Print this page
6817447 libgss and various mechs are hiding both the real minor_status and the error token
6405422 Solaris acceptors fail in AD-KDC environments when using non-"host" services (e.g. "cifs")
6824434 Unable to accept context establishment initiated by Windows 2000 clients
6787343 kclient's site lookups fail in certain network environments
6692646 kclient should output errors to stderr
6525327 kinit failed when arcfour-hmac-md5-exp was used for the principal's key
6745582 SUNWkdcu missing package dependencies after kclientv2 integration
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/gss/gssd/gssd_clnt_stubs.c
+++ new/usr/src/cmd/gss/gssd/gssd_clnt_stubs.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 - * Common Development and Distribution License, Version 1.0 only
6 - * (the "License"). You may not use this file except in compliance
7 - * with the License.
5 + * Common Development and Distribution License (the "License").
6 + * You may not use this file except in compliance with the License.
8 7 *
9 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 9 * or http://www.opensolaris.org/os/licensing.
11 10 * See the License for the specific language governing permissions
12 11 * and limitations under the License.
13 12 *
14 13 * When distributing Covered Code, include this CDDL HEADER in each
15 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 15 * If applicable, add the following below this CDDL HEADER, with the
17 16 * fields enclosed by brackets "[]" replaced with your own identifying
18 17 * information: Portions Copyright [yyyy] [name of copyright owner]
19 18 *
20 19 * CDDL HEADER END
21 20 */
21 +
22 22 /*
23 - * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
23 + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 */
26 26
27 -#pragma ident "%Z%%M% %I% %E% SMI"
28 -
29 27 /*
30 28 * GSSAPI library stub module for gssd.
31 29 */
32 30
33 31 #include <stdio.h>
34 32 #include <stdlib.h>
35 33 #include <mechglueP.h>
36 34 #include "gssd.h"
37 35 #include <rpc/rpc.h>
38 36
39 37 #ifdef _KERNEL
40 38 #define MALLOC(n) kmem_alloc((n), KM_SLEEP)
41 39 #define FREE(x, n) kmem_free((x), (n))
42 40 #define memcpy(dst, src, n) bcopy((src), (dst), (n))
43 41 #define clnt_pcreateerror(srv) printf("Cannot connect to server on %s\n", srv)
44 42
45 43 #ifdef DEBUG
46 44 #ifndef _SYS_CMN_ERR_H
47 45 #define _SYS_CMN_ERR_H
48 46 #define CE_NOTE 1
49 47 #endif
50 48 #include <sys/types.h>
51 49 #include <sys/devops.h>
52 50 #include <sys/open.h>
53 51 #include <sys/stat.h>
54 52 #include <sys/conf.h>
55 53 #include <sys/ddi.h>
56 54 #include <sys/sunddi.h>
57 55 #include <sys/uio.h>
58 56 #endif /* DEBUG */
59 57
60 58 #else /* !_KERNEL */
61 59 #define MALLOC(n) malloc(n)
62 60 #define FREE(x, n) free(x)
63 61 #endif /* _KERNEL */
64 62 #define DEFAULT_MINOR_STAT ((OM_uint32) ~0)
65 63
66 64 CLIENT *clnt, *getgssd_handle();
67 65 char *server = "localhost";
68 66
69 67 OM_uint32
70 68 kgss_acquire_cred_wrapped(minor_status,
71 69 desired_name,
72 70 time_req,
73 71 desired_mechs,
74 72 cred_usage,
75 73 output_cred_handle,
76 74 actual_mechs,
77 75 time_rec,
78 76 uid,
79 77 gssd_cred_verifier)
80 78 OM_uint32 *minor_status;
81 79 gss_name_t desired_name;
82 80 OM_uint32 time_req;
83 81 gss_OID_set desired_mechs;
84 82 int cred_usage;
85 83 gssd_cred_id_t *output_cred_handle;
86 84 gss_OID_set *actual_mechs;
87 85 OM_uint32 *time_rec;
88 86 uid_t uid;
89 87 OM_uint32 *gssd_cred_verifier;
90 88 {
91 89 OM_uint32 minor_status_temp;
92 90 gss_buffer_desc external_name;
93 91 gss_OID name_type;
94 92 int i;
95 93
96 94 gss_acquire_cred_arg arg;
97 95 gss_acquire_cred_res res;
98 96
99 97 /* get the client handle to GSSD */
100 98
101 99 if ((clnt = getgssd_handle()) == NULL) {
102 100 clnt_pcreateerror(server);
103 101 return (GSS_S_FAILURE);
104 102 }
105 103
106 104 /* convert the desired name from internal to external format */
107 105
108 106 if (gss_display_name(&minor_status_temp, desired_name, &external_name,
109 107 &name_type) != GSS_S_COMPLETE) {
110 108
111 109 *minor_status = (OM_uint32) minor_status_temp;
112 110 gss_release_buffer(&minor_status_temp, &external_name);
113 111 return ((OM_uint32) GSS_S_FAILURE);
114 112 }
115 113
116 114
117 115 /* copy the procedure arguments into the rpc arg parameter */
118 116
119 117 arg.uid = (OM_uint32)uid;
120 118
121 119 arg.desired_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
122 120 arg.desired_name.GSS_BUFFER_T_val = (char *)external_name.value;
123 121
124 122 arg.name_type.GSS_OID_len =
125 123 name_type == GSS_C_NULL_OID ?
126 124 0 : (uint_t)name_type->length;
127 125
128 126 arg.name_type.GSS_OID_val =
129 127 name_type == GSS_C_NULL_OID ?
130 128 (char *)NULL : (char *)name_type->elements;
131 129
132 130 arg.time_req = time_req;
133 131
134 132 if (desired_mechs != GSS_C_NULL_OID_SET) {
135 133 arg.desired_mechs.GSS_OID_SET_len =
136 134 (uint_t)desired_mechs->count;
137 135 arg.desired_mechs.GSS_OID_SET_val = (GSS_OID *)
138 136 MALLOC(sizeof (GSS_OID) * desired_mechs->count);
139 137
140 138 for (i = 0; i < desired_mechs->count; i++) {
141 139 arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len =
142 140 (uint_t)desired_mechs->elements[i].length;
143 141 arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val =
144 142 (char *)
145 143 MALLOC(desired_mechs->elements[i].length);
146 144 memcpy(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
147 145 desired_mechs->elements[i].elements,
148 146 desired_mechs->elements[i].length);
149 147 }
150 148 } else
151 149 arg.desired_mechs.GSS_OID_SET_len = 0;
152 150
153 151 arg.cred_usage = cred_usage;
154 152
155 153 /* call the remote procedure */
|
↓ open down ↓ |
117 lines elided |
↑ open up ↑ |
156 154
157 155 memset(&res, 0, sizeof (res));
158 156 if (gss_acquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
159 157
160 158 /*
161 159 * if the RPC call times out, null out all return arguments,
162 160 * set minor_status to its maximum value, and return GSS_S_FAILURE
163 161 */
164 162
165 163 if (minor_status != NULL)
166 - *minor_status = 0xffffffff;
164 + *minor_status = DEFAULT_MINOR_STAT;
167 165 if (output_cred_handle != NULL)
168 166 *output_cred_handle = NULL;
169 167 if (actual_mechs != NULL)
170 168 *actual_mechs = NULL;
171 169 if (time_rec != NULL)
172 170 *time_rec = 0;
173 171
174 172 return (GSS_S_FAILURE);
175 173 }
176 174
177 175 /* free the allocated memory for the flattened name and desire_mechs */
178 176
179 177 gss_release_buffer(&minor_status_temp, &external_name);
180 178 for (i = 0; i < desired_mechs->count; i++)
181 179 FREE(arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_val,
182 180 arg.desired_mechs.GSS_OID_SET_val[i].GSS_OID_len);
183 181 FREE(arg.desired_mechs.GSS_OID_SET_val,
184 182 arg.desired_mechs.GSS_OID_SET_len * sizeof (GSS_OID));
185 183
186 184 /* copy the rpc results into the return arguments */
187 185
188 186 if (minor_status != NULL)
189 187 *minor_status = res.minor_status;
190 188
191 189 if (output_cred_handle != NULL) {
192 190 *output_cred_handle =
193 191 /*LINTED*/
194 192 *((gssd_cred_id_t *)res.output_cred_handle.GSS_CRED_ID_T_val);
195 193 *gssd_cred_verifier = res.gssd_cred_verifier;
196 194 }
197 195
198 196 if (res.status == GSS_S_COMPLETE &&
199 197 res.actual_mechs.GSS_OID_SET_len != 0 &&
200 198 actual_mechs != NULL) {
201 199 *actual_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
202 200 (*actual_mechs)->count =
203 201 (int)res.actual_mechs.GSS_OID_SET_len;
204 202 (*actual_mechs)->elements = (gss_OID)
205 203 MALLOC(sizeof (gss_OID_desc) * (*actual_mechs)->count);
206 204
207 205 for (i = 0; i < (*actual_mechs)->count; i++) {
208 206 (*actual_mechs)->elements[i].length = (OM_uint32)
209 207 res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_len;
210 208 (*actual_mechs)->elements[i].elements =
211 209 (void *) MALLOC((*actual_mechs)->elements[i].length);
212 210 memcpy((*actual_mechs)->elements[i].elements,
213 211 res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_val,
214 212 (*actual_mechs)->elements[i].length);
215 213 }
216 214 } else {
217 215 if (res.status == GSS_S_COMPLETE && actual_mechs != NULL)
218 216 (*actual_mechs)->count = 0;
219 217 }
220 218
221 219 if (time_rec != NULL)
222 220 *time_rec = res.time_rec;
223 221
224 222 /*
225 223 * free the memory allocated for the results and return with the status
226 224 * received in the rpc call
227 225 */
228 226
229 227 clnt_freeres(clnt, xdr_gss_acquire_cred_res, (caddr_t)&res);
230 228 return (res.status);
231 229 }
232 230
233 231 OM_uint32
234 232 kgss_acquire_cred(minor_status,
235 233 desired_name,
236 234 time_req,
237 235 desired_mechs,
238 236 cred_usage,
239 237 output_cred_handle,
240 238 actual_mechs,
241 239 time_rec,
242 240 uid)
243 241 OM_uint32 *minor_status;
244 242 gss_name_t desired_name;
245 243 OM_uint32 time_req;
246 244 gss_OID_set desired_mechs;
247 245 int cred_usage;
248 246 gss_cred_id_t *output_cred_handle;
249 247 gss_OID_set *actual_mechs;
250 248 OM_uint32 *time_rec;
251 249 uid_t uid;
252 250 {
253 251
254 252 OM_uint32 err;
255 253 struct kgss_cred *kcred;
256 254
257 255 kcred = KGSS_CRED_ALLOC();
258 256 *output_cred_handle = (gss_cred_id_t)kcred;
259 257 err = kgss_acquire_cred_wrapped(minor_status,
260 258 desired_name, time_req,
261 259 desired_mechs, cred_usage,
262 260 &kcred->gssd_cred, actual_mechs,
263 261 time_rec, uid,
264 262 &kcred->gssd_cred_verifier);
265 263 if (GSS_ERROR(err)) {
266 264 KGSS_CRED_FREE(kcred);
267 265 *output_cred_handle = GSS_C_NO_CREDENTIAL;
268 266 }
269 267 return (err);
270 268 }
271 269
272 270 OM_uint32
273 271 kgss_add_cred_wrapped(minor_status,
274 272 input_cred_handle,
275 273 gssd_cred_verifier,
276 274 desired_name,
277 275 desired_mech_type,
278 276 cred_usage,
279 277 initiator_time_req,
280 278 acceptor_time_req,
281 279 actual_mechs,
282 280 initiator_time_rec,
283 281 acceptor_time_rec,
284 282 uid)
285 283 OM_uint32 *minor_status;
286 284 gssd_cred_id_t input_cred_handle;
287 285 OM_uint32 gssd_cred_verifier;
288 286 gss_name_t desired_name;
289 287 gss_OID desired_mech_type;
290 288 int cred_usage;
291 289 int initiator_time_req;
292 290 int acceptor_time_req;
293 291 gss_OID_set *actual_mechs;
294 292 OM_uint32 *initiator_time_rec;
295 293 OM_uint32 *acceptor_time_rec;
296 294 uid_t uid;
297 295 {
298 296 CLIENT *clnt;
299 297
300 298 OM_uint32 minor_status_temp;
301 299 gss_buffer_desc external_name;
302 300 gss_OID name_type;
303 301 int i;
304 302
305 303 gss_add_cred_arg arg;
306 304 gss_add_cred_res res;
307 305
308 306 /* get the client handle to GSSD */
309 307
310 308 if ((clnt = getgssd_handle()) == NULL) {
311 309 clnt_pcreateerror(server);
312 310 return (GSS_S_FAILURE);
313 311 }
314 312
315 313
316 314 /* convert the desired name from internal to external format */
317 315
318 316 if (gss_display_name(&minor_status_temp, desired_name, &external_name,
319 317 &name_type) != GSS_S_COMPLETE) {
320 318
321 319 *minor_status = (OM_uint32) minor_status_temp;
322 320 (void) gss_release_buffer(&minor_status_temp, &external_name);
323 321 clnt_pcreateerror(server);
324 322 return ((OM_uint32) GSS_S_FAILURE);
325 323 }
326 324
327 325
328 326 /* copy the procedure arguments into the rpc arg parameter */
329 327
330 328 arg.uid = (OM_uint32) uid;
331 329 arg.input_cred_handle.GSS_CRED_ID_T_len =
332 330 input_cred_handle ==
333 331 (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
334 332 0 : (uint_t)sizeof (gssd_cred_id_t);
335 333 arg.input_cred_handle.GSS_CRED_ID_T_val =
336 334 (char *)&input_cred_handle;
337 335 arg.gssd_cred_verifier = gssd_cred_verifier;
338 336 arg.desired_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
339 337 arg.desired_name.GSS_BUFFER_T_val = (char *)external_name.value;
340 338 arg.name_type.GSS_OID_len =
341 339 name_type == GSS_C_NULL_OID ?
342 340 0 : (uint_t)name_type->length;
343 341 arg.name_type.GSS_OID_val =
344 342 name_type == GSS_C_NULL_OID ?
345 343 (char *)NULL : (char *)name_type->elements;
346 344
347 345 arg.desired_mech_type.GSS_OID_len =
348 346 (uint_t)(desired_mech_type != GSS_C_NULL_OID ?
