs != NULL) {
3880Sstevel@tonic-gate *actual_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
3890Sstevel@tonic-gate (*actual_mechs)->count =
3900Sstevel@tonic-gate (int)res.actual_mechs.GSS_OID_SET_len;
3910Sstevel@tonic-gate (*actual_mechs)->elements = (gss_OID)
3920Sstevel@tonic-gate MALLOC(sizeof (gss_OID_desc) * (*actual_mechs)->count);
3930Sstevel@tonic-gate
3940Sstevel@tonic-gate for (i = 0; i < (*actual_mechs)->count; i++) {
3950Sstevel@tonic-gate (*actual_mechs)->elements[i].length = (OM_uint32)
3960Sstevel@tonic-gate res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_len;
3970Sstevel@tonic-gate (*actual_mechs)->elements[i].elements =
3980Sstevel@tonic-gate (void *) MALLOC((*actual_mechs)->elements[i].length);
3990Sstevel@tonic-gate memcpy((*actual_mechs)->elements[i].elements,
4000Sstevel@tonic-gate res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_val,
4010Sstevel@tonic-gate (*actual_mechs)->elements[i].length);
4020Sstevel@tonic-gate }
4030Sstevel@tonic-gate } else {
4040Sstevel@tonic-gate if (res.status == GSS_S_COMPLETE &&
4050Sstevel@tonic-gate actual_mechs != NULL)
4060Sstevel@tonic-gate (*actual_mechs)->count = 0;
4070Sstevel@tonic-gate }
4080Sstevel@tonic-gate if (initiator_time_rec != NULL)
4090Sstevel@tonic-gate *initiator_time_rec = res.initiator_time_rec;
4100Sstevel@tonic-gate if (acceptor_time_rec != NULL)
4110Sstevel@tonic-gate *acceptor_time_rec = res.acceptor_time_rec;
4120Sstevel@tonic-gate
4130Sstevel@tonic-gate /*
4140Sstevel@tonic-gate * free the memory allocated for the results and return with the status
4150Sstevel@tonic-gate * received in the rpc call
4160Sstevel@tonic-gate */
4170Sstevel@tonic-gate
4180Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_add_cred_res, (caddr_t)&res);
4190Sstevel@tonic-gate return (res.status);
4200Sstevel@tonic-gate
4210Sstevel@tonic-gate }
4220Sstevel@tonic-gate
4230Sstevel@tonic-gate OM_uint32
kgss_add_cred(minor_status,input_cred_handle,desired_name,desired_mech_type,cred_usage,initiator_time_req,acceptor_time_req,actual_mechs,initiator_time_rec,acceptor_time_rec,uid)4240Sstevel@tonic-gate kgss_add_cred(minor_status,
4250Sstevel@tonic-gate input_cred_handle,
4260Sstevel@tonic-gate desired_name,
4270Sstevel@tonic-gate desired_mech_type,
4280Sstevel@tonic-gate cred_usage,
4290Sstevel@tonic-gate initiator_time_req,
4300Sstevel@tonic-gate acceptor_time_req,
4310Sstevel@tonic-gate actual_mechs,
4320Sstevel@tonic-gate initiator_time_rec,
4330Sstevel@tonic-gate acceptor_time_rec,
4340Sstevel@tonic-gate uid)
4350Sstevel@tonic-gate OM_uint32 *minor_status;
4360Sstevel@tonic-gate gss_cred_id_t input_cred_handle;
4370Sstevel@tonic-gate gss_name_t desired_name;
4380Sstevel@tonic-gate gss_OID desired_mech_type;
4390Sstevel@tonic-gate int cred_usage;
4400Sstevel@tonic-gate int initiator_time_req;
4410Sstevel@tonic-gate int acceptor_time_req;
4420Sstevel@tonic-gate gss_OID_set *actual_mechs;
4430Sstevel@tonic-gate OM_uint32 *initiator_time_rec;
4440Sstevel@tonic-gate OM_uint32 *acceptor_time_rec;
4450Sstevel@tonic-gate uid_t uid;
4460Sstevel@tonic-gate {
4470Sstevel@tonic-gate
4480Sstevel@tonic-gate OM_uint32 err;
4490Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
4500Sstevel@tonic-gate gssd_cred_id_t gssd_input_cred_handle;
4510Sstevel@tonic-gate
4520Sstevel@tonic-gate
4530Sstevel@tonic-gate if (input_cred_handle != GSS_C_NO_CREDENTIAL) {
4540Sstevel@tonic-gate gssd_cred_verifier = KCRED_TO_CREDV(input_cred_handle);
4550Sstevel@tonic-gate gssd_input_cred_handle = KCRED_TO_CRED(input_cred_handle);
4560Sstevel@tonic-gate } else
4570Sstevel@tonic-gate gssd_input_cred_handle = (gssd_cred_id_t)GSS_C_NO_CREDENTIAL;
4580Sstevel@tonic-gate
4590Sstevel@tonic-gate err = kgss_add_cred_wrapped(minor_status, gssd_input_cred_handle,
4600Sstevel@tonic-gate gssd_cred_verifier, desired_name, desired_mech_type,
4610Sstevel@tonic-gate cred_usage, initiator_time_req, acceptor_time_req,
4620Sstevel@tonic-gate actual_mechs, initiator_time_rec,
4630Sstevel@tonic-gate acceptor_time_rec, uid);
4640Sstevel@tonic-gate return (err);
4650Sstevel@tonic-gate }
4660Sstevel@tonic-gate
4670Sstevel@tonic-gate OM_uint32
kgss_release_cred_wrapped(minor_status,cred_handle,uid,gssd_cred_verifier)4680Sstevel@tonic-gate kgss_release_cred_wrapped(minor_status,
4690Sstevel@tonic-gate cred_handle,
4700Sstevel@tonic-gate uid,
4710Sstevel@tonic-gate gssd_cred_verifier)
4720Sstevel@tonic-gate OM_uint32 *minor_status;
4730Sstevel@tonic-gate gssd_cred_id_t *cred_handle;
4740Sstevel@tonic-gate uid_t uid;
4750Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
4760Sstevel@tonic-gate {
4770Sstevel@tonic-gate
4780Sstevel@tonic-gate gss_release_cred_arg arg;
4790Sstevel@tonic-gate gss_release_cred_res res;
4800Sstevel@tonic-gate
4810Sstevel@tonic-gate
4820Sstevel@tonic-gate /* get the client handle to GSSD */
4830Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
4840Sstevel@tonic-gate clnt_pcreateerror(server);
4850Sstevel@tonic-gate return (GSS_S_FAILURE);
4860Sstevel@tonic-gate }
4870Sstevel@tonic-gate
4880Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
4890Sstevel@tonic-gate
4900Sstevel@tonic-gate arg.uid = (OM_uint32) uid;
4910Sstevel@tonic-gate arg.gssd_cred_verifier = gssd_cred_verifier;
4920Sstevel@tonic-gate
4930Sstevel@tonic-gate if (cred_handle != NULL) {
4940Sstevel@tonic-gate arg.cred_handle.GSS_CRED_ID_T_len =
4950Sstevel@tonic-gate (uint_t)sizeof (gssd_cred_id_t);
4960Sstevel@tonic-gate arg.cred_handle.GSS_CRED_ID_T_val = (char *)cred_handle;
4970Sstevel@tonic-gate } else
4980Sstevel@tonic-gate arg.cred_handle.GSS_CRED_ID_T_len = 0;
4990Sstevel@tonic-gate
5000Sstevel@tonic-gate /* call the remote procedure */
5010Sstevel@tonic-gate
5020Sstevel@tonic-gate memset(&res, 0, sizeof (res));
5030Sstevel@tonic-gate if (gss_release_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
5040Sstevel@tonic-gate
5050Sstevel@tonic-gate /*
5060Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
5070Sstevel@tonic-gate * set minor_status to its max value, and return GSS_S_FAILURE
5080Sstevel@tonic-gate */
5090Sstevel@tonic-gate
5100Sstevel@tonic-gate if (minor_status != NULL)
511*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
5120Sstevel@tonic-gate if (cred_handle != NULL)
5130Sstevel@tonic-gate *cred_handle = NULL;
5140Sstevel@tonic-gate
5150Sstevel@tonic-gate return (GSS_S_FAILURE);
5160Sstevel@tonic-gate }
5170Sstevel@tonic-gate
5180Sstevel@tonic-gate /* if the release succeeded, null out the cred_handle */
5190Sstevel@tonic-gate if (res.status == GSS_S_COMPLETE && cred_handle != NULL)
5200Sstevel@tonic-gate *cred_handle = NULL;
5210Sstevel@tonic-gate
5220Sstevel@tonic-gate /* copy the rpc results into the return arguments */
5230Sstevel@tonic-gate if (minor_status != NULL)
5240Sstevel@tonic-gate *minor_status = res.minor_status;
5250Sstevel@tonic-gate
5260Sstevel@tonic-gate /* return with status returned in rpc call */
5270Sstevel@tonic-gate return (res.status);
5280Sstevel@tonic-gate }
5290Sstevel@tonic-gate
5300Sstevel@tonic-gate OM_uint32
kgss_release_cred(minor_status,cred_handle,uid)5310Sstevel@tonic-gate kgss_release_cred(minor_status,
5320Sstevel@tonic-gate cred_handle,
5330Sstevel@tonic-gate uid)
5340Sstevel@tonic-gate OM_uint32 *minor_status;
5350Sstevel@tonic-gate gss_cred_id_t *cred_handle;
5360Sstevel@tonic-gate uid_t uid;
5370Sstevel@tonic-gate
5380Sstevel@tonic-gate {
5390Sstevel@tonic-gate
5400Sstevel@tonic-gate OM_uint32 err;
5410Sstevel@tonic-gate struct kgss_cred *kcred;
5420Sstevel@tonic-gate
5430Sstevel@tonic-gate if (*cred_handle == GSS_C_NO_CREDENTIAL)
5440Sstevel@tonic-gate return (GSS_S_COMPLETE);
5450Sstevel@tonic-gate else
5460Sstevel@tonic-gate kcred = KCRED_TO_KGSS_CRED(*cred_handle);
5470Sstevel@tonic-gate
5480Sstevel@tonic-gate err = kgss_release_cred_wrapped(minor_status, &kcred->gssd_cred,
5490Sstevel@tonic-gate uid, kcred->gssd_cred_verifier);
5500Sstevel@tonic-gate KGSS_CRED_FREE(kcred);
5510Sstevel@tonic-gate *cred_handle = GSS_C_NO_CREDENTIAL;
5520Sstevel@tonic-gate return (err);
5530Sstevel@tonic-gate }
5540Sstevel@tonic-gate
5550Sstevel@tonic-gate OM_uint32
kgss_init_sec_context_wrapped(minor_status,claimant_cred_handle,gssd_cred_verifier,context_handle,gssd_context_verifier,target_name,mech_type,req_flags,time_req,input_chan_bindings,input_token,actual_mech_type,output_token,ret_flags,time_rec,uid)5560Sstevel@tonic-gate kgss_init_sec_context_wrapped(minor_status,
5570Sstevel@tonic-gate claimant_cred_handle,
5580Sstevel@tonic-gate gssd_cred_verifier,
5590Sstevel@tonic-gate context_handle,
5600Sstevel@tonic-gate gssd_context_verifier,
5610Sstevel@tonic-gate target_name,
5620Sstevel@tonic-gate mech_type,
5630Sstevel@tonic-gate req_flags,
5640Sstevel@tonic-gate time_req,
5650Sstevel@tonic-gate input_chan_bindings,
5660Sstevel@tonic-gate input_token,
5670Sstevel@tonic-gate actual_mech_type,
5680Sstevel@tonic-gate output_token,
5690Sstevel@tonic-gate ret_flags,
5700Sstevel@tonic-gate time_rec,
5710Sstevel@tonic-gate uid)
5720Sstevel@tonic-gate OM_uint32 *minor_status;
5730Sstevel@tonic-gate gssd_cred_id_t claimant_cred_handle;
5740Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
5750Sstevel@tonic-gate OM_uint32 *context_handle;
5760Sstevel@tonic-gate OM_uint32 *gssd_context_verifier;
5770Sstevel@tonic-gate gss_name_t target_name;
5780Sstevel@tonic-gate gss_OID mech_type;
5790Sstevel@tonic-gate int req_flags;
5800Sstevel@tonic-gate OM_uint32 time_req;
5810Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings;
5820Sstevel@tonic-gate gss_buffer_t input_token;
5830Sstevel@tonic-gate gss_OID *actual_mech_type;
5840Sstevel@tonic-gate gss_buffer_t output_token;
5850Sstevel@tonic-gate int *ret_flags;
5860Sstevel@tonic-gate OM_uint32 *time_rec;
5870Sstevel@tonic-gate uid_t uid;
5880Sstevel@tonic-gate {
5890Sstevel@tonic-gate OM_uint32 minor_status_temp;
5900Sstevel@tonic-gate gss_buffer_desc external_name;
5910Sstevel@tonic-gate gss_OID name_type;
5920Sstevel@tonic-gate gss_init_sec_context_arg arg;
5930Sstevel@tonic-gate gss_init_sec_context_res res;
5940Sstevel@tonic-gate
5950Sstevel@tonic-gate /* get the client handle to GSSD */
5960Sstevel@tonic-gate
5970Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
5980Sstevel@tonic-gate clnt_pcreateerror(server);
5990Sstevel@tonic-gate return (GSS_S_FAILURE);
6000Sstevel@tonic-gate }
6010Sstevel@tonic-gate
6020Sstevel@tonic-gate /* convert the target name from internal to external format */
6030Sstevel@tonic-gate
6040Sstevel@tonic-gate if (gss_display_name(&minor_status_temp, target_name,
6050Sstevel@tonic-gate &external_name, &name_type) != GSS_S_COMPLETE) {
6060Sstevel@tonic-gate
6070Sstevel@tonic-gate *minor_status = (OM_uint32) minor_status_temp;
6080Sstevel@tonic-gate return ((OM_uint32) GSS_S_FAILURE);
6090Sstevel@tonic-gate }
6100Sstevel@tonic-gate
6110Sstevel@tonic-gate
6120Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
6130Sstevel@tonic-gate
6140Sstevel@tonic-gate arg.uid = (OM_uint32) uid;
6150Sstevel@tonic-gate
6160Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_len =
6170Sstevel@tonic-gate *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ? 0 :
6180Sstevel@tonic-gate (uint_t)sizeof (OM_uint32);
6190Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
6200Sstevel@tonic-gate arg.gssd_context_verifier = *gssd_context_verifier;
6210Sstevel@tonic-gate
6220Sstevel@tonic-gate arg.claimant_cred_handle.GSS_CRED_ID_T_len =
6230Sstevel@tonic-gate claimant_cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
6240Sstevel@tonic-gate 0 : (uint_t)sizeof (gssd_cred_id_t);
6250Sstevel@tonic-gate arg.claimant_cred_handle.GSS_CRED_ID_T_val =
6260Sstevel@tonic-gate (char *)&claimant_cred_handle;
6270Sstevel@tonic-gate arg.gssd_cred_verifier = gssd_cred_verifier;
6280Sstevel@tonic-gate
6290Sstevel@tonic-gate arg.target_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
6300Sstevel@tonic-gate arg.target_name.GSS_BUFFER_T_val = (char *)external_name.value;
6310Sstevel@tonic-gate
6320Sstevel@tonic-gate arg.name_type.GSS_OID_len =
6330Sstevel@tonic-gate name_type == GSS_C_NULL_OID ?
6340Sstevel@tonic-gate 0 : (uint_t)name_type->length;
6350Sstevel@tonic-gate
6360Sstevel@tonic-gate arg.name_type.GSS_OID_val =
6370Sstevel@tonic-gate name_type == GSS_C_NULL_OID ?
6380Sstevel@tonic-gate (char *)NULL : (char *)name_type->elements;
6390Sstevel@tonic-gate
6400Sstevel@tonic-gate arg.mech_type.GSS_OID_len = (uint_t)(mech_type != GSS_C_NULL_OID ?
6410Sstevel@tonic-gate mech_type->length : 0);
6420Sstevel@tonic-gate arg.mech_type.GSS_OID_val = (char *)(mech_type != GSS_C_NULL_OID ?
