mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-27 00:33:30 +00:00
Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
This commit is contained in:
parent
66c6b32654
commit
c0b9f4fe65
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=153838
@ -966,7 +966,6 @@ _generic_libs= gnu/lib
|
||||
|
||||
.if !defined(NO_KERBEROS) && !defined(NO_CRYPT) && !defined(NO_OPENSSL)
|
||||
_prebuild_libs+= kerberos5/lib/libasn1
|
||||
_prebuild_libs+= kerberos5/lib/libgssapi
|
||||
_prebuild_libs+= kerberos5/lib/libkrb5
|
||||
_prebuild_libs+= kerberos5/lib/libroken
|
||||
_generic_libs+= kerberos5/lib
|
||||
@ -977,7 +976,7 @@ _prebuild_libs+= lib/libbz2 lib/libcom_err lib/libcrypt lib/libexpat \
|
||||
lib/libncurses lib/libnetgraph lib/libopie lib/libpam \
|
||||
lib/libradius \
|
||||
lib/libsbuf lib/libtacplus lib/libutil \
|
||||
lib/libz lib/msun
|
||||
lib/libz lib/msun lib/libgssapi
|
||||
|
||||
lib/libopie__L lib/libtacplus__L: lib/libmd__L
|
||||
|
||||
@ -991,9 +990,7 @@ lib/libradius__L secure/lib/libssl__L: secure/lib/libcrypto__L
|
||||
_prebuild_libs+= secure/lib/libssh
|
||||
secure/lib/libssh__L: lib/libz__L secure/lib/libcrypto__L lib/libcrypt__L
|
||||
.if !defined(NO_KERBEROS)
|
||||
secure/lib/libssh__L: kerberos5/lib/libgssapi__L kerberos5/lib/libkrb5__L \
|
||||
kerberos5/lib/libasn1__L lib/libcom_err__L lib/libmd__L \
|
||||
kerberos5/lib/libroken__L
|
||||
secure/lib/libssh__L: lib/libgssapi__L
|
||||
.endif
|
||||
.endif
|
||||
.endif
|
||||
|
@ -56,6 +56,9 @@ RCSID("$FreeBSD$");
|
||||
|
||||
#ifdef __FreeBSD__
|
||||
#include <resolv.h>
|
||||
#ifdef GSSAPI
|
||||
#include <gssapi/gssapi.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include "ssh.h"
|
||||
@ -1636,6 +1639,18 @@ main(int ac, char **av)
|
||||
debug("res_init()");
|
||||
res_init();
|
||||
}
|
||||
#ifdef GSSAPI
|
||||
/*
|
||||
* Force GSS-API to parse its configuration and load any
|
||||
* mechanism plugins.
|
||||
*/
|
||||
{
|
||||
gss_OID_set mechs;
|
||||
OM_uint32 minor_status;
|
||||
gss_indicate_mechs(&minor_status, &mechs);
|
||||
gss_release_oid_set(&minor_status, &mechs);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@ -103,6 +103,7 @@ distribution:
|
||||
${DESTDIR}/etc/master.passwd
|
||||
cd ${.CURDIR}/bluetooth; ${MAKE} install
|
||||
cd ${.CURDIR}/defaults; ${MAKE} install
|
||||
cd ${.CURDIR}/gss; ${MAKE} install
|
||||
cd ${.CURDIR}/periodic; ${MAKE} install
|
||||
cd ${.CURDIR}/rc.d; ${MAKE} install
|
||||
cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall
|
||||
|
7
etc/gss/Makefile
Normal file
7
etc/gss/Makefile
Normal file
@ -0,0 +1,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
FILES= mech qop
|
||||
NO_OBJ=
|
||||
FILESDIR= /etc/gss
|
||||
|
||||
.include <bsd.prog.mk>
|
4
etc/gss/mech
Normal file
4
etc/gss/mech
Normal file
@ -0,0 +1,4 @@
|
||||
# $FreeBSD$
|
||||
#
|
||||
# Name OID Library name Kernel module
|
||||
kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.8 -
|
3
etc/gss/qop
Normal file
3
etc/gss/qop
Normal file
@ -0,0 +1,3 @@
|
||||
# $FreeBSD$
|
||||
GSS_KRB5_CONF_C_QOP_DES 0x0100 kerberosv5
|
||||
GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 kerberosv5
|
@ -121,6 +121,8 @@
|
||||
..
|
||||
gpib
|
||||
..
|
||||
gssapi
|
||||
..
|
||||
isofs
|
||||
cd9660
|
||||
..
|
||||
|
@ -28,6 +28,8 @@
|
||||
..
|
||||
gnats
|
||||
..
|
||||
gss
|
||||
..
|
||||
isdn mode=0700
|
||||
..
|
||||
mail
|
||||
|
@ -32,7 +32,7 @@ DPADD= ${LIBCVS} ${LIBDIFF} ${LIBGNUREGEX} ${LIBMD} ${LIBCRYPT} ${LIBZ}
|
||||
LDADD= ${LIBCVS} ${LIBDIFF} -lgnuregex -lmd -lcrypt -lz
|
||||
|
||||
.if !defined(NO_KERBEROS) && !defined(NO_OPENSSL) && !defined(NO_CRYPT)
|
||||
CFLAGS+= -DHAVE_GSSAPI -DHAVE_GSSAPI_H -DENCRYPTION
|
||||
CFLAGS+= -DHAVE_GSSAPI -DENCRYPTION
|
||||
LDADD+= -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err
|
||||
DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBROKEN}
|
||||
DPADD+= ${LIBCRYPT} ${LIBCOM_ERR}
|
||||
|
@ -4,11 +4,11 @@
|
||||
# Doing a "make install" builds /usr/include.
|
||||
|
||||
CLEANFILES= osreldate.h version vers.c
|
||||
SUBDIR= arpa protocols rpcsvc rpc
|
||||
SUBDIR= arpa gssapi protocols rpcsvc rpc
|
||||
INCS= a.out.h ar.h assert.h bitstring.h complex.h cpio.h _ctype.h ctype.h \
|
||||
db.h \
|
||||
dirent.h dlfcn.h elf.h elf-hints.h err.h fmtmsg.h fnmatch.h fstab.h \
|
||||
fts.h ftw.h getopt.h glob.h grp.h \
|
||||
fts.h ftw.h getopt.h glob.h grp.h gssapi.h \
|
||||
histedit.h ieeefp.h ifaddrs.h \
|
||||
inttypes.h iso646.h kenv.h langinfo.h libgen.h limits.h link.h \
|
||||
locale.h malloc.h memory.h monetary.h mpool.h mqueue.h \
|
||||
|
5
include/gssapi.h
Normal file
5
include/gssapi.h
Normal file
@ -0,0 +1,5 @@
|
||||
/* $FreeBSD$ */
|
||||
#ifdef __GNUC__
|
||||
#warning "this file includes <gssapi.h> which is deprecated, use <gssapi/gssapi.h> instead"
|
||||
#endif
|
||||
#include <gssapi/gssapi.h>
|
7
include/gssapi/Makefile
Normal file
7
include/gssapi/Makefile
Normal file
@ -0,0 +1,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
NO_OBJ=
|
||||
INCS= gssapi.h
|
||||
INCSDIR= ${INCLUDEDIR}/gssapi
|
||||
|
||||
.include <bsd.prog.mk>
|
756
include/gssapi/gssapi.h
Normal file
756
include/gssapi/gssapi.h
Normal file
@ -0,0 +1,756 @@
|
||||
/*
|
||||
* Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
*
|
||||
* This document and translations of it may be copied and furnished to
|
||||
* others, and derivative works that comment on or otherwise explain it
|
||||
* or assist in its implementation may be prepared, copied, published
|
||||
* and distributed, in whole or in part, without restriction of any
|
||||
* kind, provided that the above copyright notice and this paragraph are
|
||||
* included on all such copies and derivative works. However, this
|
||||
* document itself may not be modified in any way, such as by removing
|
||||
* the copyright notice or references to the Internet Society or other
|
||||
* Internet organizations, except as needed for the purpose of
|
||||
* developing Internet standards in which case the procedures for
|
||||
* copyrights defined in the Internet Standards process must be
|
||||
* followed, or as required to translate it into languages other than
|
||||
* English.
|
||||
*
|
||||
* The limited permissions granted above are perpetual and will not be
|
||||
* revoked by the Internet Society or its successors or assigns.
|
||||
*
|
||||
* This document and the information contained herein is provided on an
|
||||
* "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
* TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
* BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
* HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#ifndef _GSSAPI_GSSAPI_H_
|
||||
#define _GSSAPI_GSSAPI_H_
|
||||
|
||||
/*
|
||||
* First, include stddef.h to get size_t defined.
|
||||
*/
|
||||
#include <stddef.h>
|
||||
|
||||
/*
|
||||
* Include stdint.h to get explicitly sized data types.
|
||||
*/
|
||||
#include <stdint.h>
|
||||
|
||||
#if 0
|
||||
/*
|
||||
* If the platform supports the xom.h header file, it should be
|
||||
* included here.
|
||||
*/
|
||||
#include <xom.h>
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* Now define the three implementation-dependent types.
|
||||
*/
|
||||
typedef struct _gss_ctx_id_t *gss_ctx_id_t;
|
||||
typedef struct _gss_cred_id_t *gss_cred_id_t;
|
||||
typedef struct _gss_name_t *gss_name_t;
|
||||
|
||||
/*
|
||||
* The following type must be defined as the smallest natural
|
||||
* unsigned integer supported by the platform that has at least
|
||||
* 32 bits of precision.
|
||||
*/
|
||||
typedef uint32_t gss_uint32;
|
||||
|
||||
|
||||
#ifdef OM_STRING
|
||||
/*
|
||||
* We have included the xom.h header file. Verify that OM_uint32
|
||||
* is defined correctly.
|
||||
*/
|
||||
|
||||
#if sizeof(gss_uint32) != sizeof(OM_uint32)
|
||||
#error Incompatible definition of OM_uint32 from xom.h
|
||||
#endif
|
||||
|
||||
typedef OM_object_identifier gss_OID_desc, *gss_OID;
|
||||
|
||||
#else
|
||||
|
||||
/*
|
||||
* We can't use X/Open definitions, so roll our own.
|
||||
*/
|
||||
|
||||
typedef gss_uint32 OM_uint32;
|
||||
|
||||
typedef struct gss_OID_desc_struct {
|
||||
OM_uint32 length;
|
||||
void *elements;
|
||||
} gss_OID_desc, *gss_OID;
|
||||
|
||||
#endif
|
||||
|
||||
typedef struct gss_OID_set_desc_struct {
|
||||
size_t count;
|
||||
gss_OID elements;
|
||||
} gss_OID_set_desc, *gss_OID_set;
|
||||
|
||||
typedef struct gss_buffer_desc_struct {
|
||||
size_t length;
|
||||
void *value;
|
||||
} gss_buffer_desc, *gss_buffer_t;
|
||||
|
||||
typedef struct gss_channel_bindings_struct {
|
||||
OM_uint32 initiator_addrtype;
|
||||
gss_buffer_desc initiator_address;
|
||||
OM_uint32 acceptor_addrtype;
|
||||
gss_buffer_desc acceptor_address;
|
||||
gss_buffer_desc application_data;
|
||||
} *gss_channel_bindings_t;
|
||||
|
||||
/*
|
||||
* For now, define a QOP-type as an OM_uint32
|
||||
*/
|
||||
typedef OM_uint32 gss_qop_t;
|
||||
|
||||
typedef int gss_cred_usage_t;
|
||||
|
||||
/*
|
||||
* Flag bits for context-level services.
|
||||
*/
|
||||
#define GSS_C_DELEG_FLAG 1
|
||||
#define GSS_C_MUTUAL_FLAG 2
|
||||
#define GSS_C_REPLAY_FLAG 4
|
||||
#define GSS_C_SEQUENCE_FLAG 8
|
||||
#define GSS_C_CONF_FLAG 16
|
||||
#define GSS_C_INTEG_FLAG 32
|
||||
#define GSS_C_ANON_FLAG 64
|
||||
#define GSS_C_PROT_READY_FLAG 128
|
||||
#define GSS_C_TRANS_FLAG 256
|
||||
|
||||
/*
|
||||
* Credential usage options
|
||||
*/
|
||||
#define GSS_C_BOTH 0
|
||||
#define GSS_C_INITIATE 1
|
||||
#define GSS_C_ACCEPT 2
|
||||
|
||||
/*
|
||||
* Status code types for gss_display_status
|
||||
*/
|
||||
#define GSS_C_GSS_CODE 1
|
||||
#define GSS_C_MECH_CODE 2
|
||||
|
||||
/*
|
||||
* The constant definitions for channel-bindings address families
|
||||
*/
|
||||
#define GSS_C_AF_UNSPEC 0
|
||||
#define GSS_C_AF_LOCAL 1
|
||||
#define GSS_C_AF_INET 2
|
||||
#define GSS_C_AF_IMPLINK 3
|
||||
#define GSS_C_AF_PUP 4
|
||||
#define GSS_C_AF_CHAOS 5
|
||||
#define GSS_C_AF_NS 6
|
||||
#define GSS_C_AF_NBS 7
|
||||
#define GSS_C_AF_ECMA 8
|
||||
#define GSS_C_AF_DATAKIT 9
|
||||
#define GSS_C_AF_CCITT 10
|
||||
#define GSS_C_AF_SNA 11
|
||||
#define GSS_C_AF_DECnet 12
|
||||
#define GSS_C_AF_DLI 13
|
||||
#define GSS_C_AF_LAT 14
|
||||
#define GSS_C_AF_HYLINK 15
|
||||
#define GSS_C_AF_APPLETALK 16
|
||||
#define GSS_C_AF_BSC 17
|
||||
#define GSS_C_AF_DSS 18
|
||||
#define GSS_C_AF_OSI 19
|
||||
#define GSS_C_AF_X25 21
|
||||
#define GSS_C_AF_NULLADDR 255
|
||||
|
||||
/*
|
||||
* Various Null values
|
||||
*/
|
||||
#define GSS_C_NO_NAME ((gss_name_t) 0)
|
||||
#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
|
||||
#define GSS_C_NO_OID ((gss_OID) 0)
|
||||
#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
|
||||
#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
|
||||
#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
|
||||
#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
|
||||
#define GSS_C_EMPTY_BUFFER {0, NULL}
|
||||
|
||||
/*
|
||||
* Some alternate names for a couple of the above
|
||||
* values. These are defined for V1 compatibility.
|
||||
*/
|
||||
#define GSS_C_NULL_OID GSS_C_NO_OID
|
||||
#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
|
||||
|
||||
/*
|
||||
* Define the default Quality of Protection for per-message
|
||||
* services. Note that an implementation that offers multiple
|
||||
* levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
|
||||
* (as done here) to mean "default protection", or to a specific
|
||||
* explicit QOP value. However, a value of 0 should always be
|
||||
* interpreted by a GSS-API implementation as a request for the
|
||||
* default protection level.
|
||||
*/
|
||||
#define GSS_C_QOP_DEFAULT 0
|
||||
|
||||
/*
|
||||
* Expiration time of 2^32-1 seconds means infinite lifetime for a
|
||||
* credential or security context
|
||||
*/
|
||||
#define GSS_C_INDEFINITE 0xfffffffful
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x01"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
|
||||
* GSS_C_NT_USER_NAME should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_USER_NAME;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x02"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
|
||||
* The constant GSS_C_NT_MACHINE_UID_NAME should be
|
||||
* initialized to point to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x03"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
|
||||
* The constant GSS_C_NT_STRING_UID_NAME should be
|
||||
* initialized to point to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_STRING_UID_NAME;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) org(3) dod(6) internet(1) security(5)
|
||||
* nametypes(6) gss-host-based-services(2)). The constant
|
||||
* GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
|
||||
* to that gss_OID_desc. This is a deprecated OID value, and
|
||||
* implementations wishing to support hostbased-service names
|
||||
* should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
|
||||
* defined below, to identify such names;
|
||||
* GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
|
||||
* for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
|
||||
* parameter, but should not be emitted by GSS-API
|
||||
* implementations
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x04"}, corresponding to an
|
||||
* object-identifier value of {iso(1) member-body(2)
|
||||
* Unites States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) service_name(4)}. The constant
|
||||
* GSS_C_NT_HOSTBASED_SERVICE should be initialized
|
||||
* to point to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {6, (void *)"\x2b\x06\01\x05\x06\x03"},
|
||||
* corresponding to an object identifier value of
|
||||
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
|
||||
* 6(nametypes), 3(gss-anonymous-name)}. The constant
|
||||
* and GSS_C_NT_ANONYMOUS should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_ANONYMOUS;
|
||||
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
|
||||
* 6(nametypes), 4(gss-api-exported-name)}. The constant
|
||||
* GSS_C_NT_EXPORT_NAME should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
extern gss_OID GSS_C_NT_EXPORT_NAME;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* krb5(2) krb5_name(1)}. The recommended symbolic name for this type
|
||||
* is "GSS_KRB5_NT_PRINCIPAL_NAME".
|
||||
*/
|
||||
extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) user_name(1)}. The recommended symbolic name for this
|
||||
* type is "GSS_KRB5_NT_USER_NAME".
|
||||
*/
|
||||
extern gss_OID GSS_KRB5_NT_USER_NAME;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) machine_uid_name(2)}. The recommended symbolic name for
|
||||
* this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
|
||||
*/
|
||||
extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) string_uid_name(3)}. The recommended symbolic name for
|
||||
* this type is "GSS_KRB5_NT_STRING_UID_NAME".
|
||||
*/
|
||||
extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
|
||||
|
||||
/* Major status codes */
|
||||
|
||||
#define GSS_S_COMPLETE 0
|
||||
|
||||
/*
|
||||
* Some "helper" definitions to make the status code macros obvious.
|
||||
*/
|
||||
#define GSS_C_CALLING_ERROR_OFFSET 24
|
||||
#define GSS_C_ROUTINE_ERROR_OFFSET 16
|
||||
#define GSS_C_SUPPLEMENTARY_OFFSET 0
|
||||
#define GSS_C_CALLING_ERROR_MASK 0377ul
|
||||
#define GSS_C_ROUTINE_ERROR_MASK 0377ul
|
||||
#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
|
||||
|
||||
/*
|
||||
* The macros that test status codes for error conditions.
|
||||
* Note that the GSS_ERROR() macro has changed slightly from
|
||||
* the V1 GSS-API so that it now evaluates its argument
|
||||
* only once.
|
||||
*/
|
||||
#define GSS_CALLING_ERROR(x) \
|
||||
(x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
|
||||
#define GSS_ROUTINE_ERROR(x) \
|
||||
(x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
|
||||
#define GSS_SUPPLEMENTARY_INFO(x) \
|
||||
(x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
|
||||
#define GSS_ERROR(x) \
|
||||
(x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
|
||||
(GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
|
||||
|
||||
/*
|
||||
* Now the actual status code definitions
|
||||
*/
|
||||
|
||||
/*
|
||||
* Calling errors:
|
||||
*/
|
||||
#define GSS_S_CALL_INACCESSIBLE_READ \
|
||||
(1ul << GSS_C_CALLING_ERROR_OFFSET)
|
||||
#define GSS_S_CALL_INACCESSIBLE_WRITE \
|
||||
(2ul << GSS_C_CALLING_ERROR_OFFSET)
|
||||
#define GSS_S_CALL_BAD_STRUCTURE \
|
||||
(3ul << GSS_C_CALLING_ERROR_OFFSET)
|
||||
|
||||
/*
|
||||
* Routine errors:
|
||||
*/
|
||||
#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_BAD_MIC GSS_S_BAD_SIG
|
||||
#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
|
||||
/*
|
||||
* Supplementary info bits:
|
||||
*/
|
||||
#define GSS_S_CONTINUE_NEEDED \
|
||||
(1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
|
||||
#define GSS_S_DUPLICATE_TOKEN \
|
||||
(1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
|
||||
#define GSS_S_OLD_TOKEN \
|
||||
(1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
|
||||
#define GSS_S_UNSEQ_TOKEN \
|
||||
(1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
|
||||
#define GSS_S_GAP_TOKEN \
|
||||
(1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
|
||||
|
||||
/*
|
||||
* Finally, function prototypes for the GSS-API routines.
|
||||
*/
|
||||
OM_uint32 gss_acquire_cred
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* desired_name */
|
||||
OM_uint32, /* time_req */
|
||||
const gss_OID_set, /* desired_mechs */
|
||||
gss_cred_usage_t, /* cred_usage */
|
||||
gss_cred_id_t *, /* output_cred_handle */
|
||||
gss_OID_set *, /* actual_mechs */
|
||||
OM_uint32 * /* time_rec */
|
||||
);
|
||||
|
||||
OM_uint32 gss_release_cred
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_cred_id_t * /* cred_handle */
|
||||
);
|
||||
|
||||
OM_uint32 gss_init_sec_context
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_cred_id_t, /* initiator_cred_handle */
|
||||
gss_ctx_id_t *, /* context_handle */
|
||||
const gss_name_t, /* target_name */
|
||||
const gss_OID, /* mech_type */
|
||||
OM_uint32, /* req_flags */
|
||||
OM_uint32, /* time_req */
|
||||
const gss_channel_bindings_t,
|
||||
/* input_chan_bindings */
|
||||
const gss_buffer_t, /* input_token */
|
||||
gss_OID *, /* actual_mech_type */
|
||||
gss_buffer_t, /* output_token */
|
||||
OM_uint32 *, /* ret_flags */
|
||||
OM_uint32 * /* time_rec */
|
||||
);
|
||||
|
||||
OM_uint32 gss_accept_sec_context
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t *, /* context_handle */
|
||||
const gss_cred_id_t, /* acceptor_cred_handle */
|
||||
const gss_buffer_t, /* input_token_buffer */
|
||||
const gss_channel_bindings_t,
|
||||
/* input_chan_bindings */
|
||||
gss_name_t *, /* src_name */
|
||||
gss_OID *, /* mech_type */
|
||||
gss_buffer_t, /* output_token */
|
||||
OM_uint32 *, /* ret_flags */
|
||||
OM_uint32 *, /* time_rec */
|
||||
gss_cred_id_t * /* delegated_cred_handle */
|
||||
);
|
||||
|
||||
OM_uint32 gss_process_context_token
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
const gss_buffer_t /* token_buffer */
|
||||
);
|
||||
|
||||
OM_uint32 gss_delete_sec_context
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t *, /* context_handle */
|
||||
gss_buffer_t /* output_token */
|
||||
);
|
||||
|
||||
OM_uint32 gss_context_time
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
OM_uint32 * /* time_rec */
|
||||
);
|
||||
|
||||
OM_uint32 gss_get_mic
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
gss_qop_t, /* qop_req */
|
||||
const gss_buffer_t, /* message_buffer */
|
||||
gss_buffer_t /* message_token */
|
||||
);
|
||||
|
||||
OM_uint32 gss_verify_mic
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
const gss_buffer_t, /* message_buffer */
|
||||
const gss_buffer_t, /* token_buffer */
|
||||
gss_qop_t * /* qop_state */
|
||||
);
|
||||
|
||||
OM_uint32 gss_wrap
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
int, /* conf_req_flag */
|
||||
gss_qop_t, /* qop_req */
|
||||
const gss_buffer_t, /* input_message_buffer */
|
||||
int *, /* conf_state */
|
||||
gss_buffer_t /* output_message_buffer */
|
||||
);
|
||||
|
||||
OM_uint32 gss_unwrap
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
const gss_buffer_t, /* input_message_buffer */
|
||||
gss_buffer_t, /* output_message_buffer */
|
||||
int *, /* conf_state */
|
||||
gss_qop_t * /* qop_state */
|
||||
);
|
||||
|
||||
OM_uint32 gss_display_status
|
||||
(OM_uint32 *, /* minor_status */
|
||||
OM_uint32, /* status_value */
|
||||
int, /* status_type */
|
||||
const gss_OID, /* mech_type */
|
||||
OM_uint32 *, /* message_context */
|
||||
gss_buffer_t /* status_string */
|
||||
);
|
||||
|
||||
OM_uint32 gss_indicate_mechs
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_OID_set * /* mech_set */
|
||||
);
|
||||
|
||||
OM_uint32 gss_compare_name
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* name1 */
|
||||
const gss_name_t, /* name2 */
|
||||
int * /* name_equal */
|
||||
);
|
||||
|
||||
OM_uint32 gss_display_name
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* input_name */
|
||||
gss_buffer_t, /* output_name_buffer */
|
||||
gss_OID * /* output_name_type */
|
||||
);
|
||||
|
||||
OM_uint32 gss_import_name
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_buffer_t, /* input_name_buffer */
|
||||
const gss_OID, /* input_name_type */
|
||||
gss_name_t * /* output_name */
|
||||
);
|
||||
|
||||
OM_uint32 gss_export_name
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* input_name */
|
||||
gss_buffer_t /* exported_name */
|
||||
);
|
||||
|
||||
OM_uint32 gss_release_name
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_name_t * /* input_name */
|
||||
);
|
||||
|
||||
OM_uint32 gss_release_buffer
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_buffer_t /* buffer */
|
||||
);
|
||||
|
||||
OM_uint32 gss_release_oid_set
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_OID_set * /* set */
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_cred
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_cred_id_t, /* cred_handle */
|
||||
gss_name_t *, /* name */
|
||||
OM_uint32 *, /* lifetime */
|
||||
gss_cred_usage_t *, /* cred_usage */
|
||||
gss_OID_set * /* mechanisms */
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_context (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
gss_name_t *, /* src_name */
|
||||
gss_name_t *, /* targ_name */
|
||||
OM_uint32 *, /* lifetime_rec */
|
||||
gss_OID *, /* mech_type */
|
||||
OM_uint32 *, /* ctx_flags */
|
||||
int *, /* locally_initiated */
|
||||
int * /* open */
|
||||
);
|
||||
|
||||
OM_uint32 gss_wrap_size_limit (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
int, /* conf_req_flag */
|
||||
gss_qop_t, /* qop_req */
|
||||
OM_uint32, /* req_output_size */
|
||||
OM_uint32 * /* max_input_size */
|
||||
);
|
||||
|
||||
OM_uint32 gss_add_cred (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_cred_id_t, /* input_cred_handle */
|
||||
const gss_name_t, /* desired_name */
|
||||
const gss_OID, /* desired_mech */
|
||||
gss_cred_usage_t, /* cred_usage */
|
||||
OM_uint32, /* initiator_time_req */
|
||||
OM_uint32, /* acceptor_time_req */
|
||||
gss_cred_id_t *, /* output_cred_handle */
|
||||
gss_OID_set *, /* actual_mechs */
|
||||
OM_uint32 *, /* initiator_time_rec */
|
||||
OM_uint32 * /* acceptor_time_rec */
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_cred_by_mech (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_cred_id_t, /* cred_handle */
|
||||
const gss_OID, /* mech_type */
|
||||
gss_name_t *, /* name */
|
||||
OM_uint32 *, /* initiator_lifetime */
|
||||
OM_uint32 *, /* acceptor_lifetime */
|
||||
gss_cred_usage_t * /* cred_usage */
|
||||
);
|
||||
|
||||
OM_uint32 gss_export_sec_context (
|
||||
OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t *, /* context_handle */
|
||||
gss_buffer_t /* interprocess_token */
|
||||
);
|
||||
|
||||
OM_uint32 gss_import_sec_context (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_buffer_t, /* interprocess_token */
|
||||
gss_ctx_id_t * /* context_handle */
|
||||
);
|
||||
|
||||
OM_uint32 gss_create_empty_oid_set (
|
||||
OM_uint32 *, /* minor_status */
|
||||
gss_OID_set * /* oid_set */
|
||||
);
|
||||
|
||||
OM_uint32 gss_add_oid_set_member (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_OID, /* member_oid */
|
||||
gss_OID_set * /* oid_set */
|
||||
);
|
||||
|
||||
OM_uint32 gss_test_oid_set_member (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_OID, /* member */
|
||||
const gss_OID_set, /* set */
|
||||
int * /* present */
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_names_for_mech (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_OID, /* mechanism */
|
||||
gss_OID_set * /* name_types */
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_mechs_for_name (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* input_name */
|
||||
gss_OID_set * /* mech_types */
|
||||
);
|
||||
|
||||
OM_uint32 gss_canonicalize_name (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* input_name */
|
||||
const gss_OID, /* mech_type */
|
||||
gss_name_t * /* output_name */
|
||||
);
|
||||
|
||||
OM_uint32 gss_duplicate_name (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* src_name */
|
||||
gss_name_t * /* dest_name */
|
||||
);
|
||||
|
||||
/*
|
||||
* The following routines are obsolete variants of gss_get_mic,
|
||||
* gss_verify_mic, gss_wrap and gss_unwrap. They should be
|
||||
* provided by GSS-API V2 implementations for backwards
|
||||
* compatibility with V1 applications. Distinct entrypoints
|
||||
* (as opposed to #defines) should be provided, both to allow
|
||||
* GSS-API V1 applications to link against GSS-API V2 implementations,
|
||||
* and to retain the slight parameter type differences between the
|
||||
* obsolete versions of these routines and their current forms.