349 347 desired_mech_type->length : 0);
350 348 arg.desired_mech_type.GSS_OID_val =
351 349 (char *)(desired_mech_type != GSS_C_NULL_OID ?
352 350 desired_mech_type->elements : 0);
353 351 arg.cred_usage = cred_usage;
354 352 arg.initiator_time_req = initiator_time_req;
355 353 arg.acceptor_time_req = acceptor_time_req;
356 354
357 355 /* call the remote procedure */
358 356
359 357 bzero((caddr_t)&res, sizeof (res));
360 358 if (gss_add_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
361 359
362 360 /*
363 361 * if the RPC call times out, null out all return arguments,
364 362 * set minor_status to its maximum value, and return
365 363 * GSS_S_FAILURE
366 364 */
367 365
368 366 if (minor_status != NULL)
369 367 *minor_status = DEFAULT_MINOR_STAT;
370 368 if (actual_mechs != NULL)
371 369 *actual_mechs = NULL;
372 370 if (initiator_time_rec != NULL)
373 371 *initiator_time_rec = 0;
374 372 if (acceptor_time_rec != NULL)
375 373 *acceptor_time_rec = 0;
376 374 return (GSS_S_FAILURE);
377 375 }
378 376
379 377 /* free the allocated memory for the flattened name */
380 378
381 379 (void) gss_release_buffer(&minor_status_temp, &external_name);
382 380
383 381 /* copy the rpc results into the return arguments */
384 382
385 383 if (minor_status != NULL)
386 384 *minor_status = res.minor_status;
387 385
388 386 if (res.status == GSS_S_COMPLETE &&
389 387 res.actual_mechs.GSS_OID_SET_len != 0 &&
390 388 actual_mechs != NULL) {
391 389 *actual_mechs = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
392 390 (*actual_mechs)->count =
393 391 (int)res.actual_mechs.GSS_OID_SET_len;
394 392 (*actual_mechs)->elements = (gss_OID)
395 393 MALLOC(sizeof (gss_OID_desc) * (*actual_mechs)->count);
396 394
397 395 for (i = 0; i < (*actual_mechs)->count; i++) {
398 396 (*actual_mechs)->elements[i].length = (OM_uint32)
399 397 res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_len;
400 398 (*actual_mechs)->elements[i].elements =
401 399 (void *) MALLOC((*actual_mechs)->elements[i].length);
402 400 memcpy((*actual_mechs)->elements[i].elements,
403 401 res.actual_mechs.GSS_OID_SET_val[i].GSS_OID_val,
404 402 (*actual_mechs)->elements[i].length);
405 403 }
406 404 } else {
407 405 if (res.status == GSS_S_COMPLETE &&
408 406 actual_mechs != NULL)
409 407 (*actual_mechs)->count = 0;
410 408 }
411 409 if (initiator_time_rec != NULL)
412 410 *initiator_time_rec = res.initiator_time_rec;
413 411 if (acceptor_time_rec != NULL)
414 412 *acceptor_time_rec = res.acceptor_time_rec;
415 413
416 414 /*
417 415 * free the memory allocated for the results and return with the status
418 416 * received in the rpc call
419 417 */
420 418
421 419 clnt_freeres(clnt, xdr_gss_add_cred_res, (caddr_t)&res);
422 420 return (res.status);
423 421
424 422 }
425 423
426 424 OM_uint32
427 425 kgss_add_cred(minor_status,
428 426 input_cred_handle,
429 427 desired_name,
430 428 desired_mech_type,
431 429 cred_usage,
432 430 initiator_time_req,
433 431 acceptor_time_req,
434 432 actual_mechs,
435 433 initiator_time_rec,
436 434 acceptor_time_rec,
437 435 uid)
438 436 OM_uint32 *minor_status;
439 437 gss_cred_id_t input_cred_handle;
440 438 gss_name_t desired_name;
441 439 gss_OID desired_mech_type;
442 440 int cred_usage;
443 441 int initiator_time_req;
444 442 int acceptor_time_req;
445 443 gss_OID_set *actual_mechs;
446 444 OM_uint32 *initiator_time_rec;
447 445 OM_uint32 *acceptor_time_rec;
448 446 uid_t uid;
449 447 {
450 448
451 449 OM_uint32 err;
452 450 OM_uint32 gssd_cred_verifier;
453 451 gssd_cred_id_t gssd_input_cred_handle;
454 452
455 453
456 454 if (input_cred_handle != GSS_C_NO_CREDENTIAL) {
457 455 gssd_cred_verifier = KCRED_TO_CREDV(input_cred_handle);
458 456 gssd_input_cred_handle = KCRED_TO_CRED(input_cred_handle);
459 457 } else
460 458 gssd_input_cred_handle = (gssd_cred_id_t)GSS_C_NO_CREDENTIAL;
461 459
462 460 err = kgss_add_cred_wrapped(minor_status, gssd_input_cred_handle,
463 461 gssd_cred_verifier, desired_name, desired_mech_type,
464 462 cred_usage, initiator_time_req, acceptor_time_req,
465 463 actual_mechs, initiator_time_rec,
466 464 acceptor_time_rec, uid);
467 465 return (err);
468 466 }
469 467
470 468 OM_uint32
471 469 kgss_release_cred_wrapped(minor_status,
472 470 cred_handle,
473 471 uid,
474 472 gssd_cred_verifier)
475 473 OM_uint32 *minor_status;
476 474 gssd_cred_id_t *cred_handle;
477 475 uid_t uid;
478 476 OM_uint32 gssd_cred_verifier;
479 477 {
480 478
481 479 gss_release_cred_arg arg;
482 480 gss_release_cred_res res;
483 481
484 482
485 483 /* get the client handle to GSSD */
486 484 if ((clnt = getgssd_handle()) == NULL) {
487 485 clnt_pcreateerror(server);
488 486 return (GSS_S_FAILURE);
489 487 }
490 488
491 489 /* copy the procedure arguments into the rpc arg parameter */
492 490
493 491 arg.uid = (OM_uint32) uid;
494 492 arg.gssd_cred_verifier = gssd_cred_verifier;
495 493
496 494 if (cred_handle != NULL) {
497 495 arg.cred_handle.GSS_CRED_ID_T_len =
498 496 (uint_t)sizeof (gssd_cred_id_t);
499 497 arg.cred_handle.GSS_CRED_ID_T_val = (char *)cred_handle;
500 498 } else
501 499 arg.cred_handle.GSS_CRED_ID_T_len = 0;
502 500
503 501 /* call the remote procedure */
|
↓ open down ↓ |
327 lines elided |
↑ open up ↑ |
504 502
505 503 memset(&res, 0, sizeof (res));
506 504 if (gss_release_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
507 505
508 506 /*
509 507 * if the RPC call times out, null out all return arguments,
510 508 * set minor_status to its max value, and return GSS_S_FAILURE
511 509 */
512 510
513 511 if (minor_status != NULL)
514 - *minor_status = 0xffffffff;
512 + *minor_status = DEFAULT_MINOR_STAT;
515 513 if (cred_handle != NULL)
516 514 *cred_handle = NULL;
517 515
518 516 return (GSS_S_FAILURE);
519 517 }
520 518
521 519 /* if the release succeeded, null out the cred_handle */
522 520 if (res.status == GSS_S_COMPLETE && cred_handle != NULL)
523 521 *cred_handle = NULL;
524 522
525 523 /* copy the rpc results into the return arguments */
526 524 if (minor_status != NULL)
527 525 *minor_status = res.minor_status;
528 526
529 527 /* return with status returned in rpc call */
530 528 return (res.status);
531 529 }
532 530
533 531 OM_uint32
534 532 kgss_release_cred(minor_status,
535 533 cred_handle,
536 534 uid)
537 535 OM_uint32 *minor_status;
538 536 gss_cred_id_t *cred_handle;
539 537 uid_t uid;
540 538
541 539 {
542 540
543 541 OM_uint32 err;
544 542 struct kgss_cred *kcred;
545 543
546 544 if (*cred_handle == GSS_C_NO_CREDENTIAL)
547 545 return (GSS_S_COMPLETE);
548 546 else
549 547 kcred = KCRED_TO_KGSS_CRED(*cred_handle);
550 548
551 549 err = kgss_release_cred_wrapped(minor_status, &kcred->gssd_cred,
552 550 uid, kcred->gssd_cred_verifier);
553 551 KGSS_CRED_FREE(kcred);
554 552 *cred_handle = GSS_C_NO_CREDENTIAL;
555 553 return (err);
556 554 }
557 555
558 556 OM_uint32
559 557 kgss_init_sec_context_wrapped(minor_status,
560 558 claimant_cred_handle,
561 559 gssd_cred_verifier,
562 560 context_handle,
563 561 gssd_context_verifier,
564 562 target_name,
565 563 mech_type,
566 564 req_flags,
567 565 time_req,
568 566 input_chan_bindings,
569 567 input_token,
570 568 actual_mech_type,
571 569 output_token,
572 570 ret_flags,
573 571 time_rec,
574 572 uid)
575 573 OM_uint32 *minor_status;
576 574 gssd_cred_id_t claimant_cred_handle;
577 575 OM_uint32 gssd_cred_verifier;
578 576 OM_uint32 *context_handle;
579 577 OM_uint32 *gssd_context_verifier;
580 578 gss_name_t target_name;
581 579 gss_OID mech_type;
582 580 int req_flags;
583 581 OM_uint32 time_req;
584 582 gss_channel_bindings_t input_chan_bindings;
585 583 gss_buffer_t input_token;
586 584 gss_OID *actual_mech_type;
587 585 gss_buffer_t output_token;
588 586 int *ret_flags;
589 587 OM_uint32 *time_rec;
590 588 uid_t uid;
591 589 {
592 590 OM_uint32 minor_status_temp;
593 591 gss_buffer_desc external_name;
594 592 gss_OID name_type;
595 593 gss_init_sec_context_arg arg;
596 594 gss_init_sec_context_res res;
597 595
598 596 /* get the client handle to GSSD */
599 597
600 598 if ((clnt = getgssd_handle()) == NULL) {
601 599 clnt_pcreateerror(server);
602 600 return (GSS_S_FAILURE);
603 601 }
604 602
605 603 /* convert the target name from internal to external format */
606 604
607 605 if (gss_display_name(&minor_status_temp, target_name,
608 606 &external_name, &name_type) != GSS_S_COMPLETE) {
609 607
610 608 *minor_status = (OM_uint32) minor_status_temp;
611 609 return ((OM_uint32) GSS_S_FAILURE);
612 610 }
613 611
614 612
615 613 /* copy the procedure arguments into the rpc arg parameter */
616 614
617 615 arg.uid = (OM_uint32) uid;
618 616
619 617 arg.context_handle.GSS_CTX_ID_T_len =
620 618 *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ? 0 :
621 619 (uint_t)sizeof (OM_uint32);
622 620 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
623 621 arg.gssd_context_verifier = *gssd_context_verifier;
624 622
625 623 arg.claimant_cred_handle.GSS_CRED_ID_T_len =
626 624 claimant_cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
627 625 0 : (uint_t)sizeof (gssd_cred_id_t);
628 626 arg.claimant_cred_handle.GSS_CRED_ID_T_val =
629 627 (char *)&claimant_cred_handle;
630 628 arg.gssd_cred_verifier = gssd_cred_verifier;
631 629
632 630 arg.target_name.GSS_BUFFER_T_len = (uint_t)external_name.length;
633 631 arg.target_name.GSS_BUFFER_T_val = (char *)external_name.value;
634 632
635 633 arg.name_type.GSS_OID_len =
636 634 name_type == GSS_C_NULL_OID ?
637 635 0 : (uint_t)name_type->length;
638 636
639 637 arg.name_type.GSS_OID_val =
640 638 name_type == GSS_C_NULL_OID ?
641 639 (char *)NULL : (char *)name_type->elements;
642 640
643 641 arg.mech_type.GSS_OID_len = (uint_t)(mech_type != GSS_C_NULL_OID ?
644 642 mech_type->length : 0);
645 643 arg.mech_type.GSS_OID_val = (char *)(mech_type != GSS_C_NULL_OID ?
646 644 mech_type->elements : 0);
647 645
648 646 arg.req_flags = req_flags;
649 647
650 648 arg.time_req = time_req;
651 649
652 650 if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
653 651 arg.input_chan_bindings.present = YES;
654 652 arg.input_chan_bindings.initiator_addrtype =
655 653 input_chan_bindings->initiator_addrtype;
656 654 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len =
657 655 (uint_t)input_chan_bindings->initiator_address.length;
658 656 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val =
659 657 (void *) input_chan_bindings->initiator_address.value;
660 658 arg.input_chan_bindings.acceptor_addrtype =
661 659 input_chan_bindings->acceptor_addrtype;
662 660 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len =
663 661 (uint_t)input_chan_bindings->acceptor_address.length;
664 662 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
665 663 (void *) input_chan_bindings->acceptor_address.value;
666 664 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
667 665 (uint_t)input_chan_bindings->application_data.length;
668 666 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
669 667 (void *) input_chan_bindings->application_data.value;
670 668 } else {
671 669 arg.input_chan_bindings.present = NO;
672 670 arg.input_chan_bindings.initiator_addrtype = 0;
673 671 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
674 672 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
675 673 arg.input_chan_bindings.acceptor_addrtype = 0;
676 674 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
677 675 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
678 676 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
|
↓ open down ↓ |
154 lines elided |
↑ open up ↑ |
679 677 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
680 678 }
681 679
682 680 arg.input_token.GSS_BUFFER_T_len = (uint_t)
683 681 (input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
684 682 arg.input_token.GSS_BUFFER_T_val = (char *)
685 683 (input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
686 684
687 685 /* initialize the output parameters to empty values */
688 686 if (minor_status != NULL)
689 - *minor_status = 0xffffffff;
687 + *minor_status = DEFAULT_MINOR_STAT;
690 688 if (actual_mech_type != NULL)
691 689 *actual_mech_type = NULL;
692 690 if (output_token != NULL)
693 691 output_token->length = 0;
694 692 if (ret_flags != NULL)
695 693 *ret_flags = 0;
696 694 if (time_rec != NULL)
697 695 *time_rec = 0;
698 696
699 697 /* call the remote procedure */
700 698 memset(&res, 0, sizeof (res));
701 699 if (gss_init_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
702 700
703 701 /* free the allocated memory for the flattened name */
704 702 gss_release_buffer(&minor_status_temp, &external_name);
705 703
706 704 return (GSS_S_FAILURE);
707 705 }
708 706
707 + /*
708 + * We could return from a GSS error here and need to return both the
709 + * minor_status and output_token, back to the caller if applicable.