6430Sstevel@tonic-gate mech_type->elements : 0);
6440Sstevel@tonic-gate
6450Sstevel@tonic-gate arg.req_flags = req_flags;
6460Sstevel@tonic-gate
6470Sstevel@tonic-gate arg.time_req = time_req;
6480Sstevel@tonic-gate
6490Sstevel@tonic-gate if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
6500Sstevel@tonic-gate arg.input_chan_bindings.present = YES;
6510Sstevel@tonic-gate arg.input_chan_bindings.initiator_addrtype =
6520Sstevel@tonic-gate input_chan_bindings->initiator_addrtype;
6530Sstevel@tonic-gate arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len =
6540Sstevel@tonic-gate (uint_t)input_chan_bindings->initiator_address.length;
6550Sstevel@tonic-gate arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val =
6560Sstevel@tonic-gate (void *) input_chan_bindings->initiator_address.value;
6570Sstevel@tonic-gate arg.input_chan_bindings.acceptor_addrtype =
6580Sstevel@tonic-gate input_chan_bindings->acceptor_addrtype;
6590Sstevel@tonic-gate arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len =
6600Sstevel@tonic-gate (uint_t)input_chan_bindings->acceptor_address.length;
6610Sstevel@tonic-gate arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
6620Sstevel@tonic-gate (void *) input_chan_bindings->acceptor_address.value;
6630Sstevel@tonic-gate arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
6640Sstevel@tonic-gate (uint_t)input_chan_bindings->application_data.length;
6650Sstevel@tonic-gate arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
6660Sstevel@tonic-gate (void *) input_chan_bindings->application_data.value;
6670Sstevel@tonic-gate } else {
6680Sstevel@tonic-gate arg.input_chan_bindings.present = NO;
6690Sstevel@tonic-gate arg.input_chan_bindings.initiator_addrtype = 0;
6700Sstevel@tonic-gate arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
6710Sstevel@tonic-gate arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
6720Sstevel@tonic-gate arg.input_chan_bindings.acceptor_addrtype = 0;
6730Sstevel@tonic-gate arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
6740Sstevel@tonic-gate arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
6750Sstevel@tonic-gate arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
6760Sstevel@tonic-gate arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
6770Sstevel@tonic-gate }
6780Sstevel@tonic-gate
6790Sstevel@tonic-gate arg.input_token.GSS_BUFFER_T_len = (uint_t)
6800Sstevel@tonic-gate (input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
6810Sstevel@tonic-gate arg.input_token.GSS_BUFFER_T_val = (char *)
6820Sstevel@tonic-gate (input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
6830Sstevel@tonic-gate
6840Sstevel@tonic-gate /* initialize the output parameters to empty values */
6850Sstevel@tonic-gate if (minor_status != NULL)
686*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
6870Sstevel@tonic-gate if (actual_mech_type != NULL)
6880Sstevel@tonic-gate *actual_mech_type = NULL;
6890Sstevel@tonic-gate if (output_token != NULL)
6900Sstevel@tonic-gate output_token->length = 0;
6910Sstevel@tonic-gate if (ret_flags != NULL)
6920Sstevel@tonic-gate *ret_flags = 0;
6930Sstevel@tonic-gate if (time_rec != NULL)
6940Sstevel@tonic-gate *time_rec = 0;
6950Sstevel@tonic-gate
6960Sstevel@tonic-gate /* call the remote procedure */
6970Sstevel@tonic-gate memset(&res, 0, sizeof (res));
6980Sstevel@tonic-gate if (gss_init_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
6990Sstevel@tonic-gate
7000Sstevel@tonic-gate /* free the allocated memory for the flattened name */
7010Sstevel@tonic-gate gss_release_buffer(&minor_status_temp, &external_name);
7020Sstevel@tonic-gate
7030Sstevel@tonic-gate return (GSS_S_FAILURE);
7040Sstevel@tonic-gate }
7050Sstevel@tonic-gate
706*10598SGlenn.Barry@Sun.COM /*
707*10598SGlenn.Barry@Sun.COM * We could return from a GSS error here and need to return both the
708*10598SGlenn.Barry@Sun.COM * minor_status and output_token, back to the caller if applicable.
709*10598SGlenn.Barry@Sun.COM */
710*10598SGlenn.Barry@Sun.COM if (minor_status != NULL)
711*10598SGlenn.Barry@Sun.COM *minor_status = res.minor_status;
712*10598SGlenn.Barry@Sun.COM
713*10598SGlenn.Barry@Sun.COM if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
714*10598SGlenn.Barry@Sun.COM output_token->length =
715*10598SGlenn.Barry@Sun.COM (size_t)res.output_token.GSS_BUFFER_T_len;
716*10598SGlenn.Barry@Sun.COM output_token->value =
717*10598SGlenn.Barry@Sun.COM (void *)res.output_token.GSS_BUFFER_T_val;
718*10598SGlenn.Barry@Sun.COM res.output_token.GSS_BUFFER_T_val = NULL;
719*10598SGlenn.Barry@Sun.COM res.output_token.GSS_BUFFER_T_len = 0;
720*10598SGlenn.Barry@Sun.COM }
7210Sstevel@tonic-gate
7220Sstevel@tonic-gate /* free the allocated memory for the flattened name */
7230Sstevel@tonic-gate gss_release_buffer(&minor_status_temp, &external_name);
7240Sstevel@tonic-gate
7250Sstevel@tonic-gate /* if the call was successful, copy out the results */
7260Sstevel@tonic-gate if (res.status == (OM_uint32) GSS_S_COMPLETE ||
7270Sstevel@tonic-gate res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
7280Sstevel@tonic-gate /*
729*10598SGlenn.Barry@Sun.COM * copy the rpc results into the return argument
730*10598SGlenn.Barry@Sun.COM * on CONTINUE_NEEDED only ctx handle is ready.
7310Sstevel@tonic-gate */
7320Sstevel@tonic-gate /*LINTED*/
7330Sstevel@tonic-gate *context_handle = *((OM_uint32 *)
7340Sstevel@tonic-gate res.context_handle.GSS_CTX_ID_T_val);
7350Sstevel@tonic-gate
7360Sstevel@tonic-gate *gssd_context_verifier = res.gssd_context_verifier;
7370Sstevel@tonic-gate
7380Sstevel@tonic-gate /* the rest of the parameters is only ready on COMPLETE */
7390Sstevel@tonic-gate if (res.status == GSS_S_COMPLETE) {
7400Sstevel@tonic-gate if (actual_mech_type != NULL) {
7410Sstevel@tonic-gate *actual_mech_type = (gss_OID)
7420Sstevel@tonic-gate MALLOC(sizeof (gss_OID_desc));
7430Sstevel@tonic-gate (*actual_mech_type)->length = (OM_UINT32)
7440Sstevel@tonic-gate res.actual_mech_type.GSS_OID_len;
7450Sstevel@tonic-gate (*actual_mech_type)->elements = (void *)
7460Sstevel@tonic-gate MALLOC((*actual_mech_type)->length);
7470Sstevel@tonic-gate memcpy((*actual_mech_type)->elements, (void *)
7480Sstevel@tonic-gate res.actual_mech_type.GSS_OID_val,
7490Sstevel@tonic-gate (*actual_mech_type)->length);
7500Sstevel@tonic-gate }
7510Sstevel@tonic-gate
7520Sstevel@tonic-gate
7530Sstevel@tonic-gate if (ret_flags != NULL)
7540Sstevel@tonic-gate *ret_flags = res.ret_flags;
7550Sstevel@tonic-gate
7560Sstevel@tonic-gate if (time_rec != NULL)
7570Sstevel@tonic-gate *time_rec = res.time_rec;
7580Sstevel@tonic-gate }
7590Sstevel@tonic-gate }
7600Sstevel@tonic-gate
7610Sstevel@tonic-gate
7620Sstevel@tonic-gate /*
7630Sstevel@tonic-gate * free the memory allocated for the results and return with the
7640Sstevel@tonic-gate * status received in the rpc call.
7650Sstevel@tonic-gate */
7660Sstevel@tonic-gate
7670Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_init_sec_context_res, (caddr_t)&res);
7680Sstevel@tonic-gate return (res.status);
7690Sstevel@tonic-gate }
7700Sstevel@tonic-gate OM_uint32
kgss_init_sec_context(OM_uint32 * minor_status,gss_cred_id_t claimant_cred_handle,gss_ctx_id_t * context_handle,gss_name_t target_name,gss_OID mech_type,int req_flags,OM_uint32 time_req,gss_channel_bindings_t input_chan_bindings,gss_buffer_t input_token,gss_OID * actual_mech_type,gss_buffer_t output_token,int * ret_flags,OM_uint32 * time_rec,uid_t uid)7710Sstevel@tonic-gate kgss_init_sec_context(
7720Sstevel@tonic-gate OM_uint32 *minor_status,
7730Sstevel@tonic-gate gss_cred_id_t claimant_cred_handle,
7740Sstevel@tonic-gate gss_ctx_id_t *context_handle,
7750Sstevel@tonic-gate gss_name_t target_name,
7760Sstevel@tonic-gate gss_OID mech_type,
7770Sstevel@tonic-gate int req_flags,
7780Sstevel@tonic-gate OM_uint32 time_req,
7790Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings,
7800Sstevel@tonic-gate gss_buffer_t input_token,
7810Sstevel@tonic-gate gss_OID *actual_mech_type,
7820Sstevel@tonic-gate gss_buffer_t output_token,
7830Sstevel@tonic-gate int *ret_flags,
7840Sstevel@tonic-gate OM_uint32 *time_rec,
7850Sstevel@tonic-gate uid_t uid)
7860Sstevel@tonic-gate {
7870Sstevel@tonic-gate OM_uint32 err;
7880Sstevel@tonic-gate struct kgss_ctx *kctx;
7890Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
7900Sstevel@tonic-gate gssd_cred_id_t gssd_cl_cred_handle;
7910Sstevel@tonic-gate
7920Sstevel@tonic-gate /*
7930Sstevel@tonic-gate * If this is an initial call, we'll need to create the
7940Sstevel@tonic-gate * wrapper struct that contains kernel state information, and
7950Sstevel@tonic-gate * a reference to the handle from gssd.
7960Sstevel@tonic-gate */
7970Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
7980Sstevel@tonic-gate kctx = KGSS_ALLOC();
7990Sstevel@tonic-gate *context_handle = (gss_ctx_id_t)kctx;
8000Sstevel@tonic-gate kctx->gssd_ctx = (OM_uint32) GSS_C_NO_CONTEXT;
8010Sstevel@tonic-gate } else
8020Sstevel@tonic-gate kctx = (struct kgss_ctx *)*context_handle;
8030Sstevel@tonic-gate
8040Sstevel@tonic-gate if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
8050Sstevel@tonic-gate gssd_cred_verifier =
8060Sstevel@tonic-gate KCRED_TO_CREDV(claimant_cred_handle);
8070Sstevel@tonic-gate gssd_cl_cred_handle =
8080Sstevel@tonic-gate KCRED_TO_CRED(claimant_cred_handle);
8090Sstevel@tonic-gate } else
8100Sstevel@tonic-gate gssd_cl_cred_handle =
8110Sstevel@tonic-gate (gssd_cred_id_t)GSS_C_NO_CREDENTIAL;
8120Sstevel@tonic-gate
8130Sstevel@tonic-gate err = kgss_init_sec_context_wrapped(minor_status,
8140Sstevel@tonic-gate gssd_cl_cred_handle,
8150Sstevel@tonic-gate gssd_cred_verifier, &kctx->gssd_ctx,
8160Sstevel@tonic-gate &kctx->gssd_ctx_verifier,
8170Sstevel@tonic-gate target_name, mech_type, req_flags, time_req,
8180Sstevel@tonic-gate input_chan_bindings, input_token, actual_mech_type,
8190Sstevel@tonic-gate output_token, ret_flags, time_rec, uid);
8200Sstevel@tonic-gate
8210Sstevel@tonic-gate if (GSS_ERROR(err)) {
8220Sstevel@tonic-gate KGSS_FREE(kctx);
8230Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
8240Sstevel@tonic-gate }
8250Sstevel@tonic-gate return (err);
8260Sstevel@tonic-gate }
8270Sstevel@tonic-gate OM_uint32
kgss_accept_sec_context_wrapped(minor_status,context_handle,gssd_context_verifier,verifier_cred_handle,gssd_cred_verifier,input_token,input_chan_bindings,src_name,mech_type,output_token,ret_flags,time_rec,delegated_cred_handle,uid)8280Sstevel@tonic-gate kgss_accept_sec_context_wrapped(minor_status,
8290Sstevel@tonic-gate context_handle,
8300Sstevel@tonic-gate gssd_context_verifier,
8310Sstevel@tonic-gate verifier_cred_handle,
8320Sstevel@tonic-gate gssd_cred_verifier,
8330Sstevel@tonic-gate input_token,
8340Sstevel@tonic-gate input_chan_bindings,
8350Sstevel@tonic-gate src_name,
8360Sstevel@tonic-gate mech_type,
8370Sstevel@tonic-gate output_token,
8380Sstevel@tonic-gate ret_flags,
8390Sstevel@tonic-gate time_rec,
8400Sstevel@tonic-gate delegated_cred_handle,
8410Sstevel@tonic-gate uid)
8420Sstevel@tonic-gate OM_uint32 *minor_status;
8430Sstevel@tonic-gate gssd_ctx_id_t *context_handle;
8440Sstevel@tonic-gate OM_uint32 *gssd_context_verifier;
8450Sstevel@tonic-gate gssd_cred_id_t verifier_cred_handle;
8460Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
8470Sstevel@tonic-gate gss_buffer_t input_token;
8480Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings;
8490Sstevel@tonic-gate gss_buffer_t src_name;
8500Sstevel@tonic-gate gss_OID *mech_type;
8510Sstevel@tonic-gate gss_buffer_t output_token;
8520Sstevel@tonic-gate int *ret_flags;
8530Sstevel@tonic-gate OM_uint32 *time_rec;
8540Sstevel@tonic-gate gss_cred_id_t *delegated_cred_handle;
8550Sstevel@tonic-gate uid_t uid;
8560Sstevel@tonic-gate {
8570Sstevel@tonic-gate gss_accept_sec_context_arg arg;
8580Sstevel@tonic-gate gss_accept_sec_context_res res;
8590Sstevel@tonic-gate struct kgss_cred *kcred;
8600Sstevel@tonic-gate
8610Sstevel@tonic-gate /* get the client handle to GSSD */
8620Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
8630Sstevel@tonic-gate clnt_pcreateerror(server);
8640Sstevel@tonic-gate return (GSS_S_FAILURE);
8650Sstevel@tonic-gate }
8660Sstevel@tonic-gate
8670Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
8680Sstevel@tonic-gate arg.uid = (OM_uint32) uid;
8690Sstevel@tonic-gate
8700Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_len =
8710Sstevel@tonic-gate *context_handle == (gssd_ctx_id_t)GSS_C_NO_CONTEXT ?
8720Sstevel@tonic-gate 0 : (uint_t)sizeof (gssd_ctx_id_t);
8730Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
8740Sstevel@tonic-gate arg.gssd_context_verifier =
8750Sstevel@tonic-gate *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ?
8760Sstevel@tonic-gate 0 : *gssd_context_verifier;
8770Sstevel@tonic-gate
8780Sstevel@tonic-gate arg.verifier_cred_handle.GSS_CRED_ID_T_len =
8790Sstevel@tonic-gate verifier_cred_handle ==
8800Sstevel@tonic-gate (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
8810Sstevel@tonic-gate 0 : (uint_t)sizeof (gssd_cred_id_t);
8820Sstevel@tonic-gate arg.verifier_cred_handle.GSS_CRED_ID_T_val =
8830Sstevel@tonic-gate (char *)&verifier_cred_handle;
8840Sstevel@tonic-gate arg.gssd_cred_verifier = gssd_cred_verifier;
8850Sstevel@tonic-gate
8860Sstevel@tonic-gate arg.input_token_buffer.GSS_BUFFER_T_len =
8870Sstevel@tonic-gate (uint_t)(input_token != GSS_C_NO_BUFFER ?
8880Sstevel@tonic-gate input_token->length : 0);
8890Sstevel@tonic-gate arg.input_token_buffer.GSS_BUFFER_T_val =
8900Sstevel@tonic-gate (char *)(input_token != GSS_C_NO_BUFFER ?
8910Sstevel@tonic-gate input_token->value : 0);
8920Sstevel@tonic-gate
8930Sstevel@tonic-gate if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
8940Sstevel@tonic-gate arg.input_chan_bindings.present = YES;
8950Sstevel@tonic-gate arg.input_chan_bindings.initiator_addrtype =
8960Sstevel@tonic-gate input_chan_bindings->initiator_addrtype;
8970Sstevel@tonic-gate arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len =
8980Sstevel@tonic-gate (uint_t)input_chan_bindings->initiator_address.length;
8990Sstevel@tonic-gate arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val =
9000Sstevel@tonic-gate (void *) input_chan_bindings->initiator_address.value;
9010Sstevel@tonic-gate arg.input_chan_bindings.acceptor_addrtype =
9020Sstevel@tonic-gate input_chan_bindings->acceptor_addrtype;
9030Sstevel@tonic-gate arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len =
9040Sstevel@tonic-gate (uint_t)input_chan_bindings->acceptor_address.length;
9050Sstevel@tonic-gate arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
9060Sstevel@tonic-gate (void *) input_chan_bindings->acceptor_address.value;
9070Sstevel@tonic-gate arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
9080Sstevel@tonic-gate (uint_t)input_chan_bindings->application_data.length;
9090Sstevel@tonic-gate arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
9100Sstevel@tonic-gate (void *) input_chan_bindings->application_data.value;
9110Sstevel@tonic-gate } else {
9120Sstevel@tonic-gate arg.input_chan_bindings.present = NO;
9130Sstevel@tonic-gate arg.input_chan_bindings.initiator_addrtype = 0;
9140Sstevel@tonic-gate arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
9150Sstevel@tonic-gate arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
9160Sstevel@tonic-gate arg.input_chan_bindings.acceptor_addrtype = 0;
9170Sstevel@tonic-gate arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
9180Sstevel@tonic-gate arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
9190Sstevel@tonic-gate arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
9200Sstevel@tonic-gate arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
9210Sstevel@tonic-gate }
9220Sstevel@tonic-gate
9230Sstevel@tonic-gate /* set the output parameters to empty values.... */
9240Sstevel@tonic-gate if (minor_status != NULL)
925*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
9260Sstevel@tonic-gate if (src_name != NULL) {
9270Sstevel@tonic-gate src_name->length = 0;
9280Sstevel@tonic-gate src_name->value = NULL;
9290Sstevel@tonic-gate }
9300Sstevel@tonic-gate if (mech_type != NULL)
9310Sstevel@tonic-gate *mech_type = NULL;
9320Sstevel@tonic-gate if (output_token != NULL)
9330Sstevel@tonic-gate output_token->length = 0;
9340Sstevel@tonic-gate if (ret_flags != NULL)
9350Sstevel@tonic-gate *ret_flags = 0;
9360Sstevel@tonic-gate if (time_rec != NULL)
9370Sstevel@tonic-gate *time_rec = 0;
9380Sstevel@tonic-gate if (delegated_cred_handle != NULL)
9390Sstevel@tonic-gate *delegated_cred_handle = NULL;
9400Sstevel@tonic-gate
9410Sstevel@tonic-gate /* call the remote procedure */
9420Sstevel@tonic-gate memset(&res, 0, sizeof (res));
9430Sstevel@tonic-gate if (gss_accept_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
9440Sstevel@tonic-gate return (GSS_S_FAILURE);
9450Sstevel@tonic-gate }
9460Sstevel@tonic-gate
947*10598SGlenn.Barry@Sun.COM /*
948*10598SGlenn.Barry@Sun.COM * We could return from a GSS error here and need to return both the
949*10598SGlenn.Barry@Sun.COM * minor_status and output_token, back to the caller if applicable.