|
||||
*/
|
||||
|
||||
OM_uint32 gss_sign
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t, /* context_handle */
|
||||
int, /* qop_req */
|
||||
gss_buffer_t, /* message_buffer */
|
||||
gss_buffer_t /* message_token */
|
||||
);
|
||||
|
||||
|
||||
OM_uint32 gss_verify
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t, /* context_handle */
|
||||
gss_buffer_t, /* message_buffer */
|
||||
gss_buffer_t, /* token_buffer */
|
||||
int * /* qop_state */
|
||||
);
|
||||
|
||||
OM_uint32 gss_seal
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t, /* context_handle */
|
||||
int, /* conf_req_flag */
|
||||
int, /* qop_req */
|
||||
gss_buffer_t, /* input_message_buffer */
|
||||
int *, /* conf_state */
|
||||
gss_buffer_t /* output_message_buffer */
|
||||
);
|
||||
|
||||
|
||||
OM_uint32 gss_unseal
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t, /* context_handle */
|
||||
gss_buffer_t, /* input_message_buffer */
|
||||
gss_buffer_t, /* output_message_buffer */
|
||||
int *, /* conf_state */
|
||||
int * /* qop_state */
|
||||
);
|
||||
|
||||
/*
|
||||
* kerberos mechanism specific functions
|
||||
*/
|
||||
struct krb5_ccache_data;
|
||||
#define GSS_C_KRB5_COMPAT_DES3_MIC 1
|
||||
|
||||
OM_uint32 gsskrb5_register_acceptor_identity
|
||||
(const char * /* identity */
|
||||
);
|
||||
|
||||
OM_uint32 gss_krb5_copy_ccache
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_cred_id_t, /* cred_handle */
|
||||
struct krb5_ccache_data * /* out */
|
||||
);
|
||||
|
||||
OM_uint32 gss_krb5_compat_des3_mic
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t, /* context_handle */
|
||||
int /* flag */
|
||||
);
|
||||
|
||||
#endif /* _GSSAPI_GSSAPI_H_ */
|
@ -1,48 +1,11 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= gssapi
|
||||
INCS= gssapi.h
|
||||
MAN= gss_acquire_cred.3 gssapi.3
|
||||
|
||||
MLINKS= gss_acquire_cred.3 gss_accept_sec_context.3 \
|
||||
gss_acquire_cred.3 gss_add_cred.3 \
|
||||
gss_acquire_cred.3 gss_add_oid_set_member.3 \
|
||||
gss_acquire_cred.3 gss_canonicalize_name.3 \
|
||||
gss_acquire_cred.3 gss_compare_name.3 \
|
||||
gss_acquire_cred.3 gss_context_time.3 \
|
||||
gss_acquire_cred.3 gss_create_empty_oid_set.3 \
|
||||
gss_acquire_cred.3 gss_delete_sec_context.3 \
|
||||
gss_acquire_cred.3 gss_display_name.3 \
|
||||
gss_acquire_cred.3 gss_display_status.3 \
|
||||
gss_acquire_cred.3 gss_duplicate_name.3 \
|
||||
gss_acquire_cred.3 gss_export_name.3 \
|
||||
gss_acquire_cred.3 gss_export_sec_context.3 \
|
||||
gss_acquire_cred.3 gss_get_mic.3 \
|
||||
gss_acquire_cred.3 gss_import_name.3 \
|
||||
gss_acquire_cred.3 gss_import_sec_context.3 \
|
||||
gss_acquire_cred.3 gss_indicate_mechs.3 \
|
||||
gss_acquire_cred.3 gss_init_sec_context.3 \
|
||||
gss_acquire_cred.3 gss_inquire_context.3 \
|
||||
gss_acquire_cred.3 gss_inquire_cred.3 \
|
||||
gss_acquire_cred.3 gss_inquire_cred_by_mech.3 \
|
||||
gss_acquire_cred.3 gss_inquire_mechs_for_name.3 \
|
||||
gss_acquire_cred.3 gss_inquire_names_for_mech.3 \
|
||||
gss_acquire_cred.3 gss_krb5_compat_des3_mic.3 \
|
||||
gss_acquire_cred.3 gss_krb5_copy_ccache.3 \
|
||||
gss_acquire_cred.3 gss_process_context_token.3 \
|
||||
gss_acquire_cred.3 gss_release_buffer.3 \
|
||||
gss_acquire_cred.3 gss_release_cred.3 \
|
||||
gss_acquire_cred.3 gss_release_name.3 \
|
||||
gss_acquire_cred.3 gss_release_oid_set.3 \
|
||||
gss_acquire_cred.3 gss_seal.3 \
|
||||
gss_acquire_cred.3 gss_sign.3 \
|
||||
gss_acquire_cred.3 gss_test_oid_set_member.3 \
|
||||
gss_acquire_cred.3 gss_unseal.3 \
|
||||
gss_acquire_cred.3 gss_unwrap.3 \
|
||||
gss_acquire_cred.3 gss_verify.3 \
|
||||
gss_acquire_cred.3 gss_verify_mic.3 \
|
||||
gss_acquire_cred.3 gss_wrap.3 \
|
||||
gss_acquire_cred.3 gss_wrap_size_limit.3
|
||||
LIB= gssapi_krb5
|
||||
LDFLAGS= -Wl,-Bsymbolic
|
||||
LDADD= -lkrb5 -lcrypto -lroken -lasn1 -lcom_err -lcrypt
|
||||
DPADD= ${LIBKRB5} ${LIBCRYPTO} ${LIBROKEN} ${LIBASN1} ${LIBCOM_ERR} \
|
||||
${LIBCRYPT}
|
||||
NO_MAN=
|
||||
|
||||
SRCS= 8003.c \
|
||||
accept_sec_context.c \
|
||||
@ -67,7 +30,6 @@ SRCS= 8003.c \
|
||||
export_sec_context.c \
|
||||
external.c \
|
||||
get_mic.c \
|
||||
gssapi.h \
|
||||
import_name.c \
|
||||
import_sec_context.c \
|
||||
indicate_mechs.c \
|
||||
|
@ -28,7 +28,7 @@ SUBDIR= ${_csu} libcom_err libcrypt libkvm msun libmd libncurses \
|
||||
libbegemot ${_libbluetooth} libbsnmp libbz2 libc ${_libc_r} \
|
||||
libcalendar libcam libcompat libdevinfo libdevstat ${_libdisk} \
|
||||
libedit libexpat libfetch libform libftpio libgeom ${_libgpib} \
|
||||
${_libio} libipsec \
|
||||
libgssapi ${_libio} libipsec \
|
||||
libipx libkiconv libmagic libmemstat libmenu ${_libmilter} ${_libmp} \
|
||||
${_libncp} ${_libngatm} libopie libpam libpanel libpcap \
|
||||
libpmc ${_libpthread} ${_libsdp} ${_libsm} ${_libsmb} ${_libsmdb} \
|
||||
|
95
lib/libgssapi/Makefile
Normal file
95
lib/libgssapi/Makefile
Normal file
@ -0,0 +1,95 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= gssapi
|
||||
SHLIB_MAJOR= 7
|
||||
|
||||
SRCS=
|
||||
SRCS+= gss_utils.c
|
||||
SRCS+= gss_mech_switch.c
|
||||
SRCS+= gss_names.c
|
||||
SRCS+= gss_acquire_cred.c
|
||||
SRCS+= gss_release_cred.c
|
||||
SRCS+= gss_init_sec_context.c
|
||||
SRCS+= gss_accept_sec_context.c
|
||||
SRCS+= gss_process_context_token.c
|
||||
SRCS+= gss_delete_sec_context.c
|
||||
SRCS+= gss_context_time.c
|
||||
SRCS+= gss_get_mic.c
|
||||
SRCS+= gss_verify_mic.c
|
||||
SRCS+= gss_wrap.c
|
||||
SRCS+= gss_unwrap.c
|
||||
SRCS+= gss_display_status.c
|
||||
SRCS+= gss_indicate_mechs.c
|
||||
SRCS+= gss_compare_name.c
|
||||
SRCS+= gss_display_name.c
|
||||
SRCS+= gss_import_name.c
|
||||
SRCS+= gss_export_name.c
|
||||
SRCS+= gss_release_name.c
|
||||
SRCS+= gss_inquire_cred.c
|
||||
SRCS+= gss_inquire_context.c
|
||||
SRCS+= gss_wrap_size_limit.c
|
||||
SRCS+= gss_add_cred.c
|
||||
SRCS+= gss_inquire_cred_by_mech.c
|
||||
SRCS+= gss_export_sec_context.c
|
||||
SRCS+= gss_import_sec_context.c
|
||||
SRCS+= gss_inquire_names_for_mech.c
|
||||
SRCS+= gss_inquire_mechs_for_name.c
|
||||
SRCS+= gss_canonicalize_name.c
|
||||
SRCS+= gss_duplicate_name.c
|
||||
SRCS+= gss_sign.c
|
||||
SRCS+= gss_verify.c
|
||||
SRCS+= gss_seal.c
|
||||
SRCS+= gss_unseal.c
|
||||
SRCS+= gss_krb5.c
|
||||
SRCS+= gss_create_empty_oid_set.c
|
||||
SRCS+= gss_add_oid_set_member.c
|
||||
SRCS+= gss_test_oid_set_member.c
|
||||
SRCS+= gss_release_oid_set.c
|
||||
SRCS+= gss_release_buffer.c
|
||||
|
||||
MAN=
|
||||
MAN+= gssapi.3
|
||||
MAN+= gss_accept_sec_context.3
|
||||
MAN+= gss_acquire_cred.3
|
||||
MAN+= gss_add_cred.3
|
||||
MAN+= gss_add_oid_set_member.3
|
||||
MAN+= gss_canonicalize_name.3
|
||||
MAN+= gss_compare_name.3
|
||||
MAN+= gss_context_time.3
|
||||
MAN+= gss_create_empty_oid_set.3
|
||||
MAN+= gss_delete_sec_context.3
|
||||
MAN+= gss_display_name.3
|
||||
MAN+= gss_display_status.3
|
||||
MAN+= gss_duplicate_name.3
|
||||
MAN+= gss_export_name.3
|
||||
MAN+= gss_export_sec_context.3
|
||||
MAN+= gss_get_mic.3
|
||||
MAN+= gss_import_name.3
|
||||
MAN+= gss_import_sec_context.3
|
||||
MAN+= gss_indicate_mechs.3
|
||||
MAN+= gss_init_sec_context.3
|
||||
MAN+= gss_inquire_context.3
|
||||
MAN+= gss_inquire_cred.3
|
||||
MAN+= gss_inquire_cred_by_mech.3
|
||||
MAN+= gss_inquire_mechs_for_name.3
|
||||
MAN+= gss_inquire_names_for_mech.3
|
||||
MAN+= gss_process_context_token.3
|
||||
MAN+= gss_release_buffer.3
|
||||
MAN+= gss_release_cred.3
|
||||
MAN+= gss_release_name.3
|
||||
MAN+= gss_release_oid_set.3
|
||||
MAN+= gss_test_oid_set_member.3
|
||||
MAN+= gss_unwrap.3
|
||||
MAN+= gss_verify_mic.3
|
||||
MAN+= gss_wrap.3
|
||||
MAN+= gss_wrap_size_limit.3
|
||||
MAN+= mech.5
|
||||
|
||||
MLINKS=
|
||||
MLINKS+= gss_get_mic.3 gss_sign.3
|
||||
MLINKS+= gss_unwrap.3 gss_unseal.3
|
||||
MLINKS+= gss_verify_mic.3 gss_verify.3
|
||||
MLINKS+= gss_wrap.3 gss_seal.3
|
||||
MLINKS+= mech.5 qop.5
|
||||
|
||||
.include <bsd.lib.mk>
|
32
lib/libgssapi/context.h
Normal file
32
lib/libgssapi/context.h
Normal file
@ -0,0 +1,32 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
struct _gss_context {
|
||||
struct _gss_mech_switch *gc_mech;
|
||||
gss_ctx_id_t gc_ctx;
|
||||
};
|
43
lib/libgssapi/cred.h
Normal file
43
lib/libgssapi/cred.h
Normal file
@ -0,0 +1,43 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/queue.h>
|
||||
|
||||
struct _gss_mechanism_cred {
|
||||
SLIST_ENTRY(_gss_mechanism_cred) gmc_link;
|
||||
struct _gss_mech_switch *gmc_mech; /* mechanism ops for MC */
|
||||
gss_OID gmc_mech_oid; /* mechanism oid for MC */
|
||||
gss_cred_id_t gmc_cred; /* underlying MC */
|
||||
};
|
||||
SLIST_HEAD(_gss_mechanism_cred_list, _gss_mechanism_cred);
|
||||
|
||||
struct _gss_cred {
|
||||
gss_cred_usage_t gc_usage;
|
||||
struct _gss_mechanism_cred_list gc_mc;
|
||||
};
|
||||
|
484
lib/libgssapi/gss_accept_sec_context.3
Normal file
484
lib/libgssapi/gss_accept_sec_context.3
Normal file
@ -0,0 +1,484 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_ACCEPT_SEC_CONTEXT 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_accept_sec_context
|
||||
.Nd Accept a security context initiated by a peer application
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_accept_sec_context
|
||||
.Fa "OM_uint32 *minor_status
|
||||
.Fa "gss_ctx_id_t *context_handle"
|
||||
.Fa "const gss_cred_id_t acceptor_cred_handle"
|
||||
.Fa "const gss_buffer_t input_token_buffer"
|
||||
.Fa "const gss_channel_bindings_t input_chan_bindings"
|
||||
.Fa "const gss_name_t *src_name"
|
||||
.Fa "gss_OID *mech_type"
|
||||
.Fa "gss_buffer_t output_token"
|
||||
.Fa "OM_uint32 *ret_flags"
|
||||
.Fa "OM_uint32 *time_rec"
|
||||
.Fa "gss_cred_id_t *delegated_cred_handle"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Allows a remotely initiated security context between the application
|
||||
and a remote peer to be established. The routine may return a
|
||||
.Fa output_token
|
||||
which should be transferred to the peer application,
|
||||
where the peer application will present it to
|
||||
.Xr gss_init_sec_context 3 .
|
||||
If no token need be sent,
|
||||
.Fn gss_accept_sec_context
|
||||
will indicate this
|
||||
by setting the length field of the
|
||||
.Fa output_token
|
||||
argument to zero.
|
||||
To complete the context establishment, one or more reply tokens may be
|
||||
required from the peer application; if so,
|
||||
.Fn gss_accept_sec_context
|
||||
will return a status flag of
|
||||
.Dv GSS_S_CONTINUE_NEEDED , in which case it
|
||||
should be called again when the reply token is received from the peer
|
||||
application, passing the token to
|
||||
.Fn gss_accept_sec_context
|
||||
via the
|
||||
.Fa input_token
|
||||
parameters.
|
||||
.Pp
|
||||
Portable applications should be constructed to use the token length
|
||||
and return status to determine whether a token needs to be sent or
|
||||
waited for. Thus a typical portable caller should always invoke
|
||||
.Fn gss_accept_sec_context
|
||||
within a loop:
|
||||
.Bd -literal
|
||||
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
|
||||
|
||||
do {
|
||||
receive_token_from_peer(input_token);
|
||||
maj_stat = gss_accept_sec_context(&min_stat,
|
||||
&context_hdl,
|
||||
cred_hdl,
|
||||
input_token,
|
||||
input_bindings,
|
||||
&client_name,
|
||||
&mech_type,
|
||||
output_token,
|
||||
&ret_flags,
|
||||
&time_rec,
|
||||
&deleg_cred);
|
||||
if (GSS_ERROR(maj_stat)) {
|
||||
report_error(maj_stat, min_stat);
|
||||
};
|
||||
if (output_token->length != 0) {
|
||||
send_token_to_peer(output_token);
|
||||
|
||||
gss_release_buffer(&min_stat, output_token);
|
||||
};
|
||||
if (GSS_ERROR(maj_stat)) {
|
||||
if (context_hdl != GSS_C_NO_CONTEXT)
|
||||
gss_delete_sec_context(&min_stat,
|
||||
&context_hdl,
|
||||
GSS_C_NO_BUFFER);
|
||||
break;
|
||||
};
|
||||
} while (maj_stat & GSS_S_CONTINUE_NEEDED);
|
||||
.Ed
|
||||
.Pp
|
||||
Whenever the routine returns a major status that includes the value
|
||||
.Dv GSS_S_CONTINUE_NEEDED , the context is not fully established and the
|
||||
following restrictions apply to the output parameters:
|
||||
.Pp
|
||||
The value returned via the
|
||||
.Fa time_rec
|
||||
parameter is undefined Unless the
|
||||
accompanying
|
||||
.Fa ret_flags
|
||||
parameter contains the bit
|
||||
.Dv GSS_C_PROT_READY_FLAG , indicating that per-message services may be
|
||||
applied in advance of a successful completion status, the value
|
||||
returned via the
|
||||
.Fa mech_type
|
||||
parameter may be undefined until the
|
||||
routine returns a major status value of
|
||||
.Dv GSS_S_COMPLETE .
|
||||
.Pp
|
||||
The values of the
|
||||
.Dv GSS_C_DELEG_FLAG ,
|
||||
.Dv GSS_C_MUTUAL_FLAG ,
|
||||
.Dv GSS_C_REPLAY_FLAG ,
|
||||
.Dv GSS_C_SEQUENCE_FLAG ,
|
||||
.Dv GSS_C_CONF_FLAG ,
|
||||
.Dv GSS_C_INTEG_FLAG
|
||||
and
|
||||
.Dv GSS_C_ANON_FLAG bits returned
|
||||
via the
|
||||
.Fa ret_flags
|
||||
parameter should contain the values that the
|
||||
implementation expects would be valid if context establishment were
|
||||
to succeed.
|
||||
.Pp
|
||||
The values of the
|
||||
.Dv GSS_C_PROT_READY_FLAG
|
||||
and
|
||||
.Dv GSS_C_TRANS_FLAG bits
|
||||
within
|
||||
.Fa ret_flags
|
||||
should indicate the actual state at the time
|
||||
.Fn gss_accept_sec_context
|
||||
returns, whether or not the context is fully established.
|
||||
.Pp
|
||||
Although this requires that GSS-API implementations set the
|
||||
.Dv GSS_C_PROT_READY_FLAG
|
||||
in the final
|
||||
.Fa ret_flags
|
||||
returned to a caller
|
||||
(i.e. when accompanied by a
|
||||
.Dv GSS_S_COMPLETE
|
||||
status code), applications
|
||||
should not rely on this behavior as the flag was not defined in
|
||||
Version 1 of the GSS-API. Instead, applications should be prepared to
|
||||
use per-message services after a successful context establishment,
|
||||
according to the
|
||||
.Dv GSS_C_INTEG_FLAG
|
||||
and
|
||||
.Dv GSS_C_CONF_FLAG values.
|
||||
.Pp
|
||||
All other bits within the
|
||||
.Fa ret_flags
|
||||
argument should be set to zero.
|
||||
While the routine returns
|
||||
.Dv GSS_S_CONTINUE_NEEDED , the values returned
|
||||
via the
|
||||
.Fa ret_flags
|
||||
argument indicate the services that the
|
||||
implementation expects to be available from the established context.
|
||||
.Pp
|
||||
If the initial call of
|
||||
.Fn gss_accept_sec_context
|
||||
fails, the
|
||||
implementation should not create a context object, and should leave
|
||||
the value of the context_handle parameter set to
|
||||
.Dv GSS_C_NO_CONTEXT to
|
||||
indicate this. In the event of a failure on a subsequent call, the
|
||||
implementation is permitted to delete the "half-built" security
|
||||
context (in which case it should set the
|
||||
.Fa context_handle
|
||||
parameter to
|
||||
.Dv GSS_C_NO_CONTEXT ), but the preferred behavior is to leave the
|
||||
security context (and the context_handle parameter) untouched for the
|
||||
application to delete (using
|
||||
.Xr gss_delete_sec_context 3 ).
|
||||
.Pp
|
||||
During context establishment, the informational status bits
|
||||
.Dv GSS_S_OLD_TOKEN
|
||||
and
|
||||
.Dv GSS_S_DUPLICATE_TOKEN
|
||||
indicate fatal errors, and
|
||||
GSS-API mechanisms should always return them in association with a
|
||||
routine error of
|
||||
.Dv GSS_S_FAILURE . This requirement for pairing did not
|
||||
exist in version 1 of the GSS-API specification, so applications that
|
||||
wish to run over version 1 implementations must special-case these
|
||||
codes.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It context_handle
|
||||
Context handle for new context.
|
||||
Supply
|
||||
.Dv GSS_C_NO_CONTEXT for first
|
||||
call; use value returned in subsequent calls.
|
||||
Once
|
||||
.Fn gss_accept_sec_context
|
||||
has returned a
|
||||
value via this parameter, resources have been
|
||||
assigned to the corresponding context, and must
|
||||
be freed by the application after use with a
|
||||
call to
|
||||
.Xr gss_delete_sec_context 3 .
|
||||
.It acceptor_cred_handle
|
||||
Credential handle claimed by context acceptor.
|
||||
Specify
|
||||
.Dv GSS_C_NO_CREDENTIAL to accept the context as a
|
||||
default principal.
|
||||
If
|
||||
.Dv GSS_C_NO_CREDENTIAL is
|
||||
specified, but no default acceptor principal is
|
||||
defined,
|
||||
.Dv GSS_S_NO_CRED will be returned.
|
||||
.It input_token_buffer
|
||||
Token obtained from remote application.
|
||||
.It input_chan_bindings
|
||||
Application-specified bindings.
|
||||
Allows application to securely bind channel identification information
|
||||
to the security context.
|
||||
If channel bindings are not used, specify
|
||||
.Dv GSS_C_NO_CHANNEL_BINDINGS .
|
||||
.It src_name
|
||||
Authenticated name of context initiator.
|
||||
After use, this name should be deallocated by passing it to
|
||||
.Xr gss_release_name 3 .
|
||||
If not required, specify
|
||||
.Dv NULL .
|
||||
.It mech_type
|
||||
Security mechanism used.
|
||||
The returned OID value will be a pointer into static storage,
|
||||
and should be treated as read-only by the caller
|
||||
(in particular, it does not need to be freed).
|
||||
If not required, specify
|
||||
.Dv NULL .
|
||||
.It output_token
|
||||
Token to be passed to peer application.
|
||||
If the length field of the returned token buffer is 0,
|
||||
then no token need be passed to the peer application.
|
||||
If a non-zero length field is returned,
|
||||
the associated storage must be freed after use by the
|
||||
application with a call to
|
||||
.Xr gss_release_buffer 3 .
|
||||
.It ret_flags
|
||||
Contains various independent flags,
|
||||
each of which indicates that the context supports a specific service option.
|
||||
If not needed, specify
|
||||
.Dv NULL .
|
||||
Symbolic names are provided for each flag,
|
||||
and the symbolic names corresponding to the required flags should be
|
||||
logically-ANDed with the
|
||||
.Fa ret_flags
|
||||
value to test whether a given option is supported by the context.
|
||||
The flags are:
|
||||
.Bl -tag -width "WW"
|
||||
.It GSS_C_DELEG_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Delegated credentials are available via the delegated_cred_handle parameter
|
||||
.It False
|
||||
No credentials were delegated
|
||||
.El
|
||||
.It GSS_C_MUTUAL_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Remote peer asked for mutual authentication
|
||||
.It False
|
||||
Remote peer did not ask for mutual authentication
|
||||
.El
|
||||
.It GSS_C_REPLAY_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Replay of protected messages will be detected
|
||||
.It False
|
||||
Replayed messages will not be detected
|
||||
.El
|
||||
.It GSS_C_SEQUENCE_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Out-of-sequence protected messages will be detected
|
||||
.It False
|
||||
Out-of-sequence messages will not be detected
|
||||
.El
|
||||
.It GSS_C_CONF_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Confidentiality service may be invoked by calling the
|
||||
.Xr gss_wrap 3
|
||||
routine
|
||||
.It False
|
||||
No confidentiality service (via
|
||||
.Xr gss_wrap 3 )
|
||||
available.
|
||||
.Xr gss_wrap 3
|
||||
will provide message encapsulation,
|
||||
data-origin authentication and integrity services only.
|
||||
.El
|
||||
.It GSS_C_INTEG_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Integrity service may be invoked by calling either
|
||||
.Xr gss_get_mic 3
|
||||
or
|
||||
.Xr gss_wrap 3
|
||||
routines.
|
||||
.It False
|
||||
Per-message integrity service unavailable.
|
||||
.El
|
||||
.It GSS_C_ANON_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
The initiator does not wish to be authenticated; the
|
||||
.Fa src_name
|
||||
parameter (if requested) contains an anonymous internal name.
|
||||
.It False
|
||||
The initiator has been authenticated normally.
|
||||
.El
|
||||
.It GSS_C_PROT_READY_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Protection services (as specified by the states of the
|
||||
.Dv GSS_C_CONF_FLAG
|
||||
and
|
||||
.Dv GSS_C_INTEG_FLAG )
|
||||
are available if the accompanying major status return value is either
|
||||
.Dv GSS_S_COMPLETE
|
||||
or
|
||||
.Dv GSS_S_CONTINUE_NEEDED.
|
||||
.It False
|
||||
Protection services (as specified by the states of the
|
||||
.Dv GSS_C_CONF_FLAG
|
||||
and
|
||||
.Dv GSS_C_INTEG_FLAG )
|
||||
are available only if the accompanying major status return value is
|
||||
.Dv GSS_S_COMPLETE .
|
||||
.El
|
||||
.It GSS_C_TRANS_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
The resultant security context may be transferred to other processes
|
||||
via a call to
|
||||
.Xr gss_export_sec_context 3 .
|
||||
.It False
|
||||
The security context is not transferable.
|
||||
.El
|
||||
.El
|
||||
.Pp
|
||||
All other bits should be set to zero.
|
||||
.It time_rec
|
||||
Number of seconds for which the context will remain valid.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It delegated_cred_handle
|
||||
Credential
|
||||
handle for credentials received from context initiator.
|
||||
Only valid if
|
||||
.Dv GSS_C_DELEG_FLAG
|
||||
in
|
||||
.Fa ret_flags
|
||||
is true,
|
||||
in which case an explicit credential handle
|
||||
(i.e. not
|
||||
.Dv GSS_C_NO_CREDENTIAL )
|
||||
will be returned; if false,
|
||||
.Fn gss_accept_context
|
||||
will set this parameter to
|
||||
.Dv GSS_C_NO_CREDENTIAL .
|
||||
If a credential handle is returned,
|
||||
the associated resources must be released by the application after use
|
||||
with a call to
|
||||
.Xr gss_release_cred 3 .
|
||||
Specify
|
||||
.Dv NULL if not required.
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_CONTINUE_NEEDED
|
||||
Indicates that a token from the peer application is required to
|
||||
complete the context,
|
||||
and that gss_accept_sec_context must be called again with that token.
|
||||
.It GSS_S_DEFECTIVE_TOKEN
|
||||
Indicates that consistency checks performed on the input_token failed.
|
||||
.It GSS_S_DEFECTIVE_CREDENTIAL
|
||||
Indicates that consistency checks performed on the credential failed.
|
||||
.It GSS_S_NO_CRED
|
||||
The supplied credentials were not valid for context acceptance,
|
||||
or the credential handle did not reference any credentials.
|
||||
.It GSS_S_CREDENTIALS_EXPIRED
|
||||
The referenced credentials have expired.
|
||||
.It GSS_S_BAD_BINDINGS
|
||||
The input_token contains different channel bindings to those specified via the
|
||||
input_chan_bindings parameter.
|
||||
.It GSS_S_NO_CONTEXT
|
||||
Indicates that the supplied context handle did not refer to a valid context.
|
||||
.It GSS_S_BAD_SIG
|
||||
The input_token contains an invalid MIC.
|
||||
.It GSS_S_OLD_TOKEN
|
||||
The input_token was too old.
|
||||
This is a fatal error during context establishment.
|
||||
.It GSS_S_DUPLICATE_TOKEN
|
||||
The input_token is valid,
|
||||
but is a duplicate of a token already processed.
|
||||
This is a fatal error during context establishment.
|
||||
.It GSS_S_BAD_MECH
|
||||
The received token specified a mechanism that is not supported by
|
||||
the implementation or the provided credential.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_delete_sec_context 3 ,
|
||||
.Xr gss_export_sec_context 3 ,
|
||||
.Xr gss_get_mic 3 ,
|
||||
.Xr gss_init_sec_context 3 ,
|
||||
.Xr gss_release_buffer 3 ,
|
||||
.Xr gss_release_cred 3 ,
|
||||
.Xr gss_release_name 3 ,
|
||||
.Xr gss_wrap 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.El
|
||||
.\" .Sh HISTORY
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
221
lib/libgssapi/gss_accept_sec_context.c
Normal file
221
lib/libgssapi/gss_accept_sec_context.c
Normal file
@ -0,0 +1,221 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
#include "cred.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
const gss_cred_id_t acceptor_cred_handle,
|
||||
const gss_buffer_t input_token,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
gss_name_t *src_name,
|
||||
gss_OID *mech_type,
|
||||
gss_buffer_t output_token,
|
||||
OM_uint32 *ret_flags,
|
||||
OM_uint32 *time_rec,
|
||||
gss_cred_id_t *delegated_cred_handle)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_mech_switch *m;
|
||||
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
|
||||
struct _gss_cred *cred = (struct _gss_cred *) acceptor_cred_handle;
|
||||
struct _gss_mechanism_cred *mc;
|
||||
gss_cred_id_t acceptor_mc, delegated_mc;
|
||||
gss_name_t src_mn;
|
||||
int allocated_ctx;
|
||||
|
||||
*minor_status = 0;
|
||||
if (src_name) *src_name = 0;
|
||||
if (mech_type) *mech_type = 0;
|
||||
if (ret_flags) *ret_flags = 0;
|
||||
if (time_rec) *time_rec = 0;
|
||||
if (delegated_cred_handle) *delegated_cred_handle = 0;
|
||||
output_token->length = 0;
|
||||
output_token->value = 0;
|
||||
|
||||
/*
|
||||
* If this is the first call (*context_handle is NULL), we must
|
||||
* parse the input token to figure out the mechanism to use.
|
||||
*/
|
||||
if (*context_handle == GSS_C_NO_CONTEXT) {
|
||||
unsigned char *p = input_token->value;
|
||||
size_t len = input_token->length;
|
||||
size_t a, b;
|
||||
gss_OID_desc mech_oid;
|
||||
|
||||
/*
|
||||
* Token must start with [APPLICATION 0] SEQUENCE.
|
||||
*/
|
||||
if (len == 0 || *p != 0x60)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
p++;
|
||||
len--;
|
||||
|
||||
/*
|
||||
* Decode the length and make sure it agrees with the
|
||||
* token length.
|
||||
*/
|
||||
if (len == 0)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
if ((*p & 0x80) == 0) {
|
||||
a = *p;
|
||||
p++;
|
||||
len--;
|
||||
} else {
|
||||
b = *p & 0x7f;
|
||||
p++;
|
||||
len--;
|
||||
if (len < b)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
a = 0;
|
||||
while (b) {
|
||||
a = (a << 8) | *p;
|
||||
p++;
|
||||
len--;
|
||||
b--;
|
||||
}
|
||||
}
|
||||
if (a != len)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
|
||||
/*
|
||||
* Decode the OID for the mechanism. Simplify life by
|
||||
* assuming that the OID length is less than 128 bytes.
|
||||
*/
|
||||
if (len < 2 || *p != 0x06)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
if ((p[1] & 0x80) || p[1] > (len - 2))
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
mech_oid.length = p[1];
|
||||
p += 2;
|
||||
len -= 2;
|
||||
mech_oid.elements = p;
|
||||
|
||||
/*
|
||||
* Now that we have a mechanism, we can find the
|
||||
* implementation.
|
||||
*/
|
||||
ctx = malloc(sizeof(struct _gss_context));
|
||||
if (!ctx) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
}
|
||||
memset(ctx, 0, sizeof(struct _gss_context));
|
||||
m = ctx->gc_mech = _gss_find_mech_switch(&mech_oid);
|
||||
if (!m) {
|
||||
free(ctx);
|
||||
return (GSS_S_BAD_MECH);
|
||||
}
|
||||
allocated_ctx = 1;
|
||||
} else {
|
||||
m = ctx->gc_mech;
|
||||
allocated_ctx = 0;
|
||||
}
|
||||
|
||||
if (cred) {
|
||||
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link)
|
||||
if (mc->gmc_mech == m)
|
||||
break;
|
||||
if (!mc)
|
||||
return (GSS_S_BAD_MECH);
|
||||
acceptor_mc = mc->gmc_cred;
|
||||
} else {
|
||||
acceptor_mc = GSS_C_NO_CREDENTIAL;
|
||||
}
|
||||
delegated_mc = GSS_C_NO_CREDENTIAL;
|
||||
|
||||
major_status = m->gm_accept_sec_context(minor_status,
|
||||
&ctx->gc_ctx,
|
||||
acceptor_mc,
|
||||
input_token,
|
||||
input_chan_bindings,
|
||||
&src_mn,
|
||||
mech_type,
|
||||
output_token,
|
||||
ret_flags,
|
||||
time_rec,
|
||||
&delegated_mc);
|
||||
if (major_status != GSS_S_COMPLETE &&
|
||||
major_status != GSS_S_CONTINUE_NEEDED)
|
||||
return (major_status);
|
||||
|
||||
if (!src_name) {
|
||||
m->gm_release_name(minor_status, &src_mn);
|
||||
} else {
|
||||
/*
|
||||
* Make a new name and mark it as an MN.
|
||||
*/
|
||||
struct _gss_name *name = _gss_make_name(m, src_mn);
|
||||
|
||||
if (!name) {
|
||||
m->gm_release_name(minor_status, &src_mn);
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
*src_name = (gss_name_t) name;
|
||||
}
|
||||
|
||||
if (*ret_flags & GSS_C_DELEG_FLAG) {
|
||||
if (!delegated_cred_handle) {
|
||||
m->gm_release_cred(minor_status, &delegated_mc);
|
||||
*ret_flags &= ~GSS_C_DELEG_FLAG;
|
||||
} else {
|
||||
struct _gss_cred *cred;
|
||||
struct _gss_mechanism_cred *mc;
|
||||
|
||||
cred = malloc(sizeof(struct _gss_cred));
|
||||
if (!cred) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
mc = malloc(sizeof(struct _gss_mechanism_cred));
|
||||
if (!mc) {
|
||||
free(cred);
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
m->gm_inquire_cred(minor_status, delegated_mc,
|
||||
0, 0, &cred->gc_usage, 0);
|
||||
mc->gmc_mech = m;
|
||||
mc->gmc_mech_oid = &m->gm_mech_oid;
|
||||
mc->gmc_cred = delegated_mc;
|
||||
SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
|
||||
|
||||
*delegated_cred_handle = (gss_cred_id_t) cred;
|
||||
}
|
||||
}
|
||||
|
||||
*context_handle = (gss_ctx_id_t) ctx;
|
||||
return (major_status);
|
||||
}
|
238
lib/libgssapi/gss_acquire_cred.3
Normal file
238
lib/libgssapi/gss_acquire_cred.3
Normal file
@ -0,0 +1,238 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_ACQUIRE_CRED 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_acquire_cred
|
||||
.Nd Obtain a GSS-API credential handle for pre-existing credentials
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_acquire_cred
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_name_t desired_name"
|
||||
.Fa "OM_uint32 time_req"
|
||||
.Fa "const gss_OID_set desired_mechs"
|
||||
.Fa "gss_cred_usage_t cred_usage"
|
||||
.Fa "gss_cred_id_t *output_cred_handle"
|
||||
.Fa "gss_OID_set *actual_mechs"
|
||||
.Fa "OM_uint32 *time_rec"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Allows an application to acquire a handle for a pre-existing
|
||||
credential by name.
|
||||
GSS-API implementations must impose a local
|
||||
access-control policy on callers of this routine to prevent
|
||||
unauthorized callers from acquiring credentials to which they are not
|
||||
entitled.
|
||||
This routine is not intended to provide a "login to the
|
||||
network" function, as such a function would involve the creation of
|
||||
new credentials rather than merely acquiring a handle to existing
|
||||
credentials.
|
||||
Such functions, if required, should be defined in
|
||||
implementation-specific extensions to the API.
|
||||
.Pp
|
||||
If desired_name is
|
||||
.Dv GSS_C_NO_NAME ,
|
||||
the call is interpreted as a
|
||||
request for a credential handle that will invoke default behavior
|
||||
when passed to
|
||||
.Fn gss_init_sec_context
|
||||
(if cred_usage is
|
||||
.Dv GSS_C_INITIATE
|
||||
or
|
||||
.Dv GSS_C_BOTH )
|
||||
or
|
||||
.Fn gss_accept_sec_context
|
||||
(if cred_usage is
|
||||
.Dv GSS_C_ACCEPT
|
||||
or
|
||||
.Dv GSS_C_BOTH ).
|
||||
.Pp
|
||||
Mechanisms should honor the
|
||||
.Fa desired_mechs
|
||||
parameter,
|
||||
and return a credential that is suitable to use only with the
|
||||
requested mechanisms.
|
||||
An exception to this is the case where one underlying credential
|
||||
element can be shared by multiple mechanisms;
|
||||
in this case it is permissible for an implementation to indicate all
|
||||
mechanisms with which the credential element may be used.
|
||||
If
|
||||
.Fa desired_mechs
|
||||
is an empty set, behavior is undefined.
|
||||
.Pp
|
||||
This routine is expected to be used primarily by context acceptors,
|
||||
since implementations are likely to provide mechanism-specific ways
|
||||
of obtaining GSS-API initiator credentials from the system login
|
||||
process.
|
||||
Some implementations may therefore not support the acquisition of
|
||||
.Dv GSS_C_INITIATE
|
||||
or
|
||||
.Dv GSS_C_BOTH
|
||||
credentials via
|
||||
.Fn gss_acquire_cred
|
||||
for any name other than
|
||||
.Dv GSS_C_NO_NAME ,
|
||||
or a name produced by applying either
|
||||
.Fn gss_inquire_cred
|
||||
to a valid credential, or
|
||||
.Fn gss_inquire_context
|
||||
to an active context.
|
||||
.Pp
|
||||
If credential acquisition is time-consuming for a mechanism,
|
||||
the mechanism may choose to delay the actual acquisition until the
|
||||
credential is required
|
||||
(e.g. by
|
||||
.Fn gss_init_sec_context
|
||||
or
|
||||
.Fn gss_accept_sec_context ).
|
||||
Such mechanism-specific implementation
|
||||
decisions should be invisible to the calling application;
|
||||
thus a call of
|
||||
.Fn gss_inquire_cred
|
||||
immediately following the call of
|
||||
.Fn gss_acquire_cred
|
||||
must return valid credential data,
|
||||
and may therefore incur the overhead of a deferred credential acquisition.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It desired_name
|
||||
Name of principal whose credential should be acquired.
|
||||
.It time_req
|
||||
Number of seconds that credentials should remain valid.
|
||||
Specify
|
||||
.Dv GSS_C_INDEFINITE
|
||||
to request that the credentials have the maximum
|
||||
permitted lifetime.
|
||||
.It desired_mechs
|
||||
Set of underlying security mechanisms that may be used.
|
||||
.Dv GSS_C_NO_OID_SET
|
||||
may be used to obtain an implementation-specific default.
|
||||
.It cred_usage
|
||||
.Bl -tag -width "GSS_C_INITIATE"
|
||||
.It GSS_C_BOTH
|
||||
Credentials may be used either to initiate or accept security
|
||||
contexts.
|
||||
.It GSS_C_INITIATE
|
||||
Credentials will only be used to initiate security contexts.
|
||||
.It GSS_C_ACCEPT
|
||||
Credentials will only be used to accept security contexts.
|
||||
.El
|
||||
.It output_cred_handle
|
||||
The returned credential handle.
|
||||
Resources
|
||||
associated with this credential handle must be released by
|
||||
the application after use with a call to
|
||||
.Fn gss_release_cred .
|
||||
.It actual_mechs
|
||||
The set of mechanisms for which the credential is valid.
|
||||
Storage associated with the returned OID-set must be released by the
|
||||
application after use with a call to
|
||||
.Fn gss_release_oid_set .
|
||||
Specify
|
||||
.Dv NULL if not required.
|
||||
.It time_rec
|
||||
Actual number of seconds for which the returned credentials will
|
||||
remain valid.
|
||||
If the implementation does not support expiration of credentials,
|
||||
the value
|
||||
.Dv GSS_C_INDEFINITE
|
||||
will be returned.
|
||||
Specify NULL if not required.