710 + */
711 + if (minor_status != NULL)
712 + *minor_status = res.minor_status;
709 713
714 + if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
715 + output_token->length =
716 + (size_t)res.output_token.GSS_BUFFER_T_len;
717 + output_token->value =
718 + (void *)res.output_token.GSS_BUFFER_T_val;
719 + res.output_token.GSS_BUFFER_T_val = NULL;
720 + res.output_token.GSS_BUFFER_T_len = 0;
721 + }
722 +
710 723 /* free the allocated memory for the flattened name */
711 724 gss_release_buffer(&minor_status_temp, &external_name);
712 725
713 726 /* if the call was successful, copy out the results */
714 727 if (res.status == (OM_uint32) GSS_S_COMPLETE ||
715 728 res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
716 729 /*
717 - * copy the rpc results into the return arguments
718 - * on CONTINUE_NEEDED only the output token, minor
719 - * code and ctxt handle are ready.
730 + * copy the rpc results into the return argument
731 + * on CONTINUE_NEEDED only ctx handle is ready.
720 732 */
721 - if (minor_status != NULL)
722 - *minor_status = res.minor_status;
723 733 /*LINTED*/
724 734 *context_handle = *((OM_uint32 *)
725 735 res.context_handle.GSS_CTX_ID_T_val);
726 -
727 - /*LINTED*/
728 - *context_handle = *((OM_uint32 *)
729 - res.context_handle.GSS_CTX_ID_T_val);
730 736 *gssd_context_verifier = res.gssd_context_verifier;
731 737
732 - if (output_token != NULL) {
733 - output_token->length =
734 - (size_t)res.output_token.GSS_BUFFER_T_len;
735 - output_token->value =
736 - (void *)res.output_token.GSS_BUFFER_T_val;
737 - res.output_token.GSS_BUFFER_T_val = NULL;
738 - res.output_token.GSS_BUFFER_T_len = 0;
739 - }
740 738
741 739 /* the rest of the parameters is only ready on COMPLETE */
742 740 if (res.status == GSS_S_COMPLETE) {
743 741 if (actual_mech_type != NULL) {
744 742 *actual_mech_type = (gss_OID)
745 743 MALLOC(sizeof (gss_OID_desc));
746 744 (*actual_mech_type)->length = (OM_UINT32)
747 745 res.actual_mech_type.GSS_OID_len;
748 746 (*actual_mech_type)->elements = (void *)
749 747 MALLOC((*actual_mech_type)->length);
750 748 memcpy((*actual_mech_type)->elements, (void *)
751 749 res.actual_mech_type.GSS_OID_val,
752 750 (*actual_mech_type)->length);
753 751 }
754 752
755 753
756 754 if (ret_flags != NULL)
757 755 *ret_flags = res.ret_flags;
758 756
759 757 if (time_rec != NULL)
760 758 *time_rec = res.time_rec;
761 759 }
762 760 }
763 761
764 762
765 763 /*
766 764 * free the memory allocated for the results and return with the
767 765 * status received in the rpc call.
768 766 */
769 767
770 768 clnt_freeres(clnt, xdr_gss_init_sec_context_res, (caddr_t)&res);
771 769 return (res.status);
772 770 }
773 771 OM_uint32
774 772 kgss_init_sec_context(
775 773 OM_uint32 *minor_status,
776 774 gss_cred_id_t claimant_cred_handle,
777 775 gss_ctx_id_t *context_handle,
778 776 gss_name_t target_name,
779 777 gss_OID mech_type,
780 778 int req_flags,
781 779 OM_uint32 time_req,
782 780 gss_channel_bindings_t input_chan_bindings,
783 781 gss_buffer_t input_token,
784 782 gss_OID *actual_mech_type,
785 783 gss_buffer_t output_token,
786 784 int *ret_flags,
787 785 OM_uint32 *time_rec,
788 786 uid_t uid)
789 787 {
790 788 OM_uint32 err;
791 789 struct kgss_ctx *kctx;
792 790 OM_uint32 gssd_cred_verifier;
793 791 gssd_cred_id_t gssd_cl_cred_handle;
794 792
795 793 /*
796 794 * If this is an initial call, we'll need to create the
797 795 * wrapper struct that contains kernel state information, and
798 796 * a reference to the handle from gssd.
799 797 */
800 798 if (*context_handle == GSS_C_NO_CONTEXT) {
801 799 kctx = KGSS_ALLOC();
802 800 *context_handle = (gss_ctx_id_t)kctx;
803 801 kctx->gssd_ctx = (OM_uint32) GSS_C_NO_CONTEXT;
804 802 } else
805 803 kctx = (struct kgss_ctx *)*context_handle;
806 804
807 805 if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
808 806 gssd_cred_verifier =
809 807 KCRED_TO_CREDV(claimant_cred_handle);
810 808 gssd_cl_cred_handle =
811 809 KCRED_TO_CRED(claimant_cred_handle);
812 810 } else
813 811 gssd_cl_cred_handle =
814 812 (gssd_cred_id_t)GSS_C_NO_CREDENTIAL;
815 813
816 814 err = kgss_init_sec_context_wrapped(minor_status,
817 815 gssd_cl_cred_handle,
818 816 gssd_cred_verifier, &kctx->gssd_ctx,
819 817 &kctx->gssd_ctx_verifier,
820 818 target_name, mech_type, req_flags, time_req,
821 819 input_chan_bindings, input_token, actual_mech_type,
822 820 output_token, ret_flags, time_rec, uid);
823 821
824 822 if (GSS_ERROR(err)) {
825 823 KGSS_FREE(kctx);
826 824 *context_handle = GSS_C_NO_CONTEXT;
827 825 }
828 826 return (err);
829 827 }
830 828 OM_uint32
831 829 kgss_accept_sec_context_wrapped(minor_status,
832 830 context_handle,
833 831 gssd_context_verifier,
834 832 verifier_cred_handle,
835 833 gssd_cred_verifier,
836 834 input_token,
837 835 input_chan_bindings,
838 836 src_name,
839 837 mech_type,
840 838 output_token,
841 839 ret_flags,
842 840 time_rec,
843 841 delegated_cred_handle,
844 842 uid)
845 843 OM_uint32 *minor_status;
846 844 gssd_ctx_id_t *context_handle;
847 845 OM_uint32 *gssd_context_verifier;
848 846 gssd_cred_id_t verifier_cred_handle;
849 847 OM_uint32 gssd_cred_verifier;
850 848 gss_buffer_t input_token;
851 849 gss_channel_bindings_t input_chan_bindings;
852 850 gss_buffer_t src_name;
853 851 gss_OID *mech_type;
854 852 gss_buffer_t output_token;
855 853 int *ret_flags;
856 854 OM_uint32 *time_rec;
857 855 gss_cred_id_t *delegated_cred_handle;
858 856 uid_t uid;
859 857 {
860 858 gss_accept_sec_context_arg arg;
861 859 gss_accept_sec_context_res res;
862 860 struct kgss_cred *kcred;
863 861
864 862 /* get the client handle to GSSD */
865 863 if ((clnt = getgssd_handle()) == NULL) {
866 864 clnt_pcreateerror(server);
867 865 return (GSS_S_FAILURE);
868 866 }
869 867
870 868 /* copy the procedure arguments into the rpc arg parameter */
871 869 arg.uid = (OM_uint32) uid;
872 870
873 871 arg.context_handle.GSS_CTX_ID_T_len =
874 872 *context_handle == (gssd_ctx_id_t)GSS_C_NO_CONTEXT ?
875 873 0 : (uint_t)sizeof (gssd_ctx_id_t);
876 874 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
877 875 arg.gssd_context_verifier =
878 876 *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ?
879 877 0 : *gssd_context_verifier;
880 878
881 879 arg.verifier_cred_handle.GSS_CRED_ID_T_len =
882 880 verifier_cred_handle ==
883 881 (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
884 882 0 : (uint_t)sizeof (gssd_cred_id_t);
885 883 arg.verifier_cred_handle.GSS_CRED_ID_T_val =
886 884 (char *)&verifier_cred_handle;
887 885 arg.gssd_cred_verifier = gssd_cred_verifier;
888 886
889 887 arg.input_token_buffer.GSS_BUFFER_T_len =
890 888 (uint_t)(input_token != GSS_C_NO_BUFFER ?
891 889 input_token->length : 0);
892 890 arg.input_token_buffer.GSS_BUFFER_T_val =
893 891 (char *)(input_token != GSS_C_NO_BUFFER ?
894 892 input_token->value : 0);
895 893
896 894 if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
897 895 arg.input_chan_bindings.present = YES;
898 896 arg.input_chan_bindings.initiator_addrtype =
899 897 input_chan_bindings->initiator_addrtype;
900 898 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len =
901 899 (uint_t)input_chan_bindings->initiator_address.length;
902 900 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val =
903 901 (void *) input_chan_bindings->initiator_address.value;
904 902 arg.input_chan_bindings.acceptor_addrtype =
905 903 input_chan_bindings->acceptor_addrtype;
906 904 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len =
907 905 (uint_t)input_chan_bindings->acceptor_address.length;
908 906 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val =
909 907 (void *) input_chan_bindings->acceptor_address.value;
910 908 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len =
911 909 (uint_t)input_chan_bindings->application_data.length;
912 910 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val =
913 911 (void *) input_chan_bindings->application_data.value;
914 912 } else {
915 913 arg.input_chan_bindings.present = NO;
916 914 arg.input_chan_bindings.initiator_addrtype = 0;
917 915 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_len = 0;
|
↓ open down ↓ |
168 lines elided |
↑ open up ↑ |
918 916 arg.input_chan_bindings.initiator_address.GSS_BUFFER_T_val = 0;
919 917 arg.input_chan_bindings.acceptor_addrtype = 0;
920 918 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_len = 0;
921 919 arg.input_chan_bindings.acceptor_address.GSS_BUFFER_T_val = 0;
922 920 arg.input_chan_bindings.application_data.GSS_BUFFER_T_len = 0;
923 921 arg.input_chan_bindings.application_data.GSS_BUFFER_T_val = 0;
924 922 }
925 923
926 924 /* set the output parameters to empty values.... */
927 925 if (minor_status != NULL)
928 - *minor_status = 0xffffffff;
926 + *minor_status = DEFAULT_MINOR_STAT;
929 927 if (src_name != NULL) {
930 928 src_name->length = 0;
931 929 src_name->value = NULL;
932 930 }
933 931 if (mech_type != NULL)
934 932 *mech_type = NULL;
935 933 if (output_token != NULL)
936 934 output_token->length = 0;
937 935 if (ret_flags != NULL)
938 936 *ret_flags = 0;
939 937 if (time_rec != NULL)
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
940 938 *time_rec = 0;
941 939 if (delegated_cred_handle != NULL)
942 940 *delegated_cred_handle = NULL;
943 941
944 942 /* call the remote procedure */
945 943 memset(&res, 0, sizeof (res));
946 944 if (gss_accept_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
947 945 return (GSS_S_FAILURE);
948 946 }
949 947
948 + /*
949 + * We could return from a GSS error here and need to return both the
950 + * minor_status and output_token, back to the caller if applicable.
951 + */
952 + if (minor_status != NULL)
953 + *minor_status = res.minor_status;
950 954
955 + if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
956 + output_token->length =
957 + res.output_token.GSS_BUFFER_T_len;
958 + output_token->value =
959 + (void *) res.output_token.GSS_BUFFER_T_val;
960 + res.output_token.GSS_BUFFER_T_val = 0;
961 + res.output_token.GSS_BUFFER_T_len = 0;
962 + }
963 +
951 964 if (res.status == (OM_uint32) GSS_S_COMPLETE ||
952 965 res.status == (OM_uint32) GSS_S_CONTINUE_NEEDED) {
953 966 /*
954 967 * when gss returns CONTINUE_NEEDED we can only
955 - * use the context, minor, and output token
956 - * parameters.
968 + * use the context parameter.
957 969 */
958 970 /*LINTED*/
959 971 *context_handle = *((gssd_ctx_id_t *)
960 972 res.context_handle.GSS_CTX_ID_T_val);
961 973 *gssd_context_verifier = res.gssd_context_verifier;
962 974
963 - if (output_token != NULL) {
964 - output_token->length =
965 - res.output_token.GSS_BUFFER_T_len;
966 - output_token->value =
967 - (void *) res.output_token.GSS_BUFFER_T_val;
968 - res.output_token.GSS_BUFFER_T_val = 0;
969 - res.output_token.GSS_BUFFER_T_len = 0;
970 - }
971 -
972 - if (minor_status != NULL)
973 - *minor_status = res.minor_status;
974 -
975 975 /* the other parameters are ready on for COMPLETE */
976 976 if (res.status == GSS_S_COMPLETE)
977 977 {
978 -
979 978 /*
980 979 * The src_name is in external format.