950*10598SGlenn.Barry@Sun.COM */
951*10598SGlenn.Barry@Sun.COM if (minor_status != NULL)
952*10598SGlenn.Barry@Sun.COM *minor_status = res.minor_status;
953*10598SGlenn.Barry@Sun.COM
954*10598SGlenn.Barry@Sun.COM if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
955*10598SGlenn.Barry@Sun.COM output_token->length =
956*10598SGlenn.Barry@Sun.COM res.output_token.GSS_BUFFER_T_len;
957*10598SGlenn.Barry@Sun.COM output_token->value =
958*10598SGlenn.Barry@Sun.COM (void *) res.output_token.GSS_BUFFER_T_val;
959*10598SGlenn.Barry@Sun.COM res.output_token.GSS_BUFFER_T_val = 0;
960*10598SGlenn.Barry@Sun.COM res.output_token.GSS_BUFFER_T_len = 0;
961*10598SGlenn.Barry@Sun.COM }
9620Sstevel@tonic-gate
9630Sstevel@tonic-gate if (res.status == (OM_uint32) GSS_S_COMPLETE ||
9640Sstevel@tonic-gate res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
9650Sstevel@tonic-gate /*
9660Sstevel@tonic-gate * when gss returns CONTINUE_NEEDED we can only
967*10598SGlenn.Barry@Sun.COM * use the context parameter.
9680Sstevel@tonic-gate */
9690Sstevel@tonic-gate /*LINTED*/
9700Sstevel@tonic-gate *context_handle = *((gssd_ctx_id_t *)
9710Sstevel@tonic-gate res.context_handle.GSS_CTX_ID_T_val);
9720Sstevel@tonic-gate *gssd_context_verifier = res.gssd_context_verifier;
9730Sstevel@tonic-gate
9740Sstevel@tonic-gate /* the other parameters are ready on for COMPLETE */
9750Sstevel@tonic-gate if (res.status == GSS_S_COMPLETE)
9760Sstevel@tonic-gate {
9770Sstevel@tonic-gate
9780Sstevel@tonic-gate /*
9790Sstevel@tonic-gate * The src_name is in external format.
9800Sstevel@tonic-gate */
9810Sstevel@tonic-gate if (src_name != NULL) {
9820Sstevel@tonic-gate src_name->length = res.src_name.GSS_BUFFER_T_len;
9830Sstevel@tonic-gate src_name->value = res.src_name.GSS_BUFFER_T_val;
9840Sstevel@tonic-gate res.src_name.GSS_BUFFER_T_val = NULL;
9850Sstevel@tonic-gate res.src_name.GSS_BUFFER_T_len = 0;
9860Sstevel@tonic-gate }
9870Sstevel@tonic-gate /*
9880Sstevel@tonic-gate * move mech type returned to mech_type
9890Sstevel@tonic-gate * for gss_import_name_for_mech()
9900Sstevel@tonic-gate */
9910Sstevel@tonic-gate if (mech_type != NULL) {
9920Sstevel@tonic-gate *mech_type =
9930Sstevel@tonic-gate (gss_OID) MALLOC(sizeof (gss_OID_desc));
9940Sstevel@tonic-gate (*mech_type)->length =
9950Sstevel@tonic-gate (OM_UINT32) res.mech_type.GSS_OID_len;
9960Sstevel@tonic-gate (*mech_type)->elements =
9970Sstevel@tonic-gate (void *) MALLOC((*mech_type)->length);
9980Sstevel@tonic-gate memcpy((*mech_type)->elements,
9990Sstevel@tonic-gate res.mech_type.GSS_OID_val,
10000Sstevel@tonic-gate (*mech_type)->length);
10010Sstevel@tonic-gate }
10020Sstevel@tonic-gate
10030Sstevel@tonic-gate if (ret_flags != NULL)
10040Sstevel@tonic-gate *ret_flags = res.ret_flags;
10050Sstevel@tonic-gate
10060Sstevel@tonic-gate if (time_rec != NULL)
10070Sstevel@tonic-gate *time_rec = res.time_rec;
10080Sstevel@tonic-gate
10090Sstevel@tonic-gate if ((delegated_cred_handle != NULL) &&
10100Sstevel@tonic-gate (res.delegated_cred_handle.GSS_CRED_ID_T_len
10110Sstevel@tonic-gate != 0)) {
10120Sstevel@tonic-gate kcred = KGSS_CRED_ALLOC();
10130Sstevel@tonic-gate /*LINTED*/
10140Sstevel@tonic-gate kcred->gssd_cred = *((gssd_cred_id_t *)
10150Sstevel@tonic-gate res.delegated_cred_handle.GSS_CRED_ID_T_val);
10160Sstevel@tonic-gate kcred->gssd_cred_verifier =
10170Sstevel@tonic-gate res.gssd_context_verifier;
10180Sstevel@tonic-gate *delegated_cred_handle = (gss_cred_id_t)kcred;
10190Sstevel@tonic-gate }
10200Sstevel@tonic-gate } /* res.status == GSS_S_COMPLETE */
10210Sstevel@tonic-gate } /* res.status == GSS_S_COMPLETE or GSS_CONTINUE_NEEDED */
10220Sstevel@tonic-gate
10230Sstevel@tonic-gate
10240Sstevel@tonic-gate /*
10250Sstevel@tonic-gate * free the memory allocated for the results and return with the status
10260Sstevel@tonic-gate * received in the rpc call
10270Sstevel@tonic-gate */
10280Sstevel@tonic-gate
10290Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_accept_sec_context_res, (caddr_t)&res);
10300Sstevel@tonic-gate return (res.status);
10310Sstevel@tonic-gate }
10320Sstevel@tonic-gate
10330Sstevel@tonic-gate OM_uint32
kgss_accept_sec_context(OM_uint32 * minor_status,gss_ctx_id_t * context_handle,gss_cred_id_t verifier_cred_handle,gss_buffer_t input_token,gss_channel_bindings_t input_chan_bindings,gss_buffer_t src_name,gss_OID * mech_type,gss_buffer_t output_token,int * ret_flags,OM_uint32 * time_rec,gss_cred_id_t * delegated_cred_handle,uid_t uid)10340Sstevel@tonic-gate kgss_accept_sec_context(
10350Sstevel@tonic-gate OM_uint32 *minor_status,
10360Sstevel@tonic-gate gss_ctx_id_t *context_handle,
10370Sstevel@tonic-gate gss_cred_id_t verifier_cred_handle,
10380Sstevel@tonic-gate gss_buffer_t input_token,
10390Sstevel@tonic-gate gss_channel_bindings_t input_chan_bindings,
10400Sstevel@tonic-gate gss_buffer_t src_name,
10410Sstevel@tonic-gate gss_OID *mech_type,
10420Sstevel@tonic-gate gss_buffer_t output_token,
10430Sstevel@tonic-gate int *ret_flags,
10440Sstevel@tonic-gate OM_uint32 *time_rec,
10450Sstevel@tonic-gate gss_cred_id_t *delegated_cred_handle,
10460Sstevel@tonic-gate uid_t uid)
10470Sstevel@tonic-gate {
10480Sstevel@tonic-gate OM_uint32 err;
10490Sstevel@tonic-gate struct kgss_ctx *kctx;
10500Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
10510Sstevel@tonic-gate gssd_cred_id_t gssd_ver_cred_handle;
10520Sstevel@tonic-gate
10530Sstevel@tonic-gate
10540Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
10550Sstevel@tonic-gate kctx = KGSS_ALLOC();
10560Sstevel@tonic-gate *context_handle = (gss_ctx_id_t)kctx;
10570Sstevel@tonic-gate kctx->gssd_ctx = (gssd_ctx_id_t)GSS_C_NO_CONTEXT;
10580Sstevel@tonic-gate } else
10590Sstevel@tonic-gate kctx = (struct kgss_ctx *)*context_handle;
10600Sstevel@tonic-gate
10610Sstevel@tonic-gate if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) {
10620Sstevel@tonic-gate gssd_cred_verifier =
10630Sstevel@tonic-gate KCRED_TO_CREDV(verifier_cred_handle);
10640Sstevel@tonic-gate gssd_ver_cred_handle =
10650Sstevel@tonic-gate KCRED_TO_CRED(verifier_cred_handle);
10660Sstevel@tonic-gate } else
10670Sstevel@tonic-gate gssd_ver_cred_handle = (gssd_cred_id_t)GSS_C_NO_CREDENTIAL;
10680Sstevel@tonic-gate
10690Sstevel@tonic-gate err = kgss_accept_sec_context_wrapped(minor_status,
10700Sstevel@tonic-gate &kctx->gssd_ctx,
10710Sstevel@tonic-gate &kctx->gssd_ctx_verifier, gssd_ver_cred_handle,
10720Sstevel@tonic-gate gssd_cred_verifier, input_token, input_chan_bindings,
10730Sstevel@tonic-gate src_name, mech_type, output_token, ret_flags,
10740Sstevel@tonic-gate time_rec, delegated_cred_handle, uid);
10750Sstevel@tonic-gate
10760Sstevel@tonic-gate if (GSS_ERROR(err)) {
10770Sstevel@tonic-gate KGSS_FREE(kctx);
10780Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
10790Sstevel@tonic-gate
10800Sstevel@tonic-gate }
10810Sstevel@tonic-gate
10820Sstevel@tonic-gate return (err);
10830Sstevel@tonic-gate }
10840Sstevel@tonic-gate
10850Sstevel@tonic-gate OM_uint32
kgss_process_context_token(minor_status,context_handle,token_buffer,uid)10860Sstevel@tonic-gate kgss_process_context_token(minor_status,
10870Sstevel@tonic-gate context_handle,
10880Sstevel@tonic-gate token_buffer,
10890Sstevel@tonic-gate uid)
10900Sstevel@tonic-gate OM_uint32 *minor_status;
10910Sstevel@tonic-gate gss_ctx_id_t context_handle;
10920Sstevel@tonic-gate gss_buffer_t token_buffer;
10930Sstevel@tonic-gate uid_t uid;
10940Sstevel@tonic-gate {
10950Sstevel@tonic-gate OM_uint32 gssd_context_verifier;
10960Sstevel@tonic-gate
10970Sstevel@tonic-gate gss_process_context_token_arg arg;
10980Sstevel@tonic-gate gss_process_context_token_res res;
10990Sstevel@tonic-gate
11000Sstevel@tonic-gate gssd_context_verifier = KGSS_CTX_TO_GSSD_CTXV(context_handle);
11010Sstevel@tonic-gate
11020Sstevel@tonic-gate /* get the client handle to GSSD */
11030Sstevel@tonic-gate
11040Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
11050Sstevel@tonic-gate clnt_pcreateerror(server);
11060Sstevel@tonic-gate return (GSS_S_FAILURE);
11070Sstevel@tonic-gate }
11080Sstevel@tonic-gate
11090Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
11100Sstevel@tonic-gate arg.uid = (OM_uint32) uid;
11110Sstevel@tonic-gate
11120Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gss_ctx_id_t);
11130Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
11140Sstevel@tonic-gate arg.gssd_context_verifier = gssd_context_verifier;
11150Sstevel@tonic-gate arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer;
11160Sstevel@tonic-gate arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
11170Sstevel@tonic-gate
11180Sstevel@tonic-gate /* call the remote procedure */
11190Sstevel@tonic-gate
11200Sstevel@tonic-gate memset(&res, 0, sizeof (res));
11210Sstevel@tonic-gate if (gss_process_context_token_1(&arg, &res, clnt) != RPC_SUCCESS) {
11220Sstevel@tonic-gate
11230Sstevel@tonic-gate /*
11240Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
11250Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
11260Sstevel@tonic-gate */
11270Sstevel@tonic-gate
11280Sstevel@tonic-gate if (minor_status != NULL)
1129*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
11300Sstevel@tonic-gate
11310Sstevel@tonic-gate return (GSS_S_FAILURE);
11320Sstevel@tonic-gate }
11330Sstevel@tonic-gate
11340Sstevel@tonic-gate /* copy the rpc results into the return arguments */
11350Sstevel@tonic-gate
11360Sstevel@tonic-gate if (minor_status != NULL)
11370Sstevel@tonic-gate *minor_status = res.minor_status;
11380Sstevel@tonic-gate
11390Sstevel@tonic-gate /* return with status returned in rpc call */
11400Sstevel@tonic-gate
11410Sstevel@tonic-gate return (res.status);
11420Sstevel@tonic-gate }
11430Sstevel@tonic-gate
11440Sstevel@tonic-gate OM_uint32
kgss_delete_sec_context_wrapped(minor_status,context_handle,gssd_context_verifier,output_token)11450Sstevel@tonic-gate kgss_delete_sec_context_wrapped(minor_status,
11460Sstevel@tonic-gate context_handle,
11470Sstevel@tonic-gate gssd_context_verifier,
11480Sstevel@tonic-gate output_token)
11490Sstevel@tonic-gate OM_uint32 *minor_status;
11500Sstevel@tonic-gate gssd_ctx_id_t *context_handle;
11510Sstevel@tonic-gate OM_uint32 gssd_context_verifier;
11520Sstevel@tonic-gate gss_buffer_t output_token;
11530Sstevel@tonic-gate {
11540Sstevel@tonic-gate gss_delete_sec_context_arg arg;
11550Sstevel@tonic-gate gss_delete_sec_context_res res;
11560Sstevel@tonic-gate
11570Sstevel@tonic-gate
11580Sstevel@tonic-gate /* get the client handle to GSSD */
11590Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
11600Sstevel@tonic-gate clnt_pcreateerror(server);
11610Sstevel@tonic-gate return (GSS_S_FAILURE);
11620Sstevel@tonic-gate }
11630Sstevel@tonic-gate
11640Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
11650Sstevel@tonic-gate
11660Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_len =
11670Sstevel@tonic-gate *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ? 0 :
11680Sstevel@tonic-gate (uint_t)sizeof (OM_uint32);
11690Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
11700Sstevel@tonic-gate
11710Sstevel@tonic-gate arg.gssd_context_verifier = gssd_context_verifier;
11720Sstevel@tonic-gate
11730Sstevel@tonic-gate /* call the remote procedure */
11740Sstevel@tonic-gate
11750Sstevel@tonic-gate memset(&res, 0, sizeof (res));
11760Sstevel@tonic-gate if (gss_delete_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
11770Sstevel@tonic-gate
11780Sstevel@tonic-gate /*
11790Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
11800Sstevel@tonic-gate * set minor_status to its max value, and return GSS_S_FAILURE
11810Sstevel@tonic-gate */
11820Sstevel@tonic-gate
11830Sstevel@tonic-gate if (minor_status != NULL)
1184*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
11850Sstevel@tonic-gate if (context_handle != NULL)
11860Sstevel@tonic-gate *context_handle = NULL;
11870Sstevel@tonic-gate if (output_token != NULL)
11880Sstevel@tonic-gate output_token->length = 0;
11890Sstevel@tonic-gate
11900Sstevel@tonic-gate return (GSS_S_FAILURE);
11910Sstevel@tonic-gate }
11920Sstevel@tonic-gate
11930Sstevel@tonic-gate /* copy the rpc results into the return arguments */
11940Sstevel@tonic-gate
11950Sstevel@tonic-gate if (minor_status != NULL)
11960Sstevel@tonic-gate *minor_status = res.minor_status;
11970Sstevel@tonic-gate
11980Sstevel@tonic-gate if (res.context_handle.GSS_CTX_ID_T_len == 0)
11990Sstevel@tonic-gate *context_handle = NULL;
12000Sstevel@tonic-gate else
12010Sstevel@tonic-gate /*LINTED*/
12020Sstevel@tonic-gate *context_handle = *((gssd_ctx_id_t *)
12030Sstevel@tonic-gate res.context_handle.GSS_CTX_ID_T_val);
12040Sstevel@tonic-gate
1205*10598SGlenn.Barry@Sun.COM if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
12060Sstevel@tonic-gate output_token->length = res.output_token.GSS_BUFFER_T_len;
12070Sstevel@tonic-gate output_token->value = res.output_token.GSS_BUFFER_T_val;
12080Sstevel@tonic-gate res.output_token.GSS_BUFFER_T_len = 0;
12090Sstevel@tonic-gate res.output_token.GSS_BUFFER_T_val = NULL;
12100Sstevel@tonic-gate }
12110Sstevel@tonic-gate
12120Sstevel@tonic-gate /*
12130Sstevel@tonic-gate * free the memory allocated for the results and return with the status
12140Sstevel@tonic-gate * received in the rpc call
12150Sstevel@tonic-gate */
12160Sstevel@tonic-gate
12170Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_delete_sec_context_res, (caddr_t)&res);
12180Sstevel@tonic-gate return (res.status);
12190Sstevel@tonic-gate }
12200Sstevel@tonic-gate
12210Sstevel@tonic-gate /*ARGSUSED*/
12220Sstevel@tonic-gate OM_uint32
kgss_delete_sec_context(OM_uint32 * minor_status,gss_ctx_id_t * context_handle,gss_buffer_t output_token)12230Sstevel@tonic-gate kgss_delete_sec_context(