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion.
|
||||
.It GSS_S_BAD_MECH
|
||||
Unavailable mechanism requested.
|
||||
.It GSS_S_BAD_NAMETYPE
|
||||
Type contained within desired_name parameter is not supported.
|
||||
.It GSS_S_BAD_NAME
|
||||
Value supplied for desired_name parameter is ill formed.
|
||||
.It GSS_S_CREDENTIALS_EXPIRED
|
||||
The credentials could not be acquired Because they have expired.
|
||||
.It GSS_S_NO_CRED
|
||||
No credentials were found for the specified name.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_init_sec_context 3 ,
|
||||
.Xr gss_accept_sec_context 3 ,
|
||||
.Xr gss_inquire_cred 3 ,
|
||||
.Xr gss_inquire_context 3 ,
|
||||
.Xr gss_release_cred 3 ,
|
||||
.Xr gss_release_oid_set 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
166
lib/libgssapi/gss_acquire_cred.c
Normal file
166
lib/libgssapi/gss_acquire_cred.c
Normal file
@ -0,0 +1,166 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
#include "cred.h"
|
||||
|
||||
OM_uint32
|
||||
gss_acquire_cred(OM_uint32 *minor_status,
|
||||
const gss_name_t desired_name,
|
||||
OM_uint32 time_req,
|
||||
const gss_OID_set desired_mechs,
|
||||
gss_cred_usage_t cred_usage,
|
||||
gss_cred_id_t *output_cred_handle,
|
||||
gss_OID_set *actual_mechs,
|
||||
OM_uint32 *time_rec)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
gss_OID_set mechs = desired_mechs;
|
||||
gss_OID_set_desc set;
|
||||
struct _gss_name *name = (struct _gss_name *) desired_name;
|
||||
struct _gss_mech_switch *m;
|
||||
struct _gss_cred *cred;
|
||||
struct _gss_mechanism_cred *mc;
|
||||
struct _gss_mechanism_name *mn;
|
||||
OM_uint32 min_time, time;
|
||||
int i;
|
||||
|
||||
/*
|
||||
* First make sure that at least one of the requested
|
||||
* mechanisms is one that we support.
|
||||
*/
|
||||
if (mechs) {
|
||||
_gss_load_mech();
|
||||
for (i = 0; i < mechs->count; i++) {
|
||||
int t;
|
||||
gss_test_oid_set_member(minor_status,
|
||||
&mechs->elements[i], _gss_mech_oids, &t);
|
||||
if (t)
|
||||
break;
|
||||
}
|
||||
if (i == mechs->count) {
|
||||
*output_cred_handle = 0;
|
||||
*minor_status = 0;
|
||||
return (GSS_S_BAD_MECH);
|
||||
}
|
||||
}
|
||||
|
||||
if (actual_mechs) {
|
||||
major_status = gss_create_empty_oid_set(minor_status,
|
||||
actual_mechs);
|
||||
if (major_status)
|
||||
return (major_status);
|
||||
}
|
||||
|
||||
cred = malloc(sizeof(struct _gss_cred));
|
||||
if (!cred) {
|
||||
if (actual_mechs)
|
||||
gss_release_oid_set(minor_status, actual_mechs);
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
cred->gc_usage = cred_usage;
|
||||
SLIST_INIT(&cred->gc_mc);
|
||||
|
||||
if (mechs == GSS_C_NO_OID_SET)
|
||||
mechs = _gss_mech_oids;
|
||||
|
||||
set.count = 1;
|
||||
min_time = GSS_C_INDEFINITE;
|
||||
for (i = 0; i < mechs->count; i++) {
|
||||
m = _gss_find_mech_switch(&mechs->elements[i]);
|
||||
if (!m)
|
||||
continue;
|
||||
|
||||
if (desired_name != GSS_C_NO_NAME) {
|
||||
mn = _gss_find_mn(name, &mechs->elements[i]);
|
||||
if (!mn)
|
||||
continue;
|
||||
}
|
||||
|
||||
mc = malloc(sizeof(struct _gss_mechanism_cred));
|
||||
if (!mc) {
|
||||
continue;
|
||||
}
|
||||
mc->gmc_mech = m;
|
||||
mc->gmc_mech_oid = &m->gm_mech_oid;
|
||||
|
||||
/*
|
||||
* XXX Probably need to do something with actual_mechs.
|
||||
*/
|
||||
set.elements = &mechs->elements[i];
|
||||
major_status = m->gm_acquire_cred(minor_status,
|
||||
(desired_name != GSS_C_NO_NAME
|
||||
? mn->gmn_name : GSS_C_NO_NAME),
|
||||
time_req, &set, cred_usage,
|
||||
&mc->gmc_cred, NULL, &time);
|
||||
if (major_status) {
|
||||
free(mc);
|
||||
continue;
|
||||
}
|
||||
if (time < min_time)
|
||||
min_time = time;
|
||||
|
||||
if (actual_mechs) {
|
||||
major_status = gss_add_oid_set_member(minor_status,
|
||||
mc->gmc_mech_oid, actual_mechs);
|
||||
if (major_status) {
|
||||
m->gm_release_cred(minor_status,
|
||||
&mc->gmc_cred);
|
||||
free(mc);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
|
||||
}
|
||||
|
||||
/*
|
||||
* If we didn't manage to create a single credential, return
|
||||
* an error.
|
||||
*/
|
||||
if (!SLIST_FIRST(&cred->gc_mc)) {
|
||||
free(cred);
|
||||
if (actual_mechs)
|
||||
gss_release_oid_set(minor_status, actual_mechs);
|
||||
*output_cred_handle = 0;
|
||||
*minor_status = 0;
|
||||
return (GSS_S_NO_CRED);
|
||||
}
|
||||
|
||||
if (time_rec)
|
||||
*time_rec = min_time;
|
||||
*output_cred_handle = (gss_cred_id_t) cred;
|
||||
*minor_status = 0;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
338
lib/libgssapi/gss_add_cred.3
Normal file
338
lib/libgssapi/gss_add_cred.3
Normal file
@ -0,0 +1,338 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_ADD_CRED 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_add_cred
|
||||
.Nd Construct credentials incrementally
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_add_cred
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_cred_id_t input_cred_handle"
|
||||
.Fa "const gss_name_t desired_name"
|
||||
.Fa "const gss_OID desired_mech"
|
||||
.Fa "gss_cred_usage_t cred_usage"
|
||||
.Fa "OM_uint32 initiator_time_req"
|
||||
.Fa "OM_uint32 acceptor_time_req"
|
||||
.Fa "gss_cred_id_t *output_cred_handle"
|
||||
.Fa "gss_OID_set *actual_mechs"
|
||||
.Fa "OM_uint32 *initiator_time_rec"
|
||||
.Fa "OM_uint32 *acceptor_time_rec"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Adds a credential-element to a credential.
|
||||
The credential-element is identified by the name of the principal to
|
||||
which it refers.
|
||||
GSS-API implementations must impose a local access-control policy on
|
||||
callers of this routine to prevent unauthorized callers from acquiring
|
||||
credential-elements to which they are not entitled.
|
||||
This routine is not intended to provide a "login to the network"
|
||||
function,
|
||||
as such a function would involve the creation of new
|
||||
mechanism-specific authentication data,
|
||||
rather than merely acquiring a GSS-API handle to existing data.
|
||||
Such functions,
|
||||
if required,
|
||||
should be defined in implementation-specific extensions to the API.
|
||||
.Pp
|
||||
If
|
||||
.Fa desired_name
|
||||
is
|
||||
.Dv GSS_C_NO_NAME ,
|
||||
the call is interpreted as a request to add a credential element that
|
||||
will invoke default behavior when passed to
|
||||
.Fn gss_init_sec_context
|
||||
(if cred_usage is
|
||||
.Dv GSS_C_INITIATE
|
||||
or
|
||||
.Dv GSS_C_BOTH )
|
||||
or
|
||||
.Fn gss_accept_sec_context
|
||||
(if
|
||||
.Fa cred_usage
|
||||
is
|
||||
.Dv GSS_C_ACCEPT
|
||||
or
|
||||
.Dv GSS_C_BOTH ).
|
||||
.PP
|
||||
This routine is expected to be used primarily by context acceptors,
|
||||
since implementations are likely to provide mechanism-specific ways of
|
||||
obtaining GSS-API initiator credentials from the system login process.
|
||||
Some implementations may therefore not support the acquisition of
|
||||
.Dv GSS_C_INITIATE
|
||||
or
|
||||
.Dv GSS_C_BOTH
|
||||
credentials via
|
||||
.Fn gss_acquire_cred
|
||||
for any name other than
|
||||
.Dv GSS_C_NO_NAME ,
|
||||
or a name produced by applying either
|
||||
.Fn gss_inquire_cred
|
||||
to a valid credential,
|
||||
or
|
||||
.Fn gss_inquire_context
|
||||
to an active context.
|
||||
.Pp
|
||||
If credential acquisition is time-consuming for a mechanism,
|
||||
the mechanism may choose to delay the actual acquisition until the
|
||||
credential is required (e.g. by
|
||||
.Fn gss_init_sec_context
|
||||
or
|
||||
.Fn gss_accept_sec_context ).
|
||||
Such mechanism-specific implementation decisions should be invisible
|
||||
to the calling application;
|
||||
thus a call of
|
||||
.Fn gss_inquire_cred
|
||||
immediately following the call of
|
||||
.Fn gss_add_cred
|
||||
must return valid credential data,
|
||||
and may therefore incur the overhead of a deferred credential acquisition.
|
||||
.Pp
|
||||
This routine can be used to either compose a new credential containing
|
||||
all credential-elements of the original in addition to the
|
||||
newly-acquire credential-element,
|
||||
or to add the new credential-element to an existing credential.
|
||||
If
|
||||
.Dv NULL
|
||||
is specified for the
|
||||
.Fa output_cred_handle
|
||||
parameter argument,
|
||||
the new credential-element will be added to the credential identified
|
||||
by
|
||||
.Fa input_cred_handle ;
|
||||
if a valid pointer is specified for the
|
||||
.Fa output_cred_handle
|
||||
parameter,
|
||||
a new credential handle will be created.
|
||||
.Pp
|
||||
If
|
||||
.Dv GSS_C_NO_CREDENTIAL
|
||||
is specified as the
|
||||
.Fa input_cred_handle ,
|
||||
.Fn gss_add_cred
|
||||
will compose a credential (and set the
|
||||
.Fa output_cred_handle
|
||||
parameter accordingly) based on default behavior.
|
||||
That is, the call will have the same effect as if the application had
|
||||
first made a call to
|
||||
.Fn gss_acquire_cred ,
|
||||
specifying the same usage and passing
|
||||
.Dv GSS_C_NO_NAME
|
||||
as the
|
||||
.Fa desired_name
|
||||
parameter to obtain an explicit credential handle embodying default
|
||||
behavior,
|
||||
passed this credential handle to
|
||||
.Fn gss_add_cred ,
|
||||
and finally called
|
||||
.Fn gss_release_cred
|
||||
on the first credential handle.
|
||||
.Pp
|
||||
If
|
||||
.Dv GSS_C_NO_CREDENTIAL
|
||||
is specified as the
|
||||
.Fa input_cred_handle
|
||||
parameter,
|
||||
a non-
|
||||
.Dv NULL
|
||||
.Fa output_cred_handle
|
||||
must be supplied.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It input_cred_handle
|
||||
The credential to which a credential-element will be added.
|
||||
If
|
||||
.Dv GSS_C_NO_CREDENTIAL
|
||||
is specified, the routine will compose the new credential based on
|
||||
default behavior (see description above).
|
||||
Note that, while the credential-handle is not modified by
|
||||
.Fn gss_add_cred ,
|
||||
the underlying credential will be modified if
|
||||
.Fa output_credential_handle
|
||||
is
|
||||
.Dv NULL .
|
||||
.It desired_name
|
||||
Name of principal whose credential should be acquired.
|
||||
.It desired_mech
|
||||
Underlying security mechanism with which the credential may be used.
|
||||
.It cred_usage
|
||||
.Bl -tag -width "GSS_C_INITIATE"
|
||||
.It GSS_C_BOTH
|
||||
Credential may be used either to initiate or accept security
|
||||
contexts.
|
||||
.It GSS_C_INITIATE
|
||||
Credential will only be used to initiate security contexts.
|
||||
.It GSS_C_ACCEPT
|
||||
Credential will only be used to accept security contexts.
|
||||
.El
|
||||
.It initiator_time_req
|
||||
Number of seconds that the credential should remain valid for
|
||||
initiating security contexts.
|
||||
This argument is ignored if the composed credentials are of type
|
||||
.Dv GSS_C_ACCEPT .
|
||||
Specify
|
||||
.Dv GSS_C_INDEFINITE
|
||||
to request that the credentials have the maximum permitted initiator lifetime.
|
||||
.It acceptor_time_req
|
||||
Number of seconds that the credential should remain valid for
|
||||
accepting security contexts.
|
||||
This argument is ignored if the composed credentials are of type
|
||||
.Dv GSS_C_INITIATE .
|
||||
Specify
|
||||
.Dv GSS_C_INDEFINITE
|
||||
to request that the credentials have the maximum permitted initiator lifetime.
|
||||
.It output_cred_handle
|
||||
The returned credential handle,
|
||||
containing
|
||||
the new credential-element and all the credential-elements from
|
||||
.Fa input_cred_handle .
|
||||
If a valid pointer to a
|
||||
.Fa gss_cred_id_t
|
||||
is supplied for this parameter,
|
||||
.Fn gss_add_cred
|
||||
creates a new credential handle containing all credential-elements
|
||||
from the
|
||||
.Fa input_cred_handle
|
||||
and the newly acquired credential-element;
|
||||
if
|
||||
.Dv NULL
|
||||
is specified for this parameter,
|
||||
the newly acquired credential-element will be added to the credential
|
||||
identified by
|
||||
.Fa input_cred_handle .
|
||||
.Pp
|
||||
The resources associated with any credential handle returned via this
|
||||
parameter must be released by the application after use with a call to
|
||||
.Fn gss_release_cred .
|
||||
.It actual_mechs
|
||||
The complete set of mechanisms for which the new credential is valid.
|
||||
Storage for the returned OID-set must be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_oid_set .
|
||||
Specify
|
||||
.Dv NULL if not required.
|
||||
.It initiator_time_rec
|
||||
Actual number of seconds for which the returned credentials will
|
||||
remain valid for initiating contexts using the specified mechanism.
|
||||
If the implementation or mechanism does not support expiration of
|
||||
credentials,
|
||||
the value
|
||||
.Dv GSS_C_INDEFINITE
|
||||
will be returned.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It acceptor_time_rec
|
||||
Actual number of seconds for which the returned credentials will
|
||||
remain valid for accepting security contexts using the specified
|
||||
mechanism.
|
||||
If the implementation or mechanism does not support expiration of
|
||||
credentials,
|
||||
the value
|
||||
.Dv GSS_C_INDEFINITE
|
||||
will be returned.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion.
|
||||
.It GSS_S_BAD_MECH
|
||||
Unavailable mechanism requested.
|
||||
.It GSS_S_BAD_NAMETYPE
|
||||
Type contained within desired_name parameter is not supported
|
||||
.It GSS_S_BAD_NAME
|
||||
Value supplied for desired_name parameter is ill-formed.
|
||||
.It GSS_S_DUPLICATE_ELEMENT
|
||||
The credential already contains an element for the requested mechanism
|
||||
with overlapping usage and validity period.
|
||||
.It GSS_S_CREDENTIALS_EXPIRED
|
||||
The required credentials could not be added because they have expired.
|
||||
.It GSS_S_NO_CRED
|
||||
No credentials were found for the specified name.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_init_sec_context 3 ,
|
||||
.Xr gss_accept_sec_context 3 ,
|
||||
.Xr gss_acquire_cred 3 ,
|
||||
.Xr gss_inquire_cred 3 ,
|
||||
.Xr gss_inquire_context 3 ,
|
||||
.Xr gss_release_cred 3 ,
|
||||
.Xr gss_release_oid_set 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
178
lib/libgssapi/gss_add_cred.c
Normal file
178
lib/libgssapi/gss_add_cred.c
Normal file
@ -0,0 +1,178 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "cred.h"
|
||||
#include "name.h"
|
||||
|
||||
static struct _gss_mechanism_cred *
|
||||
_gss_copy_cred(struct _gss_mechanism_cred *mc)
|
||||
{
|
||||
struct _gss_mechanism_cred *new_mc;
|
||||
struct _gss_mech_switch *m = mc->gmc_mech;
|
||||
OM_uint32 major_status, minor_status;
|
||||
gss_name_t name;
|
||||
gss_cred_id_t cred;
|
||||
OM_uint32 initiator_lifetime, acceptor_lifetime;
|
||||
gss_cred_usage_t cred_usage;
|
||||
|
||||
major_status = m->gm_inquire_cred_by_mech(&minor_status,
|
||||
mc->gmc_cred, mc->gmc_mech_oid,
|
||||
&name, &initiator_lifetime, &acceptor_lifetime, &cred_usage);
|
||||
if (major_status)
|
||||
return (0);
|
||||
|
||||
major_status = m->gm_add_cred(&minor_status,
|
||||
GSS_C_NO_CREDENTIAL, name, mc->gmc_mech_oid,
|
||||
cred_usage, initiator_lifetime, acceptor_lifetime,
|
||||
&cred, 0, 0, 0);
|
||||
m->gm_release_name(&minor_status, &name);
|
||||
|
||||
if (major_status)
|
||||
return (0);
|
||||
|
||||
new_mc = malloc(sizeof(struct _gss_mechanism_cred));
|
||||
if (!new_mc) {
|
||||
m->gm_release_cred(&minor_status, &cred);
|
||||
return (0);
|
||||
}
|
||||
new_mc->gmc_mech = m;
|
||||
new_mc->gmc_mech_oid = &m->gm_mech_oid;
|
||||
new_mc->gmc_cred = cred;
|
||||
|
||||
return (new_mc);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_add_cred(OM_uint32 *minor_status,
|
||||
const gss_cred_id_t input_cred_handle,
|
||||
const gss_name_t desired_name,
|
||||
const gss_OID desired_mech,
|
||||
gss_cred_usage_t cred_usage,
|
||||
OM_uint32 initiator_time_req,
|
||||
OM_uint32 acceptor_time_req,
|
||||
gss_cred_id_t *output_cred_handle,
|
||||
gss_OID_set *actual_mechs,
|
||||
OM_uint32 *initiator_time_rec,
|
||||
OM_uint32 *acceptor_time_rec)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_mech_switch *m;
|
||||
gss_OID_set_desc set;
|
||||
struct _gss_name *name = (struct _gss_name *) desired_name;
|
||||
struct _gss_cred *cred = (struct _gss_cred *) input_cred_handle;
|
||||
struct _gss_cred *new_cred;
|
||||
struct _gss_mechanism_cred *mc, *target_mc, *copy_mc;
|
||||
struct _gss_mechanism_name *mn;
|
||||
OM_uint32 min_time, time, junk;
|
||||
int i;
|
||||
|
||||
*output_cred_handle = 0;
|
||||
*minor_status = 0;
|
||||
|
||||
new_cred = malloc(sizeof(struct _gss_cred));
|
||||
if (!new_cred) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
new_cred->gc_usage = cred_usage;
|
||||
SLIST_INIT(&new_cred->gc_mc);
|
||||
|
||||
/*
|
||||
* We go through all the mc attached to the input_cred_handle
|
||||
* and check the mechanism. If it matches, we call
|
||||
* gss_add_cred for that mechanism, otherwise we copy the mc
|
||||
* to new_cred.
|
||||
*/
|
||||
target_mc = 0;
|
||||
if (cred) {
|
||||
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
|
||||
if (_gss_oid_equal(mc->gmc_mech, desired_mech)) {
|
||||
target_mc = mc;
|
||||
}
|
||||
copy_mc = _gss_copy_cred(mc);
|
||||
if (!copy_mc) {
|
||||
gss_release_cred(&junk, (gss_cred_id_t*) &new_cred);
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
SLIST_INSERT_HEAD(&new_cred->gc_mc, copy_mc, gmc_link);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Figure out a suitable mn, if any.
|
||||
*/
|
||||
if (desired_name) {
|
||||
mn = _gss_find_mn((struct _gss_name *) desired_name,
|
||||
desired_mech);
|
||||
if (!mn) {
|
||||
free(new_cred);
|
||||
return (GSS_S_BAD_NAME);
|
||||
}
|
||||
} else {
|
||||
mn = 0;
|
||||
}
|
||||
|
||||
m = _gss_find_mech_switch(desired_mech);
|
||||
|
||||
mc = malloc(sizeof(struct _gss_mechanism_cred));
|
||||
if (!mc) {
|
||||
gss_release_cred(&junk, (gss_cred_id_t*) &new_cred);
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
mc->gmc_mech = m;
|
||||
mc->gmc_mech_oid = &m->gm_mech_oid;
|
||||
|
||||
major_status = m->gm_add_cred(minor_status,
|
||||
target_mc ? target_mc->gmc_cred : GSS_C_NO_CREDENTIAL,
|
||||
desired_name ? mn->gmn_name : GSS_C_NO_NAME,
|
||||
desired_mech,
|
||||
cred_usage,
|
||||
initiator_time_req,
|
||||
acceptor_time_req,
|
||||
&mc->gmc_cred,
|
||||
actual_mechs,
|
||||
initiator_time_rec,
|
||||
acceptor_time_rec);
|
||||
|
||||
if (major_status) {
|
||||
gss_release_cred(&junk, (gss_cred_id_t*) &new_cred);
|
||||
free(mc);
|
||||
return (major_status);
|
||||
}
|
||||
SLIST_INSERT_HEAD(&new_cred->gc_mc, mc, gmc_link);
|
||||
*output_cred_handle = (gss_cred_id_t) new_cred;
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
130
lib/libgssapi/gss_add_oid_set_member.3
Normal file
130
lib/libgssapi/gss_add_oid_set_member.3
Normal file
@ -0,0 +1,130 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_ADD_OID_SET_MEMBER 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_add_oid_set_member
|
||||
.Nd Add an object identifier to a set
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_add_oid_set_member
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_OID member_oid"
|
||||
.Fa "gss_OID_set *oid_set"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Add an Object Identifier to an Object Identifier set.
|
||||
This routine is intended for use in conjunction with
|
||||
.Fn gss_create_empty_oid_set
|
||||
when constructing a set of mechanism OIDs for input to
|
||||
.Fn gss_acquire_cred .
|
||||
The
|
||||
.Fa oid_set
|
||||
parameter must refer to an OID-set that was created by GSS-API
|
||||
(e.g. a set returned by
|
||||
.Fn gss_create_empty_oid_set ).
|
||||
GSS-API creates a copy of the
|
||||
.Fa member_oid
|
||||
and inserts this copy into the set,
|
||||
expanding the storage allocated to the OID-set's elements array if
|
||||
necessary.
|
||||
The routine may add the new member OID anywhere within the elements
|
||||
array,
|
||||
and implementations should verify that the new
|
||||
.Fa member_oid
|
||||
is not already contained within the elements array;
|
||||
if the
|
||||
.Fa member_oid
|
||||
is already present,
|
||||
the
|
||||
.Fa oid_set
|
||||
should remain unchanged.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It member_oid
|
||||
The object identifier to copied into the set.
|
||||
.It oid_set
|
||||
The set in which the object identifier should be inserted.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_create_empty_oid_set 3 ,
|
||||
.Xr gss_acquire_cred 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
77
lib/libgssapi/gss_add_oid_set_member.c
Normal file
77
lib/libgssapi/gss_add_oid_set_member.c
Normal file
@ -0,0 +1,77 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
OM_uint32
|
||||
gss_add_oid_set_member(OM_uint32 *minor_status,
|
||||
const gss_OID member_oid,
|
||||
gss_OID_set *oid_set)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
gss_OID_set set = *oid_set;
|
||||
gss_OID new_elements;
|
||||
gss_OID new_oid;
|
||||
int t;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
major_status = gss_test_oid_set_member(minor_status,
|
||||
member_oid, *oid_set, &t);
|
||||
if (major_status)
|
||||
return (major_status);
|
||||
if (t)
|
||||
return (GSS_S_COMPLETE);
|
||||
|
||||
new_elements = malloc((set->count + 1) * sizeof(gss_OID_desc));
|
||||
if (!new_elements) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
new_oid = &new_elements[set->count];
|
||||
new_oid->elements = malloc(member_oid->length);
|
||||
if (!new_oid->elements) {
|
||||
free(new_elements);
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
new_oid->length = member_oid->length;
|
||||
memcpy(new_oid->elements, member_oid->elements, member_oid->length);
|
||||
|
||||
if (set->elements) {
|
||||
memcpy(new_elements, set->elements,
|
||||
set->count * sizeof(gss_OID_desc));
|
||||
free(set->elements);
|
||||
}
|
||||
set->elements = new_elements;
|
||||
set->count++;
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
137
lib/libgssapi/gss_canonicalize_name.3
Normal file
137
lib/libgssapi/gss_canonicalize_name.3
Normal file
@ -0,0 +1,137 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_CANONICALIZE_NAME 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_canonicalize_name
|
||||
.Nd Convert an internal name to an MN
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_canonicalize_name
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_name_t input_name"
|
||||
.Fa "const gss_OID mech_type"
|
||||
.Fa "gss_name_t *output_name"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Generate a canonical mechanism name (MN) from an arbitrary internal
|
||||
name.
|
||||
The mechanism name is the name that would be returned to a context
|
||||
acceptor on successful authentication of a context where the initiator
|
||||
used the
|
||||
.Fa input_name
|
||||
in a successful call to
|
||||
.Fn gss_acquire_cred ,
|
||||
specifying an OID set containing
|
||||
.Fa mech_type
|
||||
as its only member,
|
||||
followed by a call to
|
||||
.Fn gss_init_sec_context ,
|
||||
specifying
|
||||
.Fa mech_type
|
||||
as the authentication mechanism.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It input_name
|
||||
The name for which a canonical form is desired.
|
||||
.It mech_type
|
||||
The authentication mechanism for which the canonical form of the name
|
||||
is desired.
|
||||
The desired mechanism must be specified explicitly;
|
||||
no default is provided.
|
||||
.It output_name
|
||||
The resultant canonical name.
|
||||
Storage associated with this name must be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_name .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion.
|
||||
.It GSS_S_BAD_MECH
|
||||
The identified mechanism is not supported.
|
||||
.It GSS_S_BAD_NAMETYPE
|
||||
The provided internal name contains no elements that could be
|
||||
processed by the specified mechanism.
|
||||
.It GSS_S_BAD_NAME
|
||||
The provided internal name was ill-formed.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_acquire_cred 3 ,
|
||||
.Xr gss_init_sec_context 3 ,
|
||||
.Xr gss_release_name 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
91
lib/libgssapi/gss_canonicalize_name.c
Normal file
91
lib/libgssapi/gss_canonicalize_name.c
Normal file
@ -0,0 +1,91 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32
|
||||
gss_canonicalize_name(OM_uint32 *minor_status,
|
||||
const gss_name_t input_name,
|
||||
const gss_OID mech_type,
|
||||
gss_name_t *output_name)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_name *name = (struct _gss_name *) input_name;
|
||||
struct _gss_mechanism_name *mn;
|
||||
struct _gss_mech_switch *m = _gss_find_mech_switch(mech_type);
|
||||
gss_name_t new_canonical_name;
|
||||
|
||||
*minor_status = 0;
|
||||
*output_name = 0;
|
||||
|
||||
mn = _gss_find_mn(name, mech_type);
|
||||
if (!mn) {
|
||||
return (GSS_S_BAD_MECH);
|
||||
}
|
||||
|
||||
m = mn->gmn_mech;
|
||||
major_status = m->gm_canonicalize_name(minor_status,
|
||||
mn->gmn_name, mech_type, &new_canonical_name);
|
||||
if (major_status)
|
||||
return (major_status);
|
||||
|
||||
/*
|
||||
* Now we make a new name and mark it as an MN.
|
||||
*/
|
||||
*minor_status = 0;
|
||||
name = malloc(sizeof(struct _gss_name));
|
||||
if (!name) {
|
||||
m->gm_release_name(minor_status, &new_canonical_name);
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
memset(name, 0, sizeof(struct _gss_name));
|
||||
|
||||
mn = malloc(sizeof(struct _gss_mechanism_name));
|
||||
if (!mn) {
|
||||
m->gm_release_name(minor_status, &new_canonical_name);
|
||||
free(name);
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
SLIST_INIT(&name->gn_mn);
|
||||
mn->gmn_mech = m;
|
||||
mn->gmn_mech_oid = &m->gm_mech_oid;
|
||||
mn->gmn_name = new_canonical_name;
|
||||
SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
|
||||
|
||||
*output_name = (gss_name_t) name;
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
122
lib/libgssapi/gss_compare_name.3
Normal file
122
lib/libgssapi/gss_compare_name.3
Normal file
@ -0,0 +1,122 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_COMPARE_NAME PRM
|
||||
.Sh NAME
|
||||
.Nm gss_compare_name
|
||||
.Nd Compare two internal-form names
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_compare_name
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_name_t name1"
|
||||
.Fa "const gss_name_t name2"
|
||||
.Fa "int *name_equal"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Allows an application to compare two internal-form names to determine
|
||||
whether they refer to the same entity.
|
||||
.Pp
|
||||
If either name presented to
|
||||
.Fn gss_compare_name
|
||||
denotes an anonymous principal,
|
||||
the routines should indicate that the two names do not refer to the
|
||||
same identity.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It name1
|
||||
Internal-form name.
|
||||
.It name2
|
||||
Internal-form name.
|
||||
.It name_equal
|
||||
.Bl -tag
|
||||
.It non-zero
|
||||
Names refer to same entity
|
||||
.It zero
|
||||
Names refer to different entities (strictly, the names are not known
|
||||
to refer to the same identity).
|
||||
.El
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_BAD_NAMETYPE
|
||||
The two names were of incomparable types.
|
||||
.It GSS_S_BAD_NAME
|
||||
One or both of name1 or name2 was ill-formed.
|
||||
.El
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
76
lib/libgssapi/gss_compare_name.c
Normal file
76
lib/libgssapi/gss_compare_name.c
Normal file
@ -0,0 +1,76 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32
|
||||
gss_compare_name(OM_uint32 *minor_status,
|
||||
const gss_name_t name1_arg,
|
||||
const gss_name_t name2_arg,
|
||||
int *name_equal)
|
||||
{
|
||||
struct _gss_name *name1 = (struct _gss_name *) name1_arg;
|
||||
struct _gss_name *name2 = (struct _gss_name *) name2_arg;
|
||||
|
||||
/*
|
||||
* First check the implementation-independant name if both
|
||||
* names have one. Otherwise, try to find common mechanism
|
||||
* names and compare them.
|
||||
*/
|
||||
if (name1->gn_value.value && name2->gn_value.value) {
|
||||
*name_equal = 1;
|
||||
if (!_gss_oid_equal(name1->gn_type, name2->gn_type)) {
|
||||
*name_equal = 0;
|
||||
} else if (name1->gn_value.length != name2->gn_value.length ||
|
||||
memcmp(name1->gn_value.value, name1->gn_value.value,
|
||||
name1->gn_value.length)) {
|
||||
*name_equal = 0;
|
||||
}
|
||||
} else {
|
||||
struct _gss_mechanism_name *mn1;
|
||||
struct _gss_mechanism_name *mn2;
|
||||
|
||||
SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) {
|
||||
mn2 = _gss_find_mn(name2, mn1->gmn_mech_oid);
|
||||
if (mn2) {
|
||||
return (mn1->gmn_mech->gm_compare_name(
|
||||
minor_status,
|
||||
mn1->gmn_name,
|
||||
mn2->gmn_name,
|
||||
name_equal));
|
||||
}
|
||||
}
|
||||
*name_equal = 0;
|
||||
}
|
||||
|
||||
*minor_status = 0;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
108
lib/libgssapi/gss_context_time.3
Normal file
108
lib/libgssapi/gss_context_time.3
Normal file
@ -0,0 +1,108 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_CONTEXT_TIME 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_context_time
|
||||
.Nd Determine for how long a context will remain valid
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_context_time
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "OM_uint32 *time_rec"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Determines the number of seconds for which the specified context will
|
||||
remain valid.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
Identifies the context to be interrogated.
|
||||
.It time_rec
|
||||
Number of seconds that the context will remain valid.
|
||||
If the context has already expired, zero will be returned.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_CONTEXT_EXPIRED
|
||||
The context has already expired
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The context_handle parameter did not identify a valid context
|
||||
.El
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
43
lib/libgssapi/gss_context_time.c
Normal file
43
lib/libgssapi/gss_context_time.c
Normal file
@ -0,0 +1,43 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_context_time(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
OM_uint32 *time_rec)
|
||||
{
|
||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
|
||||
return (m->gm_context_time(minor_status, ctx->gc_ctx, time_rec));
|
||||
}
|
112
lib/libgssapi/gss_create_empty_oid_set.3
Normal file
112
lib/libgssapi/gss_create_empty_oid_set.3
Normal file
@ -0,0 +1,112 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_CREATE_EMPTY_OID_SET 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_create_empty_oid_set
|
||||
.Nd Create a set containing no object identifiers
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_create_empty_oid_set
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_OID_set *oid_set"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Create an object-identifier set containing no object identifiers,
|
||||
to which members may be subsequently added using the
|
||||
.Fn gss_add_oid_set_member
|
||||
routine.
|
||||
These routines are intended to be used to construct sets of mechanism
|
||||
object identifiers for input to
|
||||
.Fn gss_acquire_cred .