981 980 */
982 981 if (src_name != NULL) {
983 982 src_name->length = res.src_name.GSS_BUFFER_T_len;
984 983 src_name->value = res.src_name.GSS_BUFFER_T_val;
985 984 res.src_name.GSS_BUFFER_T_val = NULL;
986 985 res.src_name.GSS_BUFFER_T_len = 0;
987 986 }
988 987 /*
989 988 * move mech type returned to mech_type
990 989 * for gss_import_name_for_mech()
991 990 */
992 991 if (mech_type != NULL) {
993 992 *mech_type =
994 993 (gss_OID) MALLOC(sizeof (gss_OID_desc));
995 994 (*mech_type)->length =
996 995 (OM_UINT32) res.mech_type.GSS_OID_len;
997 996 (*mech_type)->elements =
998 997 (void *) MALLOC((*mech_type)->length);
999 998 memcpy((*mech_type)->elements,
1000 999 res.mech_type.GSS_OID_val,
1001 1000 (*mech_type)->length);
1002 1001 }
1003 1002
1004 1003 if (ret_flags != NULL)
1005 1004 *ret_flags = res.ret_flags;
1006 1005
1007 1006 if (time_rec != NULL)
1008 1007 *time_rec = res.time_rec;
1009 1008
1010 1009 if ((delegated_cred_handle != NULL) &&
1011 1010 (res.delegated_cred_handle.GSS_CRED_ID_T_len
1012 1011 != 0)) {
1013 1012 kcred = KGSS_CRED_ALLOC();
1014 1013 /*LINTED*/
1015 1014 kcred->gssd_cred = *((gssd_cred_id_t *)
1016 1015 res.delegated_cred_handle.GSS_CRED_ID_T_val);
1017 1016 kcred->gssd_cred_verifier =
1018 1017 res.gssd_context_verifier;
1019 1018 *delegated_cred_handle = (gss_cred_id_t)kcred;
1020 1019 }
1021 1020 } /* res.status == GSS_S_COMPLETE */
1022 1021 } /* res.status == GSS_S_COMPLETE or GSS_CONTINUE_NEEDED */
1023 1022
1024 1023
1025 1024 /*
1026 1025 * free the memory allocated for the results and return with the status
1027 1026 * received in the rpc call
1028 1027 */
1029 1028
1030 1029 clnt_freeres(clnt, xdr_gss_accept_sec_context_res, (caddr_t)&res);
1031 1030 return (res.status);
1032 1031 }
1033 1032
1034 1033 OM_uint32
1035 1034 kgss_accept_sec_context(
1036 1035 OM_uint32 *minor_status,
1037 1036 gss_ctx_id_t *context_handle,
1038 1037 gss_cred_id_t verifier_cred_handle,
1039 1038 gss_buffer_t input_token,
1040 1039 gss_channel_bindings_t input_chan_bindings,
1041 1040 gss_buffer_t src_name,
1042 1041 gss_OID *mech_type,
1043 1042 gss_buffer_t output_token,
1044 1043 int *ret_flags,
1045 1044 OM_uint32 *time_rec,
1046 1045 gss_cred_id_t *delegated_cred_handle,
1047 1046 uid_t uid)
1048 1047 {
1049 1048 OM_uint32 err;
1050 1049 struct kgss_ctx *kctx;
1051 1050 OM_uint32 gssd_cred_verifier;
1052 1051 gssd_cred_id_t gssd_ver_cred_handle;
1053 1052
1054 1053
1055 1054 if (*context_handle == GSS_C_NO_CONTEXT) {
1056 1055 kctx = KGSS_ALLOC();
1057 1056 *context_handle = (gss_ctx_id_t)kctx;
1058 1057 kctx->gssd_ctx = (gssd_ctx_id_t)GSS_C_NO_CONTEXT;
1059 1058 } else
1060 1059 kctx = (struct kgss_ctx *)*context_handle;
1061 1060
1062 1061 if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) {
1063 1062 gssd_cred_verifier =
1064 1063 KCRED_TO_CREDV(verifier_cred_handle);
1065 1064 gssd_ver_cred_handle =
1066 1065 KCRED_TO_CRED(verifier_cred_handle);
1067 1066 } else
1068 1067 gssd_ver_cred_handle = (gssd_cred_id_t)GSS_C_NO_CREDENTIAL;
1069 1068
1070 1069 err = kgss_accept_sec_context_wrapped(minor_status,
1071 1070 &kctx->gssd_ctx,
1072 1071 &kctx->gssd_ctx_verifier, gssd_ver_cred_handle,
1073 1072 gssd_cred_verifier, input_token, input_chan_bindings,
1074 1073 src_name, mech_type, output_token, ret_flags,
1075 1074 time_rec, delegated_cred_handle, uid);
1076 1075
1077 1076 if (GSS_ERROR(err)) {
1078 1077 KGSS_FREE(kctx);
1079 1078 *context_handle = GSS_C_NO_CONTEXT;
1080 1079
1081 1080 }
1082 1081
1083 1082 return (err);
1084 1083 }
1085 1084
1086 1085 OM_uint32
1087 1086 kgss_process_context_token(minor_status,
1088 1087 context_handle,
1089 1088 token_buffer,
1090 1089 uid)
1091 1090 OM_uint32 *minor_status;
1092 1091 gss_ctx_id_t context_handle;
1093 1092 gss_buffer_t token_buffer;
1094 1093 uid_t uid;
1095 1094 {
1096 1095 OM_uint32 gssd_context_verifier;
1097 1096
1098 1097 gss_process_context_token_arg arg;
1099 1098 gss_process_context_token_res res;
1100 1099
1101 1100 gssd_context_verifier = KGSS_CTX_TO_GSSD_CTXV(context_handle);
1102 1101
1103 1102 /* get the client handle to GSSD */
1104 1103
1105 1104 if ((clnt = getgssd_handle()) == NULL) {
1106 1105 clnt_pcreateerror(server);
1107 1106 return (GSS_S_FAILURE);
1108 1107 }
1109 1108
1110 1109 /* copy the procedure arguments into the rpc arg parameter */
1111 1110 arg.uid = (OM_uint32) uid;
1112 1111
1113 1112 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gss_ctx_id_t);
1114 1113 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1115 1114 arg.gssd_context_verifier = gssd_context_verifier;
1116 1115 arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer;
1117 1116 arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
1118 1117
1119 1118 /* call the remote procedure */
|
↓ open down ↓ |
131 lines elided |
↑ open up ↑ |
1120 1119
1121 1120 memset(&res, 0, sizeof (res));
1122 1121 if (gss_process_context_token_1(&arg, &res, clnt) != RPC_SUCCESS) {
1123 1122
1124 1123 /*
1125 1124 * if the RPC call times out, null out all return arguments,
1126 1125 * set minor_status to its maximum value, and return GSS_S_FAILURE
1127 1126 */
1128 1127
1129 1128 if (minor_status != NULL)
1130 - *minor_status = 0xffffffff;
1129 + *minor_status = DEFAULT_MINOR_STAT;
1131 1130
1132 1131 return (GSS_S_FAILURE);
1133 1132 }
1134 1133
1135 1134 /* copy the rpc results into the return arguments */
1136 1135
1137 1136 if (minor_status != NULL)
1138 1137 *minor_status = res.minor_status;
1139 1138
1140 1139 /* return with status returned in rpc call */
1141 1140
1142 1141 return (res.status);
1143 1142 }
1144 1143
1145 1144 OM_uint32
1146 1145 kgss_delete_sec_context_wrapped(minor_status,
1147 1146 context_handle,
1148 1147 gssd_context_verifier,
1149 1148 output_token)
1150 1149 OM_uint32 *minor_status;
1151 1150 gssd_ctx_id_t *context_handle;
1152 1151 OM_uint32 gssd_context_verifier;
1153 1152 gss_buffer_t output_token;
1154 1153 {
1155 1154 gss_delete_sec_context_arg arg;
1156 1155 gss_delete_sec_context_res res;
1157 1156
1158 1157
1159 1158 /* get the client handle to GSSD */
1160 1159 if ((clnt = getgssd_handle()) == NULL) {
1161 1160 clnt_pcreateerror(server);
1162 1161 return (GSS_S_FAILURE);
1163 1162 }
1164 1163
1165 1164 /* copy the procedure arguments into the rpc arg parameter */
1166 1165
1167 1166 arg.context_handle.GSS_CTX_ID_T_len =
1168 1167 *context_handle == (OM_uint32) GSS_C_NO_CONTEXT ? 0 :
1169 1168 (uint_t)sizeof (OM_uint32);
1170 1169 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
1171 1170
1172 1171 arg.gssd_context_verifier = gssd_context_verifier;
1173 1172
1174 1173 /* call the remote procedure */
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
1175 1174
1176 1175 memset(&res, 0, sizeof (res));
1177 1176 if (gss_delete_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
1178 1177
1179 1178 /*
1180 1179 * if the RPC call times out, null out all return arguments,
1181 1180 * set minor_status to its max value, and return GSS_S_FAILURE
1182 1181 */
1183 1182
1184 1183 if (minor_status != NULL)
1185 - *minor_status = 0xffffffff;
1184 + *minor_status = DEFAULT_MINOR_STAT;
1186 1185 if (context_handle != NULL)
1187 1186 *context_handle = NULL;
1188 1187 if (output_token != NULL)
1189 1188 output_token->length = 0;
1190 1189
1191 1190 return (GSS_S_FAILURE);
1192 1191 }
1193 1192
1194 1193 /* copy the rpc results into the return arguments */
1195 1194
1196 1195 if (minor_status != NULL)
1197 1196 *minor_status = res.minor_status;
1198 1197
1199 1198 if (res.context_handle.GSS_CTX_ID_T_len == 0)
1200 1199 *context_handle = NULL;
1201 1200 else
1202 1201 /*LINTED*/
1203 1202 *context_handle = *((gssd_ctx_id_t *)
1204 1203 res.context_handle.GSS_CTX_ID_T_val);
1205 1204
1206 - if (output_token != NULL) {
1205 + if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
1207 1206 output_token->length = res.output_token.GSS_BUFFER_T_len;
1208 1207 output_token->value = res.output_token.GSS_BUFFER_T_val;
1209 1208 res.output_token.GSS_BUFFER_T_len = 0;
1210 1209 res.output_token.GSS_BUFFER_T_val = NULL;
1211 1210 }
1212 1211
1213 1212 /*
1214 1213 * free the memory allocated for the results and return with the status
1215 1214 * received in the rpc call
1216 1215 */
1217 1216
1218 1217 clnt_freeres(clnt, xdr_gss_delete_sec_context_res, (caddr_t)&res);
1219 1218 return (res.status);
1220 1219 }
1221 1220
1222 1221 /*ARGSUSED*/
1223 1222 OM_uint32
1224 1223 kgss_delete_sec_context(
1225 1224 OM_uint32 *minor_status,
1226 1225 gss_ctx_id_t *context_handle,
1227 1226 gss_buffer_t output_token)
1228 1227 {
1229 1228 OM_uint32 err;
1230 1229 struct kgss_ctx *kctx;
1231 1230
1232 1231 if (*context_handle == GSS_C_NO_CONTEXT) {
1233 1232 return (GSS_S_NO_CONTEXT);
1234 1233 } else
1235 1234 kctx = KCTX_TO_KGSS_CTX(*context_handle);
1236 1235
1237 1236 err = kgss_delete_sec_context_wrapped(minor_status,
1238 1237 &kctx->gssd_ctx, kctx->gssd_ctx_verifier,
1239 1238 output_token);
1240 1239
1241 1240 if (kctx->gssd_ctx != (gssd_ctx_id_t)GSS_C_NO_CONTEXT)
1242 1241 err = GSS_S_FAILURE;
1243 1242 else
1244 1243 err = GSS_S_COMPLETE;
1245 1244
1246 1245 KGSS_FREE(kctx);
1247 1246 *context_handle = GSS_C_NO_CONTEXT;
1248 1247 return (err);
1249 1248 }
1250 1249
1251 1250 /*ARGSUSED*/
1252 1251 OM_uint32
1253 1252 kgss_context_time(minor_status,
1254 1253 context_handle,
1255 1254 time_rec,
1256 1255 uid)
1257 1256 OM_uint32 *minor_status;
1258 1257 gss_ctx_id_t context_handle;
1259 1258 OM_uint32 *time_rec;
1260 1259 uid_t uid;
1261 1260 {
1262 1261 return (GSS_S_FAILURE);
1263 1262 }
1264 1263
1265 1264 OM_uint32
1266 1265 kgss_sign_wrapped(minor_status,
1267 1266 context_handle,
1268 1267 qop_req,
1269 1268 message_buffer,
1270 1269 msg_token,
1271 1270 gssd_context_verifier)
1272 1271 OM_uint32 *minor_status;
1273 1272 gssd_ctx_id_t context_handle;
1274 1273 OM_uint32 gssd_context_verifier;
1275 1274 int qop_req;
1276 1275 gss_buffer_t message_buffer;
1277 1276 gss_buffer_t msg_token;
1278 1277 {
1279 1278
1280 1279 gss_sign_arg arg;
1281 1280 gss_sign_res res;
1282 1281
1283 1282 /* get the client handle to GSSD */
1284 1283
1285 1284 if ((clnt = getgssd_handle()) == NULL) {
1286 1285 clnt_pcreateerror(server);
1287 1286 return (GSS_S_FAILURE);
1288 1287 }
1289 1288
1290 1289 /* copy the procedure arguments into the rpc arg parameter */
1291 1290
1292 1291
1293 1292 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1294 1293 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1295 1294 arg.gssd_context_verifier = gssd_context_verifier;
1296 1295
1297 1296 arg.qop_req = qop_req;
1298 1297 arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
1299 1298 arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
1300 1299
1301 1300 /* call the remote procedure */
|
↓ open down ↓ |
85 lines elided |
↑ open up ↑ |
1302 1301
1303 1302 memset(&res, 0, sizeof (res));
1304 1303 if (gss_sign_1(&arg, &res, clnt) != RPC_SUCCESS) {
1305 1304
1306 1305 /*
1307 1306 * if the RPC call times out, null out all return arguments,
1308 1307 * set minor_status to its maximum value, and return GSS_S_FAILURE
1309 1308 */
1310 1309
1311 1310 if (minor_status != NULL)
1312 - *minor_status = 0xffffffff;
1311 + *minor_status = DEFAULT_MINOR_STAT;
1313 1312 if (msg_token != NULL)
1314 1313 msg_token->length = 0;
1315 1314
1316 1315 return (GSS_S_FAILURE);
1317 1316 }
1318 1317
1319 1318 /* copy the rpc results into the return arguments */
1320 1319
1321 1320 if (minor_status != NULL)
1322 1321 *minor_status = res.minor_status;
1323 1322
1324 1323 if (msg_token != NULL) {
1325 1324 msg_token->length = res.msg_token.GSS_BUFFER_T_len;
1326 1325 msg_token->value = (void *) MALLOC(msg_token->length);
1327 1326 memcpy(msg_token->value, res.msg_token.GSS_BUFFER_T_val,
1328 1327 msg_token->length);
1329 1328 }
1330 1329
1331 1330 /*
1332 1331 * free the memory allocated for the results and return with the status