12240Sstevel@tonic-gate OM_uint32 *minor_status,
12250Sstevel@tonic-gate gss_ctx_id_t *context_handle,
12260Sstevel@tonic-gate gss_buffer_t output_token)
12270Sstevel@tonic-gate {
12280Sstevel@tonic-gate OM_uint32 err;
12290Sstevel@tonic-gate struct kgss_ctx *kctx;
12300Sstevel@tonic-gate
12310Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
12320Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
12330Sstevel@tonic-gate } else
12340Sstevel@tonic-gate kctx = KCTX_TO_KGSS_CTX(*context_handle);
12350Sstevel@tonic-gate
12360Sstevel@tonic-gate err = kgss_delete_sec_context_wrapped(minor_status,
12370Sstevel@tonic-gate &kctx->gssd_ctx, kctx->gssd_ctx_verifier,
12380Sstevel@tonic-gate output_token);
12390Sstevel@tonic-gate
12400Sstevel@tonic-gate if (kctx->gssd_ctx != (gssd_ctx_id_t)GSS_C_NO_CONTEXT)
12410Sstevel@tonic-gate err = GSS_S_FAILURE;
12420Sstevel@tonic-gate else
12430Sstevel@tonic-gate err = GSS_S_COMPLETE;
12440Sstevel@tonic-gate
12450Sstevel@tonic-gate KGSS_FREE(kctx);
12460Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
12470Sstevel@tonic-gate return (err);
12480Sstevel@tonic-gate }
12490Sstevel@tonic-gate
12500Sstevel@tonic-gate /*ARGSUSED*/
12510Sstevel@tonic-gate OM_uint32
kgss_context_time(minor_status,context_handle,time_rec,uid)12520Sstevel@tonic-gate kgss_context_time(minor_status,
12530Sstevel@tonic-gate context_handle,
12540Sstevel@tonic-gate time_rec,
12550Sstevel@tonic-gate uid)
12560Sstevel@tonic-gate OM_uint32 *minor_status;
12570Sstevel@tonic-gate gss_ctx_id_t context_handle;
12580Sstevel@tonic-gate OM_uint32 *time_rec;
12590Sstevel@tonic-gate uid_t uid;
12600Sstevel@tonic-gate {
12610Sstevel@tonic-gate return (GSS_S_FAILURE);
12620Sstevel@tonic-gate }
12630Sstevel@tonic-gate
12640Sstevel@tonic-gate OM_uint32
kgss_sign_wrapped(minor_status,context_handle,qop_req,message_buffer,msg_token,gssd_context_verifier)12650Sstevel@tonic-gate kgss_sign_wrapped(minor_status,
12660Sstevel@tonic-gate context_handle,
12670Sstevel@tonic-gate qop_req,
12680Sstevel@tonic-gate message_buffer,
12690Sstevel@tonic-gate msg_token,
12700Sstevel@tonic-gate gssd_context_verifier)
12710Sstevel@tonic-gate OM_uint32 *minor_status;
12720Sstevel@tonic-gate gssd_ctx_id_t context_handle;
12730Sstevel@tonic-gate OM_uint32 gssd_context_verifier;
12740Sstevel@tonic-gate int qop_req;
12750Sstevel@tonic-gate gss_buffer_t message_buffer;
12760Sstevel@tonic-gate gss_buffer_t msg_token;
12770Sstevel@tonic-gate {
12780Sstevel@tonic-gate
12790Sstevel@tonic-gate gss_sign_arg arg;
12800Sstevel@tonic-gate gss_sign_res res;
12810Sstevel@tonic-gate
12820Sstevel@tonic-gate /* get the client handle to GSSD */
12830Sstevel@tonic-gate
12840Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
12850Sstevel@tonic-gate clnt_pcreateerror(server);
12860Sstevel@tonic-gate return (GSS_S_FAILURE);
12870Sstevel@tonic-gate }
12880Sstevel@tonic-gate
12890Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
12900Sstevel@tonic-gate
12910Sstevel@tonic-gate
12920Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
12930Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
12940Sstevel@tonic-gate arg.gssd_context_verifier = gssd_context_verifier;
12950Sstevel@tonic-gate
12960Sstevel@tonic-gate arg.qop_req = qop_req;
12970Sstevel@tonic-gate arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
12980Sstevel@tonic-gate arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
12990Sstevel@tonic-gate
13000Sstevel@tonic-gate /* call the remote procedure */
13010Sstevel@tonic-gate
13020Sstevel@tonic-gate memset(&res, 0, sizeof (res));
13030Sstevel@tonic-gate if (gss_sign_1(&arg, &res, clnt) != RPC_SUCCESS) {
13040Sstevel@tonic-gate
13050Sstevel@tonic-gate /*
13060Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
13070Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
13080Sstevel@tonic-gate */
13090Sstevel@tonic-gate
13100Sstevel@tonic-gate if (minor_status != NULL)
1311*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
13120Sstevel@tonic-gate if (msg_token != NULL)
13130Sstevel@tonic-gate msg_token->length = 0;
13140Sstevel@tonic-gate
13150Sstevel@tonic-gate return (GSS_S_FAILURE);
13160Sstevel@tonic-gate }
13170Sstevel@tonic-gate
13180Sstevel@tonic-gate /* copy the rpc results into the return arguments */
13190Sstevel@tonic-gate
13200Sstevel@tonic-gate if (minor_status != NULL)
13210Sstevel@tonic-gate *minor_status = res.minor_status;
13220Sstevel@tonic-gate
13230Sstevel@tonic-gate if (msg_token != NULL) {
13240Sstevel@tonic-gate msg_token->length = res.msg_token.GSS_BUFFER_T_len;
13250Sstevel@tonic-gate msg_token->value = (void *) MALLOC(msg_token->length);
13260Sstevel@tonic-gate memcpy(msg_token->value, res.msg_token.GSS_BUFFER_T_val,
13270Sstevel@tonic-gate msg_token->length);
13280Sstevel@tonic-gate }
13290Sstevel@tonic-gate
13300Sstevel@tonic-gate /*
13310Sstevel@tonic-gate * free the memory allocated for the results and return with the status
13320Sstevel@tonic-gate * received in the rpc call
13330Sstevel@tonic-gate */
13340Sstevel@tonic-gate
13350Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_sign_res, (caddr_t)&res);
13360Sstevel@tonic-gate return (res.status);
13370Sstevel@tonic-gate }
13380Sstevel@tonic-gate
13390Sstevel@tonic-gate OM_uint32
kgss_sign(OM_uint32 * minor_status,gss_ctx_id_t context_handle,int qop_req,gss_buffer_t message_buffer,gss_buffer_t msg_token)13400Sstevel@tonic-gate kgss_sign(
13410Sstevel@tonic-gate OM_uint32 *minor_status,
13420Sstevel@tonic-gate gss_ctx_id_t context_handle,
13430Sstevel@tonic-gate int qop_req,
13440Sstevel@tonic-gate gss_buffer_t message_buffer,
13450Sstevel@tonic-gate gss_buffer_t msg_token)
13460Sstevel@tonic-gate {
13470Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
13480Sstevel@tonic-gate return (GSS_S_FAILURE);
13490Sstevel@tonic-gate
13500Sstevel@tonic-gate return (KGSS_SIGN(minor_status,
13510Sstevel@tonic-gate context_handle, qop_req, message_buffer,
13520Sstevel@tonic-gate msg_token));
13530Sstevel@tonic-gate }
13540Sstevel@tonic-gate
13550Sstevel@tonic-gate OM_uint32
kgss_verify_wrapped(minor_status,context_handle,message_buffer,token_buffer,qop_state,gssd_context_verifier)13560Sstevel@tonic-gate kgss_verify_wrapped(
13570Sstevel@tonic-gate minor_status,
13580Sstevel@tonic-gate context_handle,
13590Sstevel@tonic-gate message_buffer,
13600Sstevel@tonic-gate token_buffer,
13610Sstevel@tonic-gate qop_state,
13620Sstevel@tonic-gate gssd_context_verifier)
13630Sstevel@tonic-gate OM_uint32 *minor_status;
13640Sstevel@tonic-gate gssd_ctx_id_t context_handle;
13650Sstevel@tonic-gate OM_uint32 gssd_context_verifier;
13660Sstevel@tonic-gate gss_buffer_t message_buffer;
13670Sstevel@tonic-gate gss_buffer_t token_buffer;
13680Sstevel@tonic-gate int *qop_state;
13690Sstevel@tonic-gate {
13700Sstevel@tonic-gate gss_verify_arg arg;
13710Sstevel@tonic-gate gss_verify_res res;
13720Sstevel@tonic-gate
13730Sstevel@tonic-gate /* get the client handle to GSSD */
13740Sstevel@tonic-gate
13750Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
13760Sstevel@tonic-gate clnt_pcreateerror(server);
13770Sstevel@tonic-gate return (GSS_S_FAILURE);
13780Sstevel@tonic-gate }
13790Sstevel@tonic-gate
13800Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
13810Sstevel@tonic-gate
13820Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
13830Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
13840Sstevel@tonic-gate
13850Sstevel@tonic-gate arg.gssd_context_verifier = gssd_context_verifier;
13860Sstevel@tonic-gate
13870Sstevel@tonic-gate arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
13880Sstevel@tonic-gate arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
13890Sstevel@tonic-gate
13900Sstevel@tonic-gate arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer->length;
13910Sstevel@tonic-gate arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
13920Sstevel@tonic-gate
13930Sstevel@tonic-gate /* call the remote procedure */
13940Sstevel@tonic-gate
13950Sstevel@tonic-gate memset(&res, 0, sizeof (res));
13960Sstevel@tonic-gate if (gss_verify_1(&arg, &res, clnt) != RPC_SUCCESS) {
13970Sstevel@tonic-gate
13980Sstevel@tonic-gate /*
13990Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
14000Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
14010Sstevel@tonic-gate */
14020Sstevel@tonic-gate
14030Sstevel@tonic-gate if (minor_status != NULL)
1404*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
14050Sstevel@tonic-gate if (qop_state != NULL)
14060Sstevel@tonic-gate *qop_state = 0;
14070Sstevel@tonic-gate
14080Sstevel@tonic-gate return (GSS_S_FAILURE);
14090Sstevel@tonic-gate }
14100Sstevel@tonic-gate
14110Sstevel@tonic-gate /* copy the rpc results into the return arguments */
14120Sstevel@tonic-gate
14130Sstevel@tonic-gate if (minor_status != NULL)
14140Sstevel@tonic-gate *minor_status = res.minor_status;
14150Sstevel@tonic-gate
14160Sstevel@tonic-gate if (qop_state != NULL)
14170Sstevel@tonic-gate *qop_state = res.qop_state;
14180Sstevel@tonic-gate
14190Sstevel@tonic-gate /* return with status returned in rpc call */
14200Sstevel@tonic-gate
14210Sstevel@tonic-gate return (res.status);
14220Sstevel@tonic-gate }
14230Sstevel@tonic-gate
14240Sstevel@tonic-gate OM_uint32
kgss_verify(OM_uint32 * minor_status,gss_ctx_id_t context_handle,gss_buffer_t message_buffer,gss_buffer_t token_buffer,int * qop_state)14250Sstevel@tonic-gate kgss_verify(OM_uint32 *minor_status,
14260Sstevel@tonic-gate gss_ctx_id_t context_handle,
14270Sstevel@tonic-gate gss_buffer_t message_buffer,
14280Sstevel@tonic-gate gss_buffer_t token_buffer,
14290Sstevel@tonic-gate int *qop_state)
14300Sstevel@tonic-gate {
14310Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
14320Sstevel@tonic-gate return (GSS_S_FAILURE);
14330Sstevel@tonic-gate
14340Sstevel@tonic-gate return (KGSS_VERIFY(minor_status, context_handle,
14350Sstevel@tonic-gate message_buffer,
14360Sstevel@tonic-gate token_buffer, qop_state));
14370Sstevel@tonic-gate }
14380Sstevel@tonic-gate
14390Sstevel@tonic-gate
14400Sstevel@tonic-gate /* EXPORT DELETE START */
14410Sstevel@tonic-gate
14420Sstevel@tonic-gate OM_uint32
kgss_seal_wrapped(minor_status,context_handle,conf_req_flag,qop_req,input_message_buffer,conf_state,output_message_buffer,gssd_context_verifier)14430Sstevel@tonic-gate kgss_seal_wrapped(
14440Sstevel@tonic-gate minor_status,
14450Sstevel@tonic-gate context_handle,
14460Sstevel@tonic-gate conf_req_flag,
14470Sstevel@tonic-gate qop_req,
14480Sstevel@tonic-gate input_message_buffer,
14490Sstevel@tonic-gate conf_state,
14500Sstevel@tonic-gate output_message_buffer,
14510Sstevel@tonic-gate gssd_context_verifier)
14520Sstevel@tonic-gate
14530Sstevel@tonic-gate OM_uint32 *minor_status;
14540Sstevel@tonic-gate gssd_ctx_id_t context_handle;
14550Sstevel@tonic-gate OM_uint32 gssd_context_verifier;
14560Sstevel@tonic-gate int conf_req_flag;
14570Sstevel@tonic-gate int qop_req;
14580Sstevel@tonic-gate gss_buffer_t input_message_buffer;
14590Sstevel@tonic-gate int *conf_state;
14600Sstevel@tonic-gate gss_buffer_t output_message_buffer;
14610Sstevel@tonic-gate {
14620Sstevel@tonic-gate gss_seal_arg arg;
14630Sstevel@tonic-gate gss_seal_res res;
14640Sstevel@tonic-gate
14650Sstevel@tonic-gate /* get the client handle to GSSD */
14660Sstevel@tonic-gate
14670Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
14680Sstevel@tonic-gate clnt_pcreateerror(server);
14690Sstevel@tonic-gate return (GSS_S_FAILURE);
14700Sstevel@tonic-gate }
14710Sstevel@tonic-gate
14720Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
14730Sstevel@tonic-gate
14740Sstevel@tonic-gate
14750Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
14760Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
14770Sstevel@tonic-gate arg.gssd_context_verifier = gssd_context_verifier;
14780Sstevel@tonic-gate
14790Sstevel@tonic-gate arg.conf_req_flag = conf_req_flag;
14800Sstevel@tonic-gate
14810Sstevel@tonic-gate arg.qop_req = qop_req;
14820Sstevel@tonic-gate
14830Sstevel@tonic-gate arg.input_message_buffer.GSS_BUFFER_T_len =
14840Sstevel@tonic-gate (uint_t)input_message_buffer->length;
14850Sstevel@tonic-gate
14860Sstevel@tonic-gate arg.input_message_buffer.GSS_BUFFER_T_val =
14870Sstevel@tonic-gate (char *)input_message_buffer->value;
14880Sstevel@tonic-gate
14890Sstevel@tonic-gate /* call the remote procedure */
14900Sstevel@tonic-gate
14910Sstevel@tonic-gate memset(&res, 0, sizeof (res));
14920Sstevel@tonic-gate if (gss_seal_1(&arg, &res, clnt) != RPC_SUCCESS) {
14930Sstevel@tonic-gate
14940Sstevel@tonic-gate /*
14950Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
14960Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
14970Sstevel@tonic-gate */
14980Sstevel@tonic-gate
14990Sstevel@tonic-gate if (minor_status != NULL)
1500*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
15010Sstevel@tonic-gate if (conf_state != NULL)
15020Sstevel@tonic-gate *conf_state = 0;
15030Sstevel@tonic-gate if (output_message_buffer != NULL)
15040Sstevel@tonic-gate output_message_buffer->length = 0;
15050Sstevel@tonic-gate
15060Sstevel@tonic-gate return (GSS_S_FAILURE);
15070Sstevel@tonic-gate }
15080Sstevel@tonic-gate
15090Sstevel@tonic-gate /* copy the rpc results into the return arguments */
15100Sstevel@tonic-gate
15110Sstevel@tonic-gate if (minor_status != NULL)
15120Sstevel@tonic-gate *minor_status = res.minor_status;
15130Sstevel@tonic-gate
15140Sstevel@tonic-gate if (conf_state != NULL)
15150Sstevel@tonic-gate *conf_state = res.conf_state;
15160Sstevel@tonic-gate
15170Sstevel@tonic-gate if (output_message_buffer != NULL) {
15180Sstevel@tonic-gate output_message_buffer->length =
15190Sstevel@tonic-gate res.output_message_buffer.GSS_BUFFER_T_len;