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It oid_set
|
||||
|
||||
The empty object identifier set.
|
||||
The routine will allocate the gss_OID_set_desc object,
|
||||
which the application must free after use with a call to
|
||||
.Fn gss_release_oid_set .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_add_oid_set_member 3 ,
|
||||
.Xr gss_acquire_cred 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
53
lib/libgssapi/gss_create_empty_oid_set.c
Normal file
53
lib/libgssapi/gss_create_empty_oid_set.c
Normal file
@ -0,0 +1,53 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
OM_uint32
|
||||
gss_create_empty_oid_set(OM_uint32 *minor_status,
|
||||
gss_OID_set *oid_set)
|
||||
{
|
||||
gss_OID_set set;
|
||||
|
||||
*minor_status = 0;
|
||||
*oid_set = 0;
|
||||
|
||||
set = malloc(sizeof(gss_OID_set_desc));
|
||||
if (!set) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
set->count = 0;
|
||||
set->elements = 0;
|
||||
*oid_set = set;
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
163
lib/libgssapi/gss_delete_sec_context.3
Normal file
163
lib/libgssapi/gss_delete_sec_context.3
Normal file
@ -0,0 +1,163 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_DELETE_SEC_CONTEXT 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_delete_sec_context
|
||||
.Nd Discard a security context
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_delete_sec_context
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_ctx_id_t *context_handle"
|
||||
.Fa "gss_buffer_t output_token"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Delete a security context.
|
||||
.Fn gss_delete_sec_context
|
||||
will delete the local data structures associated with the specified
|
||||
security context,
|
||||
and may generate an output_token,
|
||||
which when passed to the peer
|
||||
.Fn gss_process_context_token
|
||||
will instruct it to do likewise.
|
||||
If no token is required by the mechanism,
|
||||
the GSS-API should set the length field of the output_token (if
|
||||
provided) to zero.
|
||||
No further security services may be obtained using the context
|
||||
specified by
|
||||
.Fa context_handle .
|
||||
.Pp
|
||||
In addition to deleting established security contexts,
|
||||
.Fn gss_delete_sec_context
|
||||
must also be able to delete "half-built" security contexts resulting
|
||||
from an incomplete sequence of
|
||||
.Fn gss_init_sec_context
|
||||
/
|
||||
.Fn gss_accept_sec_context
|
||||
calls.
|
||||
.Pp
|
||||
The
|
||||
.Fa output_token
|
||||
parameter is retained for compatibility with version 1 of the GSS-API.
|
||||
It is recommended that both peer applications invoke
|
||||
.Fn gss_delete_sec_context
|
||||
passing the value
|
||||
.Dv GSS_C_NO_BUFFER
|
||||
for the
|
||||
.Fa output_token
|
||||
parameter,
|
||||
indicating that no token is required,
|
||||
and that
|
||||
.Fn gss_delete_sec_context
|
||||
should simply delete local context data structures.
|
||||
If the application does pass a valid buffer to
|
||||
.Fn gss_delete_sec_context ,
|
||||
mechanisms are encouraged to return a zero-length token,
|
||||
indicating that no peer action is necessary,
|
||||
and that no token should be transferred by the application.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
Context handle identifying context to delete.
|
||||
After deleting the context,
|
||||
the GSS-API will set this context handle to
|
||||
.Dv GSS_C_NO_CONTEXT .
|
||||
.It output_token
|
||||
Token to be sent to remote application to instruct it to also delete
|
||||
the context.
|
||||
It is recommended that applications specify
|
||||
.Dv GSS_C_NO_BUFFER
|
||||
for this parameter,
|
||||
requesting local deletion only.
|
||||
If a buffer parameter is provided by the application,
|
||||
the mechanism may return a token in it;
|
||||
mechanisms that implement only local deletion should set the length
|
||||
field of this token to zero to indicate to the application that no
|
||||
token is to be sent to the peer.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_NO_CONTEXT
|
||||
No valid context was supplied
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_process_context_token 3 ,
|
||||
.Xr gss_init_sec_context 3 ,
|
||||
.Xr gss_accept_sec_context 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
62
lib/libgssapi/gss_delete_sec_context.c
Normal file
62
lib/libgssapi/gss_delete_sec_context.c
Normal file
@ -0,0 +1,62 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_delete_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
gss_buffer_t output_token)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
|
||||
|
||||
*minor_status = 0;
|
||||
if (ctx) {
|
||||
/*
|
||||
* If we have an implementation ctx, delete it,
|
||||
* otherwise fake an empty token.
|
||||
*/
|
||||
if (ctx->gc_ctx) {
|
||||
major_status = ctx->gc_mech->gm_delete_sec_context(
|
||||
minor_status, &ctx->gc_ctx, output_token);
|
||||
} else if (output_token != GSS_C_NO_BUFFER) {
|
||||
output_token->length = 0;
|
||||
output_token->value = 0;
|
||||
}
|
||||
free(ctx);
|
||||
*context_handle = 0;
|
||||
}
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
151
lib/libgssapi/gss_display_name.3
Normal file
151
lib/libgssapi/gss_display_name.3
Normal file
@ -0,0 +1,151 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_DISPLAY_NAME 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_display_name
|
||||
.Nd Convert internal-form name to text
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_display_name
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_name_t input_name"
|
||||
.Fa "gss_buffer_t output_name_buffer"
|
||||
.Fa "gss_OID *output_name_type"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Allows an application to obtain a textual representation of an opaque
|
||||
internal-form name for display purposes.
|
||||
The syntax of a printable name is defined by the GSS-API implementation.
|
||||
.Pp
|
||||
If
|
||||
.Fa input_name
|
||||
denotes an anonymous principal,
|
||||
the implementation should return the
|
||||
.Fa gss_OID
|
||||
value
|
||||
.Dv GSS_C_NT_ANONYMOUS
|
||||
as the
|
||||
.Fa output_name_type ,
|
||||
and a textual name that is syntactically distinct from all valid
|
||||
supported printable names in
|
||||
.Fa output_name_buffer .
|
||||
.Pp
|
||||
If
|
||||
.Fa input_name
|
||||
was created by a call to
|
||||
.Fn gss_import_name ,
|
||||
specifying
|
||||
.Dv GSS_C_NO_OID
|
||||
as the name-type,
|
||||
implementations that employ lazy conversion between name types may
|
||||
return
|
||||
.Dv GSS_C_NO_OID
|
||||
via the
|
||||
.Fa output_name_type
|
||||
parameter.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It input_name
|
||||
Name to be displayed.
|
||||
.It output_name_buffer
|
||||
Buffer to receive textual name string.
|
||||
The application must free storage associated with this name after use
|
||||
with a call to
|
||||
.Fn gss_release_buffer .
|
||||
.It output_name_type
|
||||
The type of the returned name.
|
||||
The returned
|
||||
.Fa gss_OID
|
||||
will be a pointer into static storage,
|
||||
and should be treated as read-only by the caller
|
||||
(in particular, the application should not attempt to free it).
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_BAD_NAME
|
||||
.Fa input_name
|
||||
was ill-formed
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_import_name 3 ,
|
||||
.Xr gss_release_buffer 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
78
lib/libgssapi/gss_display_name.c
Normal file
78
lib/libgssapi/gss_display_name.c
Normal file
@ -0,0 +1,78 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32
|
||||
gss_display_name(OM_uint32 *minor_status,
|
||||
const gss_name_t input_name,
|
||||
gss_buffer_t output_name_buffer,
|
||||
gss_OID *output_name_type)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_name *name = (struct _gss_name *) input_name;
|
||||
struct _gss_mechanism_name *mn;
|
||||
|
||||
/*
|
||||
* If we know it, copy the buffer used to import the name in
|
||||
* the first place. Otherwise, ask all the MNs in turn if
|
||||
* they can display the thing.
|
||||
*/
|
||||
if (name->gn_value.value) {
|
||||
output_name_buffer->value = malloc(name->gn_value.length);
|
||||
if (!output_name_buffer->value) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
output_name_buffer->length = name->gn_value.length;
|
||||
memcpy(output_name_buffer->value, name->gn_value.value,
|
||||
output_name_buffer->length);
|
||||
if (output_name_type)
|
||||
*output_name_type = &name->gn_type;
|
||||
|
||||
*minor_status = 0;
|
||||
return (GSS_S_COMPLETE);
|
||||
} else {
|
||||
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
|
||||
major_status = mn->gmn_mech->gm_display_name(
|
||||
minor_status, mn->gmn_name,
|
||||
output_name_buffer,
|
||||
output_name_type);
|
||||
if (major_status == GSS_S_COMPLETE)
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
}
|
||||
|
||||
*minor_status = 0;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
210
lib/libgssapi/gss_display_status.3
Normal file
210
lib/libgssapi/gss_display_status.3
Normal file
@ -0,0 +1,210 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_DISPLAY_STATUS 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_display_status
|
||||
.Nd Convert a GSS-API status code to text
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_display_status
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "OM_uint32 status_value"
|
||||
.Fa "int status_type"
|
||||
.Fa "const gss_OID mech_type"
|
||||
.Fa "OM_uint32 *message_context"
|
||||
.Fa "gss_buffer_t status_string"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Allows an application to obtain a textual representation of a GSS-API
|
||||
status code,
|
||||
for display to the user or for logging purposes.
|
||||
Since some status values may indicate multiple conditions,
|
||||
applications may need to call
|
||||
.Fn gss_display_status
|
||||
multiple times,
|
||||
each call generating a single text string.
|
||||
The
|
||||
.Fa message_context
|
||||
parameter is used by
|
||||
.Fn gss_display_status
|
||||
to store state information about which error messages have already
|
||||
been extracted from a given
|
||||
.Fa status_value ;
|
||||
.Fa message_context
|
||||
must be initialized to zero by the application prior to the first call,
|
||||
and
|
||||
.Fn gss_display_status
|
||||
will return a non-zero value in this parameter if there are further
|
||||
messages to extract.
|
||||
.Pp
|
||||
The
|
||||
.Fa message_context
|
||||
parameter contains all state information required by
|
||||
.Fn gss_display_status
|
||||
in order to extract further messages from the
|
||||
.Fa status_value ;
|
||||
even when a non-zero value is returned in this parameter,
|
||||
the application is not required to call
|
||||
.Fn gss_display_status
|
||||
again unless subsequent messages are desired.
|
||||
The following code extracts all messages from a given status code and prints them to stderr:
|
||||
.Bd -literal
|
||||
OM_uint32 message_context;
|
||||
OM_uint32 status_code;
|
||||
OM_uint32 maj_status;
|
||||
OM_uint32 min_status;
|
||||
gss_buffer_desc status_string;
|
||||
|
||||
...
|
||||
|
||||
message_context = 0;
|
||||
|
||||
do {
|
||||
|
||||
maj_status = gss_display_status (
|
||||
&min_status,
|
||||
status_code,
|
||||
GSS_C_GSS_CODE,
|
||||
GSS_C_NO_OID,
|
||||
&message_context,
|
||||
&status_string)
|
||||
|
||||
fprintf(stderr,
|
||||
"%.*s\\n",
|
||||
(int)status_string.length,
|
||||
(char *)status_string.value);
|
||||
|
||||
gss_release_buffer(&min_status, &status_string);
|
||||
|
||||
} while (message_context != 0);
|
||||
.Ed
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It status_value
|
||||
Status value to be converted
|
||||
.It status_type
|
||||
.Bl -tag
|
||||
.It GSS_C_GSS_CODE
|
||||
.Fa status_value
|
||||
is a GSS status code
|
||||
.It GSS_C_MECH_CODE
|
||||
.Fa status_value
|
||||
is a mechanism status code
|
||||
.El
|
||||
.It mech_type
|
||||
Underlying mechanism (used to interpret a minor status value).
|
||||
Supply
|
||||
.Dv GSS_C_NO_OID
|
||||
to obtain the system default.
|
||||
.It message_context
|
||||
Should be initialized to zero by the application prior to the first
|
||||
call.
|
||||
On return from
|
||||
.Fn gss_display_status ,
|
||||
a non-zero status_value parameter indicates that additional messages
|
||||
may be extracted from the status code via subsequent calls to
|
||||
.Fn gss_display_status ,
|
||||
passing the same
|
||||
.Fa status_value ,
|
||||
.Fa status_type ,
|
||||
.Fa mech_type ,
|
||||
and
|
||||
.Fa message_context
|
||||
parameters.
|
||||
.It status_string
|
||||
Textual interpretation of the
|
||||
.Fa status_value .
|
||||
Storage associated with this parameter must be freed by the
|
||||
application after use with a call to
|
||||
.Fn gss_release_buffer .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_BAD_MECH
|
||||
Indicates that translation in accordance with an unsupported mechanism
|
||||
type was requested
|
||||
.It GSS_S_BAD_STATUS
|
||||
The status value was not recognized, or the status type was neither
|
||||
.Dv GSS_C_GSS_CODE
|
||||
nor
|
||||
.Dv GSS_C_MECH_CODE .
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_release_buffer 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
110
lib/libgssapi/gss_display_status.c
Normal file
110
lib/libgssapi/gss_display_status.c
Normal file
@ -0,0 +1,110 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
|
||||
struct _gss_status_desc {
|
||||
OM_uint32 gs_status;
|
||||
const char* gs_desc;
|
||||
};
|
||||
|
||||
static struct _gss_status_desc _gss_status_descs[] = {
|
||||
GSS_S_BAD_MECH, "An unsupported mechanism was requested",
|
||||
GSS_S_BAD_NAME, "An invalid name was supplied",
|
||||
GSS_S_BAD_NAMETYPE, "A supplied name was of an unsupported type",
|
||||
GSS_S_BAD_BINDINGS, "Incorrect channel bindings were supplied",
|
||||
GSS_S_BAD_STATUS, "An invalid status code was supplied",
|
||||
GSS_S_BAD_MIC, "A token had an invalid MIC",
|
||||
GSS_S_NO_CRED, "No credentials were supplied, or the "
|
||||
"credentials were unavailable or inaccessible",
|
||||
GSS_S_NO_CONTEXT, "No context has been established",
|
||||
GSS_S_DEFECTIVE_TOKEN, "A token was invalid",
|
||||
GSS_S_DEFECTIVE_CREDENTIAL, "A credential was invalid",
|
||||
GSS_S_CREDENTIALS_EXPIRED, "The referenced credentials have expired",
|
||||
GSS_S_CONTEXT_EXPIRED, "The context has expired",
|
||||
GSS_S_FAILURE, "Miscellaneous failure",
|
||||
GSS_S_BAD_QOP, "The quality-of-protection requested could "
|
||||
"not be provided",
|
||||
GSS_S_UNAUTHORIZED, "The operation is forbidden by local security "
|
||||
"policy",
|
||||
GSS_S_UNAVAILABLE, "The operation or option is unavailable",
|
||||
GSS_S_DUPLICATE_ELEMENT, "The requested credential element already "
|
||||
"exists",
|
||||
GSS_S_NAME_NOT_MN, "The provided name was not a mechanism name"
|
||||
};
|
||||
#define _gss_status_desc_count \
|
||||
sizeof(_gss_status_descs) / sizeof(_gss_status_descs[0])
|
||||
|
||||
|
||||
OM_uint32
|
||||
gss_display_status(OM_uint32 *minor_status,
|
||||
OM_uint32 status_value,
|
||||
int status_type,
|
||||
const gss_OID mech_type,
|
||||
OM_uint32 *message_content,
|
||||
gss_buffer_t status_string)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_mech_switch *m;
|
||||
int i;
|
||||
const char *message;
|
||||
|
||||
*minor_status = 0;
|
||||
switch (status_type) {
|
||||
case GSS_C_GSS_CODE:
|
||||
for (i = 0; i < _gss_status_desc_count; i++) {
|
||||
if (_gss_status_descs[i].gs_status == status_value) {
|
||||
message = _gss_status_descs[i].gs_desc;
|
||||
status_string->length = strlen(message);
|
||||
status_string->value = strdup(message);
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Fall through to attempt to get some underlying
|
||||
* implementation to describe the value.
|
||||
*/
|
||||
case GSS_C_MECH_CODE:
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
if (mech_type &&
|
||||
!_gss_oid_equal(&m->gm_mech_oid, mech_type))
|
||||
continue;
|
||||
major_status = m->gm_display_status(minor_status,
|
||||
status_value, status_type, mech_type,
|
||||
message_content, status_string);
|
||||
if (major_status == GSS_S_COMPLETE)
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
}
|
||||
|
||||
return (GSS_S_BAD_STATUS);
|
||||
}
|
123
lib/libgssapi/gss_duplicate_name.3
Normal file
123
lib/libgssapi/gss_duplicate_name.3
Normal file
@ -0,0 +1,123 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_DUPLICATE_NAME 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_duplicate_name
|
||||
.Nd Create a copy of an internal name
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_duplicate_name
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_name_t src_name"
|
||||
.Fa "gss_name_t *dest_name"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Create an exact duplicate of the existing internal name
|
||||
.Fa src_name .
|
||||
The new
|
||||
.Fa dest_name
|
||||
will be independent of
|
||||
.Fa src_name
|
||||
(i.e.
|
||||
.Fa src_name
|
||||
and
|
||||
.Fa dest_name
|
||||
must both be released,
|
||||
and the release of one shall not affect the validity of the other).
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It src_name
|
||||
Internal name to be duplicated.
|
||||
.It dest_name
|
||||
The resultant copy of
|
||||
.Fa src_name.
|
||||
Storage associated with this name must be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_name .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_BAD_NAME
|
||||
The
|
||||
.Fa src_name
|
||||
parameter was ill-formed
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_release_name 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
78
lib/libgssapi/gss_duplicate_name.c
Normal file
78
lib/libgssapi/gss_duplicate_name.c
Normal file
@ -0,0 +1,78 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
|
||||
const gss_name_t src_name,
|
||||
gss_name_t *dest_name)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_name *name = (struct _gss_name *) src_name;
|
||||
struct _gss_name *new_name;
|
||||
struct _gss_mechanism_name *mn;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
/*
|
||||
* If this name has a value (i.e. it didn't come from
|
||||
* gss_canonicalize_name(), we re-import the thing. Otherwise,
|
||||
* we make an empty name to hold the MN copy.
|
||||
*/
|
||||
if (name->gn_value.value) {
|
||||
major_status = gss_import_name(minor_status,
|
||||
&name->gn_value, &name->gn_type, dest_name);
|
||||
if (major_status != GSS_S_COMPLETE)
|
||||
return (major_status);
|
||||
new_name = (struct _gss_name *) *dest_name;
|
||||
} else {
|
||||
new_name = malloc(sizeof(struct _gss_name));
|
||||
if (!new_name) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
memset(new_name, 0, sizeof(struct _gss_name));
|
||||
SLIST_INIT(&name->gn_mn);
|
||||
*dest_name = (gss_name_t) new_name;
|
||||
}
|
||||
|
||||
/*
|
||||
* Import the new name into any mechanisms listed in the
|
||||
* original name. We could probably get away with only doing
|
||||
* this if the original was canonical.
|
||||
*/
|
||||
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
|
||||
_gss_find_mn(new_name, mn->gmn_mech_oid);
|
||||
}
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
128
lib/libgssapi/gss_export_name.3
Normal file
128
lib/libgssapi/gss_export_name.3
Normal file
@ -0,0 +1,128 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_EXPORT_NAME 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_export_name
|
||||
.Nd Convert an MN to export form
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_export_name
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_name_t input_name"
|
||||
.Fa "gss_buffer_t exported_name"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
To produce a canonical contiguous string representation of a mechanism
|
||||
name (MN),
|
||||
suitable for direct comparison
|
||||
(e.g. with memcmp)
|
||||
for use in authorization functions
|
||||
(e.g. matching entries in an access-control list).
|
||||
The
|
||||
.Fa input_name
|
||||
parameter must specify a valid MN
|
||||
(i.e. an internal name generated by
|
||||
.Fn gss_accept_sec_context
|
||||
or by
|
||||
.Fn gss_canonicalize_name ).
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It input_name
|
||||
The MN to be exported.
|
||||
.It exported_name
|
||||
The canonical contiguous string form of
|
||||
.Fa input_name .
|
||||
Storage associated with this string must freed by the application
|
||||
after use with
|
||||
.Fn gss_release_buffer .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_NAME_NOT_MN
|
||||
The provided internal name was not a mechanism name.
|
||||
.It GSS_S_BAD_NAME
|
||||
The provided internal name was ill-formed.
|
||||
.It GSS_S_BAD_NAMETYPE
|
||||
The internal name was of a type not supported by the GSS-API implementation.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_accept_sec_context 3 ,
|
||||
.Xr gss_canonicalize_name 3 ,
|
||||
.Xr gss_release_buffer 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
58
lib/libgssapi/gss_export_name.c
Normal file
58
lib/libgssapi/gss_export_name.c
Normal file
@ -0,0 +1,58 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32
|
||||
gss_export_name(OM_uint32 *minor_status,
|
||||
const gss_name_t input_name,
|
||||
gss_buffer_t exported_name)
|
||||
{
|
||||
struct _gss_name *name = (struct _gss_name *) input_name;
|
||||
struct _gss_mechanism_name *mn;
|
||||
|
||||
/*
|
||||
* If this name already has any attached MNs, export the first
|
||||
* one, otherwise export based on the first mechanism in our
|
||||
* list.
|
||||
*/
|
||||
mn = SLIST_FIRST(&name->gn_mn);
|
||||
if (!mn)
|
||||
mn = _gss_find_mn(name,
|
||||
&SLIST_FIRST(&_gss_mechs)->gm_mech_oid);
|
||||
if (!mn) {
|
||||
*minor_status = 0;
|
||||
return (GSS_S_BAD_MECH);
|
||||
}
|
||||
|
||||
return mn->gmn_mech->gm_export_name(minor_status,
|
||||
mn->gmn_name, exported_name);
|
||||
}
|
168
lib/libgssapi/gss_export_sec_context.3
Normal file
168
lib/libgssapi/gss_export_sec_context.3
Normal file
@ -0,0 +1,168 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_EXPORT_SEC_CONTEXT 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_export_sec_context
|
||||
.Nd Transfer a security context to another process
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_export_sec_context
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_ctx_id_t *context_handle"
|
||||
.Fa "gss_buffer_t interprocess_token"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Provided to support the sharing of work between multiple processes.
|
||||
This routine will typically be used by the context-acceptor,
|
||||
in an application where a single process receives incoming connection
|
||||
requests and accepts security contexts over them,
|
||||
then passes the established context to one or more other processes for
|
||||
message exchange.
|
||||
.Fn gss_export_sec_context
|
||||
deactivates the security context for the calling process and creates
|
||||
an interprocess token which,
|
||||
when passed to
|
||||
.Fn gss_import_sec_context
|
||||
in another process,
|
||||
will re-activate the context in the second process.
|
||||
Only a single instantiation of a given context may be active at any
|
||||
one time;
|
||||
a subsequent attempt by a context exporter to access the exported security context will fail.
|
||||
.Pp
|
||||
The implementation may constrain the set of processes by which the
|
||||
interprocess token may be imported,
|
||||
either as a function of local security policy,
|
||||
or as a result of implementation decisions.
|
||||
For example,
|
||||
some implementations may constrain contexts to be passed only between
|
||||
processes that run under the same account,
|
||||
or which are part of the same process group.
|
||||
.Pp
|
||||
The interprocess token may contain security-sensitive information
|
||||
(for example cryptographic keys).
|
||||
While mechanisms are encouraged to either avoid placing such sensitive
|
||||
information within interprocess tokens,
|
||||
or to encrypt the token before returning it to the application,
|
||||
in a typical object-library GSS-API implementation this may not be
|
||||
possible.
|
||||
Thus the application must take care to protect the interprocess token,
|
||||
and ensure that any process to which the token is transferred is
|
||||
trustworthy.
|
||||
.Pp
|
||||
If creation of the interprocess token is successful,
|
||||
the implementation shall deallocate all process-wide resources
|
||||
associated with the security context,
|
||||
and set the context_handle to
|
||||
.Dv GSS_C_NO_CONTEXT .
|
||||
In the event of an error that makes it impossible to complete the
|
||||
export of the security context,
|
||||
the implementation must not return an interprocess token,
|
||||
and should strive to leave the security context referenced by the
|
||||
.Fa context_handle
|
||||
parameter untouched.
|
||||
If this is impossible,
|
||||
it is permissible for the implementation to delete the security
|
||||
context,
|
||||
providing it also sets the
|
||||
.Fa context_handle
|
||||
parameter to
|
||||
.Dv GSS_C_NO_CONTEXT .
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
Context handle identifying the context to transfer.
|
||||
.It interprocess_token
|
||||
Token to be transferred to target process.
|
||||
Storage associated with this token must be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_buffer .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_CONTEXT_EXPIRED
|
||||
The context has expired
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The context was invalid
|
||||
.It GSS_S_UNAVAILABLE
|
||||
The operation is not supported
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_import_sec_context 3 ,
|
||||
.Xr gss_release_buffer 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
77
lib/libgssapi/gss_export_sec_context.c
Normal file
77
lib/libgssapi/gss_export_sec_context.c
Normal file
@ -0,0 +1,77 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_export_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
gss_buffer_t interprocess_token)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
gss_buffer_desc buf;
|
||||
|
||||
major_status = m->gm_export_sec_context(minor_status,
|
||||
&ctx->gc_ctx, &buf);
|
||||
|
||||
if (major_status == GSS_S_COMPLETE) {
|
||||
unsigned char *p;
|
||||
|
||||
free(ctx);
|
||||
*context_handle = GSS_C_NO_CONTEXT;
|
||||
interprocess_token->length = buf.length
|
||||
+ 2 + m->gm_mech_oid.length;
|
||||
interprocess_token->value = malloc(interprocess_token->length);
|
||||
if (!interprocess_token->value) {
|
||||
/*
|
||||
* We are in trouble here - the context is
|
||||
* already gone. This is allowed as long as we
|
||||
* set the caller's context_handle to
|
||||
* GSS_C_NO_CONTEXT, which we did above.
|
||||
* Return GSS_S_FAILURE.
|
||||
*/
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
p = interprocess_token->value;
|
||||
p[0] = m->gm_mech_oid.length >> 8;
|
||||
p[1] = m->gm_mech_oid.length;
|
||||
memcpy(p + 2, m->gm_mech_oid.elements, m->gm_mech_oid.length);
|
||||
memcpy(p + 2 + m->gm_mech_oid.length, buf.value, buf.length);
|
||||
gss_release_buffer(minor_status, &buf);
|
||||
}
|
||||
|
||||
return (major_status);
|
||||
}
|
165
lib/libgssapi/gss_get_mic.3
Normal file
165
lib/libgssapi/gss_get_mic.3
Normal file
@ -0,0 +1,165 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_GET_MIC 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_get_mic ,
|
||||
.Nm gss_sign
|
||||
.Nd Calculate a cryptographic message integrity code (MIC) for a
|
||||
message; integrity service
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_get_mic
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "gss_qop_t qop_req"
|
||||
.Fa "const gss_buffer_t message_buffer"
|
||||
.Fa "gss_buffer_t msg_token"
|
||||
.Fc
|
||||
.Ft OM_uint32
|
||||
.Fo gss_sign
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "gss_qop_t qop_req"
|
||||
.Fa "gss_buffer_t message_buffer"
|
||||
.Fa "gss_buffer_t msg_token"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Generates a cryptographic MIC for the supplied message,
|
||||
and places the MIC in a token for transfer to the peer application.
|
||||
The
|
||||
.Fa qop_req
|
||||
parameter allows a choice between several cryptographic algorithms,
|
||||
if supported by the chosen mechanism.
|
||||
.Pp
|
||||
Since some application-level protocols may wish to use tokens emitted
|
||||
by
|
||||
.Fn gss_wrap
|
||||
to provide "secure framing",
|
||||
implementations must support derivation of MICs from zero-length messages.
|
||||
.Pp
|
||||
The
|
||||
.Fn gss_sign
|
||||
routine is an obsolete variant of
|
||||
.Fn gss_get_mic .
|
||||
It is
|
||||
provided for backwards
|
||||
compatibility with applications using the GSS-API V1 interface.
|
||||
A distinct entrypoint (as opposed to #define) is provided,
|
||||
both to allow GSS-API V1 applications to link
|
||||
and to retain the slight parameter type differences between the
|
||||
obsolete versions of this routine and its current form.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
Identifies the context on which the message will be sent.
|
||||
.It qop_req
|
||||
Specifies requested quality of protection.
|
||||
Callers are encouraged, on portability grounds,
|
||||
to accept the default quality of protection offered by the chosen
|
||||
mechanism,
|
||||
which may be requested by specifying
|
||||
.Dv GSS_C_QOP_DEFAULT
|
||||
for this parameter.
|
||||
If an unsupported protection strength is requested,
|
||||
.Fn gss_get_mic
|
||||
will return a
|
||||
.Fa major_status
|
||||
of
|
||||
.Dv GSS_S_BAD_QOP .
|
||||
.It message_buffer
|
||||
Message to be protected.
|
||||
.It msg_token
|
||||
Buffer to receive token.