1333 1332 * received in the rpc call
1334 1333 */
1335 1334
1336 1335 clnt_freeres(clnt, xdr_gss_sign_res, (caddr_t)&res);
1337 1336 return (res.status);
1338 1337 }
1339 1338
1340 1339 OM_uint32
1341 1340 kgss_sign(
1342 1341 OM_uint32 *minor_status,
1343 1342 gss_ctx_id_t context_handle,
1344 1343 int qop_req,
1345 1344 gss_buffer_t message_buffer,
1346 1345 gss_buffer_t msg_token)
1347 1346 {
1348 1347 if (context_handle == GSS_C_NO_CONTEXT)
1349 1348 return (GSS_S_FAILURE);
1350 1349
1351 1350 return (KGSS_SIGN(minor_status,
1352 1351 context_handle, qop_req, message_buffer,
1353 1352 msg_token));
1354 1353 }
1355 1354
1356 1355 OM_uint32
1357 1356 kgss_verify_wrapped(
1358 1357 minor_status,
1359 1358 context_handle,
1360 1359 message_buffer,
1361 1360 token_buffer,
1362 1361 qop_state,
1363 1362 gssd_context_verifier)
1364 1363 OM_uint32 *minor_status;
1365 1364 gssd_ctx_id_t context_handle;
1366 1365 OM_uint32 gssd_context_verifier;
1367 1366 gss_buffer_t message_buffer;
1368 1367 gss_buffer_t token_buffer;
1369 1368 int *qop_state;
1370 1369 {
1371 1370 gss_verify_arg arg;
1372 1371 gss_verify_res res;
1373 1372
1374 1373 /* get the client handle to GSSD */
1375 1374
1376 1375 if ((clnt = getgssd_handle()) == NULL) {
1377 1376 clnt_pcreateerror(server);
1378 1377 return (GSS_S_FAILURE);
1379 1378 }
1380 1379
1381 1380 /* copy the procedure arguments into the rpc arg parameter */
1382 1381
1383 1382 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1384 1383 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1385 1384
1386 1385 arg.gssd_context_verifier = gssd_context_verifier;
1387 1386
1388 1387 arg.message_buffer.GSS_BUFFER_T_len = (uint_t)message_buffer->length;
1389 1388 arg.message_buffer.GSS_BUFFER_T_val = (char *)message_buffer->value;
1390 1389
1391 1390 arg.token_buffer.GSS_BUFFER_T_len = (uint_t)token_buffer->length;
1392 1391 arg.token_buffer.GSS_BUFFER_T_val = (char *)token_buffer->value;
1393 1392
1394 1393 /* call the remote procedure */
|
↓ open down ↓ |
72 lines elided |
↑ open up ↑ |
1395 1394
1396 1395 memset(&res, 0, sizeof (res));
1397 1396 if (gss_verify_1(&arg, &res, clnt) != RPC_SUCCESS) {
1398 1397
1399 1398 /*
1400 1399 * if the RPC call times out, null out all return arguments,
1401 1400 * set minor_status to its maximum value, and return GSS_S_FAILURE
1402 1401 */
1403 1402
1404 1403 if (minor_status != NULL)
1405 - *minor_status = 0xffffffff;
1404 + *minor_status = DEFAULT_MINOR_STAT;
1406 1405 if (qop_state != NULL)
1407 1406 *qop_state = 0;
1408 1407
1409 1408 return (GSS_S_FAILURE);
1410 1409 }
1411 1410
1412 1411 /* copy the rpc results into the return arguments */
1413 1412
1414 1413 if (minor_status != NULL)
1415 1414 *minor_status = res.minor_status;
1416 1415
1417 1416 if (qop_state != NULL)
1418 1417 *qop_state = res.qop_state;
1419 1418
1420 1419 /* return with status returned in rpc call */
1421 1420
1422 1421 return (res.status);
1423 1422 }
1424 1423
1425 1424 OM_uint32
1426 1425 kgss_verify(OM_uint32 *minor_status,
1427 1426 gss_ctx_id_t context_handle,
1428 1427 gss_buffer_t message_buffer,
1429 1428 gss_buffer_t token_buffer,
1430 1429 int *qop_state)
1431 1430 {
1432 1431 if (context_handle == GSS_C_NO_CONTEXT)
1433 1432 return (GSS_S_FAILURE);
1434 1433
1435 1434 return (KGSS_VERIFY(minor_status, context_handle,
1436 1435 message_buffer,
1437 1436 token_buffer, qop_state));
1438 1437 }
1439 1438
1440 1439
1441 1440 /* EXPORT DELETE START */
1442 1441
1443 1442 OM_uint32
1444 1443 kgss_seal_wrapped(
1445 1444 minor_status,
1446 1445 context_handle,
1447 1446 conf_req_flag,
1448 1447 qop_req,
1449 1448 input_message_buffer,
1450 1449 conf_state,
1451 1450 output_message_buffer,
1452 1451 gssd_context_verifier)
1453 1452
1454 1453 OM_uint32 *minor_status;
1455 1454 gssd_ctx_id_t context_handle;
1456 1455 OM_uint32 gssd_context_verifier;
1457 1456 int conf_req_flag;
1458 1457 int qop_req;
1459 1458 gss_buffer_t input_message_buffer;
1460 1459 int *conf_state;
1461 1460 gss_buffer_t output_message_buffer;
1462 1461 {
1463 1462 gss_seal_arg arg;
1464 1463 gss_seal_res res;
1465 1464
1466 1465 /* get the client handle to GSSD */
1467 1466
1468 1467 if ((clnt = getgssd_handle()) == NULL) {
1469 1468 clnt_pcreateerror(server);
1470 1469 return (GSS_S_FAILURE);
1471 1470 }
1472 1471
1473 1472 /* copy the procedure arguments into the rpc arg parameter */
1474 1473
1475 1474
1476 1475 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1477 1476 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1478 1477 arg.gssd_context_verifier = gssd_context_verifier;
1479 1478
1480 1479 arg.conf_req_flag = conf_req_flag;
1481 1480
1482 1481 arg.qop_req = qop_req;
1483 1482
1484 1483 arg.input_message_buffer.GSS_BUFFER_T_len =
1485 1484 (uint_t)input_message_buffer->length;
1486 1485
1487 1486 arg.input_message_buffer.GSS_BUFFER_T_val =
1488 1487 (char *)input_message_buffer->value;
1489 1488
1490 1489 /* call the remote procedure */
|
↓ open down ↓ |
75 lines elided |
↑ open up ↑ |
1491 1490
1492 1491 memset(&res, 0, sizeof (res));
1493 1492 if (gss_seal_1(&arg, &res, clnt) != RPC_SUCCESS) {
1494 1493
1495 1494 /*
1496 1495 * if the RPC call times out, null out all return arguments,
1497 1496 * set minor_status to its maximum value, and return GSS_S_FAILURE
1498 1497 */
1499 1498
1500 1499 if (minor_status != NULL)
1501 - *minor_status = 0xffffffff;
1500 + *minor_status = DEFAULT_MINOR_STAT;
1502 1501 if (conf_state != NULL)
1503 1502 *conf_state = 0;
1504 1503 if (output_message_buffer != NULL)
1505 1504 output_message_buffer->length = 0;
1506 1505
1507 1506 return (GSS_S_FAILURE);
1508 1507 }
1509 1508
1510 1509 /* copy the rpc results into the return arguments */
1511 1510
1512 1511 if (minor_status != NULL)
1513 1512 *minor_status = res.minor_status;
1514 1513
1515 1514 if (conf_state != NULL)
1516 1515 *conf_state = res.conf_state;
1517 1516
1518 1517 if (output_message_buffer != NULL) {
1519 1518 output_message_buffer->length =
1520 1519 res.output_message_buffer.GSS_BUFFER_T_len;
1521 1520
1522 1521 output_message_buffer->value =
1523 1522 (void *) MALLOC(output_message_buffer->length);
1524 1523 memcpy(output_message_buffer->value,
1525 1524 res.output_message_buffer.GSS_BUFFER_T_val,
1526 1525 output_message_buffer->length);
1527 1526 }
1528 1527
1529 1528 /*
1530 1529 * free the memory allocated for the results and return with the status
1531 1530 * received in the rpc call
1532 1531 */
1533 1532
1534 1533 clnt_freeres(clnt, xdr_gss_seal_res, (caddr_t)&res);
1535 1534 return (res.status);
1536 1535 }
1537 1536
1538 1537 OM_uint32
1539 1538 kgss_seal(OM_uint32 *minor_status,
1540 1539 gss_ctx_id_t context_handle,
1541 1540 int conf_req_flag,
1542 1541 int qop_req,
1543 1542 gss_buffer_t input_message_buffer,
1544 1543 int *conf_state,
1545 1544 gss_buffer_t output_message_buffer)
1546 1545
1547 1546 {
1548 1547 if (context_handle == GSS_C_NO_CONTEXT)
1549 1548 return (GSS_S_FAILURE);
1550 1549
1551 1550 return (KGSS_SEAL(minor_status, context_handle,
1552 1551 conf_req_flag, qop_req,
1553 1552 input_message_buffer,
1554 1553 conf_state, output_message_buffer));
1555 1554 }
1556 1555
1557 1556 OM_uint32
1558 1557 kgss_unseal_wrapped(minor_status,
1559 1558 context_handle,
1560 1559 input_message_buffer,
1561 1560 output_message_buffer,
1562 1561 conf_state,
1563 1562 qop_state,
1564 1563 gssd_context_verifier)
1565 1564 OM_uint32 *minor_status;
1566 1565 gssd_ctx_id_t context_handle;
1567 1566 OM_uint32 gssd_context_verifier;
1568 1567 gss_buffer_t input_message_buffer;
1569 1568 gss_buffer_t output_message_buffer;
1570 1569 int *conf_state;
1571 1570 int *qop_state;
1572 1571 {
1573 1572 gss_unseal_arg arg;
1574 1573 gss_unseal_res res;
1575 1574
1576 1575 /* get the client handle to GSSD */
1577 1576
1578 1577 if ((clnt = getgssd_handle()) == NULL) {
1579 1578 clnt_pcreateerror(server);
1580 1579 return (GSS_S_FAILURE);
1581 1580 }
1582 1581
1583 1582 /* copy the procedure arguments into the rpc arg parameter */
1584 1583
1585 1584
1586 1585 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
1587 1586 arg.context_handle.GSS_CTX_ID_T_val = (char *)&context_handle;
1588 1587 arg.gssd_context_verifier = gssd_context_verifier;
1589 1588
1590 1589 arg.input_message_buffer.GSS_BUFFER_T_len =
1591 1590 (uint_t)input_message_buffer->length;
1592 1591
1593 1592 arg.input_message_buffer.GSS_BUFFER_T_val =
1594 1593 (char *)input_message_buffer->value;
1595 1594
1596 1595 /* call the remote procedure */
|
↓ open down ↓ |
85 lines elided |
↑ open up ↑ |
1597 1596
1598 1597 memset(&res, 0, sizeof (res));
1599 1598 if (gss_unseal_1(&arg, &res, clnt) != RPC_SUCCESS) {
1600 1599
1601 1600 /*
1602 1601 * if the RPC call times out, null out all return arguments,
1603 1602 * set minor_status to its maximum value, and return GSS_S_FAILURE
1604 1603 */
1605 1604
1606 1605 if (minor_status != NULL)
1607 - *minor_status = 0xffffffff;
1606 + *minor_status = DEFAULT_MINOR_STAT;
1608 1607 if (output_message_buffer != NULL)
1609 1608 output_message_buffer->length = 0;
1610 1609 if (conf_state != NULL)
1611 1610 *conf_state = 0;
1612 1611 if (qop_state != NULL)
1613 1612 *qop_state = 0;
1614 1613
1615 1614 return (GSS_S_FAILURE);
1616 1615 }
1617 1616
1618 1617 /* copy the rpc results into the return arguments */
1619 1618
1620 1619 if (minor_status != NULL)
1621 1620 *minor_status = res.minor_status;
1622 1621
1623 1622 if (output_message_buffer != NULL) {
1624 1623 output_message_buffer->length =
1625 1624 res.output_message_buffer.GSS_BUFFER_T_len;
1626 1625
1627 1626 output_message_buffer->value =
1628 1627 (void *) MALLOC(output_message_buffer->length);
1629 1628 memcpy(output_message_buffer->value,
1630 1629 res.output_message_buffer.GSS_BUFFER_T_val,
1631 1630 output_message_buffer->length);
1632 1631 }
1633 1632
1634 1633 if (conf_state != NULL)
1635 1634 *conf_state = res.conf_state;
1636 1635
1637 1636 if (qop_state != NULL)
1638 1637 *qop_state = res.qop_state;
1639 1638
1640 1639 /*
1641 1640 * free the memory allocated for the results and return with the status
1642 1641 * received in the rpc call
1643 1642 */
1644 1643
1645 1644 clnt_freeres(clnt, xdr_gss_unseal_res, (caddr_t)&res);
1646 1645 return (res.status);
1647 1646 }
1648 1647
1649 1648 OM_uint32
1650 1649 kgss_unseal(OM_uint32 *minor_status,
1651 1650 gss_ctx_id_t context_handle,
1652 1651 gss_buffer_t input_message_buffer,
1653 1652 gss_buffer_t output_message_buffer,
1654 1653 int *conf_state,
1655 1654 int *qop_state)
1656 1655 {
1657 1656 if (context_handle == GSS_C_NO_CONTEXT)
1658 1657 return (GSS_S_FAILURE);
1659 1658
1660 1659 return (KGSS_UNSEAL(minor_status, context_handle,
1661 1660 input_message_buffer,
1662 1661 output_message_buffer,
1663 1662 conf_state, qop_state));
1664 1663 }
1665 1664
1666 1665 /* EXPORT DELETE END */
1667 1666
1668 1667 OM_uint32
1669 1668 kgss_display_status(minor_status,
1670 1669 status_value,
1671 1670 status_type,
1672 1671 mech_type,
1673 1672 message_context,
1674 1673 status_string,
1675 1674 uid)
1676 1675 OM_uint32 *minor_status;
1677 1676 OM_uint32 status_value;
1678 1677 int status_type;
1679 1678 gss_OID mech_type;
1680 1679 int *message_context;
1681 1680 gss_buffer_t status_string;
1682 1681 uid_t uid;
1683 1682 {
1684 1683 gss_display_status_arg arg;
1685 1684 gss_display_status_res res;
1686 1685
1687 1686 /* get the client handle to GSSD */
1688 1687
1689 1688 if ((clnt = getgssd_handle()) == NULL) {
1690 1689 clnt_pcreateerror(server);
1691 1690 return (GSS_S_FAILURE);
1692 1691 }
1693 1692
1694 1693 /* copy the procedure arguments into the rpc arg parameter */
1695 1694
1696 1695 arg.uid = (OM_uint32) uid;
1697 1696
1698 1697 arg.status_value = status_value;
1699 1698 arg.status_type = status_type;
1700 1699
1701 1700 arg.mech_type.GSS_OID_len = (uint_t)(mech_type != GSS_C_NULL_OID ?