15200Sstevel@tonic-gate
15210Sstevel@tonic-gate output_message_buffer->value =
15220Sstevel@tonic-gate (void *) MALLOC(output_message_buffer->length);
15230Sstevel@tonic-gate memcpy(output_message_buffer->value,
15240Sstevel@tonic-gate res.output_message_buffer.GSS_BUFFER_T_val,
15250Sstevel@tonic-gate output_message_buffer->length);
15260Sstevel@tonic-gate }
15270Sstevel@tonic-gate
15280Sstevel@tonic-gate /*
15290Sstevel@tonic-gate * free the memory allocated for the results and return with the status
15300Sstevel@tonic-gate * received in the rpc call
15310Sstevel@tonic-gate */
15320Sstevel@tonic-gate
15330Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_seal_res, (caddr_t)&res);
15340Sstevel@tonic-gate return (res.status);
15350Sstevel@tonic-gate }
15360Sstevel@tonic-gate
15370Sstevel@tonic-gate OM_uint32
kgss_seal(OM_uint32 * minor_status,gss_ctx_id_t context_handle,int conf_req_flag,int qop_req,gss_buffer_t input_message_buffer,int * conf_state,gss_buffer_t output_message_buffer)15380Sstevel@tonic-gate kgss_seal(OM_uint32 *minor_status,
15390Sstevel@tonic-gate gss_ctx_id_t context_handle,
15400Sstevel@tonic-gate int conf_req_flag,
15410Sstevel@tonic-gate int qop_req,
15420Sstevel@tonic-gate gss_buffer_t input_message_buffer,
15430Sstevel@tonic-gate int *conf_state,
15440Sstevel@tonic-gate gss_buffer_t output_message_buffer)
15450Sstevel@tonic-gate
15460Sstevel@tonic-gate {
15470Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
15480Sstevel@tonic-gate return (GSS_S_FAILURE);
15490Sstevel@tonic-gate
15500Sstevel@tonic-gate return (KGSS_SEAL(minor_status, context_handle,
15510Sstevel@tonic-gate conf_req_flag, qop_req,
15520Sstevel@tonic-gate input_message_buffer,
15530Sstevel@tonic-gate conf_state, output_message_buffer));
15540Sstevel@tonic-gate }
15550Sstevel@tonic-gate
15560Sstevel@tonic-gate OM_uint32
kgss_unseal_wrapped(minor_status,context_handle,input_message_buffer,output_message_buffer,conf_state,qop_state,gssd_context_verifier)15570Sstevel@tonic-gate kgss_unseal_wrapped(minor_status,
15580Sstevel@tonic-gate context_handle,
15590Sstevel@tonic-gate input_message_buffer,
15600Sstevel@tonic-gate output_message_buffer,
15610Sstevel@tonic-gate conf_state,
15620Sstevel@tonic-gate qop_state,
15630Sstevel@tonic-gate gssd_context_verifier)
15640Sstevel@tonic-gate OM_uint32 *minor_status;
15650Sstevel@tonic-gate gssd_ctx_id_t context_handle;
15660Sstevel@tonic-gate OM_uint32 gssd_context_verifier;
15670Sstevel@tonic-gate gss_buffer_t input_message_buffer;
15680Sstevel@tonic-gate gss_buffer_t output_message_buffer;
15690Sstevel@tonic-gate int *conf_state;
15700Sstevel@tonic-gate int *qop_state;
15710Sstevel@tonic-gate {
15720Sstevel@tonic-gate gss_unseal_arg arg;
15730Sstevel@tonic-gate gss_unseal_res res;
15740Sstevel@tonic-gate
15750Sstevel@tonic-gate /* get the client handle to GSSD */
15760Sstevel@tonic-gate
15770Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
15780Sstevel@tonic-gate clnt_pcreateerror(server);
15790Sstevel@tonic-gate return (GSS_S_FAILURE);
15800Sstevel@tonic-gate }
15810Sstevel@tonic-gate
15820Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
15830Sstevel@tonic-gate
15840Sstevel@tonic-gate
15850Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
15860Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
15870Sstevel@tonic-gate arg.gssd_context_verifier = gssd_context_verifier;
15880Sstevel@tonic-gate
15890Sstevel@tonic-gate arg.input_message_buffer.GSS_BUFFER_T_len =
15900Sstevel@tonic-gate (uint_t)input_message_buffer->length;
15910Sstevel@tonic-gate
15920Sstevel@tonic-gate arg.input_message_buffer.GSS_BUFFER_T_val =
15930Sstevel@tonic-gate (char *)input_message_buffer->value;
15940Sstevel@tonic-gate
15950Sstevel@tonic-gate /* call the remote procedure */
15960Sstevel@tonic-gate
15970Sstevel@tonic-gate memset(&res, 0, sizeof (res));
15980Sstevel@tonic-gate if (gss_unseal_1(&arg, &res, clnt) != RPC_SUCCESS) {
15990Sstevel@tonic-gate
16000Sstevel@tonic-gate /*
16010Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
16020Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
16030Sstevel@tonic-gate */
16040Sstevel@tonic-gate
16050Sstevel@tonic-gate if (minor_status != NULL)
1606*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
16070Sstevel@tonic-gate if (output_message_buffer != NULL)
16080Sstevel@tonic-gate output_message_buffer->length = 0;
16090Sstevel@tonic-gate if (conf_state != NULL)
16100Sstevel@tonic-gate *conf_state = 0;
16110Sstevel@tonic-gate if (qop_state != NULL)
16120Sstevel@tonic-gate *qop_state = 0;
16130Sstevel@tonic-gate
16140Sstevel@tonic-gate return (GSS_S_FAILURE);
16150Sstevel@tonic-gate }
16160Sstevel@tonic-gate
16170Sstevel@tonic-gate /* copy the rpc results into the return arguments */
16180Sstevel@tonic-gate
16190Sstevel@tonic-gate if (minor_status != NULL)
16200Sstevel@tonic-gate *minor_status = res.minor_status;
16210Sstevel@tonic-gate
16220Sstevel@tonic-gate if (output_message_buffer != NULL) {
16230Sstevel@tonic-gate output_message_buffer->length =
16240Sstevel@tonic-gate res.output_message_buffer.GSS_BUFFER_T_len;
16250Sstevel@tonic-gate
16260Sstevel@tonic-gate output_message_buffer->value =
16270Sstevel@tonic-gate (void *) MALLOC(output_message_buffer->length);
16280Sstevel@tonic-gate memcpy(output_message_buffer->value,
16290Sstevel@tonic-gate res.output_message_buffer.GSS_BUFFER_T_val,
16300Sstevel@tonic-gate output_message_buffer->length);
16310Sstevel@tonic-gate }
16320Sstevel@tonic-gate
16330Sstevel@tonic-gate if (conf_state != NULL)
16340Sstevel@tonic-gate *conf_state = res.conf_state;
16350Sstevel@tonic-gate
16360Sstevel@tonic-gate if (qop_state != NULL)
16370Sstevel@tonic-gate *qop_state = res.qop_state;
16380Sstevel@tonic-gate
16390Sstevel@tonic-gate /*
16400Sstevel@tonic-gate * free the memory allocated for the results and return with the status
16410Sstevel@tonic-gate * received in the rpc call
16420Sstevel@tonic-gate */
16430Sstevel@tonic-gate
16440Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_unseal_res, (caddr_t)&res);
16450Sstevel@tonic-gate return (res.status);
16460Sstevel@tonic-gate }
16470Sstevel@tonic-gate
16480Sstevel@tonic-gate OM_uint32
kgss_unseal(OM_uint32 * minor_status,gss_ctx_id_t context_handle,gss_buffer_t input_message_buffer,gss_buffer_t output_message_buffer,int * conf_state,int * qop_state)16490Sstevel@tonic-gate kgss_unseal(OM_uint32 *minor_status,
16500Sstevel@tonic-gate gss_ctx_id_t context_handle,
16510Sstevel@tonic-gate gss_buffer_t input_message_buffer,
16520Sstevel@tonic-gate gss_buffer_t output_message_buffer,
16530Sstevel@tonic-gate int *conf_state,
16540Sstevel@tonic-gate int *qop_state)
16550Sstevel@tonic-gate {
16560Sstevel@tonic-gate if (context_handle == GSS_C_NO_CONTEXT)
16570Sstevel@tonic-gate return (GSS_S_FAILURE);
16580Sstevel@tonic-gate
16590Sstevel@tonic-gate return (KGSS_UNSEAL(minor_status, context_handle,
16600Sstevel@tonic-gate input_message_buffer,
16610Sstevel@tonic-gate output_message_buffer,
16620Sstevel@tonic-gate conf_state, qop_state));
16630Sstevel@tonic-gate }
16640Sstevel@tonic-gate
16650Sstevel@tonic-gate /* EXPORT DELETE END */
16660Sstevel@tonic-gate
16670Sstevel@tonic-gate OM_uint32
kgss_display_status(minor_status,status_value,status_type,mech_type,message_context,status_string,uid)16680Sstevel@tonic-gate kgss_display_status(minor_status,
16690Sstevel@tonic-gate status_value,
16700Sstevel@tonic-gate status_type,
16710Sstevel@tonic-gate mech_type,
16720Sstevel@tonic-gate message_context,
16730Sstevel@tonic-gate status_string,
16740Sstevel@tonic-gate uid)
16750Sstevel@tonic-gate OM_uint32 *minor_status;
16760Sstevel@tonic-gate OM_uint32 status_value;
16770Sstevel@tonic-gate int status_type;
16780Sstevel@tonic-gate gss_OID mech_type;
16790Sstevel@tonic-gate int *message_context;
16800Sstevel@tonic-gate gss_buffer_t status_string;
16810Sstevel@tonic-gate uid_t uid;
16820Sstevel@tonic-gate {
16830Sstevel@tonic-gate gss_display_status_arg arg;
16840Sstevel@tonic-gate gss_display_status_res res;
16850Sstevel@tonic-gate
16860Sstevel@tonic-gate /* get the client handle to GSSD */
16870Sstevel@tonic-gate
16880Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
16890Sstevel@tonic-gate clnt_pcreateerror(server);
16900Sstevel@tonic-gate return (GSS_S_FAILURE);
16910Sstevel@tonic-gate }
16920Sstevel@tonic-gate
16930Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
16940Sstevel@tonic-gate
16950Sstevel@tonic-gate arg.uid = (OM_uint32) uid;
16960Sstevel@tonic-gate
16970Sstevel@tonic-gate arg.status_value = status_value;
16980Sstevel@tonic-gate arg.status_type = status_type;
16990Sstevel@tonic-gate
17000Sstevel@tonic-gate arg.mech_type.GSS_OID_len = (uint_t)(mech_type != GSS_C_NULL_OID ?
17010Sstevel@tonic-gate mech_type->length : 0);
17020Sstevel@tonic-gate arg.mech_type.GSS_OID_val = (char *)(mech_type != GSS_C_NULL_OID ?
17030Sstevel@tonic-gate mech_type->elements : 0);
17040Sstevel@tonic-gate
17050Sstevel@tonic-gate arg.message_context = *message_context;
17060Sstevel@tonic-gate
17070Sstevel@tonic-gate /* call the remote procedure */
17080Sstevel@tonic-gate
17090Sstevel@tonic-gate if (message_context != NULL)
17100Sstevel@tonic-gate *message_context = 0;
17110Sstevel@tonic-gate if (status_string != NULL) {
17120Sstevel@tonic-gate status_string->length = 0;
17130Sstevel@tonic-gate status_string->value = NULL;
17140Sstevel@tonic-gate }
17150Sstevel@tonic-gate
17160Sstevel@tonic-gate memset(&res, 0, sizeof (res));
17170Sstevel@tonic-gate if (gss_display_status_1(&arg, &res, clnt) != RPC_SUCCESS) {
17180Sstevel@tonic-gate
17190Sstevel@tonic-gate /*
17200Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
17210Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
17220Sstevel@tonic-gate */
17230Sstevel@tonic-gate
17240Sstevel@tonic-gate if (minor_status != NULL)
1725*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
17260Sstevel@tonic-gate
17270Sstevel@tonic-gate return (GSS_S_FAILURE);
17280Sstevel@tonic-gate }
17290Sstevel@tonic-gate
1730*10598SGlenn.Barry@Sun.COM if (minor_status != NULL)
1731*10598SGlenn.Barry@Sun.COM *minor_status = res.minor_status;
17320Sstevel@tonic-gate
17330Sstevel@tonic-gate /* now process the results and pass them back to the caller */
17340Sstevel@tonic-gate
17350Sstevel@tonic-gate if (res.status == GSS_S_COMPLETE) {
17360Sstevel@tonic-gate if (message_context != NULL)
17370Sstevel@tonic-gate *message_context = res.message_context;
17380Sstevel@tonic-gate if (status_string != NULL) {
17390Sstevel@tonic-gate status_string->length =
17400Sstevel@tonic-gate (size_t)res.status_string.GSS_BUFFER_T_len;
17410Sstevel@tonic-gate status_string->value =
17420Sstevel@tonic-gate (void *)MALLOC(status_string->length);
17430Sstevel@tonic-gate memcpy(status_string->value,
17440Sstevel@tonic-gate res.status_string.GSS_BUFFER_T_val,
17450Sstevel@tonic-gate status_string->length);
17460Sstevel@tonic-gate }
17470Sstevel@tonic-gate }
17480Sstevel@tonic-gate
17490Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_display_status_res, (caddr_t)&res);
17500Sstevel@tonic-gate return (res.status);
17510Sstevel@tonic-gate }
17520Sstevel@tonic-gate
17530Sstevel@tonic-gate /*ARGSUSED*/
17540Sstevel@tonic-gate OM_uint32
kgss_indicate_mechs(minor_status,mech_set,uid)17550Sstevel@tonic-gate kgss_indicate_mechs(minor_status,
17560Sstevel@tonic-gate mech_set,
17570Sstevel@tonic-gate uid)
17580Sstevel@tonic-gate OM_uint32 *minor_status;
17590Sstevel@tonic-gate gss_OID_set *mech_set;
17600Sstevel@tonic-gate uid_t uid;
17610Sstevel@tonic-gate {
17620Sstevel@tonic-gate void *arg;
17630Sstevel@tonic-gate gss_indicate_mechs_res res;
17640Sstevel@tonic-gate int i;
17650Sstevel@tonic-gate
17660Sstevel@tonic-gate /* get the client handle to GSSD */
17670Sstevel@tonic-gate
17680Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
17690Sstevel@tonic-gate clnt_pcreateerror(server);
17700Sstevel@tonic-gate return (GSS_S_FAILURE);
17710Sstevel@tonic-gate }
17720Sstevel@tonic-gate
17730Sstevel@tonic-gate memset(&res, 0, sizeof (res));
17740Sstevel@tonic-gate if (gss_indicate_mechs_1(&arg, &res, clnt) != RPC_SUCCESS) {
17750Sstevel@tonic-gate
17760Sstevel@tonic-gate /*
17770Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
17780Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
17790Sstevel@tonic-gate */
17800Sstevel@tonic-gate
17810Sstevel@tonic-gate if (minor_status != NULL)
1782*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
17830Sstevel@tonic-gate if (mech_set != NULL)
17840Sstevel@tonic-gate *mech_set = NULL;
17850Sstevel@tonic-gate
17860Sstevel@tonic-gate return (GSS_S_FAILURE);
17870Sstevel@tonic-gate }
17880Sstevel@tonic-gate
17890Sstevel@tonic-gate /* copy the rpc results into the return arguments */
17900Sstevel@tonic-gate
17910Sstevel@tonic-gate if (minor_status != NULL)
17920Sstevel@tonic-gate *minor_status = res.minor_status;
17930Sstevel@tonic-gate
17940Sstevel@tonic-gate if (mech_set != NULL) {
17950Sstevel@tonic-gate *mech_set = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
17960Sstevel@tonic-gate (*mech_set)->count = res.mech_set.GSS_OID_SET_len;
17970Sstevel@tonic-gate (*mech_set)->elements = (void *)
17980Sstevel@tonic-gate MALLOC ((*mech_set)->count * sizeof (gss_OID_desc));
17990Sstevel@tonic-gate for (i = 0; i < (*mech_set)->count; i++) {
18000Sstevel@tonic-gate (*mech_set)->elements[i].length =
18010Sstevel@tonic-gate res.mech_set.GSS_OID_SET_val[i].GSS_OID_len;
18020Sstevel@tonic-gate (*mech_set)->elements[i].elements = (void *)
18030Sstevel@tonic-gate MALLOC ((*mech_set)->elements[i].length);
18040Sstevel@tonic-gate memcpy ((*mech_set)->elements[i].elements,
18050Sstevel@tonic-gate res.mech_set.GSS_OID_SET_val[i].GSS_OID_val,
18060Sstevel@tonic-gate (*mech_set)->elements[i].length);
18070Sstevel@tonic-gate }
18080Sstevel@tonic-gate }
18090Sstevel@tonic-gate
18100Sstevel@tonic-gate /*
18110Sstevel@tonic-gate * free the memory allocated for the results and return with the status
18120Sstevel@tonic-gate * received in the rpc call
18130Sstevel@tonic-gate */
18140Sstevel@tonic-gate
18150Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_indicate_mechs_res, (caddr_t)&res);
18160Sstevel@tonic-gate return (res.status);
18170Sstevel@tonic-gate }
18180Sstevel@tonic-gate
18190Sstevel@tonic-gate
18200Sstevel@tonic-gate OM_uint32
kgss_inquire_cred_wrapped(minor_status,cred_handle,gssd_cred_verifier,name,lifetime,cred_usage,mechanisms,uid)18210Sstevel@tonic-gate kgss_inquire_cred_wrapped(minor_status,
18220Sstevel@tonic-gate cred_handle,
18230Sstevel@tonic-gate gssd_cred_verifier,
18240Sstevel@tonic-gate name,
18250Sstevel@tonic-gate lifetime,
18260Sstevel@tonic-gate cred_usage,
18270Sstevel@tonic-gate mechanisms,
18280Sstevel@tonic-gate uid)
18290Sstevel@tonic-gate OM_uint32 *minor_status;
18300Sstevel@tonic-gate gssd_cred_id_t cred_handle;
18310Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
18320Sstevel@tonic-gate gss_name_t *name;
18330Sstevel@tonic-gate OM_uint32 *lifetime;
18340Sstevel@tonic-gate int *cred_usage;
18350Sstevel@tonic-gate gss_OID_set *mechanisms;
18360Sstevel@tonic-gate uid_t uid;
18370Sstevel@tonic-gate {
18380Sstevel@tonic-gate OM_uint32 minor_status_temp;
18390Sstevel@tonic-gate gss_buffer_desc external_name;
18400Sstevel@tonic-gate gss_OID name_type;
18410Sstevel@tonic-gate int i;
18420Sstevel@tonic-gate
18430Sstevel@tonic-gate gss_inquire_cred_arg arg;
18440Sstevel@tonic-gate gss_inquire_cred_res res;
18450Sstevel@tonic-gate
18460Sstevel@tonic-gate /* get the client handle to GSSD */
18470Sstevel@tonic-gate
18480Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
18490Sstevel@tonic-gate clnt_pcreateerror(server);
18500Sstevel@tonic-gate return (GSS_S_FAILURE);
18510Sstevel@tonic-gate }
18520Sstevel@tonic-gate
18530Sstevel@tonic-gate
18540Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
18550Sstevel@tonic-gate
18560Sstevel@tonic-gate arg.uid = (OM_uint32) uid;
18570Sstevel@tonic-gate
18580Sstevel@tonic-gate arg.cred_handle.GSS_CRED_ID_T_len =
18590Sstevel@tonic-gate cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
18600Sstevel@tonic-gate 0 : (uint_t)sizeof (gssd_cred_id_t);
18610Sstevel@tonic-gate arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
18620Sstevel@tonic-gate arg.gssd_cred_verifier = gssd_cred_verifier;
18630Sstevel@tonic-gate
18640Sstevel@tonic-gate /* call the remote procedure */
18650Sstevel@tonic-gate
18660Sstevel@tonic-gate memset(&res, 0, sizeof (res));
18670Sstevel@tonic-gate if (gss_inquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
18680Sstevel@tonic-gate
18690Sstevel@tonic-gate /*
18700Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
18710Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
18720Sstevel@tonic-gate */
18730Sstevel@tonic-gate
18740Sstevel@tonic-gate if (minor_status != NULL)
1875*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
18760Sstevel@tonic-gate if (name != NULL)
18770Sstevel@tonic-gate *name = NULL;
18780Sstevel@tonic-gate if (lifetime != NULL)
18790Sstevel@tonic-gate *lifetime = 0;
18800Sstevel@tonic-gate if (cred_usage != NULL)
18810Sstevel@tonic-gate *cred_usage = 0;
18820Sstevel@tonic-gate if (mechanisms != NULL)
18830Sstevel@tonic-gate *mechanisms = NULL;
18840Sstevel@tonic-gate
18850Sstevel@tonic-gate return (GSS_S_FAILURE);
18860Sstevel@tonic-gate }
18870Sstevel@tonic-gate
18880Sstevel@tonic-gate /* copy the rpc results into the return arguments */
18890Sstevel@tonic-gate
18900Sstevel@tonic-gate if (minor_status != NULL)
18910Sstevel@tonic-gate *minor_status = res.minor_status;
18920Sstevel@tonic-gate
18930Sstevel@tonic-gate /* convert name from external to internal format */
18940Sstevel@tonic-gate
18950Sstevel@tonic-gate if (name != NULL) {
18960Sstevel@tonic-gate external_name.length = res.name.GSS_BUFFER_T_len;
18970Sstevel@tonic-gate external_name.value = res.name.GSS_BUFFER_T_val;
18980Sstevel@tonic-gate
18990Sstevel@tonic-gate /*
19000Sstevel@tonic-gate * we have to allocate a name_type descriptor and
19010Sstevel@tonic-gate * elements storage, since gss_import_name() only
19020Sstevel@tonic-gate * stores a pointer to the name_type info in the
19030Sstevel@tonic-gate * union_name struct
19040Sstevel@tonic-gate */
19050Sstevel@tonic-gate
19060Sstevel@tonic-gate name_type = (gss_OID) MALLOC(sizeof (gss_OID_desc));
19070Sstevel@tonic-gate
19080Sstevel@tonic-gate name_type->length = res.name_type.GSS_OID_len;
19090Sstevel@tonic-gate name_type->elements = (void *) MALLOC(name_type->length);
19100Sstevel@tonic-gate memcpy(name_type->elements, res.name_type.GSS_OID_val,
19110Sstevel@tonic-gate name_type->length);
19120Sstevel@tonic-gate
19130Sstevel@tonic-gate if (gss_import_name(&minor_status_temp, &external_name,
19140Sstevel@tonic-gate name_type, name) != GSS_S_COMPLETE) {
19150Sstevel@tonic-gate
19160Sstevel@tonic-gate *minor_status = (OM_uint32) minor_status_temp;
19170Sstevel@tonic-gate gss_release_buffer(&minor_status_temp, &external_name);
19180Sstevel@tonic-gate
19190Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_inquire_cred_res,
19200Sstevel@tonic-gate (caddr_t)&res);
19210Sstevel@tonic-gate return ((OM_uint32) GSS_S_FAILURE);
19220Sstevel@tonic-gate }
19230Sstevel@tonic-gate }
19240Sstevel@tonic-gate
19250Sstevel@tonic-gate if (lifetime != NULL)
19260Sstevel@tonic-gate *lifetime = res.lifetime;
19270Sstevel@tonic-gate
19280Sstevel@tonic-gate if (cred_usage != NULL)
19290Sstevel@tonic-gate *cred_usage = res.cred_usage;
19300Sstevel@tonic-gate
19310Sstevel@tonic-gate if (mechanisms != NULL) {
19320Sstevel@tonic-gate *mechanisms =
19330Sstevel@tonic-gate (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
19340Sstevel@tonic-gate if (res.mechanisms.GSS_OID_SET_len != 0) {
19350Sstevel@tonic-gate (*mechanisms)->count =
19360Sstevel@tonic-gate (int)res.mechanisms.GSS_OID_SET_len;
19370Sstevel@tonic-gate (*mechanisms)->elements = (gss_OID)
19380Sstevel@tonic-gate MALLOC(sizeof (gss_OID) * (*mechanisms)->count);
19390Sstevel@tonic-gate
19400Sstevel@tonic-gate for (i = 0; i < (*mechanisms)->count; i++) {
19410Sstevel@tonic-gate (*mechanisms)->elements[i].length = (OM_uint32)
19420Sstevel@tonic-gate res.mechanisms.GSS_OID_SET_val[i].GSS_OID_len;
19430Sstevel@tonic-gate (*mechanisms)->elements[i].elements = (void *)
19440Sstevel@tonic-gate MALLOC((*mechanisms)->elements[i].length);
19450Sstevel@tonic-gate memcpy((*mechanisms)->elements[i].elements,
19460Sstevel@tonic-gate res.mechanisms.GSS_OID_SET_val[i].GSS_OID_val,
19470Sstevel@tonic-gate (*mechanisms)->elements[i].length);
19480Sstevel@tonic-gate }
19490Sstevel@tonic-gate } else
19500Sstevel@tonic-gate (*mechanisms)->count = 0;
19510Sstevel@tonic-gate }
19520Sstevel@tonic-gate
19530Sstevel@tonic-gate /*
19540Sstevel@tonic-gate * free the memory allocated for the results and return with the status
19550Sstevel@tonic-gate * received in the rpc call
19560Sstevel@tonic-gate */
19570Sstevel@tonic-gate
19580Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_inquire_cred_res, (caddr_t)&res);
19590Sstevel@tonic-gate return (res.status);
19600Sstevel@tonic-gate }
19610Sstevel@tonic-gate
19620Sstevel@tonic-gate
19630Sstevel@tonic-gate OM_uint32
kgss_inquire_cred(minor_status,cred_handle,name,lifetime,cred_usage,mechanisms,uid)19640Sstevel@tonic-gate kgss_inquire_cred(minor_status,
19650Sstevel@tonic-gate cred_handle,
19660Sstevel@tonic-gate name,
19670Sstevel@tonic-gate lifetime,
19680Sstevel@tonic-gate cred_usage,
19690Sstevel@tonic-gate mechanisms,
19700Sstevel@tonic-gate uid)
19710Sstevel@tonic-gate OM_uint32 *minor_status;
19720Sstevel@tonic-gate gss_cred_id_t cred_handle;
19730Sstevel@tonic-gate gss_name_t *name;
19740Sstevel@tonic-gate OM_uint32 *lifetime;
19750Sstevel@tonic-gate int *cred_usage;
19760Sstevel@tonic-gate gss_OID_set * mechanisms;
19770Sstevel@tonic-gate uid_t uid;
19780Sstevel@tonic-gate {
19790Sstevel@tonic-gate
19800Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
19810Sstevel@tonic-gate gssd_cred_id_t gssd_cred_handle;
19820Sstevel@tonic-gate
19830Sstevel@tonic-gate gssd_cred_verifier = KCRED_TO_CREDV(cred_handle);
19840Sstevel@tonic-gate gssd_cred_handle = KCRED_TO_CRED(cred_handle);
19850Sstevel@tonic-gate
19860Sstevel@tonic-gate return (kgss_inquire_cred_wrapped(minor_status,
19870Sstevel@tonic-gate gssd_cred_handle, gssd_cred_verifier,
19880Sstevel@tonic-gate name, lifetime, cred_usage, mechanisms, uid));
19890Sstevel@tonic-gate }
19900Sstevel@tonic-gate
19910Sstevel@tonic-gate
19920Sstevel@tonic-gate OM_uint32
kgss_inquire_cred_by_mech_wrapped(minor_status,cred_handle,gssd_cred_verifier,mech_type,uid)19930Sstevel@tonic-gate kgss_inquire_cred_by_mech_wrapped(minor_status,
19940Sstevel@tonic-gate cred_handle,
19950Sstevel@tonic-gate gssd_cred_verifier,
19960Sstevel@tonic-gate mech_type,
19970Sstevel@tonic-gate uid)
19980Sstevel@tonic-gate OM_uint32 *minor_status;
19990Sstevel@tonic-gate gssd_cred_id_t cred_handle;
20000Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
20010Sstevel@tonic-gate gss_OID mech_type;
20020Sstevel@tonic-gate uid_t uid;
20030Sstevel@tonic-gate {
20040Sstevel@tonic-gate OM_uint32 minor_status_temp;
20050Sstevel@tonic-gate
20060Sstevel@tonic-gate gss_inquire_cred_by_mech_arg arg;
20070Sstevel@tonic-gate gss_inquire_cred_by_mech_res res;
20080Sstevel@tonic-gate
20090Sstevel@tonic-gate /* get the client handle to GSSD */
20100Sstevel@tonic-gate
20110Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
20120Sstevel@tonic-gate clnt_pcreateerror(server);
20130Sstevel@tonic-gate return (GSS_S_FAILURE);
20140Sstevel@tonic-gate }
20150Sstevel@tonic-gate
20160Sstevel@tonic-gate
20170Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
20180Sstevel@tonic-gate
20190Sstevel@tonic-gate arg.uid = (OM_uint32) uid;
20200Sstevel@tonic-gate
20210Sstevel@tonic-gate arg.cred_handle.GSS_CRED_ID_T_len =
20220Sstevel@tonic-gate cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
20230Sstevel@tonic-gate 0 : (uint_t)sizeof (gssd_cred_id_t);
20240Sstevel@tonic-gate arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
20250Sstevel@tonic-gate arg.gssd_cred_verifier = gssd_cred_verifier;
20260Sstevel@tonic-gate
20270Sstevel@tonic-gate arg.mech_type.GSS_OID_len =
20280Sstevel@tonic-gate (uint_t)(mech_type != GSS_C_NULL_OID ?
20290Sstevel@tonic-gate mech_type->length : 0);
20300Sstevel@tonic-gate arg.mech_type.GSS_OID_val =
20310Sstevel@tonic-gate (char *)(mech_type != GSS_C_NULL_OID ?
20320Sstevel@tonic-gate mech_type->elements : 0);
20330Sstevel@tonic-gate /* call the remote procedure */
20340Sstevel@tonic-gate
20350Sstevel@tonic-gate memset(&res, 0, sizeof (res));
20360Sstevel@tonic-gate if (gss_inquire_cred_by_mech_1(&arg, &res, clnt) != RPC_SUCCESS) {
20370Sstevel@tonic-gate
20380Sstevel@tonic-gate /*
20390Sstevel@tonic-gate * if the RPC call times out, null out all return arguments,
20400Sstevel@tonic-gate * set minor_status to its maximum value, and return GSS_S_FAILURE
20410Sstevel@tonic-gate */
20420Sstevel@tonic-gate
20430Sstevel@tonic-gate if (minor_status != NULL)
2044*10598SGlenn.Barry@Sun.COM *minor_status = DEFAULT_MINOR_STAT;
20450Sstevel@tonic-gate return (GSS_S_FAILURE);
20460Sstevel@tonic-gate }
20470Sstevel@tonic-gate
20480Sstevel@tonic-gate /* copy the rpc results into the return arguments */
20490Sstevel@tonic-gate
20500Sstevel@tonic-gate if (minor_status != NULL)
20510Sstevel@tonic-gate *minor_status = res.minor_status;
20520Sstevel@tonic-gate
20530Sstevel@tonic-gate /* convert name from external to internal format */
20540Sstevel@tonic-gate
20550Sstevel@tonic-gate /*
20560Sstevel@tonic-gate * free the memory allocated for the results and return with the status
20570Sstevel@tonic-gate * received in the rpc call
20580Sstevel@tonic-gate */
20590Sstevel@tonic-gate
20600Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_inquire_cred_by_mech_res, (caddr_t)&res);
20610Sstevel@tonic-gate return (res.status);
20620Sstevel@tonic-gate }
20630Sstevel@tonic-gate
20640Sstevel@tonic-gate
20650Sstevel@tonic-gate OM_uint32
kgss_inquire_cred_by_mech(minor_status,cred_handle,mech_type,uid)20660Sstevel@tonic-gate kgss_inquire_cred_by_mech(minor_status,
20670Sstevel@tonic-gate cred_handle,
20680Sstevel@tonic-gate mech_type,
20690Sstevel@tonic-gate uid)
20700Sstevel@tonic-gate OM_uint32 *minor_status;
20710Sstevel@tonic-gate gss_cred_id_t cred_handle;
20720Sstevel@tonic-gate gss_OID mech_type;
20730Sstevel@tonic-gate uid_t uid;
20740Sstevel@tonic-gate {
20750Sstevel@tonic-gate
20760Sstevel@tonic-gate OM_uint32 gssd_cred_verifier;
20770Sstevel@tonic-gate gssd_cred_id_t gssd_cred_handle;
20780Sstevel@tonic-gate
20790Sstevel@tonic-gate gssd_cred_verifier = KCRED_TO_CREDV(cred_handle);
20800Sstevel@tonic-gate gssd_cred_handle = KCRED_TO_CRED(cred_handle);
20810Sstevel@tonic-gate
20820Sstevel@tonic-gate return (kgss_inquire_cred_by_mech_wrapped(minor_status,
20830Sstevel@tonic-gate gssd_cred_handle, gssd_cred_verifier,
20840Sstevel@tonic-gate mech_type, uid));
20850Sstevel@tonic-gate }
20860Sstevel@tonic-gate
20870Sstevel@tonic-gate OM_uint32
kgsscred_expname_to_unix_cred(expName,uidOut,gidOut,gids,gidsLen,uid)20880Sstevel@tonic-gate kgsscred_expname_to_unix_cred(expName, uidOut, gidOut, gids, gidsLen, uid)
20890Sstevel@tonic-gate const gss_buffer_t expName;
20900Sstevel@tonic-gate uid_t *uidOut;
20910Sstevel@tonic-gate gid_t *gidOut;
20920Sstevel@tonic-gate gid_t *gids[];
20930Sstevel@tonic-gate int *gidsLen;
20940Sstevel@tonic-gate uid_t uid;
20950Sstevel@tonic-gate {
20960Sstevel@tonic-gate gsscred_expname_to_unix_cred_arg args;
20970Sstevel@tonic-gate gsscred_expname_to_unix_cred_res res;
20980Sstevel@tonic-gate
20990Sstevel@tonic-gate /* check input/output parameters */
21000Sstevel@tonic-gate if (expName == NULL || expName->value == NULL)
21010Sstevel@tonic-gate return (GSS_S_CALL_INACCESSIBLE_READ);
21020Sstevel@tonic-gate
21030Sstevel@tonic-gate if (uidOut == NULL)
21040Sstevel@tonic-gate return (GSS_S_CALL_INACCESSIBLE_WRITE);
21050Sstevel@tonic-gate
21060Sstevel@tonic-gate /* NULL out output parameters */
21070Sstevel@tonic-gate *uidOut = 0;
21080Sstevel@tonic-gate if (gidsLen)
21090Sstevel@tonic-gate *gidsLen = 0;
21100Sstevel@tonic-gate
21110Sstevel@tonic-gate if (gids)
21120Sstevel@tonic-gate *gids = NULL;
21130Sstevel@tonic-gate
21140Sstevel@tonic-gate /* get the client handle to gssd */
21150Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL)
21160Sstevel@tonic-gate {
21170Sstevel@tonic-gate clnt_pcreateerror(server);
21180Sstevel@tonic-gate return (GSS_S_FAILURE);
21190Sstevel@tonic-gate }
21200Sstevel@tonic-gate
21210Sstevel@tonic-gate /* copy the procedure arguments */
21220Sstevel@tonic-gate args.uid = uid;
21230Sstevel@tonic-gate args.expname.GSS_BUFFER_T_val = expName->value;
21240Sstevel@tonic-gate args.expname.GSS_BUFFER_T_len = expName->length;
21250Sstevel@tonic-gate
21260Sstevel@tonic-gate /* null out the return buffer and call the remote proc */
21270Sstevel@tonic-gate memset(&res, 0, sizeof (res));
21280Sstevel@tonic-gate
21290Sstevel@tonic-gate if (gsscred_expname_to_unix_cred_1(&args, &res, clnt) != RPC_SUCCESS)
21300Sstevel@tonic-gate {
21310Sstevel@tonic-gate return (GSS_S_FAILURE);
21320Sstevel@tonic-gate }
21330Sstevel@tonic-gate
21340Sstevel@tonic-gate /* copy the results into the result parameters */
21350Sstevel@tonic-gate if (res.major == GSS_S_COMPLETE)
21360Sstevel@tonic-gate {
21370Sstevel@tonic-gate *uidOut = res.uid;
21380Sstevel@tonic-gate if (gidOut)
21390Sstevel@tonic-gate *gidOut = res.gid;
21400Sstevel@tonic-gate if (gids && gidsLen)
21410Sstevel@tonic-gate {
21420Sstevel@tonic-gate *gids = res.gids.GSSCRED_GIDS_val;
21430Sstevel@tonic-gate *gidsLen = res.gids.GSSCRED_GIDS_len;
21440Sstevel@tonic-gate res.gids.GSSCRED_GIDS_val = NULL;
21450Sstevel@tonic-gate res.gids.GSSCRED_GIDS_len = 0;
21460Sstevel@tonic-gate }
21470Sstevel@tonic-gate }
21480Sstevel@tonic-gate
21490Sstevel@tonic-gate /* free RPC results */
21500Sstevel@tonic-gate clnt_freeres(clnt, xdr_gsscred_expname_to_unix_cred_res, (caddr_t)&res);
21510Sstevel@tonic-gate
21520Sstevel@tonic-gate return (res.major);
21530Sstevel@tonic-gate } /* kgsscred_expname_to_unix_cred */
21540Sstevel@tonic-gate
21550Sstevel@tonic-gate OM_uint32
kgsscred_name_to_unix_cred(intName,mechType,uidOut,gidOut,gids,gidsLen,uid)21560Sstevel@tonic-gate kgsscred_name_to_unix_cred(intName, mechType, uidOut, gidOut, gids,
21570Sstevel@tonic-gate gidsLen, uid)
21580Sstevel@tonic-gate const gss_name_t intName;
21590Sstevel@tonic-gate const gss_OID mechType;
21600Sstevel@tonic-gate uid_t *uidOut;
21610Sstevel@tonic-gate gid_t *gidOut;
21620Sstevel@tonic-gate gid_t *gids[];
21630Sstevel@tonic-gate int *gidsLen;
21640Sstevel@tonic-gate uid_t uid;
21650Sstevel@tonic-gate {
21660Sstevel@tonic-gate gsscred_name_to_unix_cred_arg args;
21670Sstevel@tonic-gate gsscred_name_to_unix_cred_res res;
21680Sstevel@tonic-gate OM_uint32 major, minor;
21690Sstevel@tonic-gate gss_OID nameOid;
21700Sstevel@tonic-gate gss_buffer_desc flatName = GSS_C_EMPTY_BUFFER;
21710Sstevel@tonic-gate
21720Sstevel@tonic-gate
21730Sstevel@tonic-gate /* check the input/output parameters */
21740Sstevel@tonic-gate if (intName == NULL || mechType == NULL)
21750Sstevel@tonic-gate return (GSS_S_CALL_INACCESSIBLE_READ);
21760Sstevel@tonic-gate
21770Sstevel@tonic-gate if (uidOut == NULL)
21780Sstevel@tonic-gate return (GSS_S_CALL_INACCESSIBLE_WRITE);
21790Sstevel@tonic-gate
21800Sstevel@tonic-gate /* NULL out the output parameters */
21810Sstevel@tonic-gate *uidOut = 0;
21820Sstevel@tonic-gate if (gids)
21830Sstevel@tonic-gate *gids = NULL;
21840Sstevel@tonic-gate
21850Sstevel@tonic-gate if (gidsLen)
21860Sstevel@tonic-gate *gidsLen = 0;
21870Sstevel@tonic-gate
21880Sstevel@tonic-gate /* get the client handle to gssd */
21890Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL)
21900Sstevel@tonic-gate {
21910Sstevel@tonic-gate clnt_pcreateerror(server);
21920Sstevel@tonic-gate return (GSS_S_FAILURE);
21930Sstevel@tonic-gate }
21940Sstevel@tonic-gate
21950Sstevel@tonic-gate /* convert the name to flat representation */
21960Sstevel@tonic-gate if ((major = gss_display_name(&minor, intName, &flatName, &nameOid))
21970Sstevel@tonic-gate != GSS_S_COMPLETE)
21980Sstevel@tonic-gate {
21990Sstevel@tonic-gate return (major);
22000Sstevel@tonic-gate }
22010Sstevel@tonic-gate
22020Sstevel@tonic-gate /* set the rpc parameters */
22030Sstevel@tonic-gate args.uid = uid;
22040Sstevel@tonic-gate args.pname.GSS_BUFFER_T_len = flatName.length;
22050Sstevel@tonic-gate args.pname.GSS_BUFFER_T_val = flatName.value;
22060Sstevel@tonic-gate args.name_type.GSS_OID_len = nameOid->length;
22070Sstevel@tonic-gate args.name_type.GSS_OID_val = nameOid->elements;
22080Sstevel@tonic-gate args.mech_type.GSS_OID_len = mechType->length;
22090Sstevel@tonic-gate args.mech_type.GSS_OID_val = mechType->elements;
22100Sstevel@tonic-gate
22110Sstevel@tonic-gate /* call the remote procedure */
22120Sstevel@tonic-gate memset(&res, 0, sizeof (res));
22130Sstevel@tonic-gate if (gsscred_name_to_unix_cred_1(&args, &res, clnt) != RPC_SUCCESS)
22140Sstevel@tonic-gate {
22150Sstevel@tonic-gate gss_release_buffer(&minor, &flatName);
22160Sstevel@tonic-gate return (GSS_S_FAILURE);
22170Sstevel@tonic-gate }
22180Sstevel@tonic-gate
22190Sstevel@tonic-gate gss_release_buffer(&minor, &flatName);
22200Sstevel@tonic-gate /* copy the output parameters on output */
22210Sstevel@tonic-gate if (res.major == GSS_S_COMPLETE)
22220Sstevel@tonic-gate {
22230Sstevel@tonic-gate *uidOut = res.uid;
22240Sstevel@tonic-gate if (gidOut)
22250Sstevel@tonic-gate *gidOut = res.gid;
22260Sstevel@tonic-gate if (gids && gidsLen)
22270Sstevel@tonic-gate {
22280Sstevel@tonic-gate *gids = res.gids.GSSCRED_GIDS_val;
22290Sstevel@tonic-gate *gidsLen = res.gids.GSSCRED_GIDS_len;
22300Sstevel@tonic-gate res.gids.GSSCRED_GIDS_val = NULL;
22310Sstevel@tonic-gate res.gids.GSSCRED_GIDS_len = 0;
22320Sstevel@tonic-gate }
22330Sstevel@tonic-gate }
22340Sstevel@tonic-gate
22350Sstevel@tonic-gate /* delete RPC allocated memory */
22360Sstevel@tonic-gate clnt_freeres(clnt, xdr_gsscred_name_to_unix_cred_res, (caddr_t)&res);
22370Sstevel@tonic-gate
22380Sstevel@tonic-gate return (res.major);
22390Sstevel@tonic-gate } /* kgsscred_name_to_unix_cred */
22400Sstevel@tonic-gate
22410Sstevel@tonic-gate OM_uint32
kgss_get_group_info(puid,gidOut,gids,gidsLen,uid)22420Sstevel@tonic-gate kgss_get_group_info(puid, gidOut, gids, gidsLen, uid)
22430Sstevel@tonic-gate const uid_t puid;
22440Sstevel@tonic-gate gid_t *gidOut;
22450Sstevel@tonic-gate gid_t *gids[];
22460Sstevel@tonic-gate int *gidsLen;
22470Sstevel@tonic-gate uid_t uid;
22480Sstevel@tonic-gate {
22490Sstevel@tonic-gate gss_get_group_info_arg args;
22500Sstevel@tonic-gate gss_get_group_info_res res;
22510Sstevel@tonic-gate
22520Sstevel@tonic-gate
22530Sstevel@tonic-gate /* check the output parameters */
22540Sstevel@tonic-gate if (gidOut == NULL || gids == NULL || gidsLen == NULL)
22550Sstevel@tonic-gate return (GSS_S_CALL_INACCESSIBLE_WRITE);
22560Sstevel@tonic-gate
22570Sstevel@tonic-gate /* get the client GSSD handle */
22580Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL)
22590Sstevel@tonic-gate {
22600Sstevel@tonic-gate clnt_pcreateerror(server);
22610Sstevel@tonic-gate return (GSS_S_FAILURE);
22620Sstevel@tonic-gate }
22630Sstevel@tonic-gate
22640Sstevel@tonic-gate /* set the input parameters */
22650Sstevel@tonic-gate args.uid = uid;
22660Sstevel@tonic-gate args.puid = puid;
22670Sstevel@tonic-gate
22680Sstevel@tonic-gate
22690Sstevel@tonic-gate /* call the remote procedure */
22700Sstevel@tonic-gate memset(&res, 0, sizeof (res));
22710Sstevel@tonic-gate if (gss_get_group_info_1(&args, &res, clnt) != RPC_SUCCESS)
22720Sstevel@tonic-gate {
22730Sstevel@tonic-gate return (GSS_S_FAILURE);
22740Sstevel@tonic-gate }
22750Sstevel@tonic-gate
22760Sstevel@tonic-gate /* copy the results */
22770Sstevel@tonic-gate if (res.major == GSS_S_COMPLETE)
22780Sstevel@tonic-gate {
22790Sstevel@tonic-gate *gidOut = res.gid;
22800Sstevel@tonic-gate *gids = res.gids.GSSCRED_GIDS_val;
22810Sstevel@tonic-gate *gidsLen = res.gids.GSSCRED_GIDS_len;
22820Sstevel@tonic-gate res.gids.GSSCRED_GIDS_val = NULL;
22830Sstevel@tonic-gate res.gids.GSSCRED_GIDS_len = 0;
22840Sstevel@tonic-gate }
22850Sstevel@tonic-gate
22860Sstevel@tonic-gate /* nothing to free */
22870Sstevel@tonic-gate
22880Sstevel@tonic-gate return (res.major);
22890Sstevel@tonic-gate } /* kgss_get_group_info */
22900Sstevel@tonic-gate
22910Sstevel@tonic-gate OM_uint32
kgss_export_sec_context_wrapped(minor_status,context_handle,output_token,gssd_context_verifier)22920Sstevel@tonic-gate kgss_export_sec_context_wrapped(minor_status,
22930Sstevel@tonic-gate context_handle,
22940Sstevel@tonic-gate output_token,
22950Sstevel@tonic-gate gssd_context_verifier)
22960Sstevel@tonic-gate OM_uint32 *minor_status;
22970Sstevel@tonic-gate gssd_ctx_id_t *context_handle;
22980Sstevel@tonic-gate gss_buffer_t output_token;
22990Sstevel@tonic-gate OM_uint32 gssd_context_verifier;
23000Sstevel@tonic-gate {
23010Sstevel@tonic-gate CLIENT *clnt;
23020Sstevel@tonic-gate gss_export_sec_context_arg arg;
23030Sstevel@tonic-gate gss_export_sec_context_res res;
23040Sstevel@tonic-gate
23050Sstevel@tonic-gate
23060Sstevel@tonic-gate /* get the client handle to GSSD */
23070Sstevel@tonic-gate
23080Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
23090Sstevel@tonic-gate clnt_pcreateerror(server);
23100Sstevel@tonic-gate return (GSS_S_FAILURE);
23110Sstevel@tonic-gate }
23120Sstevel@tonic-gate
23130Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
23140Sstevel@tonic-gate
23150Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
23160Sstevel@tonic-gate arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
23170Sstevel@tonic-gate arg.gssd_context_verifier = gssd_context_verifier;
23180Sstevel@tonic-gate
23190Sstevel@tonic-gate /* call the remote procedure */
23200Sstevel@tonic-gate
23210Sstevel@tonic-gate memset(&res, 0, sizeof (res));
23220Sstevel@tonic-gate if (gss_export_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
23230Sstevel@tonic-gate
23240Sstevel@tonic-gate /*
23250Sstevel@tonic-gate * if the RPC call times out, null out all return arguments, set minor_status
23260Sstevel@tonic-gate * to its maximum value, and return GSS_S_FAILURE
23270Sstevel@tonic-gate */
23280Sstevel@tonic-gate
23290Sstevel@tonic-gate if (minor_status != NULL)
23300Sstevel@tonic-gate *minor_status = DEFAULT_MINOR_STAT;
23310Sstevel@tonic-gate if (context_handle != NULL)
23320Sstevel@tonic-gate *context_handle = NULL;
23330Sstevel@tonic-gate if (output_token != NULL)
23340Sstevel@tonic-gate output_token->length = 0;
23350Sstevel@tonic-gate
23360Sstevel@tonic-gate return (GSS_S_FAILURE);
23370Sstevel@tonic-gate }
23380Sstevel@tonic-gate
23390Sstevel@tonic-gate /* copy the rpc results into the return arguments */
23400Sstevel@tonic-gate
23410Sstevel@tonic-gate if (minor_status != NULL)
23420Sstevel@tonic-gate *minor_status = res.minor_status;
23430Sstevel@tonic-gate
23440Sstevel@tonic-gate if (res.context_handle.GSS_CTX_ID_T_len == 0)
23450Sstevel@tonic-gate *context_handle = NULL;
23460Sstevel@tonic-gate else
23470Sstevel@tonic-gate *context_handle =
23480Sstevel@tonic-gate *((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
23490Sstevel@tonic-gate
2350*10598SGlenn.Barry@Sun.COM if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
23510Sstevel@tonic-gate output_token->length = res.output_token.GSS_BUFFER_T_len;
23520Sstevel@tonic-gate output_token->value =
23530Sstevel@tonic-gate (void *) MALLOC(output_token->length);
23540Sstevel@tonic-gate memcpy(output_token->value,
23550Sstevel@tonic-gate res.output_token.GSS_BUFFER_T_val,
23560Sstevel@tonic-gate output_token->length);
23570Sstevel@tonic-gate }
23580Sstevel@tonic-gate
23590Sstevel@tonic-gate /*
23600Sstevel@tonic-gate * free the memory allocated for the results and return with the status
23610Sstevel@tonic-gate * received in the rpc call
23620Sstevel@tonic-gate */
23630Sstevel@tonic-gate
23640Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_export_sec_context_res, (caddr_t)&res);
23650Sstevel@tonic-gate return (res.status);
23660Sstevel@tonic-gate
23670Sstevel@tonic-gate }
23680Sstevel@tonic-gate
23690Sstevel@tonic-gate OM_uint32
kgss_export_sec_context(minor_status,context_handle,output_token)23700Sstevel@tonic-gate kgss_export_sec_context(minor_status,
23710Sstevel@tonic-gate context_handle,
23720Sstevel@tonic-gate output_token)
23730Sstevel@tonic-gate OM_uint32 *minor_status;
23740Sstevel@tonic-gate gss_ctx_id_t *context_handle;
23750Sstevel@tonic-gate gss_buffer_t output_token;
23760Sstevel@tonic-gate {
23770Sstevel@tonic-gate OM_uint32 err;
23780Sstevel@tonic-gate struct kgss_ctx *kctx;
23790Sstevel@tonic-gate
23800Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
23810Sstevel@tonic-gate return (GSS_S_NO_CONTEXT);
23820Sstevel@tonic-gate } else
23830Sstevel@tonic-gate kctx = KCTX_TO_KGSS_CTX(*context_handle);
23840Sstevel@tonic-gate
23850Sstevel@tonic-gate err = kgss_export_sec_context_wrapped(minor_status,
