1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 /*
30 * GSSAPI library stub module for gssd.
31 */
32
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <mechglueP.h>
36 #include "gssd.h"
37 #include <rpc/rpc.h>
38
39 #ifdef _KERNEL
40 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
41 #define FREE(x, n) kmem_free((x), (n))
42 #define memcpy(dst, src, n) bcopy((src), (dst), (n))
43 #define clnt_pcreateerror(srv) printf("Cannot connect to server on %s\n", srv)
44
45 #ifdef DEBUG
46 #ifndef _SYS_CMN_ERR_H
47 #define _SYS_CMN_ERR_H
48 #define CE_NOTE 1
146 memcpy(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
147 desired_mechs->elements[i].elements,
148 desired_mechs->elements[i].length);
149 }
150 } else
151 arg.desired_mechs.GSS_OID_SET_len = 0;
152
153 arg.cred_usage = cred_usage;
154
155 /* call the remote procedure */
156
157 memset(&res, 0, sizeof (res));
158 if (gss_acquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
159
160 /*
161 * if the RPC call times out, null out all return arguments,
162 * set minor_status to its maximum value, and return GSS_S_FAILURE
163 */
164
165 if (minor_status != NULL)
166 *minor_status = 0xffffffff;
167 if (output_cred_handle != NULL)
168 *output_cred_handle = NULL;
169 if (actual_mechs != NULL)
170 *actual_mechs = NULL;
171 if (time_rec != NULL)
172 *time_rec = 0;
173
174 return (GSS_S_FAILURE);
175 }
176
177 /* free the allocated memory for the flattened name and desire_mechs */
178
179 gss_release_buffer(&minor_status_temp, &external_name);
180 for (i = 0; i < desired_mechs->count; i++)
181 FREE(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
182 arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len);
183 FREE(arg.desired_mechs.GSS_OID_SET_val,
184 arg.desired_mechs.GSS_OID_SET_len * sizeof (GSS_OID));
185
186 /* copy the rpc results into the return arguments */
494 arg.gssd_cred_verifier = gssd_cred_verifier;
495
496 if (cred_handle != NULL) {
497 arg.cred_handle.GSS_CRED_ID_T_len =
498 (uint_t)sizeof (gssd_cred_id_t);
499 arg.cred_handle.GSS_CRED_ID_T_val = (char *)cred_handle;
500 } else
501 arg.cred_handle.GSS_CRED_ID_T_len = 0;
502
503 /* call the remote procedure */
504
505 memset(&res, 0, sizeof (res));
506 if (gss_release_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
507
508 /*
509 * if the RPC call times out, null out all return arguments,
510 * set minor_status to its max value, and return GSS_S_FAILURE
511 */
512
513 if (minor_status != NULL)
514 *minor_status = 0xffffffff;
515 if (cred_handle != NULL)
516 *cred_handle = NULL;
517
518 return (GSS_S_FAILURE);
519 }
520
521 /* if the release succeeded, null out the cred_handle */
522 if (res.status == GSS_S_COMPLETE && cred_handle != NULL)
523 *cred_handle = NULL;
524
525 /* copy the rpc results into the return arguments */
526 if (minor_status != NULL)
527 *minor_status = res.minor_status;
528
529 /* return with status returned in rpc call */
530 return (res.status);
531 }
532
533 OM_uint32
534 kgss_release_cred(minor_status,
669 (void *) input_chan_bindings->application_data.value;
670 } else {
671 arg.input_chan_bindings.present = NO;
672 arg.input_chan_bindings.initiator_addrtype = 0;
673 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
674 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
675 arg.input_chan_bindings.acceptor_addrtype = 0;
676 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
677 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
678 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
679 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
680 }
681
682 arg.input_token.GSS_BUFFER_T_len = (uint_t)
683 (input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
684 arg.input_token.GSS_BUFFER_T_val = (char *)
685 (input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
686
687 /* initialize the output parameters to empty values */
688 if (minor_status != NULL)
689 *minor_status = 0xffffffff;
690 if (actual_mech_type != NULL)
691 *actual_mech_type = NULL;
692 if (output_token != NULL)
693 output_token->length = 0;
694 if (ret_flags != NULL)
695 *ret_flags = 0;
696 if (time_rec != NULL)
697 *time_rec = 0;
698
699 /* call the remote procedure */
700 memset(&res, 0, sizeof (res));
701 if (gss_init_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
702
703 /* free the allocated memory for the flattened name */
704 gss_release_buffer(&minor_status_temp, &external_name);
705
706 return (GSS_S_FAILURE);
707 }
708
709
710 /* free the allocated memory for the flattened name */
711 gss_release_buffer(&minor_status_temp, &external_name);
712
713 /* if the call was successful, copy out the results */
714 if (res.status == (OM_uint32) GSS_S_COMPLETE ||
715 res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
716 /*
717 * copy the rpc results into the return arguments
718 * on CONTINUE_NEEDED only the output token, minor
719 * code and ctxt handle are ready.