1702 1701 mech_type->length : 0);
1703 1702 arg.mech_type.GSS_OID_val = (char *)(mech_type != GSS_C_NULL_OID ?
1704 1703 mech_type->elements : 0);
1705 1704
1706 1705 arg.message_context = *message_context;
1707 1706
1708 1707 /* call the remote procedure */
1709 1708
1710 1709 if (message_context != NULL)
1711 1710 *message_context = 0;
1712 1711 if (status_string != NULL) {
1713 1712 status_string->length = 0;
1714 1713 status_string->value = NULL;
1715 1714 }
|
↓ open down ↓ |
98 lines elided |
↑ open up ↑ |
1716 1715
1717 1716 memset(&res, 0, sizeof (res));
1718 1717 if (gss_display_status_1(&arg, &res, clnt) != RPC_SUCCESS) {
1719 1718
1720 1719 /*
1721 1720 * if the RPC call times out, null out all return arguments,
1722 1721 * set minor_status to its maximum value, and return GSS_S_FAILURE
1723 1722 */
1724 1723
1725 1724 if (minor_status != NULL)
1726 - *minor_status = 0xffffffff;
1725 + *minor_status = DEFAULT_MINOR_STAT;
1727 1726
1728 1727 return (GSS_S_FAILURE);
1729 1728 }
1730 1729
1730 + if (minor_status != NULL)
1731 + *minor_status = res.minor_status;
1731 1732
1732 1733 /* now process the results and pass them back to the caller */
1733 1734
1734 1735 if (res.status == GSS_S_COMPLETE) {
1735 - if (minor_status != NULL)
1736 - *minor_status = res.minor_status;
1737 1736 if (message_context != NULL)
1738 1737 *message_context = res.message_context;
1739 1738 if (status_string != NULL) {
1740 1739 status_string->length =
1741 1740 (size_t)res.status_string.GSS_BUFFER_T_len;
1742 1741 status_string->value =
1743 1742 (void *)MALLOC(status_string->length);
1744 1743 memcpy(status_string->value,
1745 1744 res.status_string.GSS_BUFFER_T_val,
1746 1745 status_string->length);
1747 1746 }
1748 1747 }
1749 1748
1750 1749 clnt_freeres(clnt, xdr_gss_display_status_res, (caddr_t)&res);
1751 1750 return (res.status);
1752 1751 }
1753 1752
1754 1753 /*ARGSUSED*/
1755 1754 OM_uint32
1756 1755 kgss_indicate_mechs(minor_status,
1757 1756 mech_set,
1758 1757 uid)
1759 1758 OM_uint32 *minor_status;
1760 1759 gss_OID_set *mech_set;
1761 1760 uid_t uid;
1762 1761 {
1763 1762 void *arg;
1764 1763 gss_indicate_mechs_res res;
1765 1764 int i;
1766 1765
1767 1766 /* get the client handle to GSSD */
1768 1767
1769 1768 if ((clnt = getgssd_handle()) == NULL) {
1770 1769 clnt_pcreateerror(server);
1771 1770 return (GSS_S_FAILURE);
1772 1771 }
|
↓ open down ↓ |
26 lines elided |
↑ open up ↑ |
1773 1772
1774 1773 memset(&res, 0, sizeof (res));
1775 1774 if (gss_indicate_mechs_1(&arg, &res, clnt) != RPC_SUCCESS) {
1776 1775
1777 1776 /*
1778 1777 * if the RPC call times out, null out all return arguments,
1779 1778 * set minor_status to its maximum value, and return GSS_S_FAILURE
1780 1779 */
1781 1780
1782 1781 if (minor_status != NULL)
1783 - *minor_status = 0xffffffff;
1782 + *minor_status = DEFAULT_MINOR_STAT;
1784 1783 if (mech_set != NULL)
1785 1784 *mech_set = NULL;
1786 1785
1787 1786 return (GSS_S_FAILURE);
1788 1787 }
1789 1788
1790 1789 /* copy the rpc results into the return arguments */
1791 1790
1792 1791 if (minor_status != NULL)
1793 1792 *minor_status = res.minor_status;
1794 1793
1795 1794 if (mech_set != NULL) {
1796 1795 *mech_set = (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
1797 1796 (*mech_set)->count = res.mech_set.GSS_OID_SET_len;
1798 1797 (*mech_set)->elements = (void *)
1799 1798 MALLOC ((*mech_set)->count * sizeof (gss_OID_desc));
1800 1799 for (i = 0; i < (*mech_set)->count; i++) {
1801 1800 (*mech_set)->elements[i].length =
1802 1801 res.mech_set.GSS_OID_SET_val[i].GSS_OID_len;
1803 1802 (*mech_set)->elements[i].elements = (void *)
1804 1803 MALLOC ((*mech_set)->elements[i].length);
1805 1804 memcpy ((*mech_set)->elements[i].elements,
1806 1805 res.mech_set.GSS_OID_SET_val[i].GSS_OID_val,
1807 1806 (*mech_set)->elements[i].length);
1808 1807 }
1809 1808 }
1810 1809
1811 1810 /*
1812 1811 * free the memory allocated for the results and return with the status
1813 1812 * received in the rpc call
1814 1813 */
1815 1814
1816 1815 clnt_freeres(clnt, xdr_gss_indicate_mechs_res, (caddr_t)&res);
1817 1816 return (res.status);
1818 1817 }
1819 1818
1820 1819
1821 1820 OM_uint32
1822 1821 kgss_inquire_cred_wrapped(minor_status,
1823 1822 cred_handle,
1824 1823 gssd_cred_verifier,
1825 1824 name,
1826 1825 lifetime,
1827 1826 cred_usage,
1828 1827 mechanisms,
1829 1828 uid)
1830 1829 OM_uint32 *minor_status;
1831 1830 gssd_cred_id_t cred_handle;
1832 1831 OM_uint32 gssd_cred_verifier;
1833 1832 gss_name_t *name;
1834 1833 OM_uint32 *lifetime;
1835 1834 int *cred_usage;
1836 1835 gss_OID_set *mechanisms;
1837 1836 uid_t uid;
1838 1837 {
1839 1838 OM_uint32 minor_status_temp;
1840 1839 gss_buffer_desc external_name;
1841 1840 gss_OID name_type;
1842 1841 int i;
1843 1842
1844 1843 gss_inquire_cred_arg arg;
1845 1844 gss_inquire_cred_res res;
1846 1845
1847 1846 /* get the client handle to GSSD */
1848 1847
1849 1848 if ((clnt = getgssd_handle()) == NULL) {
1850 1849 clnt_pcreateerror(server);
1851 1850 return (GSS_S_FAILURE);
1852 1851 }
1853 1852
1854 1853
1855 1854 /* copy the procedure arguments into the rpc arg parameter */
1856 1855
1857 1856 arg.uid = (OM_uint32) uid;
1858 1857
1859 1858 arg.cred_handle.GSS_CRED_ID_T_len =
1860 1859 cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
1861 1860 0 : (uint_t)sizeof (gssd_cred_id_t);
1862 1861 arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
1863 1862 arg.gssd_cred_verifier = gssd_cred_verifier;
1864 1863
1865 1864 /* call the remote procedure */
|
↓ open down ↓ |
72 lines elided |
↑ open up ↑ |
1866 1865
1867 1866 memset(&res, 0, sizeof (res));
1868 1867 if (gss_inquire_cred_1(&arg, &res, clnt) != RPC_SUCCESS) {
1869 1868
1870 1869 /*
1871 1870 * if the RPC call times out, null out all return arguments,
1872 1871 * set minor_status to its maximum value, and return GSS_S_FAILURE
1873 1872 */
1874 1873
1875 1874 if (minor_status != NULL)
1876 - *minor_status = 0xffffffff;
1875 + *minor_status = DEFAULT_MINOR_STAT;
1877 1876 if (name != NULL)
1878 1877 *name = NULL;
1879 1878 if (lifetime != NULL)
1880 1879 *lifetime = 0;
1881 1880 if (cred_usage != NULL)
1882 1881 *cred_usage = 0;
1883 1882 if (mechanisms != NULL)
1884 1883 *mechanisms = NULL;
1885 1884
1886 1885 return (GSS_S_FAILURE);
1887 1886 }
1888 1887
1889 1888 /* copy the rpc results into the return arguments */
1890 1889
1891 1890 if (minor_status != NULL)
1892 1891 *minor_status = res.minor_status;
1893 1892
1894 1893 /* convert name from external to internal format */
1895 1894
1896 1895 if (name != NULL) {
1897 1896 external_name.length = res.name.GSS_BUFFER_T_len;
1898 1897 external_name.value = res.name.GSS_BUFFER_T_val;
1899 1898
1900 1899 /*
1901 1900 * we have to allocate a name_type descriptor and
1902 1901 * elements storage, since gss_import_name() only
1903 1902 * stores a pointer to the name_type info in the
1904 1903 * union_name struct
1905 1904 */
1906 1905
1907 1906 name_type = (gss_OID) MALLOC(sizeof (gss_OID_desc));
1908 1907
1909 1908 name_type->length = res.name_type.GSS_OID_len;
1910 1909 name_type->elements = (void *) MALLOC(name_type->length);
1911 1910 memcpy(name_type->elements, res.name_type.GSS_OID_val,
1912 1911 name_type->length);
1913 1912
1914 1913 if (gss_import_name(&minor_status_temp, &external_name,
1915 1914 name_type, name) != GSS_S_COMPLETE) {
1916 1915
1917 1916 *minor_status = (OM_uint32) minor_status_temp;
1918 1917 gss_release_buffer(&minor_status_temp, &external_name);
1919 1918
1920 1919 clnt_freeres(clnt, xdr_gss_inquire_cred_res,
1921 1920 (caddr_t)&res);
1922 1921 return ((OM_uint32) GSS_S_FAILURE);
1923 1922 }
1924 1923 }
1925 1924
1926 1925 if (lifetime != NULL)
1927 1926 *lifetime = res.lifetime;
1928 1927
1929 1928 if (cred_usage != NULL)
1930 1929 *cred_usage = res.cred_usage;
1931 1930
1932 1931 if (mechanisms != NULL) {
1933 1932 *mechanisms =
1934 1933 (gss_OID_set) MALLOC(sizeof (gss_OID_set_desc));
1935 1934 if (res.mechanisms.GSS_OID_SET_len != 0) {
1936 1935 (*mechanisms)->count =
1937 1936 (int)res.mechanisms.GSS_OID_SET_len;
1938 1937 (*mechanisms)->elements = (gss_OID)
1939 1938 MALLOC(sizeof (gss_OID) * (*mechanisms)->count);
1940 1939
1941 1940 for (i = 0; i < (*mechanisms)->count; i++) {
1942 1941 (*mechanisms)->elements[i].length = (OM_uint32)
1943 1942 res.mechanisms.GSS_OID_SET_val[i].GSS_OID_len;
1944 1943 (*mechanisms)->elements[i].elements = (void *)
1945 1944 MALLOC((*mechanisms)->elements[i].length);
1946 1945 memcpy((*mechanisms)->elements[i].elements,
1947 1946 res.mechanisms.GSS_OID_SET_val[i].GSS_OID_val,
1948 1947 (*mechanisms)->elements[i].length);
1949 1948 }
1950 1949 } else
1951 1950 (*mechanisms)->count = 0;
1952 1951 }
1953 1952
1954 1953 /*
1955 1954 * free the memory allocated for the results and return with the status
1956 1955 * received in the rpc call
1957 1956 */
1958 1957
1959 1958 clnt_freeres(clnt, xdr_gss_inquire_cred_res, (caddr_t)&res);
1960 1959 return (res.status);
1961 1960 }
1962 1961
1963 1962
1964 1963 OM_uint32
1965 1964 kgss_inquire_cred(minor_status,
1966 1965 cred_handle,
1967 1966 name,
1968 1967 lifetime,
1969 1968 cred_usage,
1970 1969 mechanisms,
1971 1970 uid)
1972 1971 OM_uint32 *minor_status;
1973 1972 gss_cred_id_t cred_handle;
1974 1973 gss_name_t *name;
1975 1974 OM_uint32 *lifetime;
1976 1975 int *cred_usage;
1977 1976 gss_OID_set * mechanisms;
1978 1977 uid_t uid;
1979 1978 {
1980 1979
1981 1980 OM_uint32 gssd_cred_verifier;
1982 1981 gssd_cred_id_t gssd_cred_handle;
1983 1982
1984 1983 gssd_cred_verifier = KCRED_TO_CREDV(cred_handle);
1985 1984 gssd_cred_handle = KCRED_TO_CRED(cred_handle);
1986 1985
1987 1986 return (kgss_inquire_cred_wrapped(minor_status,
1988 1987 gssd_cred_handle, gssd_cred_verifier,
1989 1988 name, lifetime, cred_usage, mechanisms, uid));
1990 1989 }
1991 1990
1992 1991
1993 1992 OM_uint32
1994 1993 kgss_inquire_cred_by_mech_wrapped(minor_status,
1995 1994 cred_handle,
1996 1995 gssd_cred_verifier,
1997 1996 mech_type,
1998 1997 uid)
1999 1998 OM_uint32 *minor_status;
2000 1999 gssd_cred_id_t cred_handle;
2001 2000 OM_uint32 gssd_cred_verifier;
2002 2001 gss_OID mech_type;
2003 2002 uid_t uid;
2004 2003 {
2005 2004 OM_uint32 minor_status_temp;
2006 2005
2007 2006 gss_inquire_cred_by_mech_arg arg;
2008 2007 gss_inquire_cred_by_mech_res res;
2009 2008
2010 2009 /* get the client handle to GSSD */
2011 2010
2012 2011 if ((clnt = getgssd_handle()) == NULL) {
2013 2012 clnt_pcreateerror(server);
2014 2013 return (GSS_S_FAILURE);
2015 2014 }
2016 2015
2017 2016
2018 2017 /* copy the procedure arguments into the rpc arg parameter */
2019 2018
2020 2019 arg.uid = (OM_uint32) uid;
2021 2020
2022 2021 arg.cred_handle.GSS_CRED_ID_T_len =
2023 2022 cred_handle == (gssd_cred_id_t)GSS_C_NO_CREDENTIAL ?