23860Sstevel@tonic-gate &kctx->gssd_ctx, output_token,
23870Sstevel@tonic-gate kctx->gssd_ctx_verifier);
23880Sstevel@tonic-gate
23890Sstevel@tonic-gate if (GSS_ERROR(err))
23900Sstevel@tonic-gate return (err);
23910Sstevel@tonic-gate else {
23920Sstevel@tonic-gate KGSS_FREE(kctx);
23930Sstevel@tonic-gate *context_handle = GSS_C_NO_CONTEXT;
23940Sstevel@tonic-gate return (err);
23950Sstevel@tonic-gate }
23960Sstevel@tonic-gate
23970Sstevel@tonic-gate }
23980Sstevel@tonic-gate
23990Sstevel@tonic-gate OM_uint32
kgss_import_sec_context_wrapped(minor_status,input_token,context_handle,gssd_context_verifier)24000Sstevel@tonic-gate kgss_import_sec_context_wrapped(minor_status,
24010Sstevel@tonic-gate input_token,
24020Sstevel@tonic-gate context_handle,
24030Sstevel@tonic-gate gssd_context_verifier)
24040Sstevel@tonic-gate OM_uint32 *minor_status;
24050Sstevel@tonic-gate gss_buffer_t input_token;
24060Sstevel@tonic-gate gss_ctx_id_t *context_handle;
24070Sstevel@tonic-gate OM_uint32 gssd_context_verifier;
24080Sstevel@tonic-gate {
24090Sstevel@tonic-gate CLIENT *clnt;
24100Sstevel@tonic-gate gss_import_sec_context_arg arg;
24110Sstevel@tonic-gate gss_import_sec_context_res res;
24120Sstevel@tonic-gate
24130Sstevel@tonic-gate
24140Sstevel@tonic-gate /* get the client handle to GSSD */
24150Sstevel@tonic-gate
24160Sstevel@tonic-gate if ((clnt = getgssd_handle()) == NULL) {
24170Sstevel@tonic-gate clnt_pcreateerror(server);
24180Sstevel@tonic-gate return (GSS_S_FAILURE);
24190Sstevel@tonic-gate }
24200Sstevel@tonic-gate
24210Sstevel@tonic-gate /* copy the procedure arguments into the rpc arg parameter */
24220Sstevel@tonic-gate arg.input_token.GSS_BUFFER_T_len = (uint_t)
24230Sstevel@tonic-gate (input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
24240Sstevel@tonic-gate arg.input_token.GSS_BUFFER_T_val = (char *)
24250Sstevel@tonic-gate (input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
24260Sstevel@tonic-gate arg.gssd_context_verifier = gssd_context_verifier;
24270Sstevel@tonic-gate
24280Sstevel@tonic-gate
24290Sstevel@tonic-gate /* call the remote procedure */
24300Sstevel@tonic-gate
24310Sstevel@tonic-gate memset(&res, 0, sizeof (res));
24320Sstevel@tonic-gate if (gss_import_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
24330Sstevel@tonic-gate
24340Sstevel@tonic-gate /*
24350Sstevel@tonic-gate * if the RPC call times out, null out all return arguments, set minor_status
24360Sstevel@tonic-gate * to its maximum value, and return GSS_S_FAILURE
24370Sstevel@tonic-gate */
24380Sstevel@tonic-gate
24390Sstevel@tonic-gate if (minor_status != NULL)
24400Sstevel@tonic-gate *minor_status = DEFAULT_MINOR_STAT;
24410Sstevel@tonic-gate if (context_handle != NULL)
24420Sstevel@tonic-gate *context_handle = NULL;
24430Sstevel@tonic-gate
24440Sstevel@tonic-gate return (GSS_S_FAILURE);
24450Sstevel@tonic-gate }
24460Sstevel@tonic-gate
24470Sstevel@tonic-gate /* copy the rpc results into the return arguments */
24480Sstevel@tonic-gate
24490Sstevel@tonic-gate if (minor_status != NULL)
24500Sstevel@tonic-gate *minor_status = res.minor_status;
24510Sstevel@tonic-gate
24520Sstevel@tonic-gate if (res.context_handle.GSS_CTX_ID_T_len == 0)
24530Sstevel@tonic-gate *context_handle = NULL;
24540Sstevel@tonic-gate else
24550Sstevel@tonic-gate *context_handle =
24560Sstevel@tonic-gate *((gss_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
24570Sstevel@tonic-gate
24580Sstevel@tonic-gate
24590Sstevel@tonic-gate /*
24600Sstevel@tonic-gate * free the memory allocated for the results and return with the status
24610Sstevel@tonic-gate * received in the rpc call
24620Sstevel@tonic-gate */
24630Sstevel@tonic-gate
24640Sstevel@tonic-gate clnt_freeres(clnt, xdr_gss_import_sec_context_res, (caddr_t)&res);
24650Sstevel@tonic-gate return (res.status);
24660Sstevel@tonic-gate }
24670Sstevel@tonic-gate
24680Sstevel@tonic-gate OM_uint32
kgss_import_sec_context(minor_status,input_token,context_handle)24690Sstevel@tonic-gate kgss_import_sec_context(minor_status,
24700Sstevel@tonic-gate input_token,
24710Sstevel@tonic-gate context_handle)
24720Sstevel@tonic-gate OM_uint32 *minor_status;
24730Sstevel@tonic-gate gss_buffer_t input_token;
24740Sstevel@tonic-gate gss_ctx_id_t *context_handle;
24750Sstevel@tonic-gate {
24760Sstevel@tonic-gate struct kgss_ctx *kctx;
24770Sstevel@tonic-gate
24780Sstevel@tonic-gate if (*context_handle == GSS_C_NO_CONTEXT) {
24790Sstevel@tonic-gate kctx = KGSS_ALLOC();
24800Sstevel@tonic-gate *context_handle = (gss_ctx_id_t)kctx;
24810Sstevel@tonic-gate kctx->gssd_ctx = (OM_uint32) GSS_C_NO_CONTEXT;
24820Sstevel@tonic-gate } else
24830Sstevel@tonic-gate kctx = (struct kgss_ctx *)*context_handle;
24840Sstevel@tonic-gate return (kgss_import_sec_context_wrapped(minor_status,
24850Sstevel@tonic-gate input_token, &kctx->gssd_ctx,
24860Sstevel@tonic-gate KCTX_TO_CTXV(context_handle)));
24870Sstevel@tonic-gate }
24880Sstevel@tonic-gate
24890Sstevel@tonic-gate #ifdef _KERNEL
24900Sstevel@tonic-gate #include <sys/modctl.h>
24910Sstevel@tonic-gate
24920Sstevel@tonic-gate static void *gss_clnt = NULL;
24930Sstevel@tonic-gate
24940Sstevel@tonic-gate #ifdef DEBUG
24950Sstevel@tonic-gate typedef struct {
24960Sstevel@tonic-gate char *name; /* just put something here */
24970Sstevel@tonic-gate } gssd_devstate_t;
24980Sstevel@tonic-gate
24990Sstevel@tonic-gate
25000Sstevel@tonic-gate static void *gssd_state;
25010Sstevel@tonic-gate
gssd_attach(dev_info_t * dip,ddi_attach_cmd_t cmd)25020Sstevel@tonic-gate static int gssd_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
25030Sstevel@tonic-gate {
25040Sstevel@tonic-gate /* cmn_err(CE_NOTE, "In gssd_attach"); */
25050Sstevel@tonic-gate switch (cmd) {
25060Sstevel@tonic-gate case DDI_ATTACH:
25070Sstevel@tonic-gate if (ddi_create_minor_node(dip, "gssd", S_IFCHR, 0, "gssd", 0)
25080Sstevel@tonic-gate == DDI_FAILURE) {
25090Sstevel@tonic-gate ddi_remove_minor_node(dip, NULL);
25100Sstevel@tonic-gate return (DDI_FAILURE);
25110Sstevel@tonic-gate }
25120Sstevel@tonic-gate return (DDI_SUCCESS);
25130Sstevel@tonic-gate
25140Sstevel@tonic-gate default:
25150Sstevel@tonic-gate return (DDI_FAILURE);
25160Sstevel@tonic-gate }
25170Sstevel@tonic-gate }
25180Sstevel@tonic-gate
gssd_getinfo(dev_info_t * dip,ddi_info_cmd_t infocmd,void * arg,void ** result)25190Sstevel@tonic-gate static int gssd_getinfo(dev_info_t *dip, ddi_info_cmd_t infocmd,
25200Sstevel@tonic-gate void *arg, void **result)
25210Sstevel@tonic-gate {
25220Sstevel@tonic-gate dev_t dev;
25230Sstevel@tonic-gate int error;
25240Sstevel@tonic-gate
25250Sstevel@tonic-gate /* cmn_err(CE_NOTE, "In gssd_getinfo"); */
25260Sstevel@tonic-gate
25270Sstevel@tonic-gate switch (infocmd) {
25280Sstevel@tonic-gate case DDI_INFO_DEVT2INSTANCE:
25290Sstevel@tonic-gate dev = (dev_t)arg;
25300Sstevel@tonic-gate *result = (void *) getminor(dev);
25310Sstevel@tonic-gate error = DDI_SUCCESS;
25320Sstevel@tonic-gate break;
25330Sstevel@tonic-gate
25340Sstevel@tonic-gate case DDI_INFO_DEVT2DEVINFO:
25350Sstevel@tonic-gate /* cmn_err(CE_NOTE, "getinfo wants devinfo"); */
25360Sstevel@tonic-gate default:
25370Sstevel@tonic-gate error = DDI_FAILURE;
25380Sstevel@tonic-gate break;
25390Sstevel@tonic-gate }
25400Sstevel@tonic-gate return (error);
25410Sstevel@tonic-gate }
25420Sstevel@tonic-gate
gssd_identify(dev_info_t * dip)25430Sstevel@tonic-gate static int gssd_identify(dev_info_t *dip)
25440Sstevel@tonic-gate {
25450Sstevel@tonic-gate /* cmn_err(CE_NOTE, "in gssd_identify"); */
25460Sstevel@tonic-gate if (strcmp(ddi_get_name(dip), "gssd") == 0)
25470Sstevel@tonic-gate return (DDI_IDENTIFIED);
25480Sstevel@tonic-gate else
25490Sstevel@tonic-gate return (DDI_NOT_IDENTIFIED);
25500Sstevel@tonic-gate }
25510Sstevel@tonic-gate
gssd_probe(dev_info_t * dip)25520Sstevel@tonic-gate static int gssd_probe(dev_info_t *dip)
25530Sstevel@tonic-gate {
25540Sstevel@tonic-gate /* cmn_err(CE_NOTE, "In gssd_probe"); */
25550Sstevel@tonic-gate
25560Sstevel@tonic-gate return (DDI_PROBE_SUCCESS);
25570Sstevel@tonic-gate }
25580Sstevel@tonic-gate
gssd_open(dev_t * devp,int flag,int otyp,cred_t * credp)25590Sstevel@tonic-gate static int gssd_open(dev_t *devp, int flag, int otyp, cred_t *credp)
25600Sstevel@tonic-gate {
25610Sstevel@tonic-gate /* cmn_err (CE_NOTE, "In gssd_open"); */
25620Sstevel@tonic-gate if (otyp != OTYP_CHR)
25630Sstevel@tonic-gate return (EINVAL);
25640Sstevel@tonic-gate
25650Sstevel@tonic-gate gss_clnt = getgssd_handle();
25660Sstevel@tonic-gate return (0);
25670Sstevel@tonic-gate }
25680Sstevel@tonic-gate
gssd_close(dev_t dev,int flag,int otyp,cred_t * credp)25690Sstevel@tonic-gate static int gssd_close(dev_t dev, int flag, int otyp, cred_t *credp)
25700Sstevel@tonic-gate {
25710Sstevel@tonic-gate /* cmn_err(CE_NOTE, "In gssd_close"); */
25720Sstevel@tonic-gate killgssd_handle(gss_clnt);
25730Sstevel@tonic-gate return (0);
25740Sstevel@tonic-gate }
25750Sstevel@tonic-gate
gssd_write(dev_t dev,struct uio * uiop,cred_t * credp)25760Sstevel@tonic-gate static int gssd_write(dev_t dev, struct uio *uiop, cred_t *credp)
25770Sstevel@tonic-gate {
25780Sstevel@tonic-gate char buffer[1024];
25790Sstevel@tonic-gate int len;
25800Sstevel@tonic-gate
25810Sstevel@tonic-gate /* cmn_err(CE_NOTE, "In gssd_write"); */
25820Sstevel@tonic-gate bzero(buffer, 1024);
25830Sstevel@tonic-gate
25840Sstevel@tonic-gate uiomove(buffer, 1024, UIO_WRITE, uiop);
25850Sstevel@tonic-gate len = strlen(buffer);
25860Sstevel@tonic-gate
25870Sstevel@tonic-gate if (buffer[len-1] == '\n')
25880Sstevel@tonic-gate buffer[--len] = '\0';
25890Sstevel@tonic-gate
25900Sstevel@tonic-gate cmn_err(CE_NOTE, "Got command: (%d) \"%s\"", len, buffer);
25910Sstevel@tonic-gate do_gssdtest(buffer);
25920Sstevel@tonic-gate return (0);
25930Sstevel@tonic-gate }
25940Sstevel@tonic-gate
25950Sstevel@tonic-gate static struct cb_ops gssd_cb_ops = {
25960Sstevel@tonic-gate gssd_open, /* cb_open */
25970Sstevel@tonic-gate gssd_close, /* cb_close */
25980Sstevel@tonic-gate nodev, /* cb_strategy */
25990Sstevel@tonic-gate nodev, /* cb_print */
26000Sstevel@tonic-gate nodev, /* cb_dump */
26010Sstevel@tonic-gate nulldev, /* cb_read */
26020Sstevel@tonic-gate gssd_write, /* cb_write */
26030Sstevel@tonic-gate nodev, /* cb_ioctl */
26040Sstevel@tonic-gate nodev, /* cb_devmap */
26050Sstevel@tonic-gate nodev, /* cb_mmap */
26060Sstevel@tonic-gate nodev, /* cb_segmap */
26070Sstevel@tonic-gate nochpoll, /* cb_chpoll */
26080Sstevel@tonic-gate ddi_prop_op, /* cb_prop_op */
26090Sstevel@tonic-gate NULL, /* cb_stream */
26100Sstevel@tonic-gate (int)(D_NEW|D_MP) /* cb_flag */
26110Sstevel@tonic-gate };
26120Sstevel@tonic-gate
26130Sstevel@tonic-gate static struct dev_ops gssd_ops = {
26140Sstevel@tonic-gate DEVO_REV, /* devo_rev */
26150Sstevel@tonic-gate 0, /* devo_refcnt */
26160Sstevel@tonic-gate gssd_getinfo, /* devo_getinfo */
26170Sstevel@tonic-gate gssd_identify, /* devo_identify */
26180Sstevel@tonic-gate nulldev, /* devo_probe */
26190Sstevel@tonic-gate gssd_attach, /* devo_attach */
26200Sstevel@tonic-gate nulldev, /* devo_detach */
26210Sstevel@tonic-gate nodev, /* devo_reset */
26220Sstevel@tonic-gate &gssd_cb_ops, /* devo_cb_ops */
26230Sstevel@tonic-gate (struct bus_ops *)NULL /* devo_bus_ops */
26240Sstevel@tonic-gate };
26250Sstevel@tonic-gate
26260Sstevel@tonic-gate extern struct mod_ops mod_driverops;
26270Sstevel@tonic-gate
26280Sstevel@tonic-gate static struct modldrv modlmisc = {
26290Sstevel@tonic-gate &mod_driverops,
26300Sstevel@tonic-gate "GSSD DRV Client Module",
26310Sstevel@tonic-gate &gssd_ops
26320Sstevel@tonic-gate
26330Sstevel@tonic-gate #else /* !DEBUG */
26340Sstevel@tonic-gate
26350Sstevel@tonic-gate static struct modlmisc modlmisc = {
26360Sstevel@tonic-gate &mod_miscops,
26370Sstevel@tonic-gate "GSSD Client Module"
26380Sstevel@tonic-gate #endif /* DEBUG */
26390Sstevel@tonic-gate };
26400Sstevel@tonic-gate
26410Sstevel@tonic-gate static struct modlinkage modlinkage = {
26420Sstevel@tonic-gate MODREV_1,
26430Sstevel@tonic-gate (void *)&modlmisc,
26440Sstevel@tonic-gate NULL
26450Sstevel@tonic-gate };
26460Sstevel@tonic-gate
26470Sstevel@tonic-gate char _depends_on[] = "strmod/rpcmod misc/tlimod";
26480Sstevel@tonic-gate
_init(void)26490Sstevel@tonic-gate _init(void)
26500Sstevel@tonic-gate {
26510Sstevel@tonic-gate int status;
26520Sstevel@tonic-gate
26530Sstevel@tonic-gate if ((status = ddi_soft_state_init(&gssd_state,
26540Sstevel@tonic-gate sizeof (gssd_devstate_t), 1)) != 0)
26550Sstevel@tonic-gate return (status);
26560Sstevel@tonic-gate
26570Sstevel@tonic-gate if ((status = mod_install((struct modlinkage *)&modlinkage)) != 0)
26580Sstevel@tonic-gate ddi_soft_state_fini(&gssd_state);
26590Sstevel@tonic-gate
26600Sstevel@tonic-gate cmn_err(CE_NOTE, "gssd: I'm in the kernel: %d.", status);
26610Sstevel@tonic-gate return (status);
26620Sstevel@tonic-gate }
26630Sstevel@tonic-gate
_fini()26640Sstevel@tonic-gate _fini()
26650Sstevel@tonic-gate {
26660Sstevel@tonic-gate int status;
26670Sstevel@tonic-gate
26680Sstevel@tonic-gate killgssd_handle(gss_clnt);
26690Sstevel@tonic-gate cmn_err(CE_NOTE, "gssd: Handle destroyed.. leaving module.");
26700Sstevel@tonic-gate
26710Sstevel@tonic-gate if ((status = mod_remove(&modlinkage)) != 0)
26720Sstevel@tonic-gate return (status);
26730Sstevel@tonic-gate
26740Sstevel@tonic-gate ddi_soft_state_fini(&gssd_state);
26750Sstevel@tonic-gate return (status);
26760Sstevel@tonic-gate }
26770Sstevel@tonic-gate
26780Sstevel@tonic-gate _info(modinfop)
26790Sstevel@tonic-gate struct modinfo *modinfop;
26800Sstevel@tonic-gate {
26810Sstevel@tonic-gate return (mod_info(&modlinkage, modinfop));
26820Sstevel@tonic-gate }
26830Sstevel@tonic-gate
26840Sstevel@tonic-gate #endif
2685