|
||||
The application must free storage associated with this buffer after
|
||||
use with a call to
|
||||
.Fn gss_release_buffer .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_CONTEXT_EXPIRED
|
||||
The context has already expired
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The context_handle parameter did not identify a valid context
|
||||
.It GSS_S_BAD_QOP
|
||||
The specified QOP is not supported by the mechanism
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_wrap 3 ,
|
||||
.Xr gss_release_buffer 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
46
lib/libgssapi/gss_get_mic.c
Normal file
46
lib/libgssapi/gss_get_mic.c
Normal file
@ -0,0 +1,46 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_get_mic(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t message_buffer,
|
||||
gss_buffer_t message_token)
|
||||
{
|
||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
|
||||
return (m->gm_get_mic(minor_status, ctx->gc_ctx, qop_req,
|
||||
message_buffer, message_token));
|
||||
}
|
139
lib/libgssapi/gss_import_name.3
Normal file
139
lib/libgssapi/gss_import_name.3
Normal file
@ -0,0 +1,139 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_IMPORT_NAME 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_import_name
|
||||
.Nd Convert a contiguous string name to internal-form
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_import_name
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_buffer_t input_name_buffer"
|
||||
.Fa "const gss_OID input_name_type"
|
||||
.Fa "gss_name_t *output_name"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Convert a contiguous string name to internal form.
|
||||
In general,
|
||||
the internal name returned (via the
|
||||
.Fa output_name
|
||||
parameter) will not be an MN;
|
||||
the exception to this is if the
|
||||
.Fa input_name_type
|
||||
indicates that the contiguous string provided via the
|
||||
.Fa input_name_buffer
|
||||
parameter is of type
|
||||
.Dv GSS_C_NT_EXPORT_NAME ,
|
||||
in which case the returned internal name will be an MN for the
|
||||
mechanism that exported the name.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It input_name_buffer
|
||||
Buffer containing contiguous string name to convert.
|
||||
.It input_name_type
|
||||
Object ID specifying type of printable name.
|
||||
Applications may specify either
|
||||
.Dv GSS_C_NO_OID
|
||||
to use a mechanism-specific default printable syntax,
|
||||
or an OID recognized by the GSS-API implementation to name a specific
|
||||
namespace.
|
||||
.It output_name
|
||||
Returned name in internal form.
|
||||
Storage associated with this name must be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_name .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_BAD_NAMETYPE
|
||||
The
|
||||
.Fa input_name_type
|
||||
was unrecognized
|
||||
.It GSS_S_BAD_NAME
|
||||
The
|
||||
.Fa input_name
|
||||
parameter could not be interpreted as a name of the specified type
|
||||
.It GSS_S_BAD_MECH
|
||||
The input name-type was
|
||||
.Dv GSS_C_NT_EXPORT_NAME ,
|
||||
but the mechanism contained within the input-name is not supported
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_release_name 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
219
lib/libgssapi/gss_import_name.c
Normal file
219
lib/libgssapi/gss_import_name.c
Normal file
@ -0,0 +1,219 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "utils.h"
|
||||
#include "name.h"
|
||||
|
||||
static OM_uint32
|
||||
_gss_import_export_name(OM_uint32 *minor_status,
|
||||
const gss_buffer_t input_name_buffer,
|
||||
gss_name_t *output_name)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
unsigned char *p = input_name_buffer->value;
|
||||
size_t len = input_name_buffer->length;
|
||||
size_t t;
|
||||
gss_OID_desc mech_oid;
|
||||
struct _gss_mech_switch *m;
|
||||
struct _gss_name *name;
|
||||
struct _gss_mechanism_name *mn;
|
||||
gss_name_t new_canonical_name;
|
||||
|
||||
*minor_status = 0;
|
||||
*output_name = 0;
|
||||
|
||||
/*
|
||||
* Make sure that TOK_ID is {4, 1}.
|
||||
*/
|
||||
if (len < 2)
|
||||
return (GSS_S_BAD_NAME);
|
||||
if (p[0] != 4 || p[1] != 1)
|
||||
return (GSS_S_BAD_NAME);
|
||||
p += 2;
|
||||
len -= 2;
|
||||
|
||||
/*
|
||||
* Get the mech length and the name length and sanity
|
||||
* check the size of of the buffer.
|
||||
*/
|
||||
if (len < 2)
|
||||
return (GSS_S_BAD_NAME);
|
||||
t = (p[0] << 8) + p[1];
|
||||
p += 2;
|
||||
len -= 2;
|
||||
|
||||
/*
|
||||
* Check the DER encoded OID to make sure it agrees with the
|
||||
* length we just decoded.
|
||||
*/
|
||||
if (p[0] != 6) /* 6=OID */
|
||||
return (GSS_S_BAD_NAME);
|
||||
p++;
|
||||
len--;
|
||||
t--;
|
||||
if (p[0] & 0x80) {
|
||||
int digits = p[0];
|
||||
p++;
|
||||
len--;
|
||||
t--;
|
||||
mech_oid.length = 0;
|
||||
while (digits--) {
|
||||
mech_oid.length = (mech_oid.length << 8) | p[0];
|
||||
p++;
|
||||
len--;
|
||||
t--;
|
||||
}
|
||||
} else {
|
||||
mech_oid.length = p[0];
|
||||
p++;
|
||||
len--;
|
||||
t--;
|
||||
}
|
||||
if (mech_oid.length != t)
|
||||
return (GSS_S_BAD_NAME);
|
||||
|
||||
mech_oid.elements = p;
|
||||
|
||||
if (len < t + 4)
|
||||
return (GSS_S_BAD_NAME);
|
||||
p += t;
|
||||
len -= t;
|
||||
|
||||
t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
|
||||
p += 4;
|
||||
len -= 4;
|
||||
|
||||
if (len != t)
|
||||
return (GSS_S_BAD_NAME);
|
||||
|
||||
m = _gss_find_mech_switch(&mech_oid);
|
||||
if (!m)
|
||||
return (GSS_S_BAD_MECH);
|
||||
|
||||
/*
|
||||
* Ask the mechanism to import the name.
|
||||
*/
|
||||
major_status = m->gm_import_name(minor_status,
|
||||
input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name);
|
||||
|
||||
/*
|
||||
* Now we make a new name and mark it as an MN.
|
||||
*/
|
||||
name = _gss_make_name(m, new_canonical_name);
|
||||
if (!name) {
|
||||
m->gm_release_name(minor_status, &new_canonical_name);
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
*output_name = (gss_name_t) name;
|
||||
|
||||
*minor_status = 0;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_import_name(OM_uint32 *minor_status,
|
||||
const gss_buffer_t input_name_buffer,
|
||||
const gss_OID input_name_type,
|
||||
gss_name_t *output_name)
|
||||
{
|
||||
gss_OID name_type = input_name_type;
|
||||
OM_uint32 major_status;
|
||||
struct _gss_name *name;
|
||||
|
||||
if (input_name_buffer->length == 0) {
|
||||
*minor_status = 0;
|
||||
*output_name = 0;
|
||||
return (GSS_S_BAD_NAME);
|
||||
}
|
||||
|
||||
/*
|
||||
* Use GSS_NT_USER_NAME as default name type.
|
||||
*/
|
||||
if (name_type == GSS_C_NO_OID)
|
||||
name_type = GSS_C_NT_USER_NAME;
|
||||
|
||||
/*
|
||||
* If this is an exported name, we need to parse it to find
|
||||
* the mechanism and then import it as an MN. See RFC 2743
|
||||
* section 3.2 for a description of the format.
|
||||
*/
|
||||
if (_gss_oid_equal(name_type, GSS_C_NT_EXPORT_NAME)) {
|
||||
return _gss_import_export_name(minor_status,
|
||||
input_name_buffer, output_name);
|
||||
}
|
||||
|
||||
/*
|
||||
* Only allow certain name types. This is pretty bogus - we
|
||||
* should figure out the list of supported name types using
|
||||
* gss_inquire_names_for_mech.
|
||||
*/
|
||||
if (!_gss_oid_equal(name_type, GSS_C_NT_USER_NAME)
|
||||
&& !_gss_oid_equal(name_type, GSS_C_NT_MACHINE_UID_NAME)
|
||||
&& !_gss_oid_equal(name_type, GSS_C_NT_STRING_UID_NAME)
|
||||
&& !_gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE_X)
|
||||
&& !_gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE)
|
||||
&& !_gss_oid_equal(name_type, GSS_C_NT_ANONYMOUS)
|
||||
&& !_gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) {
|
||||
*minor_status = 0;
|
||||
*output_name = 0;
|
||||
return (GSS_S_BAD_NAMETYPE);
|
||||
}
|
||||
|
||||
*minor_status = 0;
|
||||
name = malloc(sizeof(struct _gss_name));
|
||||
if (!name) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
memset(name, 0, sizeof(struct _gss_name));
|
||||
|
||||
major_status = _gss_copy_oid(minor_status,
|
||||
name_type, &name->gn_type);
|
||||
if (major_status) {
|
||||
free(name);
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
major_status = _gss_copy_buffer(minor_status,
|
||||
input_name_buffer, &name->gn_value);
|
||||
if (major_status) {
|
||||
gss_release_name(minor_status, (gss_name_t*) &name);
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
SLIST_INIT(&name->gn_mn);
|
||||
|
||||
*output_name = (gss_name_t) name;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
120
lib/libgssapi/gss_import_sec_context.3
Normal file
120
lib/libgssapi/gss_import_sec_context.3
Normal file
@ -0,0 +1,120 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_IMPORT_SEC_CONTEXT 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_import_sec_context
|
||||
.Nd Import a transferred context
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_import_sec_context
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_buffer_t interprocess_token"
|
||||
.Fa "gss_ctx_id_t *context_handle"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Allows a process to import a security context established by another
|
||||
process.
|
||||
A given interprocess token may be imported only once.
|
||||
See
|
||||
.Fn gss_export_sec_context .
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It interprocess_token
|
||||
Token received from exporting process.
|
||||
.It context_handle
|
||||
Context handle of newly reactivated context.
|
||||
Resources associated with this context handle must be released by the
|
||||
application after use with a call to
|
||||
.Fn gss_delete_sec_context .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The token did not contain a valid context reference
|
||||
.It GSS_S_DEFECTIVE_TOKEN
|
||||
The token was invalid
|
||||
.It GSS_S_UNAVAILABLE
|
||||
The operation is unavailable
|
||||
.It GSS_S_UNAUTHORIZED
|
||||
Local policy prevents the import of this context by the current process
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_export_sec_context 3 ,
|
||||
.Xr gss_delete_sec_context 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
86
lib/libgssapi/gss_import_sec_context.c
Normal file
86
lib/libgssapi/gss_import_sec_context.c
Normal file
@ -0,0 +1,86 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_import_sec_context(OM_uint32 *minor_status,
|
||||
const gss_buffer_t interprocess_token,
|
||||
gss_ctx_id_t *context_handle)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_mech_switch *m;
|
||||
struct _gss_context *ctx;
|
||||
gss_OID_desc mech_oid;
|
||||
gss_buffer_desc buf;
|
||||
unsigned char *p;
|
||||
size_t len;
|
||||
|
||||
*minor_status = 0;
|
||||
*context_handle = 0;
|
||||
|
||||
/*
|
||||
* We added an oid to the front of the token in
|
||||
* gss_export_sec_context.
|
||||
*/
|
||||
p = interprocess_token->value;
|
||||
len = interprocess_token->length;
|
||||
if (len < 2)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
mech_oid.length = (p[0] << 8) | p[1];
|
||||
if (len < mech_oid.length + 2)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
mech_oid.elements = p + 2;
|
||||
buf.length = len - 2 - mech_oid.length;
|
||||
buf.value = p + 2 + mech_oid.length;
|
||||
|
||||
m = _gss_find_mech_switch(&mech_oid);
|
||||
if (!m)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
|
||||
ctx = malloc(sizeof(struct _gss_context));
|
||||
if (!ctx) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
ctx->gc_mech = m;
|
||||
major_status = m->gm_import_sec_context(minor_status,
|
||||
&buf, &ctx->gc_ctx);
|
||||
if (major_status != GSS_S_COMPLETE) {
|
||||
free(ctx);
|
||||
} else {
|
||||
*context_handle = (gss_ctx_id_t) ctx;
|
||||
}
|
||||
|
||||
return (major_status);
|
||||
}
|
107
lib/libgssapi/gss_indicate_mechs.3
Normal file
107
lib/libgssapi/gss_indicate_mechs.3
Normal file
@ -0,0 +1,107 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_INDICATE_MECHS 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_indicate_mechs
|
||||
.Nd Determine available underlying authentication mechanisms
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_indicate_mechs
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_OID_set *mech_set"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Allows an application to determine which underlying security
|
||||
mechanisms are available.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It mech_set
|
||||
Set of implementation-supported mechanisms.
|
||||
The returned
|
||||
.Fa mech_set
|
||||
value will be a dynamically-allocated OID set,
|
||||
that should be released by the caller after use with a call to
|
||||
.Fn gss_release_oid_set .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_release_oid_set 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
60
lib/libgssapi/gss_indicate_mechs.c
Normal file
60
lib/libgssapi/gss_indicate_mechs.c
Normal file
@ -0,0 +1,60 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
|
||||
OM_uint32
|
||||
gss_indicate_mechs(OM_uint32 *minor_status,
|
||||
gss_OID_set *mech_set)
|
||||
{
|
||||
struct _gss_mech_switch *m;
|
||||
OM_uint32 major_status;
|
||||
gss_OID_set set;
|
||||
int i;
|
||||
|
||||
_gss_load_mech();
|
||||
|
||||
major_status = gss_create_empty_oid_set(minor_status, mech_set);
|
||||
if (major_status)
|
||||
return (major_status);
|
||||
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
major_status = m->gm_indicate_mechs(minor_status, &set);
|
||||
if (major_status)
|
||||
continue;
|
||||
for (i = 0; i < set->count; i++)
|
||||
major_status = gss_add_oid_set_member(minor_status,
|
||||
&set->elements[i], mech_set);
|
||||
gss_release_oid_set(minor_status, &set);
|
||||
}
|
||||
|
||||
*minor_status = 0;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
571
lib/libgssapi/gss_init_sec_context.3
Normal file
571
lib/libgssapi/gss_init_sec_context.3
Normal file
@ -0,0 +1,571 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_INIT_SEC_CONTEXT 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_init_sec_context
|
||||
.Nd Initiate a security context with a peer application
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_init_sec_context
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_cred_id_t initiator_cred_handle"
|
||||
.Fa "gss_ctx_id_t *context_handle"
|
||||
.Fa "const gss_name_t target_name"
|
||||
.Fa "const gss_OID mech_type"
|
||||
.Fa "OM_uint32 req_flags"
|
||||
.Fa "OM_uint32 time_req"
|
||||
.Fa "const gss_channel_bindings_t input_chan_bindings"
|
||||
.Fa "const gss_buffer_t input_token"
|
||||
.Fa "gss_OID *actual_mech_type"
|
||||
.Fa "gss_buffer_t output_token"
|
||||
.Fa "OM_uint32 *ret_flags"
|
||||
.Fa "OM_uint32 *time_rec"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Initiates the establishment of a security context between the
|
||||
application and a remote peer.
|
||||
Initially, the input_token parameter should be specified either as
|
||||
.Dv GSS_C_NO_BUFFER, or as a pointer to a
|
||||
gss_buffer_desc object whose length field contains the value zero.
|
||||
The routine may return a output_token which should be transferred to
|
||||
the peer application, where the peer application will present it to
|
||||
.Xr gss_accept_sec_context 3 . If no token need be sent,
|
||||
.Fn gss_init_sec_context
|
||||
will indicate this by setting the
|
||||
.Dv length field
|
||||
of the output_token argument to zero. To complete the context
|
||||
establishment, one or more reply tokens may be required from the peer
|
||||
application; if so,
|
||||
.Fn gss_init_sec_context
|
||||
will return a status
|
||||
containing the supplementary information bit
|
||||
.Dv GSS_S_CONTINUE_NEEDED.
|
||||
In this case,
|
||||
.Fn gss_init_sec_context
|
||||
should be called again when the reply token is received from the peer
|
||||
application, passing the reply token to
|
||||
.Fn gss_init_sec_context
|
||||
via the input_token parameters.
|
||||
.Pp
|
||||
Portable applications should be constructed to use the token length
|
||||
and return status to determine whether a token needs to be sent or
|
||||
waited for. Thus a typical portable caller should always invoke
|
||||
.Fn gss_init_sec_context
|
||||
within a loop:
|
||||
.Bd -literal
|
||||
int context_established = 0;
|
||||
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
|
||||
...
|
||||
input_token->length = 0;
|
||||
|
||||
while (!context_established) {
|
||||
maj_stat = gss_init_sec_context(&min_stat,
|
||||
cred_hdl,
|
||||
&context_hdl,
|
||||
target_name,
|
||||
desired_mech,
|
||||
desired_services,
|
||||
desired_time,
|
||||
input_bindings,
|
||||
input_token,
|
||||
&actual_mech,
|
||||
output_token,
|
||||
&actual_services,
|
||||
&actual_time);
|
||||
if (GSS_ERROR(maj_stat)) {
|
||||
report_error(maj_stat, min_stat);
|
||||
};
|
||||
|
||||
if (output_token->length != 0) {
|
||||
send_token_to_peer(output_token);
|
||||
gss_release_buffer(&min_stat, output_token)
|
||||
};
|
||||
if (GSS_ERROR(maj_stat)) {
|
||||
|
||||
if (context_hdl != GSS_C_NO_CONTEXT)
|
||||
gss_delete_sec_context(&min_stat,
|
||||
&context_hdl,
|
||||
GSS_C_NO_BUFFER);
|
||||
break;
|
||||
};
|
||||
|
||||
if (maj_stat & GSS_S_CONTINUE_NEEDED) {
|
||||
receive_token_from_peer(input_token);
|
||||
} else {
|
||||
context_established = 1;
|
||||
};
|
||||
};
|
||||
.Ed
|
||||
.Pp
|
||||
Whenever the routine returns a major status that includes the value
|
||||
.Dv GSS_S_CONTINUE_NEEDED, the context is not fully established and the
|
||||
following restrictions apply to the output parameters:
|
||||
.Bl -bullet
|
||||
.It
|
||||
The value returned via the
|
||||
.Fa time_rec
|
||||
parameter is undefined Unless
|
||||
the accompanying
|
||||
.Fa ret_flags
|
||||
parameter contains the bit
|
||||
.Dv GSS_C_PROT_READY_FLAG, indicating that per-message services may be
|
||||
applied in advance of a successful completion status, the value
|
||||
returned via the
|
||||
.Fa actual_mech_type
|
||||
parameter is undefined until the
|
||||
routine returns a major status value of
|
||||
.Dv GSS_S_COMPLETE.
|
||||
.It
|
||||
The values of the
|
||||
.Dv GSS_C_DELEG_FLAG ,
|
||||
.Dv GSS_C_MUTUAL_FLAG ,
|
||||
.Dv GSS_C_REPLAY_FLAG ,
|
||||
.Dv GSS_C_SEQUENCE_FLAG ,
|
||||
.Fv GSS_C_CONF_FLAG ,
|
||||
.Dv GSS_C_INTEG_FLAG and
|
||||
.Dv GSS_C_ANON_FLAG bits returned via the
|
||||
.Fa ret_flags
|
||||
parameter should contain the values that the
|
||||
implementation expects would be valid if context establishment
|
||||
were to succeed. In particular, if the application has requested
|
||||
a service such as delegation or anonymous authentication via the
|
||||
.Fa req_flags
|
||||
argument, and such a service is unavailable from the
|
||||
underlying mechanism,
|
||||
.Fn gss_init_sec_context
|
||||
should generate a token
|
||||
that will not provide the service, and indicate via the
|
||||
.Fa ret_flags
|
||||
argument that the service will not be supported. The application
|
||||
may choose to abort the context establishment by calling
|
||||
.Xr gss_delete_sec_context 3
|
||||
(if it cannot continue in the absence of
|
||||
the service), or it may choose to transmit the token and continue
|
||||
context establishment (if the service was merely desired but not
|
||||
mandatory).
|
||||
.It
|
||||
The values of the
|
||||
.Dv GSS_C_PROT_READY_FLAG and
|
||||
.Dv GSS_C_TRANS_FLAG bits
|
||||
within
|
||||
.Fa ret_flags
|
||||
should indicate the actual state at the time
|
||||
.Fn gss_init_sec_context
|
||||
returns, whether or not the context is fully established.
|
||||
.It
|
||||
GSS-API implementations that support per-message protection are
|
||||
encouraged to set the
|
||||
.Dv GSS_C_PROT_READY_FLAG in the final
|
||||
.Fa ret_flags
|
||||
returned to a caller (i.e. when accompanied by a
|
||||
.Dv GSS_S_COMPLETE
|
||||
status code). However, applications should not rely on this
|
||||
behavior as the flag was not defined in Version 1 of the GSS-API.
|
||||
Instead, applications should determine what per-message services
|
||||
are available after a successful context establishment according
|
||||
to the
|
||||
.Dv GSS_C_INTEG_FLAG and
|
||||
.Dv GSS_C_CONF_FLAG values.
|
||||
.It
|
||||
All other bits within the
|
||||
.Fa ret_flags
|
||||
argument should be set to
|
||||
zero.
|
||||
.El
|
||||
.Pp
|
||||
If the initial call of
|
||||
.Fn gss_init_sec_context
|
||||
fails, the
|
||||
implementation should not create a context object, and should leave
|
||||
the value of the
|
||||
.Fa context_handle
|
||||
parameter set to
|
||||
.Dv GSS_C_NO_CONTEXT to
|
||||
indicate this. In the event of a failure on a subsequent call, the
|
||||
implementation is permitted to delete the "half-built" security
|
||||
context (in which case it should set the
|
||||
.Fa context_handle
|
||||
parameter to
|
||||
.Dv GSS_C_NO_CONTEXT ), but the preferred behavior is to leave the
|
||||
security context untouched for the application to delete (using
|
||||
.Xr gss_delete_sec_context 3 ).
|
||||
.Pp
|
||||
During context establishment, the informational status bits
|
||||
.Dv GSS_S_OLD_TOKEN and
|
||||
.Dv GSS_S_DUPLICATE_TOKEN indicate fatal errors, and
|
||||
GSS-API mechanisms should always return them in association with a
|
||||
routine error of
|
||||
.Dv GSS_S_FAILURE .
|
||||
This requirement for pairing did not
|
||||
exist in version 1 of the GSS-API specification, so applications that
|
||||
wish to run over version 1 implementations must special-case these
|
||||
codes.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It initiator_cred_handle
|
||||
handle for credentials claimed. Supply
|
||||
.Dv GSS_C_NO_CREDENTIAL to act as a default
|
||||
initiator principal. If no default
|
||||
initiator is defined, the function will
|
||||
return
|
||||
.Dv GSS_S_NO_CRED.
|
||||
.It context_handle
|
||||
context handle for new context. Supply
|
||||
.Dv GSS_C_NO_CONTEXT for first call; use value
|
||||
returned by first call in continuation calls.
|
||||
Resources associated with this context-handle
|
||||
must be released by the application after use
|
||||
with a call to
|
||||
.Fn gss_delete_sec_context .
|
||||
.It target_name
|
||||
Name of target
|
||||
.It mech_type
|
||||
Object ID of desired mechanism. Supply
|
||||
.Dv GSS_C_NO_OID to obtain an implementation
|
||||
specific default
|
||||
.It req_flags
|
||||
Contains various independent flags, each of
|
||||
which requests that the context support a
|
||||
specific service option. Symbolic
|
||||
names are provided for each flag, and the
|
||||
symbolic names corresponding to the required
|
||||
flags should be logically-ORed
|
||||
together to form the bit-mask value. The
|
||||
flags are:
|
||||
.Bl -tag -width "WW"
|
||||
.It GSS_C_DELEG_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Delegate credentials to remote peer
|
||||
.It False
|
||||
Don't delegate
|
||||
.El
|
||||
.It GSS_C_MUTUAL_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Request that remote peer authenticate itself
|
||||
.It False
|
||||
Authenticate self to remote peer only
|
||||
.El
|
||||
.It GSS_C_REPLAY_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Enable replay detection for messages protected with
|
||||
.Xr gss_wrap 3
|
||||
or
|
||||
.Xr gss_get_mic 3
|
||||
.It False
|
||||
Don't attempt to detect replayed messages
|
||||
.El
|
||||
.It GSS_C_SEQUENCE_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Enable detection of out-of-sequence protected messages
|
||||
.It False
|
||||
Don't attempt to detect out-of-sequence messages
|
||||
.El
|
||||
.It GSS_C_CONF_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Request that confidentiality service be made available (via
|
||||
.Xr gss_wrap 3 )
|
||||
.It False
|
||||
No per-message confidentiality service is required.
|
||||
.El
|
||||
.It GSS_C_INTEG_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Request that integrity service be made available (via
|
||||
.Xr gss_wrap 3
|
||||
or
|
||||
.Xr gss_get_mic 3 )
|
||||
.It False
|
||||
No per-message integrity service is required.
|
||||
.El
|
||||
.It GSS_C_ANON_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Do not reveal the initiator's identity to the acceptor.
|
||||
.It False
|
||||
Authenticate normally.
|
||||
.El
|
||||
.El
|
||||
.It time_req
|
||||
Desired number of seconds for which context
|
||||
should remain valid. Supply 0 to request a
|
||||
default validity period.
|
||||
.It input_chan_bindings
|
||||
Application-specified bindings. Allows
|
||||
application to securely bind channel
|
||||
identification information to the security
|
||||
context. Specify
|
||||
.Dv GSS_C_NO_CHANNEL_BINDINGS
|
||||
if channel bindings are not used.
|
||||
.It input_token
|
||||
Token received from peer application.
|
||||
Supply
|
||||
.Dv GSS_C_NO_BUFFER, or a pointer to
|
||||
a buffer containing the value
|
||||
.Dv GSS_C_EMPTY_BUFFER
|
||||
on initial call.
|
||||
.It actual_mech_type
|
||||
Actual mechanism used. The OID returned via
|
||||
this parameter will be a pointer to static
|
||||
storage that should be treated as read-only;
|
||||
In particular the application should not attempt
|
||||
to free it. Specify
|
||||
.Dv NULL if not required.
|
||||
.It output_token
|
||||
token to be sent to peer application. If
|
||||
the length field of the returned buffer is
|
||||
zero, no token need be sent to the peer
|
||||
application. Storage associated with this
|
||||
buffer must be freed by the application
|
||||
after use with a call to
|
||||
.Xr gss_release_buffer 3 .
|
||||
.It ret_flags
|
||||
Contains various independent flags, each of which
|
||||
indicates that the context supports a specific
|
||||
service option. Specify
|
||||
.Dv NULL if not
|
||||
required. Symbolic names are provided
|
||||
for each flag, and the symbolic names
|
||||
corresponding to the required flags should be
|
||||
logically-ANDed with the
|
||||
.Fa ret_flags
|
||||
value to test
|
||||
whether a given option is supported by the
|
||||
context. The flags are:
|
||||
.Bl -tag -width "WW"
|
||||
.It GSS_C_DELEG_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Credentials were delegated to the remote peer
|
||||
.It False
|
||||
No credentials were delegated
|
||||
.El
|
||||
.It GSS_C_MUTUAL_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
The remote peer has authenticated itself.
|
||||
.It False
|
||||
Remote peer has not authenticated itself.
|
||||
.El
|
||||
.It GSS_C_REPLAY_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Replay of protected messages will be detected
|
||||
.It False
|
||||
Replayed messages will not be detected
|
||||
.El
|
||||
.It GSS_C_SEQUENCE_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Out-of-sequence protected messages will be detected
|
||||
.It False
|
||||
Out-of-sequence messages will not be detected
|
||||
.El
|
||||
.It GSS_C_CONF_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Confidentiality service may be invoked by calling
|
||||
.Xr gss_wrap 3
|
||||
routine
|
||||
.It False
|
||||
No confidentiality service (via
|
||||
.Xr gss_wrap 3 ) available.
|
||||
.Xr gss_wrap 3 will
|
||||
provide message encapsulation,
|
||||
data-origin authentication and
|
||||
integrity services only.
|
||||
.El
|
||||
.It GSS_C_INTEG_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Integrity service may be invoked by calling either
|
||||
.Xr gss_get_mic 3
|
||||
or
|
||||
.Xr gss_wrap 3
|
||||
routines.
|
||||
.It False
|
||||
Per-message integrity service unavailable.
|
||||
.El
|
||||
.It GSS_C_ANON_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
The initiator's identity has not been
|
||||
revealed, and will not be revealed if
|
||||
any emitted token is passed to the
|
||||
acceptor.
|
||||
.It False
|
||||
The initiator's identity has been or will be authenticated normally.
|
||||
.El
|
||||
.It GSS_C_PROT_READY_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Protection services (as specified by the states of the
|
||||
.Dv GSS_C_CONF_FLAG
|
||||
and
|
||||
.Dv GSS_C_INTEG_FLAG ) are available for
|
||||
use if the accompanying major status
|
||||
return value is either
|
||||
.Dv GSS_S_COMPLETE
|
||||
or
|
||||
.Dv GSS_S_CONTINUE_NEEDED.
|
||||
.It False
|
||||
Protection services (as specified by the states of the
|
||||
.Dv GSS_C_CONF_FLAG
|
||||
and
|
||||
.Dv GSS_C_INTEG_FLAG ) are available
|
||||
only if the accompanying major status
|
||||
return value is
|
||||
.Dv GSS_S_COMPLETE.
|
||||
.El
|
||||
.It GSS_C_TRANS_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
The resultant security context may be transferred to other processes via
|
||||
a call to
|
||||
.Fn gss_export_sec_context .
|
||||
.It False
|
||||
The security context is not transferable.
|
||||
.El
|
||||
.El
|
||||
.Pp
|
||||
All other bits should be set to zero.
|
||||
.It time_rec
|
||||
Number of seconds for which the context
|
||||
will remain valid. If the implementation does
|
||||
not support context expiration, the value
|
||||
.Dv GSS_C_INDEFINITE will be returned. Specify
|
||||
.Dv NULL if not required.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_CONTINUE_NEEDED
|
||||
Indicates that a token from the peer
|
||||
application is required to complete the
|
||||
context, and that gss_init_sec_context
|
||||
must be called again with that token.
|
||||
.It GSS_S_DEFECTIVE_TOKEN
|
||||
Indicates that consistency checks performed
|
||||
on the input_token failed
|
||||
.It GSS_S_DEFECTIVE_CREDENTIAL
|
||||
Indicates that consistency checks
|
||||
performed on the credential failed.
|
||||
.It GSS_S_NO_CRED
|
||||
The supplied credentials were not valid for
|
||||
context initiation, or the credential handle
|
||||
did not reference any credentials.
|
||||
.It GSS_S_CREDENTIALS_EXPIRED
|
||||
The referenced credentials have expired
|
||||
.It GSS_S_BAD_BINDINGS
|
||||
The input_token contains different channel
|
||||
bindings to those specified via the
|
||||
input_chan_bindings parameter
|
||||
.It GSS_S_BAD_SIG
|
||||
The input_token contains an invalid MIC, or a MIC
|
||||
that could not be verified
|
||||
.It GSS_S_OLD_TOKEN
|
||||
The input_token was too old. This is a fatal
|
||||
error during context establishment
|
||||
.It GSS_S_DUPLICATE_TOKEN
|
||||
The input_token is valid, but is a duplicate
|
||||
of a token already processed. This is a
|
||||
fatal error during context establishment.
|
||||
.It GSS_S_NO_CONTEXT
|
||||
Indicates that the supplied context handle did
|
||||
not refer to a valid context
|
||||
.It GSS_S_BAD_NAMETYPE
|
||||
The provided target_name parameter contained an
|
||||
invalid or unsupported type of name
|
||||
.It GSS_S_BAD_NAME
|
||||
The provided target_name parameter was ill-formed.
|
||||
.It GSS_S_BAD_MECH
|
||||
The specified mechanism is not supported by the
|
||||
provided credential, or is unrecognized by the
|
||||
implementation.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_accept_sec_context 3 ,
|
||||
.Xr gss_delete_sec_context 3 ,
|
||||
.Xr gss_get_mic 3 ,
|
||||
.Xr gss_release_buffer 3 ,
|
||||
.Xr gss_wrap 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.El
|
||||
.\" .Sh HISTORY
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
129
lib/libgssapi/gss_init_sec_context.c
Normal file
129
lib/libgssapi/gss_init_sec_context.c
Normal file
@ -0,0 +1,129 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
#include "cred.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_init_sec_context(OM_uint32 * minor_status,
|
||||
const gss_cred_id_t initiator_cred_handle,
|
||||
gss_ctx_id_t * context_handle,
|
||||
const gss_name_t target_name,
|
||||
const gss_OID mech_type,
|
||||
OM_uint32 req_flags,
|
||||
OM_uint32 time_req,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
const gss_buffer_t input_token,
|
||||
gss_OID * actual_mech_type,
|
||||
gss_buffer_t output_token,
|
||||
OM_uint32 * ret_flags,
|
||||
OM_uint32 * time_rec)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_mech_switch *m;
|
||||
struct _gss_name *name = (struct _gss_name *) target_name;
|
||||
struct _gss_mechanism_name *mn;
|
||||
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
|
||||
struct _gss_cred *cred = (struct _gss_cred *) initiator_cred_handle;
|
||||
struct _gss_mechanism_cred *mc;
|
||||
gss_cred_id_t cred_handle;
|
||||
int allocated_ctx;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
/*
|
||||
* If we haven't allocated a context yet, do so now and lookup
|
||||
* the mechanism switch table. If we have one already, make
|
||||
* sure we use the same mechanism switch as before.
|
||||
*/
|
||||
if (!ctx) {
|
||||
ctx = malloc(sizeof(struct _gss_context));
|
||||
if (!ctx) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
memset(ctx, 0, sizeof(struct _gss_context));
|
||||
m = ctx->gc_mech = _gss_find_mech_switch(mech_type);
|
||||
if (!m) {
|
||||
free(ctx);
|
||||
return (GSS_S_BAD_MECH);
|
||||
}
|
||||
allocated_ctx = 1;
|
||||
} else {
|
||||
m = ctx->gc_mech;
|
||||
allocated_ctx = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Find the MN for this mechanism.
|
||||
*/
|
||||
mn = _gss_find_mn(name, mech_type);
|
||||
|
||||
/*
|
||||
* If we have a cred, find the cred for this mechanism.
|
||||
*/
|
||||
cred_handle = GSS_C_NO_CREDENTIAL;
|
||||
if (cred) {
|
||||
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
|
||||
if (_gss_oid_equal(mech_type, mc->gmc_mech_oid)) {
|
||||
cred_handle = mc->gmc_cred;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
major_status = m->gm_init_sec_context(minor_status,
|
||||
cred_handle,
|
||||
&ctx->gc_ctx,
|
||||
mn->gmn_name,
|
||||
mech_type,
|
||||
req_flags,
|
||||
time_req,
|
||||
input_chan_bindings,
|
||||
input_token,
|
||||
actual_mech_type,
|
||||
output_token,
|
||||
ret_flags,
|
||||
time_rec);
|
||||
|
||||
if (major_status != GSS_S_COMPLETE
|
||||
&& major_status != GSS_S_CONTINUE_NEEDED) {
|
||||
if (allocated_ctx)
|
||||
free(ctx);
|
||||
} else {
|
||||
*context_handle = (gss_ctx_id_t) ctx;
|
||||
}
|
||||
|
||||
return (major_status);
|
||||
}
|
284
lib/libgssapi/gss_inquire_context.3
Normal file
284
lib/libgssapi/gss_inquire_context.3
Normal file
@ -0,0 +1,284 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_INQUIRE_CONTEXT 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_inquire_context
|
||||
.Nd Obtain information about a security context
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_inquire_context
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "gss_name_t *src_name"
|
||||
.Fa "gss_name_t *targ_name"
|
||||
.Fa "OM_uint32 *lifetime_rec"
|
||||
.Fa "gss_OID *mech_type"
|
||||
.Fa "OM_uint32 *ctx_flags"
|
||||
.Fa "int *locally_initiated"
|
||||
.Fa "int *open"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Obtains information about a security context.
|
||||
The caller must already have obtained a handle that refers to the
|
||||
context,
|
||||
although the context need not be fully established.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
A handle that refers to the security context.
|
||||
.It src_name
|
||||
The name of the context initiator.
|
||||
If the context was established using anonymous authentication,
|
||||
and if the application invoking
|
||||
.Fn gss_inquire_context
|
||||
is the context acceptor,
|
||||
an anonymous name will be returned.
|
||||
Storage associated with this name must be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_name .
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It targ_name
|
||||
The name of the context acceptor.
|
||||
Storage associated with this name must be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_name .
|
||||
If the context acceptor did not authenticate itself,
|
||||
and if the initiator did not specify a target name in its call to
|
||||
.Fn gss_init_sec_context ,
|
||||
the value
|
||||
.Dv GSS_C_NO_NAME
|
||||
will be returned.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It lifetime_rec
|
||||
The number of seconds for which the context will remain valid.
|
||||
If the context has expired,
|
||||
this parameter will be set to zero.
|
||||
If the implementation does not support context expiration,
|
||||
the value
|
||||
.Dv GSS_C_INDEFINITE
|
||||
will be returned.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It mech_type
|
||||
The security mechanism providing the context.
|
||||
The returned OID will be a pointer to static storage that should be
|
||||
treated as read-only by the application;
|
||||
in particular the application should not attempt to free it.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It ctx_flags
|
||||
Contains various independent flags,
|
||||
each of which indicates that the context supports
|
||||
(or is expected to support, if
|
||||
.Fa open
|
||||
is false)
|
||||
a specific service option.
|
||||
If not needed, specify
|
||||
.Dv NULL .
|
||||
Symbolic names are provided for each flag,
|
||||
and the symbolic names corresponding to the required flags should be
|
||||
logically-ANDed with the
|
||||
.Fa ctx_flags
|
||||
value to test whether a given option is supported by the context.
|
||||
The flags are:
|
||||
.Bl -tag -width "WW"
|
||||
.It GSS_C_DELEG_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Credentials were delegated from the initiator to the acceptor.
|
||||
.It False
|
||||
No credentials were delegated.
|
||||
.El
|
||||
.It GSS_C_MUTUAL_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
The acceptor was authenticated to the initiator.
|
||||
.It False
|
||||
The acceptor did not authenticate itself.
|
||||
.El
|
||||
.It GSS_C_REPLAY_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Replay of protected messages will be detected.
|
||||
.It False
|
||||
Replayed messages will not be detected.
|
||||
.El
|
||||
.It GSS_C_SEQUENCE_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Out-of-sequence protected messages will be detected.
|
||||
.It False
|
||||
Out-of-sequence messages will not be detected.
|
||||
.El
|
||||
.It GSS_C_CONF_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Confidentiality service may be invoked by calling
|
||||
.Fn gss_wrap
|
||||
routine.
|
||||
.It False
|
||||
No confidentiality service
|
||||
(via
|
||||
.Fn gss_wrap )
|
||||
available.
|
||||
.Fn gss_wrap
|
||||
will provide message encapsulation,
|
||||
data-origin authentication and integrity services only.
|
||||
.El
|
||||
.It GSS_C_INTEG_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Integrity service may be invoked by calling either
|
||||
.Fn gss_get_mic
|
||||
or
|
||||
.Fn gss_wrap
|
||||
routines.
|
||||
.It False
|
||||
Per-message integrity service unavailable.
|
||||
.El
|
||||
.It GSS_C_ANON_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
The initiator's identity will not be revealed to the acceptor.
|
||||
The
|
||||
.Fa src_name
|
||||
parameter (if requested) contains an anonymous internal name.
|
||||
.It False
|
||||
The initiator has been authenticated normally.
|
||||
.El
|
||||
.It GSS_C_PROT_READY_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
Protection services
|
||||
(as specified by the states of the
|
||||
.Dv GSS_C_CONF_FLAG
|
||||
and
|
||||
.Dv GSS_C_INTEG_FLAG )
|
||||
are available for use.
|
||||
.It False
|
||||
Protection services
|
||||
(as specified by the states of the
|
||||
.Dv GSS_C_CONF_FLAG
|
||||
and
|
||||
.Dv GSS_C_INTEG_FLAG )
|
||||
are available only if the context is fully established
|
||||
(i.e. if the
|
||||
.Fa open
|
||||
parameter is non-zero).
|
||||
.El
|
||||
.It GSS_C_TRANS_FLAG
|
||||
.Bl -tag -width "False"
|
||||
.It True
|
||||
The security context may be transferred to other processes via a call to
|
||||
.Fn gss_export_sec_context .
|
||||
.It False
|
||||
The security context is not transferable.
|
||||
.El
|
||||
.El
|
||||
.It locally_initiated
|
||||
Non-zero if the invoking application is the context initiator.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It open
|
||||
Non-zero if the context is fully established;
|
||||
Zero if a context-establishment token is expected from the peer
|
||||
application.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The referenced context could not be accessed
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_release_name 3 ,
|
||||
.Xr gss_init_sec_context 3 ,
|
||||
.Xr gss_wrap 3 ,
|
||||
.Xr gss_get_mic 3 ,
|
||||
.Xr gss_export_sec_context 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
88
lib/libgssapi/gss_inquire_context.c
Normal file
88
lib/libgssapi/gss_inquire_context.c
Normal file
@ -0,0 +1,88 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32
|
||||
gss_inquire_context(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_name_t *src_name,
|
||||
gss_name_t *targ_name,
|
||||
OM_uint32 *lifetime_rec,
|
||||
gss_OID *mech_type,
|
||||
OM_uint32 *ctx_flags,
|
||||
int *locally_initiated,
|
||||
int *open)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
struct _gss_name *name;
|
||||
gss_name_t src_mn, targ_mn;
|
||||
|
||||
major_status = m->gm_inquire_context(minor_status,
|
||||
ctx->gc_ctx,
|
||||
src_name ? &src_mn : 0,
|
||||
targ_name ? &targ_mn : 0,
|
||||
lifetime_rec,
|
||||
mech_type,
|
||||
ctx_flags,
|
||||
locally_initiated,
|
||||
open);
|
||||
|
||||
if (src_name) *src_name = 0;
|
||||
if (targ_name) *targ_name = 0;
|
||||
|
||||
if (major_status != GSS_S_COMPLETE) {
|
||||
return (major_status);
|
||||
}
|
||||
|
||||
if (src_name) {
|
||||
name = _gss_make_name(m, src_mn);
|
||||
if (!name) {
|
||||
minor_status = 0;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
*src_name = (gss_name_t) name;
|
||||
}
|
||||
|
||||
if (targ_name) {
|
||||
name = _gss_make_name(m, targ_mn);
|
||||
if (!name) {
|
||||
minor_status = 0;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
*targ_name = (gss_name_t) name;
|
||||
}
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
158
lib/libgssapi/gss_inquire_cred.3
Normal file
158
lib/libgssapi/gss_inquire_cred.3
Normal file
@ -0,0 +1,158 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_INQUIRE_CRED 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_inquire_cred
|
||||
.Nd Obtain information about a credential
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_inquire_cred
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_cred_id_t cred_handle"
|
||||
.Fa "gss_ctx_id_t *context_handle"
|
||||
.Fa "gss_name_t *name"
|
||||
.Fa "OM_uint32 *lifetime"
|
||||
.Fa "gss_cred_usage_t *cred_usage"
|
||||
.Fa "gss_OID_set *mechanisms"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Obtains information about a credential.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It cred_handle
|
||||
A handle that refers to the target credential.
|
||||
Specify
|
||||
.Dv GSS_C_NO_CREDENTIAL
|
||||
to inquire about the default initiator principal.
|
||||
.It name
|
||||
The name whose identity the credential asserts.
|
||||
Storage associated with this name should be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_name .
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It lifetime
|
||||
The number of seconds for which the credential will remain valid.
|
||||
If the credential has expired,
|
||||
this parameter will be set to zero.
|
||||
If the implementation does not support credential expiration,
|
||||
the value GSS_C_INDEFINITE will be returned.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It cred_usage
|
||||
How the credential may be used.
|
||||
One of the following:
|
||||
.Bl -item -offset indent -compact
|
||||
.It
|
||||
.Dv GSS_C_INITIATE
|
||||
.It
|
||||
.Dv GSS_C_ACCEPT
|
||||
.It
|
||||
.Dv GSS_C_BOTH
|
||||
.El
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It mechanisms
|
||||
Set of mechanisms supported by the credential.
|
||||
Storage associated with this OID set must be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_oid_set .
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_NO_CRED
|
||||
The referenced credentials could not be accessed
|
||||
.It GSS_S_DEFECTIVE_CREDENTIAL
|
||||
The referenced credentials were invalid
|
||||
.It GSS_S_CREDENTIALS_EXPIRED
|
||||
The referenced credentials have expired.
|
||||
If the lifetime parameter was not passed as
|
||||
.Dv NULL ,
|
||||
it will be set to 0
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_release_name 3 ,
|
||||
.Xr gss_release_oid_set 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
167
lib/libgssapi/gss_inquire_cred.c
Normal file
167
lib/libgssapi/gss_inquire_cred.c
Normal file
@ -0,0 +1,167 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
#include "cred.h"
|
||||
|
||||
OM_uint32
|
||||
gss_inquire_cred(OM_uint32 *minor_status,
|
||||
const gss_cred_id_t cred_handle,
|
||||
gss_name_t *name_ret,
|
||||
OM_uint32 *lifetime,
|
||||
gss_cred_usage_t *cred_usage,
|
||||
gss_OID_set *mechanisms)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_mech_switch *m;
|
||||
struct _gss_cred *cred = (struct _gss_cred *) cred_handle;
|
||||
struct _gss_mechanism_cred *mc;
|
||||
struct _gss_name *name;
|
||||
struct _gss_mechanism_name *mn;
|
||||
OM_uint32 min_lifetime;
|
||||
|
||||
*minor_status = 0;
|
||||
if (name_ret)
|
||||
*name_ret = 0;
|
||||
if (lifetime)
|
||||
*lifetime = 0;
|
||||
if (cred_usage)
|
||||
*cred_usage = 0;
|
||||
|
||||
if (name_ret) {
|
||||
name = malloc(sizeof(struct _gss_name));
|
||||
if (!name) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
memset(name, 0, sizeof(struct _gss_name));
|
||||
SLIST_INIT(&name->gn_mn);
|
||||
} else {
|
||||
name = 0;
|
||||
}
|
||||
|
||||
if (mechanisms) {
|
||||
major_status = gss_create_empty_oid_set(minor_status,
|
||||
mechanisms);
|
||||
if (major_status) {
|
||||
if (name) free(name);
|
||||
return (major_status);
|
||||
}
|
||||
}
|
||||
|
||||
min_lifetime = GSS_C_INDEFINITE;
|
||||
if (cred) {
|
||||
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
|
||||
gss_name_t mc_name;
|
||||
OM_uint32 mc_lifetime;
|
||||
|
||||
major_status = mc->gmc_mech->gm_inquire_cred(minor_status,
|
||||
mc->gmc_cred, &mc_name, &mc_lifetime, NULL, NULL);
|
||||
if (major_status)
|
||||
continue;
|
||||
|
||||
if (name) {
|
||||
mn = malloc(sizeof(struct _gss_mechanism_name));
|
||||
if (!mn) {
|
||||
mc->gmc_mech->gm_release_name(minor_status,
|
||||
&mc_name);
|
||||
continue;
|
||||
}
|
||||
mn->gmn_mech = mc->gmc_mech;
|
||||
mn->gmn_mech_oid = mc->gmc_mech_oid;
|
||||
mn->gmn_name = mc_name;
|
||||
SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
|
||||
} else {
|
||||
mc->gmc_mech->gm_release_name(minor_status,
|
||||
&mc_name);
|
||||
}
|
||||
|
||||
if (mc_lifetime < min_lifetime)
|
||||
min_lifetime = mc_lifetime;
|
||||
|
||||
if (mechanisms)
|
||||
gss_add_oid_set_member(minor_status,
|
||||
mc->gmc_mech_oid, mechanisms);
|
||||
}
|
||||
} else {
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
gss_name_t mc_name;
|
||||
OM_uint32 mc_lifetime;
|
||||
|
||||
major_status = m->gm_inquire_cred(minor_status,
|
||||
GSS_C_NO_CREDENTIAL, &mc_name, &mc_lifetime,
|
||||
cred_usage, NULL);
|
||||
if (major_status)
|
||||
continue;
|
||||
|
||||
if (name && mc_name) {
|
||||
mn = malloc(
|
||||
sizeof(struct _gss_mechanism_name));
|
||||
if (!mn) {
|
||||
mc->gmc_mech->gm_release_name(
|
||||
minor_status, &mc_name);
|
||||
continue;
|
||||
}
|
||||
mn->gmn_mech = mc->gmc_mech;
|
||||
mn->gmn_mech_oid = mc->gmc_mech_oid;
|
||||
mn->gmn_name = mc_name;
|
||||
SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
|
||||
} else if (mc_name) {
|
||||
mc->gmc_mech->gm_release_name(minor_status,
|
||||
&mc_name);
|
||||
}
|
||||
|
||||
if (mc_lifetime < min_lifetime)
|
||||
min_lifetime = mc_lifetime;
|
||||
|
||||
if (mechanisms)
|
||||
gss_add_oid_set_member(minor_status,
|
||||
&m->gm_mech_oid, mechanisms);
|
||||
}
|
||||
|
||||
if ((*mechanisms)->count == 0) {
|
||||
gss_release_oid_set(minor_status, mechanisms);
|
||||
*minor_status = 0;
|
||||
return (GSS_S_NO_CRED);
|
||||
}
|
||||
}
|
||||
|
||||
*minor_status = 0;
|
||||
if (name_ret)
|
||||
*name_ret = (gss_name_t) name;
|
||||
if (lifetime)
|
||||
*lifetime = min_lifetime;
|
||||
if (cred && cred_usage)
|
||||
*cred_usage = cred->gc_usage;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
173
lib/libgssapi/gss_inquire_cred_by_mech.3
Normal file
173
lib/libgssapi/gss_inquire_cred_by_mech.3
Normal file
@ -0,0 +1,173 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_INQUIRE_CRED_BY_MECH 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_inquire_cred_by_mech
|
||||
.Nd Obtain per-mechanism information about a credential
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_inquire_cred_by_mech
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_cred_id_t cred_handle"
|
||||
.Fa "const gss_OID mech_type"
|
||||
.Fa "gss_name_t *name"
|
||||
.Fa "OM_uint32 *initiator_lifetime"
|
||||
.Fa "OM_uint32 *acceptor_lifetime"
|
||||
.Fa "gss_cred_usage_t *cred_usage"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Obtains per-mechanism information about a credential.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It cred_handle
|
||||
A handle that refers to the target credential.
|
||||
Specify
|
||||
.Dv GSS_C_NO_CREDENTIAL
|
||||
to inquire about the default initiator principal.
|
||||
.It mech_type
|
||||
The mechanism for which information should be returned.
|
||||
.It name
|
||||
The name whose identity the credential asserts.
|
||||
Storage associated with this name must be freed by the application
|
||||
after use with a call to
|
||||
.Fn gss_release_name .
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It initiator_lifetime
|
||||
|
||||
The number of seconds for which the credential will remain capable of
|
||||
initiating security contexts under the specified mechanism.
|
||||
If the credential can no longer be used to initiate contexts,
|
||||
or if the credential usage for this mechanism is
|
||||
.Dv GSS_C_ACCEPT ,
|
||||
this parameter will be set to zero.
|
||||
If the implementation does not support expiration of initiator
|
||||
credentials,
|
||||
the value
|
||||
.Dv GSS_C_INDEFINITE
|
||||
will be returned.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It acceptor_lifetime
|
||||
The number of seconds for which the credential will remain capable of
|
||||
accepting security contexts under the specified mechanism.
|
||||
If the credential can no longer be used to accept contexts,
|
||||
or if the credential usage for this mechanism is
|
||||
.Dv GSS_C_INITIATE ,
|
||||
this parameter will be set to zero.
|
||||
If the implementation does not support expiration of acceptor
|
||||
credentials,
|
||||
the value
|
||||
.Dv GSS_C_INDEFINITE
|
||||
will be returned.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.It cred_usage
|
||||
How the credential may be used with the specified mechanism.
|
||||
One of the following:
|
||||
.Bl -item -offset indent -compact
|
||||
.It
|
||||
.Dv GSS_C_INITIATE
|
||||
.It
|
||||
.Dv GSS_C_ACCEPT
|
||||
.It
|
||||
.Dv GSS_C_BOTH
|
||||
.El
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_NO_CRED
|
||||
The referenced credentials could not be accessed
|
||||
.It GSS_S_DEFECTIVE_CREDENTIAL
|
||||
The referenced credentials were invalid
|
||||
.It GSS_S_CREDENTIALS_EXPIRED
|
||||
The referenced credentials have expired.
|
||||
If the lifetime parameter was not passed as
|
||||
.Dv NULL ,
|
||||
it will be set to 0.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_release_name 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
82
lib/libgssapi/gss_inquire_cred_by_mech.c
Normal file
82
lib/libgssapi/gss_inquire_cred_by_mech.c
Normal file
@ -0,0 +1,82 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "cred.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32
|
||||
gss_inquire_cred_by_mech(OM_uint32 *minor_status,
|
||||
const gss_cred_id_t cred_handle,
|
||||
const gss_OID mech_type,
|
||||
gss_name_t *cred_name,
|
||||
OM_uint32 *initiator_lifetime,
|
||||
OM_uint32 *acceptor_lifetime,
|
||||
gss_cred_usage_t *cred_usage)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_mech_switch *m;
|
||||
struct _gss_mechanism_cred *mcp;
|
||||
gss_cred_id_t mc;
|
||||
gss_name_t mn;
|
||||
struct _gss_name *name;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
m = _gss_find_mech_switch(mech_type);
|
||||
if (!m)
|
||||
return (GSS_S_NO_CRED);
|
||||
|
||||
if (cred_handle != GSS_C_NO_CREDENTIAL) {
|
||||
struct _gss_cred *cred = (struct _gss_cred *) cred_handle;
|
||||
SLIST_FOREACH(mcp, &cred->gc_mc, gmc_link)
|
||||
if (mcp->gmc_mech == m)
|
||||
break;
|
||||
if (!mcp)
|
||||
return (GSS_S_NO_CRED);
|
||||
mc = mcp->gmc_cred;
|
||||
} else {
|
||||
mc = GSS_C_NO_CREDENTIAL;
|
||||
}
|
||||
|
||||
major_status = m->gm_inquire_cred_by_mech(minor_status, mc, mech_type,
|
||||
&mn, initiator_lifetime, acceptor_lifetime, cred_usage);
|
||||
if (major_status != GSS_S_COMPLETE)
|
||||
return (major_status);
|
||||
|
||||
name = _gss_make_name(m, mn);
|
||||
if (!name) {
|
||||
m->gm_release_name(minor_status, &mn);
|
||||
return (GSS_S_NO_CRED);
|
||||
}
|
||||
|
||||
*cred_name = (gss_name_t) name;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
134
lib/libgssapi/gss_inquire_mechs_for_name.3
Normal file
134
lib/libgssapi/gss_inquire_mechs_for_name.3
Normal file
@ -0,0 +1,134 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_INQUIRE_MECHS_FOR_NAME 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_inquire_mechs_for_name
|
||||
.Nd List mechanisms that support the specified name-type
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_inquire_mechs_for_name
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_name_t input_name"
|
||||
.Fa "gss_OID_set *mech_types"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Returns the set of mechanisms supported by the GSS-API implementation
|
||||
that may be able to process the specified name.
|
||||
.Pp
|
||||
|
||||
Each mechanism returned will recognize at least one element within the
|
||||
name.
|
||||
It is permissible for this routine to be implemented within a
|
||||
mechanism-independent GSS-API layer,
|
||||
using the type information contained within the presented name,
|
||||
and based on registration information provided by individual mechanism
|
||||
implementations.
|
||||
This means that the returned
|
||||
.Fa mech_types
|
||||
set may indicate that a particular mechanism will understand the name
|
||||
when in fact it would refuse to accept the name as input to
|
||||
.Fn gss_canonicalize_name ,
|
||||
.Fn gss_init_sec_context ,
|
||||
.Fn gss_acquire_cred
|
||||
or
|
||||
.Fn gss_add_cred
|
||||
(due to some property of the specific name, as opposed to the name
|
||||
type).
|
||||
Thus this routine should be used only as a pre-filter for a call to a
|
||||
subsequent mechanism-specific routine.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It input_name
|
||||
The name to which the inquiry relates.
|
||||
.It mech_types
|
||||
Set of mechanisms that may support the specified name.
|
||||
The returned OID set must be freed by the caller after use with a call
|
||||
to
|
||||
.Fn gss_release_oid_set .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_BAD_NAME
|
||||
The
|
||||
.Fa input_name
|
||||
parameter was ill-formed
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_release_oid_set 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
77
lib/libgssapi/gss_inquire_mechs_for_name.c
Normal file
77
lib/libgssapi/gss_inquire_mechs_for_name.c
Normal file
@ -0,0 +1,77 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32
|
||||
gss_inquire_mechs_for_name(OM_uint32 *minor_status,
|
||||
const gss_name_t input_name,
|
||||
gss_OID_set *mech_types)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_name *name = (struct _gss_name *) input_name;
|
||||
struct _gss_mech_switch *m;
|
||||
gss_OID_set name_types;
|
||||
int present;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
major_status = gss_create_empty_oid_set(minor_status, mech_types);
|
||||
if (major_status)
|
||||
return (major_status);
|
||||
|
||||
/*
|
||||
* We go through all the loaded mechanisms and see if this
|
||||
* name's type is supported by the mechanism. If it is, add
|
||||
* the mechanism to the set.
|
||||
*/
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
major_status = gss_inquire_names_for_mech(minor_status,
|
||||
&m->gm_mech_oid, &name_types);
|
||||
if (major_status) {
|
||||
gss_release_oid_set(minor_status, mech_types);
|
||||
return (major_status);
|
||||
}
|
||||
gss_test_oid_set_member(minor_status,
|
||||
&name->gn_type, name_types, &present);
|
||||
gss_release_oid_set(minor_status, &name_types);
|
||||
if (present) {
|
||||
major_status = gss_add_oid_set_member(minor_status,
|
||||
&m->gm_mech_oid, mech_types);
|
||||
if (major_status) {
|
||||
gss_release_oid_set(minor_status, mech_types);
|
||||
return (major_status);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
107
lib/libgssapi/gss_inquire_names_for_mech.3
Normal file
107
lib/libgssapi/gss_inquire_names_for_mech.3
Normal file
@ -0,0 +1,107 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_INQUIRE_NAMES_FOR_MECH 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_inquire_names_for_mech
|
||||
.Nd List the name-types supported by the specified mechanism
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_inquire_names_for_mech
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_OID mechanism"
|
||||
.Fa "gss_OID_set *name_types"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Returns the set of name-types supported by the specified mechanism.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It mechanism
|
||||
The mechanism to be interrogated.
|
||||
.It name_types
|
||||
Set of name-types supported by the specified mechanism.
|
||||
The returned OID set must be freed by the application after use with a
|
||||
call to
|
||||
.Fn gss_release_oid_set .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_release_oid_set 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
74
lib/libgssapi/gss_inquire_names_for_mech.c
Normal file
74
lib/libgssapi/gss_inquire_names_for_mech.c
Normal file
@ -0,0 +1,74 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
|
||||
OM_uint32
|
||||
gss_inquire_names_for_mech(OM_uint32 *minor_status,
|
||||
const gss_OID mechanism,
|
||||
gss_OID_set *name_types)
|
||||
{
|
||||
OM_uint32 major_status;
|
||||
struct _gss_mech_switch *m = _gss_find_mech_switch(mechanism);
|
||||
|
||||
*minor_status = 0;
|
||||
if (!m)
|
||||
return (GSS_S_BAD_MECH);
|
||||
|
||||
/*
|
||||
* If the implementation can do it, ask it for a list of
|
||||
* names, otherwise fake it.
|
||||
*/
|
||||
if (m->gm_inquire_names_for_mech) {
|
||||
return (m->gm_inquire_names_for_mech(minor_status,
|
||||
mechanism, name_types));
|
||||
} else {
|
||||
major_status = gss_create_empty_oid_set(minor_status,
|
||||
name_types);
|
||||
if (major_status)
|
||||
return (major_status);
|
||||
major_status = gss_add_oid_set_member(minor_status,
|
||||
GSS_C_NT_HOSTBASED_SERVICE, name_types);
|
||||
if (major_status) {
|
||||
OM_uint32 ms;
|
||||
gss_release_oid_set(&ms, name_types);
|
||||
return (major_status);
|
||||
}
|
||||
major_status = gss_add_oid_set_member(minor_status,
|
||||
GSS_C_NT_USER_NAME, name_types);
|
||||
if (major_status) {
|
||||
OM_uint32 ms;
|
||||
gss_release_oid_set(&ms, name_types);
|
||||
return (major_status);
|
||||
}
|
||||
}
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
87
lib/libgssapi/gss_krb5.c
Normal file
87
lib/libgssapi/gss_krb5.c
Normal file
@ -0,0 +1,87 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
#include "cred.h"
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_register_acceptor_identity(const char *identity)
|
||||
{
|
||||
struct _gss_mech_switch *m;
|
||||
|
||||
_gss_load_mech();
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
if (m->gm_krb5_register_acceptor_identity)
|
||||
m->gm_krb5_register_acceptor_identity(identity);
|
||||
}
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_copy_ccache(OM_uint32 *minor_status,
|
||||
gss_cred_id_t cred_handle,
|
||||
struct krb5_ccache_data *out)
|
||||
{
|
||||
struct _gss_mechanism_cred *mcp;
|
||||
struct _gss_cred *cred = (struct _gss_cred *) cred_handle;
|
||||
struct _gss_mech_switch *m;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
SLIST_FOREACH(mcp, &cred->gc_mc, gmc_link) {
|
||||
m = mcp->gmc_mech;
|
||||
if (m->gm_krb5_copy_ccache)
|
||||
return (m->gm_krb5_copy_ccache(minor_status,
|
||||
mcp->gmc_cred, out));
|
||||
}
|
||||
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_compat_des3_mic(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle, int flag)
|
||||
{
|
||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
if (m->gm_krb5_compat_des3_mic)
|
||||
return (m->gm_krb5_compat_des3_mic(minor_status,
|
||||
ctx->gc_ctx, flag));
|
||||
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
301
lib/libgssapi/gss_mech_switch.c
Normal file
301
lib/libgssapi/gss_mech_switch.c
Normal file
@ -0,0 +1,301 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <dlfcn.h>
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "utils.h"
|
||||
|
||||
#ifndef _PATH_GSS_MECH
|
||||
#define _PATH_GSS_MECH "/etc/gss/mech"
|
||||
#endif
|
||||
|
||||
struct _gss_mech_switch_list _gss_mechs =
|
||||
SLIST_HEAD_INITIALIZER(&_gss_mechs);
|
||||
gss_OID_set _gss_mech_oids;
|
||||
|
||||
/*
|
||||
* Convert a string containing an OID in 'dot' form
|
||||
* (e.g. 1.2.840.113554.1.2.2) to a gss_OID.
|
||||
*/
|
||||
static int
|
||||
_gss_string_to_oid(const char* s, gss_OID oid)
|
||||
{
|
||||
int number_count, i, j;
|
||||
int byte_count;
|
||||
const char *p, *q;
|
||||
char *res;
|
||||
|
||||
/*
|
||||
* First figure out how many numbers in the oid, then
|
||||
* calculate the compiled oid size.
|
||||
*/
|
||||
number_count = 0;
|
||||
for (p = s; p; p = q) {
|
||||
q = strchr(p, '.');
|
||||
if (q) q = q + 1;
|
||||
number_count++;
|
||||
}
|
||||
|
||||
/*
|
||||
* The first two numbers are in the first byte and each
|
||||
* subsequent number is encoded in a variable byte sequence.
|
||||
*/
|
||||
if (number_count < 2)
|
||||
return (EINVAL);
|
||||
|
||||
/*
|
||||
* We do this in two passes. The first pass, we just figure
|
||||
* out the size. Second time around, we actually encode the
|
||||
* number.
|
||||
*/
|
||||
res = 0;
|
||||
for (i = 0; i < 2; i++) {
|
||||
byte_count = 0;
|
||||
for (p = s, j = 0; p; p = q, j++) {
|
||||
unsigned int number = 0;
|
||||
|
||||
/*
|
||||
* Find the end of this number.
|
||||
*/
|
||||
q = strchr(p, '.');
|
||||
if (q) q = q + 1;
|
||||
|
||||
/*
|
||||
* Read the number of of the string. Don't
|
||||
* bother with anything except base ten.
|
||||
*/
|
||||
while (*p && *p != '.') {
|
||||
number = 10 * number + (*p - '0');
|
||||
p++;
|
||||
}
|
||||
|
||||
/*
|
||||
* Encode the number. The first two numbers
|
||||
* are packed into the first byte. Subsequent
|
||||
* numbers are encoded in bytes seven bits at
|
||||
* a time with the last byte having the high
|
||||
* bit set.
|
||||
*/
|
||||
if (j == 0) {
|
||||
if (res)
|
||||
*res = number * 40;
|
||||
} else if (j == 1) {
|
||||
if (res) {
|
||||
*res += number;
|
||||
res++;
|
||||
}
|
||||
byte_count++;
|
||||
} else if (j >= 2) {
|
||||
/*
|
||||
* The number is encoded in seven bit chunks.
|
||||
*/
|
||||
unsigned int t;
|
||||
int bytes;
|
||||
|
||||
bytes = 0;
|
||||
for (t = number; t; t >>= 7)
|
||||
bytes++;
|
||||
if (bytes == 0) bytes = 1;
|
||||
while (bytes) {
|
||||
if (res) {
|
||||
int bit = 7*(bytes-1);
|
||||
|
||||
*res = (number >> bit) & 0x7f;
|
||||
if (bytes != 1)
|
||||
*res |= 0x80;
|
||||
res++;
|
||||
}
|
||||
byte_count++;
|
||||
bytes--;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!res) {
|
||||
res = malloc(byte_count);
|
||||
if (!res)
|
||||
return (ENOMEM);
|
||||
oid->length = byte_count;
|
||||
oid->elements = res;
|
||||
}
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
#define SYM(name) \
|
||||
do { \
|
||||
m->gm_ ## name = dlsym(so, "gss_" #name); \
|
||||
if (!m->gm_ ## name) { \
|
||||
fprintf(stderr, "can't find symbol gss_" #name "\n"); \
|
||||
goto bad; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
#define OPTSYM(name) \
|
||||
do { \
|
||||
m->gm_ ## name = dlsym(so, "gss_" #name); \
|
||||
} while (0)
|
||||
|
||||
#define OPTSYM2(symname, ourname) \
|
||||
do { \
|
||||
m->ourname = dlsym(so, #symname); \
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* Load the mechanisms file (/etc/gss/mech).
|
||||
*/
|
||||
void
|
||||
_gss_load_mech(void)
|
||||
{
|
||||
OM_uint32 major_status, minor_status;
|
||||
FILE *fp;
|
||||
char buf[256];
|
||||
char *p;
|
||||
char *name, *oid, *lib, *kobj;
|
||||
struct _gss_mech_switch *m;
|
||||
int count;
|
||||
char **pp;
|
||||
void *so;
|
||||
|
||||
if (SLIST_FIRST(&_gss_mechs))
|
||||
return;
|
||||
|
||||
major_status = gss_create_empty_oid_set(&minor_status,
|
||||
&_gss_mech_oids);
|
||||
if (major_status)
|
||||
return;
|
||||
|
||||
fp = fopen(_PATH_GSS_MECH, "r");
|
||||
if (!fp) {
|
||||
perror(_PATH_GSS_MECH);
|
||||
return;
|
||||
}
|
||||
|
||||
count = 0;
|
||||
while (fgets(buf, sizeof(buf), fp)) {
|
||||
if (*buf == '#')
|
||||
continue;
|
||||
p = buf;
|
||||
name = strsep(&p, "\t\n ");
|
||||
if (p) while (isspace(p)) p++;
|
||||
oid = strsep(&p, "\t\n ");
|
||||
if (p) while (isspace(p)) p++;
|
||||
lib = strsep(&p, "\t\n ");
|
||||
if (p) while (isspace(p)) p++;
|
||||
kobj = strsep(&p, "\t\n ");
|
||||
if (!name || !oid || !lib || !kobj)
|
||||
continue;
|
||||
|
||||
so = dlopen(lib, RTLD_LOCAL);
|
||||
if (!so) {
|
||||
fprintf(stderr, "dlopen: %s\n", dlerror());
|
||||
continue;
|
||||
}
|
||||
|
||||
m = malloc(sizeof(struct _gss_mech_switch));
|
||||
if (!m)
|
||||
break;
|
||||
m->gm_so = so;
|
||||
if (_gss_string_to_oid(oid, &m->gm_mech_oid)) {
|
||||
free(m);
|
||||
continue;
|
||||
}
|
||||
|
||||
major_status = gss_add_oid_set_member(&minor_status,
|
||||
&m->gm_mech_oid, &_gss_mech_oids);
|
||||
if (major_status) {
|
||||
free(m->gm_mech_oid.elements);
|
||||
free(m);
|
||||
continue;
|
||||
}
|
||||
|
||||
SYM(acquire_cred);
|
||||
SYM(release_cred);
|
||||
SYM(init_sec_context);
|
||||
SYM(accept_sec_context);
|
||||
SYM(process_context_token);
|
||||
SYM(delete_sec_context);
|
||||
SYM(context_time);
|
||||
SYM(get_mic);
|
||||
SYM(verify_mic);
|
||||
SYM(wrap);
|
||||
SYM(unwrap);
|
||||
SYM(display_status);
|
||||
SYM(indicate_mechs);
|
||||
SYM(compare_name);
|
||||
SYM(display_name);
|
||||
SYM(import_name);
|
||||
SYM(export_name);
|
||||
SYM(release_name);
|
||||
SYM(inquire_cred);
|
||||
SYM(inquire_context);
|
||||
SYM(wrap_size_limit);
|
||||
SYM(add_cred);
|
||||
SYM(inquire_cred_by_mech);
|
||||
SYM(export_sec_context);
|
||||
SYM(import_sec_context);
|
||||
SYM(inquire_names_for_mech);
|
||||
SYM(inquire_mechs_for_name);
|
||||
SYM(canonicalize_name);
|
||||
SYM(duplicate_name);
|
||||
OPTSYM2(gsskrb5_register_acceptor_identity,
|
||||
gm_krb5_register_acceptor_identity);
|
||||
OPTSYM(krb5_copy_ccache);
|
||||
OPTSYM(krb5_compat_des3_mic);
|
||||
|
||||
SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
|
||||
count++;
|
||||
continue;
|
||||
|
||||
bad:
|
||||
free(m->gm_mech_oid.elements);
|
||||
free(m);
|
||||
dlclose(so);
|
||||
continue;
|
||||
}
|
||||
fclose(fp);
|
||||
}
|
||||
|
||||
struct _gss_mech_switch *
|
||||
_gss_find_mech_switch(gss_OID mech)
|
||||
{
|
||||
struct _gss_mech_switch *m;
|
||||
|
||||
_gss_load_mech();
|
||||
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
|
||||
if (_gss_oid_equal(&m->gm_mech_oid, mech))
|
||||
return m;
|
||||
}
|
||||
return (0);
|
||||
}
|
253
lib/libgssapi/gss_names.c
Normal file
253
lib/libgssapi/gss_names.c
Normal file
@ -0,0 +1,253 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x01"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
|
||||
* GSS_C_NT_USER_NAME should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
static gss_OID_desc GSS_C_NT_USER_NAME_storage =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"};
|
||||
gss_OID GSS_C_NT_USER_NAME = &GSS_C_NT_USER_NAME_storage;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x02"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
|
||||
* The constant GSS_C_NT_MACHINE_UID_NAME should be
|
||||
* initialized to point to that gss_OID_desc.
|
||||
*/
|
||||
static gss_OID_desc GSS_C_NT_MACHINE_UID_NAME_storage =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"};
|
||||
gss_OID GSS_C_NT_MACHINE_UID_NAME = &GSS_C_NT_MACHINE_UID_NAME_storage;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x03"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
|
||||
* The constant GSS_C_NT_STRING_UID_NAME should be
|
||||
* initialized to point to that gss_OID_desc.
|
||||
*/
|
||||
static gss_OID_desc GSS_C_NT_STRING_UID_NAME_storage =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"};
|
||||
gss_OID GSS_C_NT_STRING_UID_NAME = &GSS_C_NT_STRING_UID_NAME_storage;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) org(3) dod(6) internet(1) security(5)
|
||||
* nametypes(6) gss-host-based-services(2)). The constant
|
||||
* GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
|
||||
* to that gss_OID_desc. This is a deprecated OID value, and
|
||||
* implementations wishing to support hostbased-service names
|
||||
* should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
|
||||
* defined below, to identify such names;
|
||||
* GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
|
||||
* for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
|
||||
* parameter, but should not be emitted by GSS-API
|
||||
* implementations
|
||||
*/
|
||||
static gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_X_storage =
|
||||
{6, (void *)"\x2b\x06\x01\x05\x06\x02"};
|
||||
gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &GSS_C_NT_HOSTBASED_SERVICE_X_storage;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x04"}, corresponding to an
|
||||
* object-identifier value of {iso(1) member-body(2)
|
||||
* Unites States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) service_name(4)}. The constant
|
||||
* GSS_C_NT_HOSTBASED_SERVICE should be initialized
|
||||
* to point to that gss_OID_desc.
|
||||
*/
|
||||
static gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_storage =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"};
|
||||
gss_OID GSS_C_NT_HOSTBASED_SERVICE = &GSS_C_NT_HOSTBASED_SERVICE_storage;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {6, (void *)"\x2b\x06\01\x05\x06\x03"},
|
||||
* corresponding to an object identifier value of
|
||||
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
|
||||
* 6(nametypes), 3(gss-anonymous-name)}. The constant
|
||||
* and GSS_C_NT_ANONYMOUS should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
static gss_OID_desc GSS_C_NT_ANONYMOUS_storage =
|
||||
{6, (void *)"\x2b\x06\01\x05\x06\x03"};
|
||||
gss_OID GSS_C_NT_ANONYMOUS = &GSS_C_NT_ANONYMOUS_storage;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
|
||||
* 6(nametypes), 4(gss-api-exported-name)}. The constant
|
||||
* GSS_C_NT_EXPORT_NAME should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
static gss_OID_desc GSS_C_NT_EXPORT_NAME_storage =
|
||||
{6, (void *)"\x2b\x06\x01\x05\x06\x04"};
|
||||
gss_OID GSS_C_NT_EXPORT_NAME = &GSS_C_NT_EXPORT_NAME_storage;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* krb5(2) krb5_name(1)}. The recommended symbolic name for this type
|
||||
* is "GSS_KRB5_NT_PRINCIPAL_NAME".
|
||||
*/
|
||||
static gss_OID_desc GSS_KRB5_NT_PRINCIPAL_NAME_storage =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
|
||||
gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &GSS_KRB5_NT_PRINCIPAL_NAME_storage;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) user_name(1)}. The recommended symbolic name for this
|
||||
* type is "GSS_KRB5_NT_USER_NAME".
|
||||
*/
|
||||
gss_OID GSS_KRB5_NT_USER_NAME = &GSS_C_NT_USER_NAME_storage;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) machine_uid_name(2)}. The recommended symbolic name for
|
||||
* this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
|
||||
*/
|
||||
gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &GSS_C_NT_MACHINE_UID_NAME_storage;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) string_uid_name(3)}. The recommended symbolic name for
|
||||
* this type is "GSS_KRB5_NT_STRING_UID_NAME".
|
||||
*/
|
||||
gss_OID GSS_KRB5_NT_STRING_UID_NAME = &GSS_C_NT_STRING_UID_NAME_storage;
|
||||
|
||||
struct _gss_mechanism_name *
|
||||
_gss_find_mn(struct _gss_name *name, gss_OID mech)
|
||||
{
|
||||
OM_uint32 major_status, minor_status;
|
||||
struct _gss_mech_switch *m;
|
||||
struct _gss_mechanism_name *mn;
|
||||
|
||||
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
|
||||
if (_gss_oid_equal(mech, mn->gmn_mech_oid))
|
||||
break;
|
||||
}
|
||||
|
||||
if (!mn) {
|
||||
/*
|
||||
* If this name is canonical (i.e. there is only an
|
||||
* MN but it is from a different mech), give up now.
|
||||
*/
|
||||
if (!name->gn_value.value)
|
||||
return (0);
|
||||
|
||||
m = _gss_find_mech_switch(mech);
|
||||
if (!m)
|
||||
return (0);
|
||||
|
||||
mn = malloc(sizeof(struct _gss_mechanism_name));
|
||||
if (!mn)
|
||||
return (0);
|
||||
|
||||
major_status = m->gm_import_name(&minor_status,
|
||||
&name->gn_value,
|
||||
(name->gn_type.elements
|
||||
? &name->gn_type : GSS_C_NO_OID),
|
||||
&mn->gmn_name);
|
||||
if (major_status) {
|
||||
free(mn);
|
||||
return (0);
|
||||
}
|
||||
|
||||
mn->gmn_mech = m;
|
||||
mn->gmn_mech_oid = &m->gm_mech_oid;
|
||||
SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
|
||||
}
|
||||
return (mn);
|
||||
}
|
||||
|
||||
/*
|
||||
* Make a name from an MN.
|
||||
*/
|
||||
struct _gss_name *
|
||||
_gss_make_name(struct _gss_mech_switch *m, gss_name_t new_mn)
|
||||
{
|
||||
OM_uint32 minor_status;
|
||||
struct _gss_name *name;
|
||||
struct _gss_mechanism_name *mn;
|
||||
|
||||
name = malloc(sizeof(struct _gss_name));
|
||||
if (!name)
|
||||
return (0);
|
||||
memset(name, 0, sizeof(struct _gss_name));
|
||||
|
||||
mn = malloc(sizeof(struct _gss_mechanism_name));
|
||||
if (!mn) {
|
||||
free(name);
|
||||
return (0);
|
||||
}
|
||||
|
||||
SLIST_INIT(&name->gn_mn);
|
||||
mn->gmn_mech = m;
|
||||
mn->gmn_mech_oid = &m->gm_mech_oid;
|
||||
mn->gmn_name = new_mn;
|
||||
SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
|
||||
|
||||
return (name);
|
||||
}
|
||||
|
136
lib/libgssapi/gss_process_context_token.3
Normal file
136
lib/libgssapi/gss_process_context_token.3
Normal file
@ -0,0 +1,136 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_PROCESS_CONTEXT_TOKEN 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_process_context_token
|
||||
.Nd Process a token on a security context from a peer application
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_process_context_token
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "const gss_buffer_t token_buffer"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Provides a way to pass an asynchronous token to the security service.
|
||||
Most context-level tokens are emitted and processed synchronously by
|
||||
.Fn gss_init_sec_context
|
||||
and
|
||||
.Fn gss_accept_sec_context ,
|
||||
and the application is informed as to whether further tokens are
|
||||
expected by the
|
||||
.Dv GSS_C_CONTINUE_NEEDED
|
||||
major status bit.
|
||||
Occasionally,
|
||||
a mechanism may need to emit a context-level token at a point when the
|
||||
peer entity is not expecting a token.
|
||||
For example,
|
||||
the initiator's final call to
|
||||
.Fn gss_init_sec_context
|
||||
may emit a token and return a status of
|
||||
.Dv GSS_S_COMPLETE ,
|
||||
but the acceptor's call to
|
||||
.Fn gss_accept_sec_context
|
||||
may fail.
|
||||
The acceptor's mechanism may wish to send a token containing an error
|
||||
indication to the initiator,
|
||||
but the initiator is not expecting a token at this point,
|
||||
believing that the context is fully established.
|
||||
.Fn gss_process_context_token
|
||||
provides a way to pass such a token to the mechanism at any time.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
Context handle of context on which token is to be processed.
|
||||
.It token_buffer
|
||||
Token to process.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_DEFECTIVE_TOKEN
|
||||
Indicates that consistency checks performed on the token failed
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The
|
||||
.Fa context_handle
|
||||
did not refer to a valid context
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_init_sec_context 3 ,
|
||||
.Xr gss_accept_sec_context 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
44
lib/libgssapi/gss_process_context_token.c
Normal file
44
lib/libgssapi/gss_process_context_token.c
Normal file
@ -0,0 +1,44 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_process_context_token(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t token_buffer)
|
||||
{
|
||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
|
||||
return (m->gm_process_context_token(minor_status, ctx->gc_ctx,
|
||||
token_buffer));
|
||||
}
|
111
lib/libgssapi/gss_release_buffer.3
Normal file
111
lib/libgssapi/gss_release_buffer.3
Normal file
@ -0,0 +1,111 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_RELEASE_BUFFER 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_release_buffer
|
||||
.Nd Discard a buffer
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_release_buffer
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_buffer_t buffer"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Free storage associated with a buffer.
|
||||
The storage must have been allocated by a GSS-API routine.
|
||||
In addition to freeing the associated storage,
|
||||
the routine will zero the length field in the descriptor to which the
|
||||
buffer parameter refers,
|
||||
and implementations are encouraged to additionally set the pointer
|
||||
field in the descriptor to
|
||||
.Dv NULL .
|
||||
Any buffer object returned by a GSS-API routine may be passed to
|
||||
.Fn gss_release_buffer
|
||||
(even if there is no storage associated with the buffer).
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It buffer
|
||||
The storage associated with the buffer will be deleted.
|
||||
The gss_buffer_desc object will not be freed,
|
||||
but its length field will be zeroed.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.El
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
43
lib/libgssapi/gss_release_buffer.c
Normal file
43
lib/libgssapi/gss_release_buffer.c
Normal file
@ -0,0 +1,43 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
OM_uint32
|
||||
gss_release_buffer(OM_uint32 *minor_status,
|
||||
gss_buffer_t buffer)
|
||||
{
|
||||
|
||||
*minor_status = 0;
|
||||
if (buffer->value)
|
||||
free(buffer->value);
|
||||
buffer->length = 0;
|
||||
buffer->value = 0;
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
108
lib/libgssapi/gss_release_cred.3
Normal file
108
lib/libgssapi/gss_release_cred.3
Normal file
@ -0,0 +1,108 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_RELEASE_CRED 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_release_cred
|
||||
.Nd Discard a credential handle
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_release_cred
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_cred_id_t *cred_handle"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Informs GSS-API that the specified credential handle is no longer
|
||||
required by the application,
|
||||
and frees associated resources.
|
||||
Implementations are encouraged to set the cred_handle to
|
||||
.Dv GSS_C_NO_CREDENTIAL
|
||||
on successful completion of this call.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It cred_handle
|
||||
Opaque handle identifying credential to be released.
|
||||
If GSS_C_NO_CREDENTIAL is supplied,
|
||||
the routine will complete successfully, but will do nothing.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_NO_CRED
|
||||
Credentials could not be accessed
|
||||
.El
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
56
lib/libgssapi/gss_release_cred.c
Normal file
56
lib/libgssapi/gss_release_cred.c
Normal file
@ -0,0 +1,56 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "cred.h"
|
||||
|
||||
OM_uint32
|
||||
gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
|
||||
{
|
||||
struct _gss_cred *cred = (struct _gss_cred *) *cred_handle;
|
||||
struct _gss_mechanism_cred *mc;
|
||||
|
||||
if (*cred_handle == GSS_C_NO_CREDENTIAL)
|
||||
return (GSS_S_COMPLETE);
|
||||
|
||||
while (SLIST_FIRST(&cred->gc_mc)) {
|
||||
mc = SLIST_FIRST(&cred->gc_mc);
|
||||
SLIST_REMOVE_HEAD(&cred->gc_mc, gmc_link);
|
||||
mc->gmc_mech->gm_release_cred(minor_status, &mc->gmc_cred);
|
||||
free(mc);
|
||||
}
|
||||
free(cred);
|
||||
|
||||
*minor_status = 0;
|
||||
*cred_handle = 0;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
104
lib/libgssapi/gss_release_name.3
Normal file
104
lib/libgssapi/gss_release_name.3
Normal file
@ -0,0 +1,104 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_RELEASE_NAME 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_release_name
|
||||
.Nd Discard an internal-form name
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_release_name
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_name_t *name"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Free GSS-API allocated storage associated with an internal-form name.
|
||||
Implementations are encouraged to set the name to
|
||||
.Dv GSS_C_NO_NAME
|
||||
on successful completion of this call.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It name
|
||||
The name to be deleted.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_BAD_NAME
|
||||
The name parameter did not contain a valid name
|
||||
.El
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
59
lib/libgssapi/gss_release_name.c
Normal file
59
lib/libgssapi/gss_release_name.c
Normal file
@ -0,0 +1,59 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "name.h"
|
||||
|
||||
OM_uint32
|
||||
gss_release_name(OM_uint32 *minor_status,
|
||||
gss_name_t *input_name)
|
||||
{
|
||||
struct _gss_name *name = (struct _gss_name *) *input_name;
|
||||
struct _gss_mech_switch *m;
|
||||
|
||||
*minor_status = 0;
|
||||
if (name) {
|
||||
if (name->gn_type.elements)
|
||||
free(name->gn_type.elements);
|
||||
while (SLIST_FIRST(&name->gn_mn)) {
|
||||
struct _gss_mechanism_name *mn;
|
||||
mn = SLIST_FIRST(&name->gn_mn);
|
||||
SLIST_REMOVE_HEAD(&name->gn_mn, gmn_link);
|
||||
mn->gmn_mech->gm_release_name(minor_status,
|
||||
&mn->gmn_name);
|
||||
free(mn);
|
||||
}
|
||||
gss_release_buffer(minor_status, &name->gn_value);
|
||||
*input_name = 0;
|
||||
}
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
109
lib/libgssapi/gss_release_oid_set.3
Normal file
109
lib/libgssapi/gss_release_oid_set.3
Normal file
@ -0,0 +1,109 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_RELEASE_OID_SET 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_release_oid_set
|
||||
.Nd Discard a set of object identifiers
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_release_oid_set
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_OID_set *set"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Free storage associated with a GSS-API generated gss_OID_set object.
|
||||
The set parameter must refer to an OID-set that was returned from a
|
||||
GSS-API routine.
|
||||
.Fn gss_release_oid_set
|
||||
will free the storage associated with each individual member OID,
|
||||
the OID set's elements array,
|
||||
and the gss_OID_set_desc itself.
|
||||
.Pp
|
||||
Implementations are encouraged to set the gss_OID_set parameter to
|
||||
.Dv GSS_C_NO_OID_SET
|
||||
on successful completion of this routine.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It set
|
||||
The storage associated with the gss_OID_set will be deleted.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.El
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
46
lib/libgssapi/gss_release_oid_set.c
Normal file
46
lib/libgssapi/gss_release_oid_set.c
Normal file
@ -0,0 +1,46 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
OM_uint32
|
||||
gss_release_oid_set(OM_uint32 *minor_status,
|
||||
gss_OID_set *set)
|
||||
{
|
||||
|
||||
*minor_status = 0;
|
||||
if (*set) {
|
||||
if ((*set)->elements)
|
||||
free((*set)->elements);
|
||||
free(*set);
|
||||
*set = 0;
|
||||
}
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
45
lib/libgssapi/gss_seal.c
Normal file
45
lib/libgssapi/gss_seal.c
Normal file
@ -0,0 +1,45 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
OM_uint32
|
||||
gss_seal(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
int qop_req,
|
||||
gss_buffer_t input_message_buffer,
|
||||
int *conf_state,
|
||||
gss_buffer_t output_message_buffer)
|
||||
{
|
||||
|
||||
return (gss_wrap(minor_status,
|
||||
context_handle, conf_req_flag, qop_req,
|
||||
input_message_buffer, conf_state,
|
||||
output_message_buffer));
|
||||
}
|
41
lib/libgssapi/gss_sign.c
Normal file
41
lib/libgssapi/gss_sign.c
Normal file
@ -0,0 +1,41 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
OM_uint32
|
||||
gss_sign(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
int qop_req,
|
||||
gss_buffer_t message_buffer,
|
||||
gss_buffer_t message_token)
|
||||
{
|
||||
|
||||
return gss_get_mic(minor_status,
|
||||
context_handle, qop_req, message_buffer, message_token);
|
||||
}
|
116
lib/libgssapi/gss_test_oid_set_member.3
Normal file
116
lib/libgssapi/gss_test_oid_set_member.3
Normal file
@ -0,0 +1,116 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_TEST_OID_SET_MEMBER 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_test_oid_set_member
|
||||
.Nd Determines whether an object identifier is a member of a set
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_test_oid_set_member
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_OID member"
|
||||
.Fa "const gss_OID_set set"
|
||||
.Fa "int *present"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Interrogate an Object Identifier set to determine whether a specified
|
||||
Object Identifier is a member.
|
||||
This routine is intended to be used with OID sets returned by
|
||||
.Fn gss_indicate_mechs ,
|
||||
.Fn gss_acquire_cred ,
|
||||
and
|
||||
.Fn gss_inquire_cred ,
|
||||
but will also work with user-generated sets.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It member
|
||||
The object identifier whose presence is to be tested.
|
||||
.It set
|
||||
The Object Identifier set.
|
||||
.It present
|
||||
Non-zero if the specified OID is a member of the set, zero if not.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_indicate_mechs 3 ,
|
||||
.Xr gss_acquire_cred 3 ,
|
||||
.Xr gss_inquire_cred 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
56
lib/libgssapi/gss_test_oid_set_member.c
Normal file
56
lib/libgssapi/gss_test_oid_set_member.c
Normal file
@ -0,0 +1,56 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
static int
|
||||
_gss_oid_equal(const gss_OID oid1, const gss_OID oid2)
|
||||
{
|
||||
if (oid1->length != oid2->length)
|
||||
return (0);
|
||||
if (memcmp(oid1->elements, oid2->elements, oid1->length))
|
||||
return (0);
|
||||
return (1);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_test_oid_set_member(OM_uint32 *minor_status,
|
||||
const gss_OID member,
|
||||
const gss_OID_set set,
|
||||
int *present)
|
||||
{
|
||||
int i;
|
||||
|
||||
*present = 0;
|
||||
for (i = 0; i < set->count; i++)
|
||||
if (_gss_oid_equal(member, &set->elements[i]))
|
||||
*present = 1;
|
||||
|
||||
*minor_status = 0;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
43
lib/libgssapi/gss_unseal.c
Normal file
43
lib/libgssapi/gss_unseal.c
Normal file
@ -0,0 +1,43 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
OM_uint32
|
||||
gss_unseal(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
gss_buffer_t input_message_buffer,
|
||||
gss_buffer_t output_message_buffer,
|
||||
int *conf_state,
|
||||
int *qop_state)
|
||||
{
|
||||
|
||||
return (gss_unwrap(minor_status,
|
||||
context_handle, input_message_buffer,
|
||||
output_message_buffer, conf_state, qop_state));
|
||||
}
|
191
lib/libgssapi/gss_unwrap.3
Normal file
191
lib/libgssapi/gss_unwrap.3
Normal file
@ -0,0 +1,191 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_UNWRAP 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_unwrap ,
|
||||
.Nm gss_unseal
|
||||
.Nd Convert a message previously protected by
|
||||
.Xr gss_wrap 3
|
||||
back to a usable form
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_unwrap
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "const gss_buffer_t input_message_buffer"
|
||||
.Fa "gss_buffer_t output_message_buffer"
|
||||
.Fa "int *conf_state"
|
||||
.Fa "gss_qop_t *qop_state"
|
||||
.Fc
|
||||
.Ft OM_uint32
|
||||
.Fo gss_unseal
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_ctx_id_t context_handle"
|
||||
.Fa "gss_buffer_t input_message_buffer"
|
||||
.Fa "gss_buffer_t output_message_buffer"
|
||||
.Fa "int *conf_state"
|
||||
.Fa "gss_qop_t *qop_state"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Converts a message previously protected by
|
||||
.Xr gss_wrap 3
|
||||
back to a usable form,
|
||||
verifying the embedded MIC.
|
||||
The
|
||||
.Dv conf_state
|
||||
parameter indicates whether the message was encrypted;
|
||||
the
|
||||
.Dv qop_state
|
||||
parameter indicates the strength of protection that was used to provide the
|
||||
confidentiality and integrity services.
|
||||
.Pp
|
||||
Since some application-level protocols may wish to use tokens emitted
|
||||
by
|
||||
.Xr gss_wrap 3
|
||||
to provide "secure framing",
|
||||
implementations must support the wrapping and unwrapping of
|
||||
zero-length messages.
|
||||
.Pp
|
||||
The
|
||||
.Fn gss_unseal
|
||||
routine is an obsolete variant of
|
||||
.Fn gss_unwrap .
|
||||
It is
|
||||
provided for backwards
|
||||
compatibility with applications using the GSS-API V1 interface.
|
||||
A distinct entrypoint (as opposed to #define) is provided,
|
||||
both to allow GSS-API V1 applications to link
|
||||
and to retain the slight parameter type differences between the
|
||||
obsolete versions of this routine and its current form.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
Identifies the context on which the message arrived.
|
||||
.It input_message_buffer
|
||||
Protected message.
|
||||
.It output_message_buffer
|
||||
Buffer to receive unwrapped message.
|
||||
Storage associated with this buffer must
|
||||
be freed by the application after use use
|
||||
with a call to
|
||||
.Xr gss_release_buffer 3 .
|
||||
.It conf_state
|
||||
.Bl -tag -width "Non-zero"
|
||||
.It Non-zero
|
||||
Confidentiality and integrity protection were used.
|
||||
.It Zero
|
||||
Integrity service only was used.
|
||||
.El
|
||||
.Pp
|
||||
Specify NULL if not required.
|
||||
.It qop_state
|
||||
Quality of protection provided. Specify NULL if not required.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion.
|
||||
.It GSS_S_DEFECTIVE_TOKEN
|
||||
The token failed consistency checks.
|
||||
.It GSS_S_BAD_SIG
|
||||
The MIC was incorrect
|
||||
.It GSS_S_DUPLICATE_TOKEN
|
||||
The token was valid, and contained a correct
|
||||
MIC for the message, but it had already been
|
||||
processed.
|
||||
.It GSS_S_OLD_TOKEN
|
||||
The token was valid, and contained a correct MIC
|
||||
for the message, but it is too old to check for
|
||||
duplication.
|
||||
.It GSS_S_UNSEQ_TOKEN
|
||||
The token was valid, and contained a correct MIC
|
||||
for the message, but has been verified out of
|
||||
sequence; a later token has already been
|
||||
received.
|
||||
.It GSS_S_GAP_TOKEN
|
||||
The token was valid, and contained a correct MIC
|
||||
for the message, but has been verified out of
|
||||
sequence; an earlier expected token has not yet
|
||||
been received.
|
||||
.It GSS_S_CONTEXT_EXPIRED
|
||||
The context has already expired.
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The context_handle parameter did not identify a valid context.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_wrap 3 ,
|
||||
.Xr gss_release_buffer 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
48
lib/libgssapi/gss_unwrap.c
Normal file
48
lib/libgssapi/gss_unwrap.c
Normal file
@ -0,0 +1,48 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_unwrap(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
gss_buffer_t output_message_buffer,
|
||||
int *conf_state,
|
||||
gss_qop_t *qop_state)
|
||||
{
|
||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
|
||||
return (m->gm_unwrap(minor_status, ctx->gc_ctx,
|
||||
input_message_buffer, output_message_buffer,
|
||||
conf_state, qop_state));
|
||||
}
|
79
lib/libgssapi/gss_utils.c
Normal file
79
lib/libgssapi/gss_utils.c
Normal file
@ -0,0 +1,79 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "utils.h"
|
||||
|
||||
int
|
||||
_gss_oid_equal(const gss_OID oid1, const gss_OID oid2)
|
||||
{
|
||||
if (oid1->length != oid2->length)
|
||||
return (0);
|
||||
if (memcmp(oid1->elements, oid2->elements, oid1->length))
|
||||
return (0);
|
||||
return (1);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
_gss_copy_oid(OM_uint32 *minor_status,
|
||||
const gss_OID from_oid, gss_OID to_oid)
|
||||
{
|
||||
size_t len = from_oid->length;
|
||||
|
||||
*minor_status = 0;
|
||||
to_oid->elements = malloc(len);
|
||||
if (!to_oid->elements) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
to_oid->length = len;
|
||||
memcpy(to_oid->elements, from_oid->elements, len);
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
|
||||
OM_uint32
|
||||
_gss_copy_buffer(OM_uint32 *minor_status,
|
||||
const gss_buffer_t from_buf, gss_buffer_t to_buf)
|
||||
{
|
||||
size_t len = from_buf->length;
|
||||
|
||||
*minor_status = 0;
|
||||
to_buf->value = malloc(len);
|
||||
if (!to_buf->value) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
to_buf->length = len;
|
||||
memcpy(to_buf->value, from_buf->value, len);
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
41
lib/libgssapi/gss_verify.c
Normal file
41
lib/libgssapi/gss_verify.c
Normal file
@ -0,0 +1,41 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
OM_uint32
|
||||
gss_verify(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
gss_buffer_t message_buffer,
|
||||
gss_buffer_t token_buffer,
|
||||
int *qop_state)
|
||||
{
|
||||
|
||||
return (gss_verify_mic(minor_status,
|
||||
context_handle, message_buffer, token_buffer, qop_state));
|
||||
}
|
172
lib/libgssapi/gss_verify_mic.3
Normal file
172
lib/libgssapi/gss_verify_mic.3
Normal file
@ -0,0 +1,172 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_VERIFY_MIC 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_verify_mic ,
|
||||
.Nm gss_verify
|
||||
.Nd Check a MIC against a message; verify integrity of a received message
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_verify_mic
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "const gss_buffer_t message_buffer"
|
||||
.Fa "const gss_buffer_t token_buffer"
|
||||
.Fa "gss_qop_t *qop_state"
|
||||
.Fc
|
||||
.Ft OM_uint32
|
||||
.Fo gss_verify
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_ctx_id_t context_handle"
|
||||
.Fa "gss_buffer_t message_buffer"
|
||||
.Fa "gss_buffer_t token_buffer"
|
||||
.Fa "gss_qop_t *qop_state"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Verifies that a cryptographic MIC,
|
||||
contained in the token parameter,
|
||||
fits the supplied message.
|
||||
The
|
||||
.Fa qop_state
|
||||
parameter allows a message recipient to determine the strength of
|
||||
protection that was applied to the message.
|
||||
.Pp
|
||||
Since some application-level protocols may wish to use tokens emitted
|
||||
by
|
||||
.Fn gss_wrap
|
||||
to provide "secure framing",
|
||||
implementations must support the calculation and verification of MICs
|
||||
over zero-length messages.
|
||||
.Pp
|
||||
The
|
||||
.Fn gss_verify
|
||||
routine is an obsolete variant of
|
||||
.Fn gss_verify_mic .
|
||||
It is provided for backwards
|
||||
compatibility with applications using the GSS-API V1 interface.
|
||||
A distinct entrypoint (as opposed to #define) is provided,
|
||||
both to allow GSS-API V1 applications to link
|
||||
and to retain the slight parameter type differences between the
|
||||
obsolete versions of this routine and its current form.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
Identifies the context on which the message arrived.
|
||||
.It message_buffer
|
||||
Message to be verified.
|
||||
.It token_buffer
|
||||
Token associated with message.
|
||||
.It qop_state
|
||||
Quality of protection gained from MIC.
|
||||
Specify
|
||||
.Dv NULL
|
||||
if not required.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion
|
||||
.It GSS_S_DEFECTIVE_TOKEN
|
||||
The token failed consistency checks
|
||||
.It GSS_S_BAD_SIG
|
||||
The MIC was incorrect
|
||||
.It GSS_S_DUPLICATE_TOKEN
|
||||
The token was valid,
|
||||
and contained a correct MIC for the message,
|
||||
but it had already been processed
|
||||
.It GSS_S_OLD_TOKEN
|
||||
The token was valid,
|
||||
and contained a correct MIC for the message,
|
||||
but it is too old to check for duplication
|
||||
.It GSS_S_UNSEQ_TOKEN
|
||||
The token was valid,
|
||||
and contained a correct MIC for the message,
|
||||
but has been verified out of sequence;
|
||||
a later token has already been received.
|
||||
.It GSS_S_GAP_TOKEN
|
||||
The token was valid,
|
||||
and contained a correct MIC for the message,
|
||||
but has been verified out of sequence;
|
||||
an earlier expected token has not yet been received
|
||||
.It GSS_S_CONTEXT_EXPIRED
|
||||
The context has already expired
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The context_handle parameter did not identify a valid context
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_wrap 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
46
lib/libgssapi/gss_verify_mic.c
Normal file
46
lib/libgssapi/gss_verify_mic.c
Normal file
@ -0,0 +1,46 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_verify_mic(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t message_buffer,
|
||||
const gss_buffer_t token_buffer,
|
||||
gss_qop_t *qop_state)
|
||||
{
|
||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
|
||||
return (m->gm_verify_mic(minor_status, ctx->gc_ctx,
|
||||
message_buffer, token_buffer, qop_state));
|
||||
}
|
178
lib/libgssapi/gss_wrap.3
Normal file
178
lib/libgssapi/gss_wrap.3
Normal file
@ -0,0 +1,178 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_WRAP 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_wrap ,
|
||||
.Nm gss_seal
|
||||
.Nd Attach a cryptographic MIC and optionally encrypt a message
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_wrap
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "int conf_req_flag"
|
||||
.Fa "gss_qop_t qop_req"
|
||||
.Fa "const gss_buffer_t input_message_buffer"
|
||||
.Fa "int *conf_state"
|
||||
.Fa "gss_buffer_t output_message_buffer"
|
||||
.Fc
|
||||
.Ft OM_uint32
|
||||
.Fo gss_seal
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_ctx_id_t context_handle"
|
||||
.Fa "int conf_req_flag"
|
||||
.Fa "gss_qop_t qop_req"
|
||||
.Fa "gss_buffer_t input_message_buffer"
|
||||
.Fa "int *conf_state"
|
||||
.Fa "gss_buffer_t output_message_buffer"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Attaches a cryptographic MIC and optionally encrypts the specified
|
||||
.Dv input_message .
|
||||
The output_message contains both the MIC and the message.
|
||||
The
|
||||
.Dv qop_req
|
||||
parameter allows a choice between several cryptographic algorithms,
|
||||
if supported by the chosen mechanism.
|
||||
.Pp
|
||||
Since some application-level protocols may wish to use tokens emitted
|
||||
by
|
||||
.Fn gss_wrap
|
||||
to provide "secure framing",
|
||||
implementations must support the wrapping of zero-length messages.
|
||||
.Pp
|
||||
The
|
||||
.Fn gss_seal
|
||||
routine is an obsolete variant of
|
||||
.Fn gss_wrap .
|
||||
It is
|
||||
provided for backwards
|
||||
compatibility with applications using the GSS-API V1 interface.
|
||||
A distinct entrypoint (as opposed to #define) is provided,
|
||||
both to allow GSS-API V1 applications to link
|
||||
and to retain the slight parameter type differences between the
|
||||
obsolete versions of this routine and its current form.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
Identifies the context on which the message will be sent.
|
||||
.It conf_req_flag
|
||||
.Bl -tag -width "Non-zero"
|
||||
.It Non-zero
|
||||
Both confidentiality and integrity services are requested.
|
||||
.It Zero
|
||||
Only integrity service is requested.
|
||||
.El
|
||||
.It qop_req
|
||||
Specifies required quality of protection.
|
||||
A mechanism-specific default may be requested by setting qop_req to
|
||||
.Dv GSS_C_QOP_DEFAULT .
|
||||
If an unsupported protection strength is requested,
|
||||
.Fn gss_wrap
|
||||
will return a major_status of
|
||||
.Dv GSS_S_BAD_QOP .
|
||||
.It input_message_buffer
|
||||
Message to be protected.
|
||||
.It conf_state
|
||||
.Bl -tag -width "Non-zero"
|
||||
.It Non-zero
|
||||
Confidentiality, data origin authentication and integrity services
|
||||
have been applied.
|
||||
.It Zero
|
||||
Integrity and data origin services only has been applied.
|
||||
.El
|
||||
.It output_message_buffer
|
||||
Buffer to receive protected message.
|
||||
Storage associated with this buffer must
|
||||
be freed by the application after use use
|
||||
with a call to
|
||||
.Xr gss_release_buffer 3 .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion.
|
||||
.It GSS_S_CONTEXT_EXPIRED
|
||||
The context has already expired
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The context_handle parameter did not identify a valid context.
|
||||
.It GSS_S_BAD_QOP
|
||||
The specified QOP is not supported by the mechanism.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_unwrap 3 ,
|
||||
.Xr gss_release_buffer 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
49
lib/libgssapi/gss_wrap.c
Normal file
49
lib/libgssapi/gss_wrap.c
Normal file
@ -0,0 +1,49 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_wrap(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
int *conf_state,
|
||||
gss_buffer_t output_message_buffer)
|
||||
{
|
||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
|
||||
return (m->gm_wrap(minor_status, ctx->gc_ctx,
|
||||
conf_req_flag, qop_req, input_message_buffer,
|
||||
conf_state, output_message_buffer));
|
||||
}
|
163
lib/libgssapi/gss_wrap_size_limit.3
Normal file
163
lib/libgssapi/gss_wrap_size_limit.3
Normal file
@ -0,0 +1,163 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_WRAP_SIZE_LIMIT 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_wrap_size_limit
|
||||
.Nd Determine maximum message sizes
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_wrap_size_limit
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "int conf_req_flag"
|
||||
.Fa "gss_qop_t qop_req"
|
||||
.Fa "OM_uint32 req_output_size"
|
||||
.Fa "OM_uint32 *max_input_size"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Allows an application to determine the maximum message size that,
|
||||
if presented to
|
||||
.Xr gss_wrap 3
|
||||
with the same
|
||||
.Dv conf_req_flag
|
||||
and
|
||||
.Dv qop_req
|
||||
parameters,
|
||||
will result in an output token containing no more than
|
||||
.Dv req_output_size
|
||||
bytes.
|
||||
.Pp
|
||||
This call is intended for use by applications that
|
||||
communicate over protocols that impose a maximum message size.
|
||||
It enables the application to fragment messages prior to applying protection.
|
||||
.Pp
|
||||
GSS-API implementations are recommended but not required to detect
|
||||
invalid QOP values when
|
||||
.Fn gss_wrap_size_limit
|
||||
is called.
|
||||
This routine guarantees only a maximum message size,
|
||||
not the availability of specific QOP values for message protection.
|
||||
.Pp
|
||||
Successful completion of this call does not guarantee that
|
||||
.Xr gss_wrap 3
|
||||
will be able to protect a message of length max_input_size bytes,
|
||||
since this ability may depend on the availability of system resources
|
||||
at the time that
|
||||
.Xr gss_wrap 3
|
||||
is called.
|
||||
However, if the implementation itself imposes an upper limit on
|
||||
the length of messages that may be processed by gss_wrap,
|
||||
the implementation should not return a value via
|
||||
.Dv max_input_bytes
|
||||
that is greater than this length.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
A handle that refers to the security over which the messages will be sent.
|
||||
.It conf_req_flag
|
||||
Indicates whether
|
||||
.Xr gss_wrap 3
|
||||
will be asked to apply confidentiality protection
|
||||
in addition to integrity protection.
|
||||
.It qop_req
|
||||
Indicates the level of protection that
|
||||
.Xr gss_wrap 3
|
||||
will be asked to provide.
|
||||
.It req_output_size
|
||||
The desired maximum size for tokens emitted by
|
||||
.Xr gss_wrap 3 .
|
||||
.It max_input_size
|
||||
The maximum input message size that may be presented to
|
||||
.Xr gss_wrap 3
|
||||
in order to guarantee that the emitted token shall
|
||||
be no larger than
|
||||
.Dv req_output_size
|
||||
bytes.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion.
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The referenced context could not be accessed.
|
||||
.It GSS_S_CONTEXT_EXPIRED
|
||||
The context has expired.
|
||||
.It GSS_S_BAD_QOP
|
||||
The specified QOP is not supported by the mechanism.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_wrap 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
47
lib/libgssapi/gss_wrap_size_limit.c
Normal file
47
lib/libgssapi/gss_wrap_size_limit.c
Normal file
@ -0,0 +1,47 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#include "mech_switch.h"
|
||||
#include "context.h"
|
||||
|
||||
OM_uint32
|
||||
gss_wrap_size_limit(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
gss_qop_t qop_req,
|
||||
OM_uint32 req_output_size,
|
||||
OM_uint32 *max_input_size)
|
||||
{
|
||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
||||
|
||||
return (m->gm_wrap_size_limit(minor_status, ctx->gc_ctx,
|
||||
conf_req_flag, qop_req, req_output_size, max_input_size));
|
||||
}
|
261
lib/libgssapi/gssapi.3
Normal file
261
lib/libgssapi/gssapi.3
Normal file
@ -0,0 +1,261 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.\"
|
||||
.\" This document and translations of it may be copied and furnished to
|
||||
.\" others, and derivative works that comment on or otherwise explain it
|
||||
.\" or assist in its implementation may be prepared, copied, published
|
||||
.\" and distributed, in whole or in part, without restriction of any
|
||||
.\" kind, provided that the above copyright notice and this paragraph are
|
||||
.\" included on all such copies and derivative works. However, this
|
||||
.\" document itself may not be modified in any way, such as by removing
|
||||
.\" the copyright notice or references to the Internet Society or other
|
||||
.\" Internet organizations, except as needed for the purpose of
|
||||
.\" developing Internet standards in which case the procedures for
|
||||
.\" copyrights defined in the Internet Standards process must be
|
||||
.\" followed, or as required to translate it into languages other than
|
||||
.\" English.
|
||||
.\"
|
||||
.\" The limited permissions granted above are perpetual and will not be
|
||||
.\" revoked by the Internet Society or its successors or assigns.
|
||||
.\"
|
||||
.\" This document and the information contained herein is provided on an
|
||||
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.Dd November 30, 2005
|
||||
.Dt GSSAPI 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm gssapi
|
||||
.Nd "Generic Security Services API"
|
||||
.Sh LIBRARY
|
||||
GSS-API Library (libgssapi, -lgssapi)
|
||||
.Sh SYNOPSIS
|
||||
.In gssapi/gssapi.h
|
||||
.Sh DESCRIPTION
|
||||
The Generic Security Service Application Programming Interface
|
||||
provides security services to its callers,
|
||||
and is intended for implementation atop a variety of underlying
|
||||
cryptographic mechanisms.
|
||||
Typically, GSS-API callers will be application protocols into which
|
||||
security enhancements are integrated through invocation of services
|
||||
provided by the GSS-API.
|
||||
The GSS-API allows a caller application to authenticate a principal
|
||||
identity associated with a peer application, to delegate rights to a
|
||||
peer,
|
||||
and to apply security services such as confidentiality and integrity
|
||||
on a per-message basis.
|
||||
.Pp
|
||||
There are four stages to using the GSS-API:
|
||||
.Pp
|
||||
.Bl -tag -width "a)"
|
||||
.It a)
|
||||
The application acquires a set of credentials with which it may prove
|
||||
its identity to other processes.
|
||||
The application's credentials vouch for its global identity,
|
||||
which may or may not be related to any local username under which it
|
||||
may be running.
|
||||
.It b)
|
||||
A pair of communicating applications establish a joint security
|
||||
context using their credentials.
|
||||
The security context is a pair of GSS-API data structures that contain
|
||||
shared state information, which is required in order that per-message
|
||||
security services may be provided.
|
||||
Examples of state that might be shared between applications as part of
|
||||
a security context are cryptographic keys,
|
||||
and message sequence numbers.
|
||||
As part of the establishment of a security context,
|
||||
the context initiator is authenticated to the responder,
|
||||
and may require that the responder is authenticated in turn.
|
||||
The initiator may optionally give the responder the right to initiate
|
||||
further security contexts,
|
||||
acting as an agent or delegate of the initiator.
|
||||
This transfer of rights is termed delegation,
|
||||
and is achieved by creating a set of credentials,
|
||||
similar to those used by the initiating application,
|
||||
but which may be used by the responder.
|
||||
.Pp
|
||||
To establish and maintain the shared information that makes up the
|
||||
security context,
|
||||
certain GSS-API calls will return a token data structure,
|
||||
which is an opaque data type that may contain cryptographically
|
||||
protected data.
|
||||
The caller of such a GSS-API routine is responsible for transferring
|
||||
the token to the peer application,
|
||||
encapsulated if necessary in an application protocol.
|
||||
On receipt of such a token, the peer application should pass it to a
|
||||
corresponding GSS-API routine which will decode the token and extract
|
||||
the information,
|
||||
updating the security context state information accordingly.
|
||||
.It c)
|
||||
Per-message services are invoked to apply either:
|
||||
.Pp
|
||||
integrity and data origin authentication, or confidentiality,
|
||||
integrity and data origin authentication to application data,
|
||||
which are treated by GSS-API as arbitrary octet-strings.
|
||||
An application transmitting a message that it wishes to protect will
|
||||
call the appropriate GSS-API routine (gss_get_mic or gss_wrap) to
|
||||
apply protection,
|
||||
specifying the appropriate security context,
|
||||
and send the resulting token to the receiving application.
|
||||
The receiver will pass the received token (and, in the case of data
|
||||
protected by gss_get_mic, the accompanying message-data) to the
|
||||
corresponding decoding routine (gss_verify_mic or gss_unwrap) to
|
||||
remove the protection and validate the data.
|
||||
.It d)
|
||||
At the completion of a communications session (which may extend across
|
||||
several transport connections),
|
||||
each application calls a GSS-API routine to delete the security
|
||||
context.
|
||||
Multiple contexts may also be used (either successively or
|
||||
simultaneously) within a single communications association, at the
|
||||
option of the applications.
|
||||
.El
|
||||
.Sh GSS-API ROUTINES
|
||||
This section lists the routines that make up the GSS-API,
|
||||
and offers a brief description of the purpose of each routine.
|
||||
.Pp
|
||||
GSS-API Credential-management Routines:
|
||||
.Bl -tag -width "gss_inquire_cred_by_mech"
|
||||
.It gss_acquire_cred
|
||||
Assume a global identity; Obtain a GSS-API credential handle for
|
||||
pre-existing credentials.
|
||||
.It gss_add_cred
|
||||
Construct credentials incrementally
|
||||
.It gss_inquire_cred
|
||||
Obtain information about a credential
|
||||
.It gss_inquire_cred_by_mech
|
||||
Obtain per-mechanism information about a credential.
|
||||
.It gss_release_cred
|
||||
Discard a credential handle.
|
||||
.El
|
||||
.Pp
|
||||
GSS-API Context-Level Routines:
|
||||
.Bl -tag -width "gss_inquire_cred_by_mech"
|
||||
.It gss_init_sec_context
|
||||
Initiate a security context with a peer application
|
||||
.It gss_accept_sec_context
|
||||
Accept a security context initiated by a peer application
|
||||
.It gss_delete_sec_context
|
||||
Discard a security context
|
||||
.It gss_process_context_token
|
||||
Process a token on a security context from a peer application
|
||||
.It gss_context_time
|
||||
Determine for how long a context will remain valid
|
||||
.It gss_inquire_context
|
||||
Obtain information about a security context
|
||||
.It gss_wrap_size_limit
|
||||
Determine token-size limit for
|
||||
.Xr gss_wrap 3
|
||||
on a context
|
||||
.It gss_export_sec_context
|
||||
Transfer a security context to another process
|
||||
.It gss_import_sec_context
|
||||
Import a transferred context
|
||||
.El
|
||||
.Pp
|
||||
GSS-API Per-message Routines:
|
||||
.Bl -tag -width "gss_inquire_cred_by_mech"
|
||||
.It gss_get_mic
|
||||
Calculate a cryptographic message integrity code (MIC) for a message;
|
||||
integrity service
|
||||
.It gss_verify_mic
|
||||
Check a MIC against a message;
|
||||
verify integrity of a received message
|
||||
.It gss_wrap
|
||||
Attach a MIC to a message, and optionally encrypt the message content;
|
||||
confidentiality service
|
||||
.It gss_unwrap
|
||||
Verify a message with attached MIC, and decrypt message content if
|
||||
necessary.
|
||||
.El
|
||||
.Pp
|
||||
GSS-API Name manipulation Routines:
|
||||
.Bl -tag -width "gss_inquire_cred_by_mech"
|
||||
.It gss_import_name
|
||||
Convert a contiguous string name to internal-form
|
||||
.It gss_display_name
|
||||
Convert internal-form name to text
|
||||
.It gss_compare_name
|
||||
Compare two internal-form names
|
||||
.It gss_release_name
|
||||
Discard an internal-form name
|
||||
.It gss_inquire_names_for_mech
|
||||
List the name-types supported by the specified mechanism
|
||||
.It gss_inquire_mechs_for_name
|
||||
List mechanisms that support the specified name-type
|
||||
.It gss_canonicalize_name
|
||||
Convert an internal name to an MN
|
||||
.It gss_export_name
|
||||
Convert an MN to export form
|
||||
.It gss_duplicate_name
|
||||
Create a copy of an internal name
|
||||
.El
|
||||
.Pp
|
||||
GSS-API Miscellaneous Routines
|
||||
.Bl -tag -width "gss_inquire_cred_by_mech"
|
||||
.It gss_add_oid_set_member
|
||||
Add an object identifier to a set
|
||||
.It gss_display_status
|
||||
Convert a GSS-API status code to text
|
||||
.It gss_indicate_mechs
|
||||
Determine available underlying authentication mechanisms
|
||||
.It gss_release_buffer
|
||||
Discard a buffer
|
||||
.It gss_release_oid_set
|
||||
Discard a set of object identifiers
|
||||
.It gss_create_empty_oid_set
|
||||
Create a set containing no object identifiers
|
||||
.It gss_test_oid_set_member
|
||||
Determines whether an object identifier is a member of a set.
|
||||
.El
|
||||
.Pp
|
||||
Individual GSS-API implementations may augment these routines by
|
||||
providing additional mechanism-specific routines if required
|
||||
functionality is not available from the generic forms.
|
||||
Applications are encouraged to use the generic routines wherever
|
||||
possible on portability grounds.
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.El
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
94
lib/libgssapi/mech.5
Normal file
94
lib/libgssapi/mech.5
Normal file
@ -0,0 +1,94 @@
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.Dd November 14, 2005
|
||||
.Dt MECH 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm mech ,
|
||||
.Nm qop
|
||||
.Nd "GSS-API Mechanism and QOP files"
|
||||
.Sh SYNOPSIS
|
||||
.Pa "/etc/gss/mech"
|
||||
.Pa "/etc/gss/qop"
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Pa "/etc/gss/mech"
|
||||
file contains a list of installed GSS-API security mechanisms.
|
||||
Each line of the file either contains a comment if the first character
|
||||
is '#' or it contains five fields with the following meanings:
|
||||
.Bl -tag
|
||||
.It Name
|
||||
The name of this GSS-API mechanism.
|
||||
.It Object identifier
|
||||
The OID for this mechanism.
|
||||
.It Library
|
||||
A shared library containing the implementation of this mechanism.
|
||||
.It Kernel module (optional)
|
||||
A kernel module containing the implementation of this mechanism (not
|
||||
yet supported in FreeBSD).
|
||||
.It Library options (optional)
|
||||
Optionsal parameters interpreted by the mechanism. Library options
|
||||
must be enclosed in brackets ([ ]) to differentiate them from the
|
||||
optional kernel module entry.
|
||||
.El
|
||||
.Pp
|
||||
The
|
||||
.Pa "/etc/gss/qop"
|
||||
file contains a list of Quality of Protection values for use with
|
||||
GSS-API.
|
||||
Each line of the file either contains a comment if the first character
|
||||
is '#' or it contains three fields with the following meanings:
|
||||
.Bl -tag
|
||||
.It QOP string
|
||||
The name of this Quality of Protection algorithm.
|
||||
.It QOP value
|
||||
The numeric value used to select this algorithm for use with GSS-API
|
||||
functions such as
|
||||
.Xr gss_get_mic 3 .
|
||||
.It Mechanism name
|
||||
The GSS-API mechanism name that corresponds to this algorithm.
|
||||
.El
|
||||
.Sh EXAMPLES
|
||||
This is a typical entry from
|
||||
.Pa "/etc/gss/mech" :
|
||||
.Bd -literal
|
||||
kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.8 -
|
||||
.Ed
|
||||
.Pp
|
||||
This is a typical entry from
|
||||
.Pa "/etc/gss/qop" :
|
||||
.Bd -literal
|
||||
GSS_KRB5_CONF_C_QOP_DES 0x0100 kerberosv5
|
||||
.Ed
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
This
|
||||
manual page was written by
|
||||
.An Doug Rabson Aq dfr@FreeBSD.org .
|
327
lib/libgssapi/mech_switch.h
Normal file
327
lib/libgssapi/mech_switch.h
Normal file
@ -0,0 +1,327 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/queue.h>
|
||||
|
||||
typedef OM_uint32 _gss_acquire_cred_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* desired_name */
|
||||
OM_uint32, /* time_req */
|
||||
const gss_OID_set, /* desired_mechs */
|
||||
gss_cred_usage_t, /* cred_usage */
|
||||
gss_cred_id_t *, /* output_cred_handle */
|
||||
gss_OID_set *, /* actual_mechs */
|
||||
OM_uint32 * /* time_rec */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_release_cred_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_cred_id_t * /* cred_handle */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_init_sec_context_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_cred_id_t, /* initiator_cred_handle */
|
||||
gss_ctx_id_t *, /* context_handle */
|
||||
const gss_name_t, /* target_name */
|
||||
const gss_OID, /* mech_type */
|
||||
OM_uint32, /* req_flags */
|
||||
OM_uint32, /* time_req */
|
||||
const gss_channel_bindings_t,
|
||||
/* input_chan_bindings */
|
||||
const gss_buffer_t, /* input_token */
|
||||
gss_OID *, /* actual_mech_type */
|
||||
gss_buffer_t, /* output_token */
|
||||
OM_uint32 *, /* ret_flags */
|
||||
OM_uint32 * /* time_rec */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_accept_sec_context_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t *, /* context_handle */
|
||||
const gss_cred_id_t, /* acceptor_cred_handle */
|
||||
const gss_buffer_t, /* input_token_buffer */
|
||||
const gss_channel_bindings_t,
|
||||
/* input_chan_bindings */
|
||||
gss_name_t *, /* src_name */
|
||||
gss_OID *, /* mech_type */
|
||||
gss_buffer_t, /* output_token */
|
||||
OM_uint32 *, /* ret_flags */
|
||||
OM_uint32 *, /* time_rec */
|
||||
gss_cred_id_t * /* delegated_cred_handle */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_process_context_token_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
const gss_buffer_t /* token_buffer */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_delete_sec_context_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t *, /* context_handle */
|
||||
gss_buffer_t /* output_token */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_context_time_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
OM_uint32 * /* time_rec */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_get_mic_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
gss_qop_t, /* qop_req */
|
||||
const gss_buffer_t, /* message_buffer */
|
||||
gss_buffer_t /* message_token */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_verify_mic_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
const gss_buffer_t, /* message_buffer */
|
||||
const gss_buffer_t, /* token_buffer */
|
||||
gss_qop_t * /* qop_state */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_wrap_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
int, /* conf_req_flag */
|
||||
gss_qop_t, /* qop_req */
|
||||
const gss_buffer_t, /* input_message_buffer */
|
||||
int *, /* conf_state */
|
||||
gss_buffer_t /* output_message_buffer */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_unwrap_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
const gss_buffer_t, /* input_message_buffer */
|
||||
gss_buffer_t, /* output_message_buffer */
|
||||
int *, /* conf_state */
|
||||
gss_qop_t * /* qop_state */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_display_status_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
OM_uint32, /* status_value */
|
||||
int, /* status_type */
|
||||
const gss_OID, /* mech_type */
|
||||
OM_uint32 *, /* message_context */
|
||||
gss_buffer_t /* status_string */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_indicate_mechs_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_OID_set * /* mech_set */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_compare_name_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* name1 */
|
||||
const gss_name_t, /* name2 */
|
||||
int * /* name_equal */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_display_name_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* input_name */
|
||||
gss_buffer_t, /* output_name_buffer */
|
||||
gss_OID * /* output_name_type */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_import_name_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_buffer_t, /* input_name_buffer */
|
||||
const gss_OID, /* input_name_type */
|
||||
gss_name_t * /* output_name */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_export_name_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* input_name */
|
||||
gss_buffer_t /* exported_name */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_release_name_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_name_t * /* input_name */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_inquire_cred_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_cred_id_t, /* cred_handle */
|
||||
gss_name_t *, /* name */
|
||||
OM_uint32 *, /* lifetime */
|
||||
gss_cred_usage_t *, /* cred_usage */
|
||||
gss_OID_set * /* mechanisms */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_inquire_context_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
gss_name_t *, /* src_name */
|
||||
gss_name_t *, /* targ_name */
|
||||
OM_uint32 *, /* lifetime_rec */
|
||||
gss_OID *, /* mech_type */
|
||||
OM_uint32 *, /* ctx_flags */
|
||||
int *, /* locally_initiated */
|
||||
int * /* open */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_wrap_size_limit_t
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
int, /* conf_req_flag */
|
||||
gss_qop_t, /* qop_req */
|
||||
OM_uint32, /* req_output_size */
|
||||
OM_uint32 * /* max_input_size */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_add_cred_t (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_cred_id_t, /* input_cred_handle */
|
||||
const gss_name_t, /* desired_name */
|
||||
const gss_OID, /* desired_mech */
|
||||
gss_cred_usage_t, /* cred_usage */
|
||||
OM_uint32, /* initiator_time_req */
|
||||
OM_uint32, /* acceptor_time_req */
|
||||
gss_cred_id_t *, /* output_cred_handle */
|
||||
gss_OID_set *, /* actual_mechs */
|
||||
OM_uint32 *, /* initiator_time_rec */
|
||||
OM_uint32 * /* acceptor_time_rec */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_inquire_cred_by_mech_t (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_cred_id_t, /* cred_handle */
|
||||
const gss_OID, /* mech_type */
|
||||
gss_name_t *, /* name */
|
||||
OM_uint32 *, /* initiator_lifetime */
|
||||
OM_uint32 *, /* acceptor_lifetime */
|
||||
gss_cred_usage_t * /* cred_usage */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_export_sec_context_t (
|
||||
OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t *, /* context_handle */
|
||||
gss_buffer_t /* interprocess_token */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_import_sec_context_t (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_buffer_t, /* interprocess_token */
|
||||
gss_ctx_id_t * /* context_handle */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_inquire_names_for_mech_t (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_OID, /* mechanism */
|
||||
gss_OID_set * /* name_types */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_inquire_mechs_for_name_t (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* input_name */
|
||||
gss_OID_set * /* mech_types */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_canonicalize_name_t (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* input_name */
|
||||
const gss_OID, /* mech_type */
|
||||
gss_name_t * /* output_name */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_duplicate_name_t (
|
||||
OM_uint32 *, /* minor_status */
|
||||
const gss_name_t, /* src_name */
|
||||
gss_name_t * /* dest_name */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gsskrb5_register_acceptor_identity (
|
||||
const char * /* identity */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_krb5_copy_ccache (
|
||||
OM_uint32 *, /* minor_status */
|
||||
gss_cred_id_t, /* cred_handle */
|
||||
struct krb5_ccache_data * /* out */
|
||||
);
|
||||
|
||||
typedef OM_uint32 _gss_krb5_compat_des3_mic (
|
||||
OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t, /* context_handle */
|
||||
int /* flag */
|
||||
);
|
||||
|
||||
struct _gss_mech_switch {
|
||||
SLIST_ENTRY(_gss_mech_switch) gm_link;
|
||||
gss_OID_desc gm_mech_oid;
|
||||
void *gm_so;
|
||||
_gss_acquire_cred_t *gm_acquire_cred;
|
||||
_gss_release_cred_t *gm_release_cred;
|
||||
_gss_init_sec_context_t *gm_init_sec_context;
|
||||
_gss_accept_sec_context_t *gm_accept_sec_context;
|
||||
_gss_process_context_token_t *gm_process_context_token;
|
||||
_gss_delete_sec_context_t *gm_delete_sec_context;
|
||||
_gss_context_time_t *gm_context_time;
|
||||
_gss_get_mic_t *gm_get_mic;
|
||||
_gss_verify_mic_t *gm_verify_mic;
|
||||
_gss_wrap_t *gm_wrap;
|
||||
_gss_unwrap_t *gm_unwrap;
|
||||
_gss_display_status_t *gm_display_status;
|
||||
_gss_indicate_mechs_t *gm_indicate_mechs;
|
||||
_gss_compare_name_t *gm_compare_name;
|
||||
_gss_display_name_t *gm_display_name;
|
||||
_gss_import_name_t *gm_import_name;
|
||||
_gss_export_name_t *gm_export_name;
|
||||
_gss_release_name_t *gm_release_name;
|
||||
_gss_inquire_cred_t *gm_inquire_cred;
|
||||
_gss_inquire_context_t *gm_inquire_context;
|
||||
_gss_wrap_size_limit_t *gm_wrap_size_limit;
|
||||
_gss_add_cred_t *gm_add_cred;
|
||||
_gss_inquire_cred_by_mech_t *gm_inquire_cred_by_mech;
|
||||
_gss_export_sec_context_t *gm_export_sec_context;
|
||||
_gss_import_sec_context_t *gm_import_sec_context;
|
||||
_gss_inquire_names_for_mech_t *gm_inquire_names_for_mech;
|
||||
_gss_inquire_mechs_for_name_t *gm_inquire_mechs_for_name;
|
||||
_gss_canonicalize_name_t *gm_canonicalize_name;
|
||||
_gss_duplicate_name_t *gm_duplicate_name;
|
||||
_gsskrb5_register_acceptor_identity *gm_krb5_register_acceptor_identity;
|
||||
_gss_krb5_copy_ccache *gm_krb5_copy_ccache;
|
||||
_gss_krb5_compat_des3_mic *gm_krb5_compat_des3_mic;
|
||||
};
|
||||
SLIST_HEAD(_gss_mech_switch_list, _gss_mech_switch);
|
||||
extern struct _gss_mech_switch_list _gss_mechs;
|
||||
extern gss_OID_set _gss_mech_oids;
|
||||
|
||||
extern void _gss_load_mech(void);
|
||||
extern struct _gss_mech_switch *_gss_find_mech_switch(gss_OID);
|
48
lib/libgssapi/name.h
Normal file
48
lib/libgssapi/name.h
Normal file
@ -0,0 +1,48 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <sys/queue.h>
|
||||
|
||||
struct _gss_mechanism_name {
|
||||
SLIST_ENTRY(_gss_mechanism_name) gmn_link;
|
||||
struct _gss_mech_switch *gmn_mech; /* mechanism ops for MN */
|
||||
gss_OID gmn_mech_oid; /* mechanism oid for MN */
|
||||
gss_name_t gmn_name; /* underlying MN */
|
||||
};
|
||||
SLIST_HEAD(_gss_mechanism_name_list, _gss_mechanism_name);
|
||||
|
||||
struct _gss_name {
|
||||
gss_OID_desc gn_type; /* type of name */
|
||||
gss_buffer_desc gn_value; /* value (as imported) */
|
||||
struct _gss_mechanism_name_list gn_mn; /* list of MNs */
|
||||
};
|
||||
|
||||
extern struct _gss_mechanism_name *
|
||||
_gss_find_mn(struct _gss_name *name, gss_OID mech);
|
||||
struct _gss_name *
|
||||
_gss_make_name(struct _gss_mech_switch *m, gss_name_t new_mn);
|
34
lib/libgssapi/spnego.h
Normal file
34
lib/libgssapi/spnego.h
Normal file
@ -0,0 +1,34 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
typedef xder_OID MechType;
|
||||
|
||||
typedef struct {
|
||||
size_t MechTypeList_len;
|
||||
MechType *MechTypeList_val;
|
||||
} MechTypeList;
|
32
lib/libgssapi/utils.h
Normal file
32
lib/libgssapi/utils.h
Normal file
@ -0,0 +1,32 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
extern int _gss_oid_equal(const gss_OID, const gss_OID);
|
||||
extern OM_uint32 _gss_copy_oid(OM_uint32 *, const gss_OID, gss_OID);
|
||||
extern OM_uint32 _gss_copy_buffer(OM_uint32 *minor_status,
|
||||
const gss_buffer_t from_buf, gss_buffer_t to_buf);
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user