2024 2023 0 : (uint_t)sizeof (gssd_cred_id_t);
2025 2024 arg.cred_handle.GSS_CRED_ID_T_val = (char *)&cred_handle;
2026 2025 arg.gssd_cred_verifier = gssd_cred_verifier;
2027 2026
2028 2027 arg.mech_type.GSS_OID_len =
2029 2028 (uint_t)(mech_type != GSS_C_NULL_OID ?
2030 2029 mech_type->length : 0);
2031 2030 arg.mech_type.GSS_OID_val =
2032 2031 (char *)(mech_type != GSS_C_NULL_OID ?
2033 2032 mech_type->elements : 0);
2034 2033 /* call the remote procedure */
|
↓ open down ↓ |
148 lines elided |
↑ open up ↑ |
2035 2034
2036 2035 memset(&res, 0, sizeof (res));
2037 2036 if (gss_inquire_cred_by_mech_1(&arg, &res, clnt) != RPC_SUCCESS) {
2038 2037
2039 2038 /*
2040 2039 * if the RPC call times out, null out all return arguments,
2041 2040 * set minor_status to its maximum value, and return GSS_S_FAILURE
2042 2041 */
2043 2042
2044 2043 if (minor_status != NULL)
2045 - *minor_status = 0xffffffff;
2044 + *minor_status = DEFAULT_MINOR_STAT;
2046 2045 return (GSS_S_FAILURE);
2047 2046 }
2048 2047
2049 2048 /* copy the rpc results into the return arguments */
2050 2049
2051 2050 if (minor_status != NULL)
2052 2051 *minor_status = res.minor_status;
2053 2052
2054 2053 /* convert name from external to internal format */
2055 2054
2056 2055 /*
2057 2056 * free the memory allocated for the results and return with the status
2058 2057 * received in the rpc call
2059 2058 */
2060 2059
2061 2060 clnt_freeres(clnt, xdr_gss_inquire_cred_by_mech_res, (caddr_t)&res);
2062 2061 return (res.status);
2063 2062 }
2064 2063
2065 2064
2066 2065 OM_uint32
2067 2066 kgss_inquire_cred_by_mech(minor_status,
2068 2067 cred_handle,
2069 2068 mech_type,
2070 2069 uid)
2071 2070 OM_uint32 *minor_status;
2072 2071 gss_cred_id_t cred_handle;
2073 2072 gss_OID mech_type;
2074 2073 uid_t uid;
2075 2074 {
2076 2075
2077 2076 OM_uint32 gssd_cred_verifier;
2078 2077 gssd_cred_id_t gssd_cred_handle;
2079 2078
2080 2079 gssd_cred_verifier = KCRED_TO_CREDV(cred_handle);
2081 2080 gssd_cred_handle = KCRED_TO_CRED(cred_handle);
2082 2081
2083 2082 return (kgss_inquire_cred_by_mech_wrapped(minor_status,
2084 2083 gssd_cred_handle, gssd_cred_verifier,
2085 2084 mech_type, uid));
2086 2085 }
2087 2086
2088 2087 OM_uint32
2089 2088 kgsscred_expname_to_unix_cred(expName, uidOut, gidOut, gids, gidsLen, uid)
2090 2089 const gss_buffer_t expName;
2091 2090 uid_t *uidOut;
2092 2091 gid_t *gidOut;
2093 2092 gid_t *gids[];
2094 2093 int *gidsLen;
2095 2094 uid_t uid;
2096 2095 {
2097 2096 gsscred_expname_to_unix_cred_arg args;
2098 2097 gsscred_expname_to_unix_cred_res res;
2099 2098
2100 2099 /* check input/output parameters */
2101 2100 if (expName == NULL || expName->value == NULL)
2102 2101 return (GSS_S_CALL_INACCESSIBLE_READ);
2103 2102
2104 2103 if (uidOut == NULL)
2105 2104 return (GSS_S_CALL_INACCESSIBLE_WRITE);
2106 2105
2107 2106 /* NULL out output parameters */
2108 2107 *uidOut = 0;
2109 2108 if (gidsLen)
2110 2109 *gidsLen = 0;
2111 2110
2112 2111 if (gids)
2113 2112 *gids = NULL;
2114 2113
2115 2114 /* get the client handle to gssd */
2116 2115 if ((clnt = getgssd_handle()) == NULL)
2117 2116 {
2118 2117 clnt_pcreateerror(server);
2119 2118 return (GSS_S_FAILURE);
2120 2119 }
2121 2120
2122 2121 /* copy the procedure arguments */
2123 2122 args.uid = uid;
2124 2123 args.expname.GSS_BUFFER_T_val = expName->value;
2125 2124 args.expname.GSS_BUFFER_T_len = expName->length;
2126 2125
2127 2126 /* null out the return buffer and call the remote proc */
2128 2127 memset(&res, 0, sizeof (res));
2129 2128
2130 2129 if (gsscred_expname_to_unix_cred_1(&args, &res, clnt) != RPC_SUCCESS)
2131 2130 {
2132 2131 return (GSS_S_FAILURE);
2133 2132 }
2134 2133
2135 2134 /* copy the results into the result parameters */
2136 2135 if (res.major == GSS_S_COMPLETE)
2137 2136 {
2138 2137 *uidOut = res.uid;
2139 2138 if (gidOut)
2140 2139 *gidOut = res.gid;
2141 2140 if (gids && gidsLen)
2142 2141 {
2143 2142 *gids = res.gids.GSSCRED_GIDS_val;
2144 2143 *gidsLen = res.gids.GSSCRED_GIDS_len;
2145 2144 res.gids.GSSCRED_GIDS_val = NULL;
2146 2145 res.gids.GSSCRED_GIDS_len = 0;
2147 2146 }
2148 2147 }
2149 2148
2150 2149 /* free RPC results */
2151 2150 clnt_freeres(clnt, xdr_gsscred_expname_to_unix_cred_res, (caddr_t)&res);
2152 2151
2153 2152 return (res.major);
2154 2153 } /* kgsscred_expname_to_unix_cred */
2155 2154
2156 2155 OM_uint32
2157 2156 kgsscred_name_to_unix_cred(intName, mechType, uidOut, gidOut, gids,
2158 2157 gidsLen, uid)
2159 2158 const gss_name_t intName;
2160 2159 const gss_OID mechType;
2161 2160 uid_t *uidOut;
2162 2161 gid_t *gidOut;
2163 2162 gid_t *gids[];
2164 2163 int *gidsLen;
2165 2164 uid_t uid;
2166 2165 {
2167 2166 gsscred_name_to_unix_cred_arg args;
2168 2167 gsscred_name_to_unix_cred_res res;
2169 2168 OM_uint32 major, minor;
2170 2169 gss_OID nameOid;
2171 2170 gss_buffer_desc flatName = GSS_C_EMPTY_BUFFER;
2172 2171
2173 2172
2174 2173 /* check the input/output parameters */
2175 2174 if (intName == NULL || mechType == NULL)
2176 2175 return (GSS_S_CALL_INACCESSIBLE_READ);
2177 2176
2178 2177 if (uidOut == NULL)
2179 2178 return (GSS_S_CALL_INACCESSIBLE_WRITE);
2180 2179
2181 2180 /* NULL out the output parameters */
2182 2181 *uidOut = 0;
2183 2182 if (gids)
2184 2183 *gids = NULL;
2185 2184
2186 2185 if (gidsLen)
2187 2186 *gidsLen = 0;
2188 2187
2189 2188 /* get the client handle to gssd */
2190 2189 if ((clnt = getgssd_handle()) == NULL)
2191 2190 {
2192 2191 clnt_pcreateerror(server);
2193 2192 return (GSS_S_FAILURE);
2194 2193 }
2195 2194
2196 2195 /* convert the name to flat representation */
2197 2196 if ((major = gss_display_name(&minor, intName, &flatName, &nameOid))
2198 2197 != GSS_S_COMPLETE)
2199 2198 {
2200 2199 return (major);
2201 2200 }
2202 2201
2203 2202 /* set the rpc parameters */
2204 2203 args.uid = uid;
2205 2204 args.pname.GSS_BUFFER_T_len = flatName.length;
2206 2205 args.pname.GSS_BUFFER_T_val = flatName.value;
2207 2206 args.name_type.GSS_OID_len = nameOid->length;
2208 2207 args.name_type.GSS_OID_val = nameOid->elements;
2209 2208 args.mech_type.GSS_OID_len = mechType->length;
2210 2209 args.mech_type.GSS_OID_val = mechType->elements;
2211 2210
2212 2211 /* call the remote procedure */
2213 2212 memset(&res, 0, sizeof (res));
2214 2213 if (gsscred_name_to_unix_cred_1(&args, &res, clnt) != RPC_SUCCESS)
2215 2214 {
2216 2215 gss_release_buffer(&minor, &flatName);
2217 2216 return (GSS_S_FAILURE);
2218 2217 }
2219 2218
2220 2219 gss_release_buffer(&minor, &flatName);
2221 2220 /* copy the output parameters on output */
2222 2221 if (res.major == GSS_S_COMPLETE)
2223 2222 {
2224 2223 *uidOut = res.uid;
2225 2224 if (gidOut)
2226 2225 *gidOut = res.gid;
2227 2226 if (gids && gidsLen)
2228 2227 {
2229 2228 *gids = res.gids.GSSCRED_GIDS_val;
2230 2229 *gidsLen = res.gids.GSSCRED_GIDS_len;
2231 2230 res.gids.GSSCRED_GIDS_val = NULL;
2232 2231 res.gids.GSSCRED_GIDS_len = 0;
2233 2232 }
2234 2233 }
2235 2234
2236 2235 /* delete RPC allocated memory */
2237 2236 clnt_freeres(clnt, xdr_gsscred_name_to_unix_cred_res, (caddr_t)&res);
2238 2237
2239 2238 return (res.major);
2240 2239 } /* kgsscred_name_to_unix_cred */
2241 2240
2242 2241 OM_uint32
2243 2242 kgss_get_group_info(puid, gidOut, gids, gidsLen, uid)
2244 2243 const uid_t puid;
2245 2244 gid_t *gidOut;
2246 2245 gid_t *gids[];
2247 2246 int *gidsLen;
2248 2247 uid_t uid;
2249 2248 {
2250 2249 gss_get_group_info_arg args;
2251 2250 gss_get_group_info_res res;
2252 2251
2253 2252
2254 2253 /* check the output parameters */
2255 2254 if (gidOut == NULL || gids == NULL || gidsLen == NULL)
2256 2255 return (GSS_S_CALL_INACCESSIBLE_WRITE);
2257 2256
2258 2257 /* get the client GSSD handle */
2259 2258 if ((clnt = getgssd_handle()) == NULL)
2260 2259 {
2261 2260 clnt_pcreateerror(server);
2262 2261 return (GSS_S_FAILURE);
2263 2262 }
2264 2263
2265 2264 /* set the input parameters */
2266 2265 args.uid = uid;
2267 2266 args.puid = puid;
2268 2267
2269 2268
2270 2269 /* call the remote procedure */
2271 2270 memset(&res, 0, sizeof (res));
2272 2271 if (gss_get_group_info_1(&args, &res, clnt) != RPC_SUCCESS)
2273 2272 {
2274 2273 return (GSS_S_FAILURE);
2275 2274 }
2276 2275
2277 2276 /* copy the results */
2278 2277 if (res.major == GSS_S_COMPLETE)
2279 2278 {
2280 2279 *gidOut = res.gid;
2281 2280 *gids = res.gids.GSSCRED_GIDS_val;
2282 2281 *gidsLen = res.gids.GSSCRED_GIDS_len;
2283 2282 res.gids.GSSCRED_GIDS_val = NULL;
2284 2283 res.gids.GSSCRED_GIDS_len = 0;
2285 2284 }
2286 2285
2287 2286 /* nothing to free */
2288 2287
2289 2288 return (res.major);
2290 2289 } /* kgss_get_group_info */
2291 2290
2292 2291 OM_uint32
2293 2292 kgss_export_sec_context_wrapped(minor_status,
2294 2293 context_handle,
2295 2294 output_token,
2296 2295 gssd_context_verifier)
2297 2296 OM_uint32 *minor_status;
2298 2297 gssd_ctx_id_t *context_handle;
2299 2298 gss_buffer_t output_token;
2300 2299 OM_uint32 gssd_context_verifier;
2301 2300 {
2302 2301 CLIENT *clnt;
2303 2302 gss_export_sec_context_arg arg;
2304 2303 gss_export_sec_context_res res;
2305 2304
2306 2305
2307 2306 /* get the client handle to GSSD */
2308 2307
2309 2308 if ((clnt = getgssd_handle()) == NULL) {
2310 2309 clnt_pcreateerror(server);
2311 2310 return (GSS_S_FAILURE);
2312 2311 }
2313 2312
2314 2313 /* copy the procedure arguments into the rpc arg parameter */
2315 2314
2316 2315 arg.context_handle.GSS_CTX_ID_T_len = (uint_t)sizeof (gssd_ctx_id_t);
2317 2316 arg.context_handle.GSS_CTX_ID_T_val = (char *)context_handle;
2318 2317 arg.gssd_context_verifier = gssd_context_verifier;
2319 2318
2320 2319 /* call the remote procedure */
2321 2320
2322 2321 memset(&res, 0, sizeof (res));
2323 2322 if (gss_export_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
2324 2323
2325 2324 /*
2326 2325 * if the RPC call times out, null out all return arguments, set minor_status
2327 2326 * to its maximum value, and return GSS_S_FAILURE
2328 2327 */
2329 2328
2330 2329 if (minor_status != NULL)
2331 2330 *minor_status = DEFAULT_MINOR_STAT;
2332 2331 if (context_handle != NULL)
2333 2332 *context_handle = NULL;
2334 2333 if (output_token != NULL)
2335 2334 output_token->length = 0;
2336 2335
2337 2336 return (GSS_S_FAILURE);
2338 2337 }
2339 2338
2340 2339 /* copy the rpc results into the return arguments */
|
↓ open down ↓ |
285 lines elided |
↑ open up ↑ |
2341 2340
2342 2341 if (minor_status != NULL)
2343 2342 *minor_status = res.minor_status;
2344 2343