720 */
721 if (minor_status != NULL)
722 *minor_status = res.minor_status;
723 /*LINTED*/
724 *context_handle = *((OM_uint32 *)
725 res.context_handle.GSS_CTX_ID_T_val);
726
727 /*LINTED*/
728 *context_handle = *((OM_uint32 *)
729 res.context_handle.GSS_CTX_ID_T_val);
730 *gssd_context_verifier = res.gssd_context_verifier;
731
732 if (output_token != NULL) {
733 output_token->length =
734 (size_t)res.output_token.GSS_BUFFER_T_len;
735 output_token->value =
736 (void *)res.output_token.GSS_BUFFER_T_val;
737 res.output_token.GSS_BUFFER_T_val = NULL;
738 res.output_token.GSS_BUFFER_T_len = 0;
739 }
740
741 /* the rest of the parameters is only ready on COMPLETE */
742 if (res.status == GSS_S_COMPLETE) {
743 if (actual_mech_type != NULL) {
744 *actual_mech_type = (gss_OID)
745 MALLOC(sizeof (gss_OID_desc));
746 (*actual_mech_type)->length = (OM_UINT32)
747 res.actual_mech_type.GSS_OID_len;
748 (*actual_mech_type)->elements = (void *)
749 MALLOC((*actual_mech_type)->length);
750 memcpy((*actual_mech_type)->elements, (void *)
751 res.actual_mech_type.GSS_OID_val,
752 (*actual_mech_type)->length);
753 }
754
755
756 if (ret_flags != NULL)
757 *ret_flags = res.ret_flags;
758
759 if (time_rec != NULL)
908 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
909 (void *) input_chan_bindings->acceptor_address.value;
910 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
911 (uint_t)input_chan_bindings->application_data.length;
912 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
913 (void *) input_chan_bindings->application_data.value;
914 } else {
915 arg.input_chan_bindings.present = NO;
916 arg.input_chan_bindings.initiator_addrtype = 0;
917 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
918 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
919 arg.input_chan_bindings.acceptor_addrtype = 0;
920 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
921 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
922 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
923 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
924 }
925
926 /* set the output parameters to empty values.... */
927 if (minor_status != NULL)
928 *minor_status = 0xffffffff;
929 if (src_name != NULL) {
930 src_name->length = 0;
931 src_name->value = NULL;
932 }
933 if (mech_type != NULL)
934 *mech_type = NULL;
935 if (output_token != NULL)
936 output_token->length = 0;
937 if (ret_flags != NULL)
938 *ret_flags = 0;
939 if (time_rec != NULL)
940 *time_rec = 0;
941 if (delegated_cred_handle != NULL)
942 *delegated_cred_handle = NULL;
943
944 /* call the remote procedure */
945 memset(&res, 0, sizeof (res));
946 if (gss_accept_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
947 return (GSS_S_FAILURE);
948 }
949
950
951 if (res.status == (OM_uint32) GSS_S_COMPLETE ||
952 res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
953 /*
954 * when gss returns CONTINUE_NEEDED we can only
955 * use the context, minor, and output token
956 * parameters.
957 */
958 /*LINTED*/
959 *context_handle = *((gssd_ctx_id_t *)
960 res.context_handle.GSS_CTX_ID_T_val);
961 *gssd_context_verifier = res.gssd_context_verifier;
962
963 if (output_token != NULL) {
964 output_token->length =
965 res.output_token.GSS_BUFFER_T_len;
966 output_token->value =
967 (void *) res.output_token.GSS_BUFFER_T_val;
968 res.output_token.GSS_BUFFER_T_val = 0;
969 res.output_token.GSS_BUFFER_T_len = 0;
970 }
971
972 if (minor_status != NULL)
973 *minor_status = res.minor_status;
974
975 /* the other parameters are ready on for COMPLETE */
976 if (res.status == GSS_S_COMPLETE)
977 {
978
979 /*
980 * The src_name is in external format.
981 */
982 if (src_name != NULL) {
983 src_name->length = res.src_name.GSS_BUFFER_T_len;
984 src_name->value = res.src_name.GSS_BUFFER_T_val;
985 res.src_name.GSS_BUFFER_T_val = NULL;
986 res.src_name.GSS_BUFFER_T_len = 0;
987 }
988 /*
989 * move mech type returned to mech_type
990 * for gss_import_name_for_mech()
991 */
992 if (mech_type != NULL) {
993 *mech_type =
994 (gss_OID) MALLOC(sizeof (gss_OID_desc));
995 (*mech_type)->length =
996 (OM_UINT32) res.mech_type.GSS_OID_len;
997 (*mech_type)->elements =
998 (void *) MALLOC((*mech_type)->length);
1110 /* copy the procedure arguments into the rpc arg parameter */
1111 arg.uid = (OM_uint32) uid;
1112
1113 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gss_ctx_id_t);
1114 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1115 arg.gssd_context_verifier = gssd_context_verifier;
1116 arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer;
1117 arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
1118
1119 /* call the remote procedure */
1120
1121 memset(&res, 0, sizeof (res));
1122 if (gss_process_context_token_1(&arg, &res, clnt) != RPC_SUCCESS) {
1123
1124 /*
1125 * if the RPC call times out, null out all return arguments,
1126 * set minor_status to its maximum value, and return GSS_S_FAILURE
1127 */
1128
1129 if (minor_status != NULL)
1130 *minor_status = 0xffffffff;
1131
1132 return (GSS_S_FAILURE);
1133 }
1134
1135 /* copy the rpc results into the return arguments */
1136
1137 if (minor_status != NULL)
1138 *minor_status = res.minor_status;
1139
1140 /* return with status returned in rpc call */
1141
1142 return (res.status);
1143 }
1144
1145 OM_uint32
1146 kgss_delete_sec_context_wrapped(minor_status,
1147 context_handle,
1148 gssd_context_verifier,
1149 output_token)
1150 OM_uint32 *minor_status;
1165 /* copy the procedure arguments into the rpc arg parameter */
1166
1167 arg.context_handle.GSS_CTX_ID_T_len =
1168 *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ? 0 :
1169 (uint_t)sizeof (OM_uint32);
1170 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
1171
1172 arg.gssd_context_verifier = gssd_context_verifier;
1173
1174 /* call the remote procedure */
1175
1176 memset(&res, 0, sizeof (res));
1177 if (gss_delete_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
1178
1179 /*
1180 * if the RPC call times out, null out all return arguments,
1181 * set minor_status to its max value, and return GSS_S_FAILURE
1182 */
1183
1184 if (minor_status != NULL)
1185 *minor_status = 0xffffffff;
1186 if (context_handle != NULL)
1187 *context_handle = NULL;
1188 if (output_token != NULL)
1189 output_token->length = 0;
1190
1191 return (GSS_S_FAILURE);
1192 }
1193
1194 /* copy the rpc results into the return arguments */
1195
1196 if (minor_status != NULL)
1197 *minor_status = res.minor_status;
1198
1199 if (res.context_handle.GSS_CTX_ID_T_len == 0)
1200 *context_handle = NULL;
1201 else
1202 /*LINTED*/
1203 *context_handle = *((gssd_ctx_id_t *)
1204 res.context_handle.GSS_CTX_ID_T_val);
1205
1206 if (output_token != NULL) {
1207 output_token->length = res.output_token.GSS_BUFFER_T_len;
1208 output_token->value = res.output_token.GSS_BUFFER_T_val;
1209 res.output_token.GSS_BUFFER_T_len = 0;
1210 res.output_token.GSS_BUFFER_T_val = NULL;
1211 }
1212
1213 /*
1214 * free the memory allocated for the results and return with the status
1215 * received in the rpc call
1216 */
1217
1218 clnt_freeres(clnt, xdr_gss_delete_sec_context_res, (caddr_t)&res);
1219 return (res.status);
1220 }
1221
1222 /*ARGSUSED*/
1223 OM_uint32
1224 kgss_delete_sec_context(
1225 OM_uint32 *minor_status,
1226 gss_ctx_id_t *context_handle,
1292
1293 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1294 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1295 arg.gssd_context_verifier = gssd_context_verifier;
1296
1297 arg.qop_req = qop_req;
1298 arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
1299 arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
1300
1301 /* call the remote procedure */
1302
1303 memset(&res, 0, sizeof (res));
1304 if (gss_sign_1(&arg, &res, clnt) != RPC_SUCCESS) {
1305
1306 /*
1307 * if the RPC call times out, null out all return arguments,
1308 * set minor_status to its maximum value, and return GSS_S_FAILURE
1309 */
1310
1311 if (minor_status != NULL)
1312 *minor_status = 0xffffffff;
1313 if (msg_token != NULL)
1314 msg_token->length = 0;
1315
1316 return (GSS_S_FAILURE);
1317 }
1318
1319 /* copy the rpc results into the return arguments */
1320
1321 if (minor_status != NULL)
1322 *minor_status = res.minor_status;
1323
1324 if (msg_token != NULL) {
1325 msg_token->length = res.msg_token.GSS_BUFFER_T_len;
1326 msg_token->value = (void *) MALLOC(msg_token->length);
1327 memcpy(msg_token->value, res.msg_token.GSS_BUFFER_T_val,
1328 msg_token->length);
1329 }
1330
1331 /*
1332 * free the memory allocated for the results and return with the status
1385
1386 arg.gssd_context_verifier = gssd_context_verifier;
1387
1388 arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
1389 arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
1390
1391 arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer->length;
1392 arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
1393
1394 /* call the remote procedure */
1395
1396 memset(&res, 0, sizeof (res));
1397 if (gss_verify_1(&arg, &res, clnt) != RPC_SUCCESS) {
1398
1399 /*
1400 * if the RPC call times out, null out all return arguments,
1401 * set minor_status to its maximum value, and return GSS_S_FAILURE
1402 */
1403
1404 if (minor_status != NULL)
1405 *minor_status = 0xffffffff;
1406 if (qop_state != NULL)
1407 *qop_state = 0;
1408
1409 return (GSS_S_FAILURE);
1410 }
1411
1412 /* copy the rpc results into the return arguments */
1413
1414 if (minor_status != NULL)
1415 *minor_status = res.minor_status;
1416
1417 if (qop_state != NULL)
1418 *qop_state = res.qop_state;
1419
1420 /* return with status returned in rpc call */
1421
1422 return (res.status);
1423 }
1424
1425 OM_uint32
1481
1482 arg.qop_req = qop_req;
1483
1484 arg.input_message_buffer.GSS_BUFFER_T_len =
1485 (uint_t)input_message_buffer->length;
1486
1487 arg.input_message_buffer.GSS_BUFFER_T_val =
1488 (char *)input_message_buffer->value;
1489
1490 /* call the remote procedure */
1491
1492 memset(&res, 0, sizeof (res));
1493 if (gss_seal_1(&arg, &res, clnt) != RPC_SUCCESS) {
1494
1495 /*
1496 * if the RPC call times out, null out all return arguments,
1497 * set minor_status to its maximum value, and return GSS_S_FAILURE
1498 */
1499
1500 if (minor_status != NULL)
1501 *minor_status = 0xffffffff;
1502 if (conf_state != NULL)
1503 *conf_state = 0;
1504 if (output_message_buffer != NULL)
1505 output_message_buffer->length = 0;
1506
1507 return (GSS_S_FAILURE);
1508 }
1509
1510 /* copy the rpc results into the return arguments */
1511
1512 if (minor_status != NULL)
1513 *minor_status = res.minor_status;
1514
1515 if (conf_state != NULL)
1516 *conf_state = res.conf_state;
1517
1518 if (output_message_buffer != NULL) {
1519 output_message_buffer->length =
1520 res.output_message_buffer.GSS_BUFFER_T_len;
1521
1587 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1588 arg.gssd_context_verifier = gssd_context_verifier;
1589
1590 arg.input_message_buffer.GSS_BUFFER_T_len =
1591 (uint_t)input_message_buffer->length;
1592
1593 arg.input_message_buffer.GSS_BUFFER_T_val =
1594 (char *)input_message_buffer->value;
1595
1596 /* call the remote procedure */
1597
1598 memset(&res, 0, sizeof (res));
1599 if (gss_unseal_1(&arg, &res, clnt) != RPC_SUCCESS) {
1600
1601 /*
1602 * if the RPC call times out, null out all return arguments,
1603 * set minor_status to its maximum value, and return GSS_S_FAILURE
1604 */
1605
1606 if (minor_status != NULL)
1607 *minor_status = 0xffffffff;
1608 if (output_message_buffer != NULL)
1609 output_message_buffer->length = 0;
1610 if (conf_state != NULL)
1611 *conf_state = 0;
1612 if (qop_state != NULL)
1613 *qop_state = 0;
1614
1615 return (GSS_S_FAILURE);
1616 }
1617
1618 /* copy the rpc results into the return arguments */
1619
1620 if (minor_status != NULL)
1621 *minor_status = res.minor_status;
1622
1623 if (output_message_buffer != NULL) {
1624 output_message_buffer->length =
1625 res.output_message_buffer.GSS_BUFFER_T_len;
1626
1627 output_message_buffer->value =
1706 arg.message_context = *message_context;
1707
1708 /* call the remote procedure */
1709
1710 if (message_context != NULL)
1711 *message_context = 0;
1712 if (status_string != NULL) {
1713 status_string->length = 0;
1714 status_string->value = NULL;
1715 }
1716
1717 memset(&res, 0, sizeof (res));
1718 if (gss_display_status_1(&arg, &res, clnt) != RPC_SUCCESS) {
1719
1720 /*
1721 * if the RPC call times out, null out all return arguments,
1722 * set minor_status to its maximum value, and return GSS_S_FAILURE
1723 */
1724
1725 if (minor_status != NULL)
1726 *minor_status = 0xffffffff;
1727
1728 return (GSS_S_FAILURE);
1729 }
1730
1731
1732 /* now process the results and pass them back to the caller */
1733
1734 if (res.status == GSS_S_COMPLETE) {
1735 if (minor_status != NULL)
1736 *minor_status = res.minor_status;
1737 if (message_context != NULL)
1738 *message_context = res.message_context;
1739 if (status_string != NULL) {
1740 status_string->length =
1741 (size_t)res.status_string.GSS_BUFFER_T_len;
1742 status_string->value =
1743 (void *)MALLOC(status_string->length);
1744 memcpy(status_string->value,
1745 res.status_string.GSS_BUFFER_T_val,
1746 status_string->length);
1747 }
1748 }
1749
1750 clnt_freeres(clnt, xdr_gss_display_status_res, (caddr_t)&res);
1751 return (res.status);
1752 }
1753
1754 /*ARGSUSED*/
1755 OM_uint32
1756 kgss_indicate_mechs(minor_status,
1763 void *arg;
1764 gss_indicate_mechs_res res;
1765 int i;
1766
1767 /* get the client handle to GSSD */
1768
1769 if ((clnt = getgssd_handle()) == NULL) {
1770 clnt_pcreateerror(server);
1771 return (GSS_S_FAILURE);
1772 }
1773
1774 memset(&res, 0, sizeof (res));
1775 if (gss_indicate_mechs_1(&arg, &res, clnt) != RPC_SUCCESS) {
1776
1777 /*
1778 * if the RPC call times out, null out all return arguments,
1779 * set minor_status to its maximum value, and return GSS_S_FAILURE
1780 */
1781
1782 if (minor_status != NULL)
1783 *minor_status = 0xffffffff;
1784 if (mech_set != NULL)
1785 *mech_set = NULL;
1786
1787 return (GSS_S_FAILURE);
1788 }
1789
1790 /* copy the rpc results into the return arguments */
1791
1792 if (minor_status != NULL)
1793 *minor_status = res.minor_status;
1794
1795 if (mech_set != NULL) {
1796 *mech_set = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
1797 (*mech_set)->count = res.mech_set.GSS_OID_SET_len;
1798 (*mech_set)->elements = (void *)
1799 MALLOC ((*mech_set)->count * sizeof (gss_OID_desc));
1800 for (i = 0; i < (*mech_set)->count; i++) {
1801 (*mech_set)->elements[i].length =
1802 res.mech_set.GSS_OID_SET_val[i].GSS_OID_len;
1803 (*mech_set)->elements[i].elements = (void *)
1856
1857 arg.uid = (OM_uint32) uid;
1858
1859 arg.cred_handle.GSS_CRED_ID_T_len =
1860 cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
1861 0 : (uint_t)sizeof (gssd_cred_id_t);
1862 arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
1863 arg.gssd_cred_verifier = gssd_cred_verifier;
1864
1865 /* call the remote procedure */
1866
1867 memset(&res, 0, sizeof (res));
1868 if (gss_inquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
1869
1870 /*
1871 * if the RPC call times out, null out all return arguments,
1872 * set minor_status to its maximum value, and return GSS_S_FAILURE
1873 */
1874
1875 if (minor_status != NULL)
1876 *minor_status = 0xffffffff;
1877 if (name != NULL)
1878 *name = NULL;
1879 if (lifetime != NULL)
1880 *lifetime = 0;
1881 if (cred_usage != NULL)
1882 *cred_usage = 0;
1883 if (mechanisms != NULL)
1884 *mechanisms = NULL;
1885
1886 return (GSS_S_FAILURE);
1887 }
1888
1889 /* copy the rpc results into the return arguments */
1890
1891 if (minor_status != NULL)
1892 *minor_status = res.minor_status;
1893
1894 /* convert name from external to internal format */
1895
1896 if (name != NULL) {
2025 arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
2026 arg.gssd_cred_verifier = gssd_cred_verifier;
2027
2028 arg.mech_type.GSS_OID_len =
2029 (uint_t)(mech_type != GSS_C_NULL_OID ?
2030 mech_type->length : 0);
2031 arg.mech_type.GSS_OID_val =
2032 (char *)(mech_type != GSS_C_NULL_OID ?
2033 mech_type->elements : 0);
2034 /* call the remote procedure */
2035
2036 memset(&res, 0, sizeof (res));
2037 if (gss_inquire_cred_by_mech_1(&arg, &res, clnt) != RPC_SUCCESS) {
2038
2039 /*
2040 * if the RPC call times out, null out all return arguments,
2041 * set minor_status to its maximum value, and return GSS_S_FAILURE
2042 */
2043
2044 if (minor_status != NULL)
2045 *minor_status = 0xffffffff;
2046 return (GSS_S_FAILURE);
2047 }
2048
2049 /* copy the rpc results into the return arguments */
2050
2051 if (minor_status != NULL)
2052 *minor_status = res.minor_status;
2053
2054 /* convert name from external to internal format */
2055
2056 /*
2057 * free the memory allocated for the results and return with the status
2058 * received in the rpc call
2059 */
2060
2061 clnt_freeres(clnt, xdr_gss_inquire_cred_by_mech_res, (caddr_t)&res);
2062 return (res.status);
2063 }
2064
2065
2331 *minor_status = DEFAULT_MINOR_STAT;
2332 if (context_handle != NULL)
2333 *context_handle = NULL;
2334 if (output_token != NULL)
2335 output_token->length = 0;
2336
2337 return (GSS_S_FAILURE);
2338 }
2339
2340 /* copy the rpc results into the return arguments */
2341
2342 if (minor_status != NULL)
2343 *minor_status = res.minor_status;
2344
2345 if (res.context_handle.GSS_CTX_ID_T_len == 0)
2346 *context_handle = NULL;
2347 else
2348 *context_handle =
2349 *((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
2350
2351 if (output_token != NULL) {
2352 output_token->length = res.output_token.GSS_BUFFER_T_len;
2353 output_token->value =
2354 (void *) MALLOC(output_token->length);
2355 memcpy(output_token->value,
2356 res.output_token.GSS_BUFFER_T_val,
2357 output_token->length);
2358 }
2359
2360 /*
2361 * free the memory allocated for the results and return with the status
2362 * received in the rpc call
2363 */
2364
2365 clnt_freeres(clnt, xdr_gss_export_sec_context_res, (caddr_t)&res);
2366 return (res.status);
2367
2368 }
2369
2370 OM_uint32
2371 kgss_export_sec_context(minor_status,
|
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * GSSAPI library stub module for gssd.
29 */
30
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <mechglueP.h>
34 #include "gssd.h"
35 #include <rpc/rpc.h>
36
37 #ifdef _KERNEL
38 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
39 #define FREE(x, n) kmem_free((x), (n))
40 #define memcpy(dst, src, n) bcopy((src), (dst), (n))
41 #define clnt_pcreateerror(srv) printf("Cannot connect to server on %s\n", srv)
42
43 #ifdef DEBUG
44 #ifndef _SYS_CMN_ERR_H
45 #define _SYS_CMN_ERR_H
46 #define CE_NOTE 1
144 memcpy(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
145 desired_mechs->elements[i].elements,
146 desired_mechs->elements[i].length);
147 }
148 } else
149 arg.desired_mechs.GSS_OID_SET_len = 0;
150
151 arg.cred_usage = cred_usage;
152
153 /* call the remote procedure */
154
155 memset(&res, 0, sizeof (res));
156 if (gss_acquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
157
158 /*
159 * if the RPC call times out, null out all return arguments,
160 * set minor_status to its maximum value, and return GSS_S_FAILURE
161 */
162
163 if (minor_status != NULL)
164 *minor_status = DEFAULT_MINOR_STAT;
165 if (output_cred_handle != NULL)
166 *output_cred_handle = NULL;
167 if (actual_mechs != NULL)
168 *actual_mechs = NULL;
169 if (time_rec != NULL)
170 *time_rec = 0;
171
172 return (GSS_S_FAILURE);
173 }
174
175 /* free the allocated memory for the flattened name and desire_mechs */
176
177 gss_release_buffer(&minor_status_temp, &external_name);
178 for (i = 0; i < desired_mechs->count; i++)
179 FREE(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
180 arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len);
181 FREE(arg.desired_mechs.GSS_OID_SET_val,
182 arg.desired_mechs.GSS_OID_SET_len * sizeof (GSS_OID));
183
184 /* copy the rpc results into the return arguments */
492 arg.gssd_cred_verifier = gssd_cred_verifier;
493
494 if (cred_handle != NULL) {
495 arg.cred_handle.GSS_CRED_ID_T_len =
496 (uint_t)sizeof (gssd_cred_id_t);
497 arg.cred_handle.GSS_CRED_ID_T_val = (char *)cred_handle;
498 } else
499 arg.cred_handle.GSS_CRED_ID_T_len = 0;
500
501 /* call the remote procedure */
502
503 memset(&res, 0, sizeof (res));
504 if (gss_release_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
505
506 /*
507 * if the RPC call times out, null out all return arguments,
508 * set minor_status to its max value, and return GSS_S_FAILURE
509 */
510
511 if (minor_status != NULL)
512 *minor_status = DEFAULT_MINOR_STAT;
513 if (cred_handle != NULL)
514 *cred_handle = NULL;
515
516 return (GSS_S_FAILURE);
517 }
518
519 /* if the release succeeded, null out the cred_handle */
520 if (res.status == GSS_S_COMPLETE && cred_handle != NULL)
521 *cred_handle = NULL;
522
523 /* copy the rpc results into the return arguments */
524 if (minor_status != NULL)
525 *minor_status = res.minor_status;
526
527 /* return with status returned in rpc call */
528 return (res.status);
529 }
530
531 OM_uint32
532 kgss_release_cred(minor_status,
667 (void *) input_chan_bindings->application_data.value;
668 } else {
669 arg.input_chan_bindings.present = NO;
670 arg.input_chan_bindings.initiator_addrtype = 0;
671 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
672 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
673 arg.input_chan_bindings.acceptor_addrtype = 0;
674 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
675 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
676 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
677 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
678 }
679
680 arg.input_token.GSS_BUFFER_T_len = (uint_t)
681 (input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
682 arg.input_token.GSS_BUFFER_T_val = (char *)
683 (input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
684
685 /* initialize the output parameters to empty values */
686 if (minor_status != NULL)
687 *minor_status = DEFAULT_MINOR_STAT;
688 if (actual_mech_type != NULL)
689 *actual_mech_type = NULL;
690 if (output_token != NULL)
691 output_token->length = 0;
692 if (ret_flags != NULL)
693 *ret_flags = 0;
694 if (time_rec != NULL)
695 *time_rec = 0;
696
697 /* call the remote procedure */
698 memset(&res, 0, sizeof (res));
699 if (gss_init_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
700
701 /* free the allocated memory for the flattened name */
702 gss_release_buffer(&minor_status_temp, &external_name);
703
704 return (GSS_S_FAILURE);
705 }
706
707 /*
708 * We could return from a GSS error here and need to return both the
709 * minor_status and output_token, back to the caller if applicable.
710 */
711 if (minor_status != NULL)
712 *minor_status = res.minor_status;
713
714 if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
715 output_token->length =
716 (size_t)res.output_token.GSS_BUFFER_T_len;
717 output_token->value =
718 (void *)res.output_token.GSS_BUFFER_T_val;
719 res.output_token.GSS_BUFFER_T_val = NULL;
720 res.output_token.GSS_BUFFER_T_len = 0;
721 }
722
723 /* free the allocated memory for the flattened name */
724 gss_release_buffer(&minor_status_temp, &external_name);
725
726 /* if the call was successful, copy out the results */
727 if (res.status == (OM_uint32) GSS_S_COMPLETE ||
728 res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
729 /*
730 * copy the rpc results into the return argument
731 * on CONTINUE_NEEDED only ctx handle is ready.
732 */
733 /*LINTED*/
734 *context_handle = *((OM_uint32 *)
735 res.context_handle.GSS_CTX_ID_T_val);
736 *gssd_context_verifier = res.gssd_context_verifier;
737
738
739 /* the rest of the parameters is only ready on COMPLETE */
740 if (res.status == GSS_S_COMPLETE) {
741 if (actual_mech_type != NULL) {
742 *actual_mech_type = (gss_OID)
743 MALLOC(sizeof (gss_OID_desc));
744 (*actual_mech_type)->length = (OM_UINT32)
745 res.actual_mech_type.GSS_OID_len;
746 (*actual_mech_type)->elements = (void *)
747 MALLOC((*actual_mech_type)->length);
748 memcpy((*actual_mech_type)->elements, (void *)
749 res.actual_mech_type.GSS_OID_val,
750 (*actual_mech_type)->length);
751 }
752
753
754 if (ret_flags != NULL)
755 *ret_flags = res.ret_flags;
756
757 if (time_rec != NULL)
906 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
907 (void *) input_chan_bindings->acceptor_address.value;
908 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
909 (uint_t)input_chan_bindings->application_data.length;
910 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
911 (void *) input_chan_bindings->application_data.value;
912 } else {
913 arg.input_chan_bindings.present = NO;
914 arg.input_chan_bindings.initiator_addrtype = 0;
915 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
916 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
917 arg.input_chan_bindings.acceptor_addrtype = 0;
918 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
919 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
920 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
921 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
922 }
923
924 /* set the output parameters to empty values.... */
925 if (minor_status != NULL)
926 *minor_status = DEFAULT_MINOR_STAT;
927 if (src_name != NULL) {
928 src_name->length = 0;
929 src_name->value = NULL;
930 }
931 if (mech_type != NULL)
932 *mech_type = NULL;
933 if (output_token != NULL)
934 output_token->length = 0;
935 if (ret_flags != NULL)
936 *ret_flags = 0;
937 if (time_rec != NULL)
938 *time_rec = 0;
939 if (delegated_cred_handle != NULL)
940 *delegated_cred_handle = NULL;
941
942 /* call the remote procedure */
943 memset(&res, 0, sizeof (res));
944 if (gss_accept_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
945 return (GSS_S_FAILURE);
946 }
947
948 /*
949 * We could return from a GSS error here and need to return both the
950 * minor_status and output_token, back to the caller if applicable.
951 */
952 if (minor_status != NULL)
953 *minor_status = res.minor_status;
954
955 if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
956 output_token->length =
957 res.output_token.GSS_BUFFER_T_len;
958 output_token->value =
959 (void *) res.output_token.GSS_BUFFER_T_val;
960 res.output_token.GSS_BUFFER_T_val = 0;
961 res.output_token.GSS_BUFFER_T_len = 0;
962 }
963
964 if (res.status == (OM_uint32) GSS_S_COMPLETE ||
965 res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
966 /*
967 * when gss returns CONTINUE_NEEDED we can only
968 * use the context parameter.
969 */
970 /*LINTED*/
971 *context_handle = *((gssd_ctx_id_t *)
972 res.context_handle.GSS_CTX_ID_T_val);
973 *gssd_context_verifier = res.gssd_context_verifier;
974
975 /* the other parameters are ready on for COMPLETE */
976 if (res.status == GSS_S_COMPLETE)
977 {
978 /*
979 * The src_name is in external format.
980 */
981 if (src_name != NULL) {
982 src_name->length = res.src_name.GSS_BUFFER_T_len;
983 src_name->value = res.src_name.GSS_BUFFER_T_val;
984 res.src_name.GSS_BUFFER_T_val = NULL;
985 res.src_name.GSS_BUFFER_T_len = 0;
986 }
987 /*
988 * move mech type returned to mech_type
989 * for gss_import_name_for_mech()
990 */
991 if (mech_type != NULL) {
992 *mech_type =
993 (gss_OID) MALLOC(sizeof (gss_OID_desc));
994 (*mech_type)->length =
995 (OM_UINT32) res.mech_type.GSS_OID_len;
996 (*mech_type)->elements =
997 (void *) MALLOC((*mech_type)->length);
1109 /* copy the procedure arguments into the rpc arg parameter */
1110 arg.uid = (OM_uint32) uid;
1111
1112 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gss_ctx_id_t);
1113 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1114 arg.gssd_context_verifier = gssd_context_verifier;
1115 arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer;
1116 arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
1117
1118 /* call the remote procedure */
1119
1120 memset(&res, 0, sizeof (res));
1121 if (gss_process_context_token_1(&arg, &res, clnt) != RPC_SUCCESS) {
1122
1123 /*
1124 * if the RPC call times out, null out all return arguments,
1125 * set minor_status to its maximum value, and return GSS_S_FAILURE
1126 */
1127
1128 if (minor_status != NULL)
1129 *minor_status = DEFAULT_MINOR_STAT;
1130
1131 return (GSS_S_FAILURE);
1132 }
1133
1134 /* copy the rpc results into the return arguments */
1135
1136 if (minor_status != NULL)
1137 *minor_status = res.minor_status;
1138
1139 /* return with status returned in rpc call */
1140
1141 return (res.status);
1142 }
1143
1144 OM_uint32
1145 kgss_delete_sec_context_wrapped(minor_status,
1146 context_handle,
1147 gssd_context_verifier,
1148 output_token)
1149 OM_uint32 *minor_status;
1164 /* copy the procedure arguments into the rpc arg parameter */
1165
1166 arg.context_handle.GSS_CTX_ID_T_len =
1167 *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ? 0 :
1168 (uint_t)sizeof (OM_uint32);
1169 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
1170
1171 arg.gssd_context_verifier = gssd_context_verifier;
1172
1173 /* call the remote procedure */
1174
1175 memset(&res, 0, sizeof (res));
1176 if (gss_delete_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
1177
1178 /*
1179 * if the RPC call times out, null out all return arguments,
1180 * set minor_status to its max value, and return GSS_S_FAILURE
1181 */
1182
1183 if (minor_status != NULL)
1184 *minor_status = DEFAULT_MINOR_STAT;
1185 if (context_handle != NULL)
1186 *context_handle = NULL;
1187 if (output_token != NULL)
1188 output_token->length = 0;
1189
1190 return (GSS_S_FAILURE);
1191 }
1192
1193 /* copy the rpc results into the return arguments */
1194
1195 if (minor_status != NULL)
1196 *minor_status = res.minor_status;
1197
1198 if (res.context_handle.GSS_CTX_ID_T_len == 0)
1199 *context_handle = NULL;
1200 else
1201 /*LINTED*/
1202 *context_handle = *((gssd_ctx_id_t *)
1203 res.context_handle.GSS_CTX_ID_T_val);
1204
1205 if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
1206 output_token->length = res.output_token.GSS_BUFFER_T_len;
1207 output_token->value = res.output_token.GSS_BUFFER_T_val;
1208 res.output_token.GSS_BUFFER_T_len = 0;
1209 res.output_token.GSS_BUFFER_T_val = NULL;
1210 }
1211
1212 /*
1213 * free the memory allocated for the results and return with the status
1214 * received in the rpc call
1215 */
1216
1217 clnt_freeres(clnt, xdr_gss_delete_sec_context_res, (caddr_t)&res);
1218 return (res.status);
1219 }
1220
1221 /*ARGSUSED*/
1222 OM_uint32
1223 kgss_delete_sec_context(
1224 OM_uint32 *minor_status,
1225 gss_ctx_id_t *context_handle,
1291
1292 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1293 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1294 arg.gssd_context_verifier = gssd_context_verifier;
1295
1296 arg.qop_req = qop_req;
1297 arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
1298 arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
1299
1300 /* call the remote procedure */
1301
1302 memset(&res, 0, sizeof (res));
1303 if (gss_sign_1(&arg, &res, clnt) != RPC_SUCCESS) {
1304
1305 /*
1306 * if the RPC call times out, null out all return arguments,
1307 * set minor_status to its maximum value, and return GSS_S_FAILURE
1308 */
1309
1310 if (minor_status != NULL)
1311 *minor_status = DEFAULT_MINOR_STAT;
1312 if (msg_token != NULL)
1313 msg_token->length = 0;
1314
1315 return (GSS_S_FAILURE);
1316 }
1317
1318 /* copy the rpc results into the return arguments */
1319
1320 if (minor_status != NULL)
1321 *minor_status = res.minor_status;
1322
1323 if (msg_token != NULL) {
1324 msg_token->length = res.msg_token.GSS_BUFFER_T_len;
1325 msg_token->value = (void *) MALLOC(msg_token->length);
1326 memcpy(msg_token->value, res.msg_token.GSS_BUFFER_T_val,
1327 msg_token->length);
1328 }
1329
1330 /*
1331 * free the memory allocated for the results and return with the status
1384
1385 arg.gssd_context_verifier = gssd_context_verifier;
1386
1387 arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
1388 arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
1389
1390 arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer->length;
1391 arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
1392
1393 /* call the remote procedure */
1394
1395 memset(&res, 0, sizeof (res));
1396 if (gss_verify_1(&arg, &res, clnt) != RPC_SUCCESS) {
1397
1398 /*
1399 * if the RPC call times out, null out all return arguments,
1400 * set minor_status to its maximum value, and return GSS_S_FAILURE
1401 */
1402
1403 if (minor_status != NULL)
1404 *minor_status = DEFAULT_MINOR_STAT;
1405 if (qop_state != NULL)
1406 *qop_state = 0;
1407
1408 return (GSS_S_FAILURE);
1409 }
1410
1411 /* copy the rpc results into the return arguments */
1412
1413 if (minor_status != NULL)
1414 *minor_status = res.minor_status;
1415
1416 if (qop_state != NULL)
1417 *qop_state = res.qop_state;
1418
1419 /* return with status returned in rpc call */
1420
1421 return (res.status);
1422 }
1423
1424 OM_uint32
1480
1481 arg.qop_req = qop_req;
1482
1483 arg.input_message_buffer.GSS_BUFFER_T_len =
1484 (uint_t)input_message_buffer->length;
1485
1486 arg.input_message_buffer.GSS_BUFFER_T_val =
1487 (char *)input_message_buffer->value;
1488
1489 /* call the remote procedure */
1490
1491 memset(&res, 0, sizeof (res));
1492 if (gss_seal_1(&arg, &res, clnt) != RPC_SUCCESS) {
1493
1494 /*
1495 * if the RPC call times out, null out all return arguments,
1496 * set minor_status to its maximum value, and return GSS_S_FAILURE
1497 */
1498
1499 if (minor_status != NULL)
1500 *minor_status = DEFAULT_MINOR_STAT;
1501 if (conf_state != NULL)
1502 *conf_state = 0;
1503 if (output_message_buffer != NULL)
1504 output_message_buffer->length = 0;
1505
1506 return (GSS_S_FAILURE);
1507 }
1508
1509 /* copy the rpc results into the return arguments */
1510
1511 if (minor_status != NULL)
1512 *minor_status = res.minor_status;
1513
1514 if (conf_state != NULL)
1515 *conf_state = res.conf_state;
1516
1517 if (output_message_buffer != NULL) {
1518 output_message_buffer->length =
1519 res.output_message_buffer.GSS_BUFFER_T_len;
1520
1586 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1587 arg.gssd_context_verifier = gssd_context_verifier;
1588
1589 arg.input_message_buffer.GSS_BUFFER_T_len =
1590 (uint_t)input_message_buffer->length;
1591
1592 arg.input_message_buffer.GSS_BUFFER_T_val =
1593 (char *)input_message_buffer->value;
1594
1595 /* call the remote procedure */
1596
1597 memset(&res, 0, sizeof (res));
1598 if (gss_unseal_1(&arg, &res, clnt) != RPC_SUCCESS) {
1599
1600 /*
1601 * if the RPC call times out, null out all return arguments,
1602 * set minor_status to its maximum value, and return GSS_S_FAILURE
1603 */
1604
1605 if (minor_status != NULL)
1606 *minor_status = DEFAULT_MINOR_STAT;
1607 if (output_message_buffer != NULL)
1608 output_message_buffer->length = 0;
1609 if (conf_state != NULL)
1610 *conf_state = 0;
1611 if (qop_state != NULL)
1612 *qop_state = 0;
1613
1614 return (GSS_S_FAILURE);
1615 }
1616
1617 /* copy the rpc results into the return arguments */
1618
1619 if (minor_status != NULL)
1620 *minor_status = res.minor_status;
1621
1622 if (output_message_buffer != NULL) {
1623 output_message_buffer->length =
1624 res.output_message_buffer.GSS_BUFFER_T_len;
1625
1626 output_message_buffer->value =
1705 arg.message_context = *message_context;
1706
1707 /* call the remote procedure */
1708
1709 if (message_context != NULL)
1710 *message_context = 0;
1711 if (status_string != NULL) {
1712 status_string->length = 0;
1713 status_string->value = NULL;
1714 }
1715
1716 memset(&res, 0, sizeof (res));
1717 if (gss_display_status_1(&arg, &res, clnt) != RPC_SUCCESS) {
1718
1719 /*
1720 * if the RPC call times out, null out all return arguments,
1721 * set minor_status to its maximum value, and return GSS_S_FAILURE
1722 */
1723
1724 if (minor_status != NULL)
1725 *minor_status = DEFAULT_MINOR_STAT;
1726
1727 return (GSS_S_FAILURE);
1728 }
1729
1730 if (minor_status != NULL)
1731 *minor_status = res.minor_status;
1732
1733 /* now process the results and pass them back to the caller */
1734
1735 if (res.status == GSS_S_COMPLETE) {
1736 if (message_context != NULL)
1737 *message_context = res.message_context;
1738 if (status_string != NULL) {
1739 status_string->length =
1740 (size_t)res.status_string.GSS_BUFFER_T_len;
1741 status_string->value =
1742 (void *)MALLOC(status_string->length);
1743 memcpy(status_string->value,
1744 res.status_string.GSS_BUFFER_T_val,
1745 status_string->length);
1746 }
1747 }
1748
1749 clnt_freeres(clnt, xdr_gss_display_status_res, (caddr_t)&res);
1750 return (res.status);
1751 }
1752
1753 /*ARGSUSED*/
1754 OM_uint32
1755 kgss_indicate_mechs(minor_status,
1762 void *arg;
1763 gss_indicate_mechs_res res;
1764 int i;
1765
1766 /* get the client handle to GSSD */
1767
1768 if ((clnt = getgssd_handle()) == NULL) {
1769 clnt_pcreateerror(server);
1770 return (GSS_S_FAILURE);
1771 }
1772
1773 memset(&res, 0, sizeof (res));
1774 if (gss_indicate_mechs_1(&arg, &res, clnt) != RPC_SUCCESS) {
1775
1776 /*
1777 * if the RPC call times out, null out all return arguments,
1778 * set minor_status to its maximum value, and return GSS_S_FAILURE
1779 */
1780
1781 if (minor_status != NULL)
1782 *minor_status = DEFAULT_MINOR_STAT;
1783 if (mech_set != NULL)
1784 *mech_set = NULL;
1785
1786 return (GSS_S_FAILURE);
1787 }
1788
1789 /* copy the rpc results into the return arguments */
1790
1791 if (minor_status != NULL)
1792 *minor_status = res.minor_status;
1793
1794 if (mech_set != NULL) {
1795 *mech_set = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
1796 (*mech_set)->count = res.mech_set.GSS_OID_SET_len;
1797 (*mech_set)->elements = (void *)
1798 MALLOC ((*mech_set)->count * sizeof (gss_OID_desc));
1799 for (i = 0; i < (*mech_set)->count; i++) {
1800 (*mech_set)->elements[i].length =
1801 res.mech_set.GSS_OID_SET_val[i].GSS_OID_len;
1802 (*mech_set)->elements[i].elements = (void *)
1855
1856 arg.uid = (OM_uint32) uid;
1857
1858 arg.cred_handle.GSS_CRED_ID_T_len =
1859 cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
1860 0 : (uint_t)sizeof (gssd_cred_id_t);
1861 arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
1862 arg.gssd_cred_verifier = gssd_cred_verifier;
1863
1864 /* call the remote procedure */
1865
1866 memset(&res, 0, sizeof (res));
1867 if (gss_inquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
1868
1869 /*
1870 * if the RPC call times out, null out all return arguments,
1871 * set minor_status to its maximum value, and return GSS_S_FAILURE
1872 */
1873
1874 if (minor_status != NULL)
1875 *minor_status = DEFAULT_MINOR_STAT;
1876 if (name != NULL)
1877 *name = NULL;
1878 if (lifetime != NULL)
1879 *lifetime = 0;
1880 if (cred_usage != NULL)
1881 *cred_usage = 0;
1882 if (mechanisms != NULL)
1883 *mechanisms = NULL;
1884
1885 return (GSS_S_FAILURE);
1886 }
1887
1888 /* copy the rpc results into the return arguments */
1889
1890 if (minor_status != NULL)
1891 *minor_status = res.minor_status;
1892
1893 /* convert name from external to internal format */
1894
1895 if (name != NULL) {
2024 arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
2025 arg.gssd_cred_verifier = gssd_cred_verifier;
2026
2027 arg.mech_type.GSS_OID_len =
2028 (uint_t)(mech_type != GSS_C_NULL_OID ?
2029 mech_type->length : 0);
2030 arg.mech_type.GSS_OID_val =
2031 (char *)(mech_type != GSS_C_NULL_OID ?
2032 mech_type->elements : 0);
2033 /* call the remote procedure */
2034
2035 memset(&res, 0, sizeof (res));
2036 if (gss_inquire_cred_by_mech_1(&arg, &res, clnt) != RPC_SUCCESS) {
2037
2038 /*
2039 * if the RPC call times out, null out all return arguments,
2040 * set minor_status to its maximum value, and return GSS_S_FAILURE
2041 */
2042
2043 if (minor_status != NULL)
2044 *minor_status = DEFAULT_MINOR_STAT;
2045 return (GSS_S_FAILURE);
2046 }
2047
2048 /* copy the rpc results into the return arguments */
2049
2050 if (minor_status != NULL)
2051 *minor_status = res.minor_status;
2052
2053 /* convert name from external to internal format */
2054
2055 /*
2056 * free the memory allocated for the results and return with the status
2057 * received in the rpc call
2058 */
2059
2060 clnt_freeres(clnt, xdr_gss_inquire_cred_by_mech_res, (caddr_t)&res);
2061 return (res.status);
2062 }
2063
2064
2330 *minor_status = DEFAULT_MINOR_STAT;
2331 if (context_handle != NULL)
2332 *context_handle = NULL;
2333 if (output_token != NULL)
2334 output_token->length = 0;
2335
2336 return (GSS_S_FAILURE);
2337 }
2338
2339 /* copy the rpc results into the return arguments */
2340
2341 if (minor_status != NULL)
2342 *minor_status = res.minor_status;
2343
2344 if (res.context_handle.GSS_CTX_ID_T_len == 0)
2345 *context_handle = NULL;
2346 else
2347 *context_handle =
2348 *((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
2349
2350 if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
2351 output_token->length = res.output_token.GSS_BUFFER_T_len;
2352 output_token->value =
2353 (void *) MALLOC(output_token->length);
2354 memcpy(output_token->value,
2355 res.output_token.GSS_BUFFER_T_val,
2356 output_token->length);
2357 }
2358
2359 /*
2360 * free the memory allocated for the results and return with the status
2361 * received in the rpc call
2362 */
2363
2364 clnt_freeres(clnt, xdr_gss_export_sec_context_res, (caddr_t)&res);
2365 return (res.status);
2366
2367 }
2368
2369 OM_uint32
2370 kgss_export_sec_context(minor_status,
|