2345 2344 if (res.context_handle.GSS_CTX_ID_T_len == 0)
2346 2345 *context_handle = NULL;
2347 2346 else
2348 2347 *context_handle =
2349 2348 *((gssd_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
2350 2349
2351 - if (output_token != NULL) {
2350 + if (output_token != NULL && res.output_token.GSS_BUFFER_T_val != NULL) {
2352 2351 output_token->length = res.output_token.GSS_BUFFER_T_len;
2353 2352 output_token->value =
2354 2353 (void *) MALLOC(output_token->length);
2355 2354 memcpy(output_token->value,
2356 2355 res.output_token.GSS_BUFFER_T_val,
2357 2356 output_token->length);
2358 2357 }
2359 2358
2360 2359 /*
2361 2360 * free the memory allocated for the results and return with the status
2362 2361 * received in the rpc call
2363 2362 */
2364 2363
2365 2364 clnt_freeres(clnt, xdr_gss_export_sec_context_res, (caddr_t)&res);
2366 2365 return (res.status);
2367 2366
2368 2367 }
2369 2368
2370 2369 OM_uint32
2371 2370 kgss_export_sec_context(minor_status,
2372 2371 context_handle,
2373 2372 output_token)
2374 2373 OM_uint32 *minor_status;
2375 2374 gss_ctx_id_t *context_handle;
2376 2375 gss_buffer_t output_token;
2377 2376 {
2378 2377 OM_uint32 err;
2379 2378 struct kgss_ctx *kctx;
2380 2379
2381 2380 if (*context_handle == GSS_C_NO_CONTEXT) {
2382 2381 return (GSS_S_NO_CONTEXT);
2383 2382 } else
2384 2383 kctx = KCTX_TO_KGSS_CTX(*context_handle);
2385 2384
2386 2385 err = kgss_export_sec_context_wrapped(minor_status,
2387 2386 &kctx->gssd_ctx, output_token,
2388 2387 kctx->gssd_ctx_verifier);
2389 2388
2390 2389 if (GSS_ERROR(err))
2391 2390 return (err);
2392 2391 else {
2393 2392 KGSS_FREE(kctx);
2394 2393 *context_handle = GSS_C_NO_CONTEXT;
2395 2394 return (err);
2396 2395 }
2397 2396
2398 2397 }
2399 2398
2400 2399 OM_uint32
2401 2400 kgss_import_sec_context_wrapped(minor_status,
2402 2401 input_token,
2403 2402 context_handle,
2404 2403 gssd_context_verifier)
2405 2404 OM_uint32 *minor_status;
2406 2405 gss_buffer_t input_token;
2407 2406 gss_ctx_id_t *context_handle;
2408 2407 OM_uint32 gssd_context_verifier;
2409 2408 {
2410 2409 CLIENT *clnt;
2411 2410 gss_import_sec_context_arg arg;
2412 2411 gss_import_sec_context_res res;
2413 2412
2414 2413
2415 2414 /* get the client handle to GSSD */
2416 2415
2417 2416 if ((clnt = getgssd_handle()) == NULL) {
2418 2417 clnt_pcreateerror(server);
2419 2418 return (GSS_S_FAILURE);
2420 2419 }
2421 2420
2422 2421 /* copy the procedure arguments into the rpc arg parameter */
2423 2422 arg.input_token.GSS_BUFFER_T_len = (uint_t)
2424 2423 (input_token != GSS_C_NO_BUFFER ? input_token->length : 0);
2425 2424 arg.input_token.GSS_BUFFER_T_val = (char *)
2426 2425 (input_token != GSS_C_NO_BUFFER ? input_token->value : 0);
2427 2426 arg.gssd_context_verifier = gssd_context_verifier;
2428 2427
2429 2428
2430 2429 /* call the remote procedure */
2431 2430
2432 2431 memset(&res, 0, sizeof (res));
2433 2432 if (gss_import_sec_context_1(&arg, &res, clnt) != RPC_SUCCESS) {
2434 2433
2435 2434 /*
2436 2435 * if the RPC call times out, null out all return arguments, set minor_status
2437 2436 * to its maximum value, and return GSS_S_FAILURE
2438 2437 */
2439 2438
2440 2439 if (minor_status != NULL)
2441 2440 *minor_status = DEFAULT_MINOR_STAT;
2442 2441 if (context_handle != NULL)
2443 2442 *context_handle = NULL;
2444 2443
2445 2444 return (GSS_S_FAILURE);
2446 2445 }
2447 2446
2448 2447 /* copy the rpc results into the return arguments */
2449 2448
2450 2449 if (minor_status != NULL)
2451 2450 *minor_status = res.minor_status;
2452 2451
2453 2452 if (res.context_handle.GSS_CTX_ID_T_len == 0)
2454 2453 *context_handle = NULL;
2455 2454 else
2456 2455 *context_handle =
2457 2456 *((gss_ctx_id_t *)res.context_handle.GSS_CTX_ID_T_val);
2458 2457
2459 2458
2460 2459 /*
2461 2460 * free the memory allocated for the results and return with the status
2462 2461 * received in the rpc call
2463 2462 */
2464 2463
2465 2464 clnt_freeres(clnt, xdr_gss_import_sec_context_res, (caddr_t)&res);
2466 2465 return (res.status);
2467 2466 }
2468 2467
2469 2468 OM_uint32
2470 2469 kgss_import_sec_context(minor_status,
2471 2470 input_token,
2472 2471 context_handle)
2473 2472 OM_uint32 *minor_status;
2474 2473 gss_buffer_t input_token;
2475 2474 gss_ctx_id_t *context_handle;
2476 2475 {
2477 2476 struct kgss_ctx *kctx;
2478 2477
2479 2478 if (*context_handle == GSS_C_NO_CONTEXT) {
2480 2479 kctx = KGSS_ALLOC();
2481 2480 *context_handle = (gss_ctx_id_t)kctx;
2482 2481 kctx->gssd_ctx = (OM_uint32) GSS_C_NO_CONTEXT;
2483 2482 } else
2484 2483 kctx = (struct kgss_ctx *)*context_handle;
2485 2484 return (kgss_import_sec_context_wrapped(minor_status,
2486 2485 input_token, &kctx->gssd_ctx,
2487 2486 KCTX_TO_CTXV(context_handle)));
2488 2487 }
2489 2488
2490 2489 #ifdef _KERNEL
2491 2490 #include <sys/modctl.h>
2492 2491
2493 2492 static void *gss_clnt = NULL;
2494 2493
2495 2494 #ifdef DEBUG
2496 2495 typedef struct {
2497 2496 char *name; /* just put something here */
2498 2497 } gssd_devstate_t;
2499 2498
2500 2499
2501 2500 static void *gssd_state;
2502 2501
2503 2502 static int gssd_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
2504 2503 {
2505 2504 /* cmn_err(CE_NOTE, "In gssd_attach"); */
2506 2505 switch (cmd) {
2507 2506 case DDI_ATTACH:
2508 2507 if (ddi_create_minor_node(dip, "gssd", S_IFCHR, 0, "gssd", 0)
2509 2508 == DDI_FAILURE) {
2510 2509 ddi_remove_minor_node(dip, NULL);
2511 2510 return (DDI_FAILURE);
2512 2511 }
2513 2512 return (DDI_SUCCESS);
2514 2513
2515 2514 default:
2516 2515 return (DDI_FAILURE);
2517 2516 }
2518 2517 }
2519 2518
2520 2519 static int gssd_getinfo(dev_info_t *dip, ddi_info_cmd_t infocmd,
2521 2520 void *arg, void **result)
2522 2521 {
2523 2522 dev_t dev;
2524 2523 int error;
2525 2524
2526 2525 /* cmn_err(CE_NOTE, "In gssd_getinfo"); */
2527 2526
2528 2527 switch (infocmd) {
2529 2528 case DDI_INFO_DEVT2INSTANCE:
2530 2529 dev = (dev_t)arg;
2531 2530 *result = (void *) getminor(dev);
2532 2531 error = DDI_SUCCESS;
2533 2532 break;
2534 2533
2535 2534 case DDI_INFO_DEVT2DEVINFO:
2536 2535 /* cmn_err(CE_NOTE, "getinfo wants devinfo"); */
2537 2536 default:
2538 2537 error = DDI_FAILURE;
2539 2538 break;
2540 2539 }
2541 2540 return (error);
2542 2541 }
2543 2542
2544 2543 static int gssd_identify(dev_info_t *dip)
2545 2544 {
2546 2545 /* cmn_err(CE_NOTE, "in gssd_identify"); */
2547 2546 if (strcmp(ddi_get_name(dip), "gssd") == 0)
2548 2547 return (DDI_IDENTIFIED);
2549 2548 else
2550 2549 return (DDI_NOT_IDENTIFIED);
2551 2550 }
2552 2551
2553 2552 static int gssd_probe(dev_info_t *dip)
2554 2553 {
2555 2554 /* cmn_err(CE_NOTE, "In gssd_probe"); */
2556 2555
2557 2556 return (DDI_PROBE_SUCCESS);
2558 2557 }
2559 2558
2560 2559 static int gssd_open(dev_t *devp, int flag, int otyp, cred_t *credp)
2561 2560 {
2562 2561 /* cmn_err (CE_NOTE, "In gssd_open"); */
2563 2562 if (otyp != OTYP_CHR)
2564 2563 return (EINVAL);
2565 2564
2566 2565 gss_clnt = getgssd_handle();
2567 2566 return (0);
2568 2567 }
2569 2568
2570 2569 static int gssd_close(dev_t dev, int flag, int otyp, cred_t *credp)
2571 2570 {
2572 2571 /* cmn_err(CE_NOTE, "In gssd_close"); */
2573 2572 killgssd_handle(gss_clnt);
2574 2573 return (0);
2575 2574 }
2576 2575
2577 2576 static int gssd_write(dev_t dev, struct uio *uiop, cred_t *credp)
2578 2577 {
2579 2578 char buffer[1024];
2580 2579 int len;
2581 2580
2582 2581 /* cmn_err(CE_NOTE, "In gssd_write"); */
2583 2582 bzero(buffer, 1024);
2584 2583
2585 2584 uiomove(buffer, 1024, UIO_WRITE, uiop);
2586 2585 len = strlen(buffer);
2587 2586
2588 2587 if (buffer[len-1] == '\n')
2589 2588 buffer[--len] = '\0';
2590 2589
2591 2590 cmn_err(CE_NOTE, "Got command: (%d) \"%s\"", len, buffer);
2592 2591 do_gssdtest(buffer);
2593 2592 return (0);
2594 2593 }
2595 2594
2596 2595 static struct cb_ops gssd_cb_ops = {
2597 2596 gssd_open, /* cb_open */
2598 2597 gssd_close, /* cb_close */
2599 2598 nodev, /* cb_strategy */
2600 2599 nodev, /* cb_print */
2601 2600 nodev, /* cb_dump */
2602 2601 nulldev, /* cb_read */
2603 2602 gssd_write, /* cb_write */
2604 2603 nodev, /* cb_ioctl */
2605 2604 nodev, /* cb_devmap */
2606 2605 nodev, /* cb_mmap */
2607 2606 nodev, /* cb_segmap */
2608 2607 nochpoll, /* cb_chpoll */
2609 2608 ddi_prop_op, /* cb_prop_op */
2610 2609 NULL, /* cb_stream */
2611 2610 (int)(D_NEW|D_MP) /* cb_flag */
2612 2611 };
2613 2612
2614 2613 static struct dev_ops gssd_ops = {
2615 2614 DEVO_REV, /* devo_rev */
2616 2615 0, /* devo_refcnt */
2617 2616 gssd_getinfo, /* devo_getinfo */
2618 2617 gssd_identify, /* devo_identify */
2619 2618 nulldev, /* devo_probe */
2620 2619 gssd_attach, /* devo_attach */
2621 2620 nulldev, /* devo_detach */
2622 2621 nodev, /* devo_reset */
2623 2622 &gssd_cb_ops, /* devo_cb_ops */
2624 2623 (struct bus_ops *)NULL /* devo_bus_ops */
2625 2624 };
2626 2625
2627 2626 extern struct mod_ops mod_driverops;
2628 2627
2629 2628 static struct modldrv modlmisc = {
2630 2629 &mod_driverops,
2631 2630 "GSSD DRV Client Module",
2632 2631 &gssd_ops
2633 2632
2634 2633 #else /* !DEBUG */
2635 2634
2636 2635 static struct modlmisc modlmisc = {
2637 2636 &mod_miscops,
2638 2637 "GSSD Client Module"
2639 2638 #endif /* DEBUG */
2640 2639 };
2641 2640
2642 2641 static struct modlinkage modlinkage = {
2643 2642 MODREV_1,
2644 2643 (void *)&modlmisc,
2645 2644 NULL
2646 2645 };
2647 2646
2648 2647 char _depends_on[] = "strmod/rpcmod misc/tlimod";
2649 2648
2650 2649 _init(void)
2651 2650 {
2652 2651 int status;
2653 2652
2654 2653 if ((status = ddi_soft_state_init(&gssd_state,
2655 2654 sizeof (gssd_devstate_t), 1)) != 0)
2656 2655 return (status);
2657 2656
2658 2657 if ((status = mod_install((struct modlinkage *)&modlinkage)) != 0)
2659 2658 ddi_soft_state_fini(&gssd_state);
2660 2659
2661 2660 cmn_err(CE_NOTE, "gssd: I'm in the kernel: %d.", status);
2662 2661 return (status);
2663 2662 }
2664 2663
2665 2664 _fini()
2666 2665 {
2667 2666 int status;
2668 2667
2669 2668 killgssd_handle(gss_clnt);
2670 2669 cmn_err(CE_NOTE, "gssd: Handle destroyed.. leaving module.");
2671 2670
2672 2671 if ((status = mod_remove(&modlinkage)) != 0)
2673 2672 return (status);
2674 2673
2675 2674 ddi_soft_state_fini(&gssd_state);
2676 2675 return (status);
2677 2676 }
2678 2677
2679 2678 _info(modinfop)
2680 2679 struct modinfo *modinfop;
2681 2680 {
2682 2681 return (mod_info(&modlinkage, modinfop));
2683 2682 }
2684 2683
2685 2684 #endif
|
↓ open down ↓ |
324 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX