search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
3882 Remove xmod & friends
[illumos-gate.git] / usr / src / lib / gss_mechs / mech_krb5 / mech / krb5_gss_glue.c
blobb9fb65b39081fb92be9e44132b8034bedca6d8c5
1 /*
2 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
3 */
4 /*
5 * Copyright 1993 by OpenVision Technologies, Inc.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software
8 * and its documentation for any purpose is hereby granted without fee,
9 * provided that the above copyright notice appears in all copies and
10 * that both that copyright notice and this permission notice appear in
11 * supporting documentation, and that the name of OpenVision not be used
12 * in advertising or publicity pertaining to distribution of the software
13 * without specific, written prior permission. OpenVision makes no
14 * representations about the suitability of this software for any
15 * purpose. It is provided "as is" without express or implied warranty.
16 *
17 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
18 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
19 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
20 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
21 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
22 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
23 * PERFORMANCE OF THIS SOFTWARE.
24 */
25
26 /*
27 * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $
28 */
29
30 #include "gssapiP_krb5.h"
31 #include "mglueP.h"
32 #include <syslog.h>
33
34 /** mechglue wrappers **/
35
36 static OM_uint32 k5glue_acquire_cred
37 (void *, OM_uint32*, /* minor_status */
38 gss_name_t, /* desired_name */
39 OM_uint32, /* time_req */
40 gss_OID_set, /* desired_mechs */
41 gss_cred_usage_t, /* cred_usage */
42 gss_cred_id_t*, /* output_cred_handle */
43 gss_OID_set*, /* actual_mechs */
44 OM_uint32* /* time_rec */
45 );
46
47 static OM_uint32 k5glue_release_cred
48 (void *, OM_uint32*, /* minor_status */
49 gss_cred_id_t* /* cred_handle */
50 );
51
52 static OM_uint32 k5glue_init_sec_context
53 (void *, OM_uint32*, /* minor_status */
54 gss_cred_id_t, /* claimant_cred_handle */
55 gss_ctx_id_t*, /* context_handle */
56 gss_name_t, /* target_name */
57 gss_OID, /* mech_type */
58 OM_uint32, /* req_flags */
59 OM_uint32, /* time_req */
60 gss_channel_bindings_t,
61 /* input_chan_bindings */
62 gss_buffer_t, /* input_token */
63 gss_OID*, /* actual_mech_type */
64 gss_buffer_t, /* output_token */
65 OM_uint32*, /* ret_flags */
66 OM_uint32* /* time_rec */
67 );
68
69 static OM_uint32 k5glue_accept_sec_context
70 (void *, OM_uint32*, /* minor_status */
71 gss_ctx_id_t*, /* context_handle */
72 gss_cred_id_t, /* verifier_cred_handle */
73 gss_buffer_t, /* input_token_buffer */
74 gss_channel_bindings_t,
75 /* input_chan_bindings */
76 gss_name_t*, /* src_name */
77 gss_OID*, /* mech_type */
78 gss_buffer_t, /* output_token */
79 OM_uint32*, /* ret_flags */
80 OM_uint32*, /* time_rec */
81 gss_cred_id_t* /* delegated_cred_handle */
82 );
83
84 static OM_uint32 k5glue_process_context_token
85 (void *, OM_uint32*, /* minor_status */
86 gss_ctx_id_t, /* context_handle */
87 gss_buffer_t /* token_buffer */
88 );
89
90 static OM_uint32 k5glue_delete_sec_context
91 (void *, OM_uint32*, /* minor_status */
92 gss_ctx_id_t*, /* context_handle */
93 gss_buffer_t /* output_token */
94 );
95
96 static OM_uint32 k5glue_context_time
97 (void *, OM_uint32*, /* minor_status */
98 gss_ctx_id_t, /* context_handle */
99 OM_uint32* /* time_rec */
100 );
101
102 static OM_uint32 k5glue_sign
103 (void *, OM_uint32*, /* minor_status */
104 gss_ctx_id_t, /* context_handle */
105 int, /* qop_req */
106 gss_buffer_t, /* message_buffer */
107 gss_buffer_t /* message_token */
108 );
109
110 static OM_uint32 k5glue_verify
111 (void *, OM_uint32*, /* minor_status */
112 gss_ctx_id_t, /* context_handle */
113 gss_buffer_t, /* message_buffer */
114 gss_buffer_t, /* token_buffer */
115 int* /* qop_state */
116 );
117
118 static OM_uint32 k5glue_seal
119 (void *, OM_uint32*, /* minor_status */
120 gss_ctx_id_t, /* context_handle */
121 int, /* conf_req_flag */
122 int, /* qop_req */
123 gss_buffer_t, /* input_message_buffer */
124 int*, /* conf_state */
125 gss_buffer_t /* output_message_buffer */
126 );
127
128 static OM_uint32 k5glue_unseal
129 (void *, OM_uint32*, /* minor_status */
130 gss_ctx_id_t, /* context_handle */
131 gss_buffer_t, /* input_message_buffer */
132 gss_buffer_t, /* output_message_buffer */
133 int*, /* conf_state */
134 int* /* qop_state */
135 );
136
137 static OM_uint32 k5glue_display_status
138 (void *, OM_uint32*, /* minor_status */
139 OM_uint32, /* status_value */
140 int, /* status_type */
141 gss_OID, /* mech_type */
142 OM_uint32*, /* message_context */
143 gss_buffer_t /* status_string */
144 );
145
146 static OM_uint32 k5glue_indicate_mechs
147 (void *, OM_uint32*, /* minor_status */
148 gss_OID_set* /* mech_set */
149 );
150
151 static OM_uint32 k5glue_compare_name
152 (void *, OM_uint32*, /* minor_status */
153 gss_name_t, /* name1 */
154 gss_name_t, /* name2 */
155 int* /* name_equal */
156 );
157
158 static OM_uint32 k5glue_display_name
159 (void *, OM_uint32*, /* minor_status */
160 gss_name_t, /* input_name */
161 gss_buffer_t, /* output_name_buffer */
162 gss_OID* /* output_name_type */
163 );
164
165 static OM_uint32 k5glue_import_name
166 (void *, OM_uint32*, /* minor_status */
167 gss_buffer_t, /* input_name_buffer */
168 gss_OID, /* input_name_type */
169 gss_name_t* /* output_name */
170 );
171
172 static OM_uint32 k5glue_release_name
173 (void *, OM_uint32*, /* minor_status */
174 gss_name_t* /* input_name */
175 );
176
177 static OM_uint32 k5glue_inquire_cred
178 (void *, OM_uint32 *, /* minor_status */
179 gss_cred_id_t, /* cred_handle */
180 gss_name_t *, /* name */
181 OM_uint32 *, /* lifetime */
182 gss_cred_usage_t*,/* cred_usage */
183 gss_OID_set * /* mechanisms */
184 );
185
186 static OM_uint32 k5glue_inquire_context
187 (void *, OM_uint32*, /* minor_status */
188 gss_ctx_id_t, /* context_handle */
189 gss_name_t*, /* initiator_name */
190 gss_name_t*, /* acceptor_name */
191 OM_uint32*, /* lifetime_rec */
192 gss_OID*, /* mech_type */
193 OM_uint32*, /* ret_flags */
194 int*, /* locally_initiated */
195 int* /* open */
196 );
197
198 #if 0
199 /* New V2 entry points */
200 static OM_uint32 k5glue_get_mic
201 (void *, OM_uint32 *, /* minor_status */
202 gss_ctx_id_t, /* context_handle */
203 gss_qop_t, /* qop_req */
204 gss_buffer_t, /* message_buffer */
205 gss_buffer_t /* message_token */
206 );
207
208 static OM_uint32 k5glue_verify_mic
209 (void *, OM_uint32 *, /* minor_status */
210 gss_ctx_id_t, /* context_handle */
211 gss_buffer_t, /* message_buffer */
212 gss_buffer_t, /* message_token */
213 gss_qop_t * /* qop_state */
214 );
215
216 static OM_uint32 k5glue_wrap
217 (void *, OM_uint32 *, /* minor_status */
218 gss_ctx_id_t, /* context_handle */
219 int, /* conf_req_flag */
220 gss_qop_t, /* qop_req */
221 gss_buffer_t, /* input_message_buffer */
222 int *, /* conf_state */
223 gss_buffer_t /* output_message_buffer */
224 );
225
226 static OM_uint32 k5glue_unwrap
227 (void *, OM_uint32 *, /* minor_status */
228 gss_ctx_id_t, /* context_handle */
229 gss_buffer_t, /* input_message_buffer */
230 gss_buffer_t, /* output_message_buffer */
231 int *, /* conf_state */
232 gss_qop_t * /* qop_state */
233 );
234 #endif
235
236 static OM_uint32 k5glue_wrap_size_limit
237 (void *, OM_uint32 *, /* minor_status */
238 gss_ctx_id_t, /* context_handle */
239 int, /* conf_req_flag */
240 gss_qop_t, /* qop_req */
241 OM_uint32, /* req_output_size */
242 OM_uint32 * /* max_input_size */
243 );
244
245 #if 0
246 static OM_uint32 k5glue_import_name_object
247 (void *, OM_uint32 *, /* minor_status */
248 void *, /* input_name */
249 gss_OID, /* input_name_type */
250 gss_name_t * /* output_name */
251 );
252
253 static OM_uint32 k5glue_export_name_object
254 (void *, OM_uint32 *, /* minor_status */
255 gss_name_t, /* input_name */
256 gss_OID, /* desired_name_type */
257 void * * /* output_name */
258 );
259 #endif
260
261 static OM_uint32 k5glue_add_cred
262 (void *, OM_uint32 *, /* minor_status */
263 gss_cred_id_t, /* input_cred_handle */
264 gss_name_t, /* desired_name */
265 gss_OID, /* desired_mech */
266 gss_cred_usage_t, /* cred_usage */
267 OM_uint32, /* initiator_time_req */
268 OM_uint32, /* acceptor_time_req */
269 gss_cred_id_t *, /* output_cred_handle */
270 gss_OID_set *, /* actual_mechs */
271 OM_uint32 *, /* initiator_time_rec */
272 OM_uint32 * /* acceptor_time_rec */
273 );
274
275 static OM_uint32 k5glue_inquire_cred_by_mech
276 (void *, OM_uint32 *, /* minor_status */
277 gss_cred_id_t, /* cred_handle */
278 gss_OID, /* mech_type */
279 gss_name_t *, /* name */
280 OM_uint32 *, /* initiator_lifetime */
281 OM_uint32 *, /* acceptor_lifetime */
282 gss_cred_usage_t * /* cred_usage */
283 );
284
285 static OM_uint32 k5glue_export_sec_context
286 (void *, OM_uint32 *, /* minor_status */
287 gss_ctx_id_t *, /* context_handle */
288 gss_buffer_t /* interprocess_token */
289 );
290
291 static OM_uint32 k5glue_import_sec_context
292 (void *, OM_uint32 *, /* minor_status */
293 gss_buffer_t, /* interprocess_token */
294 gss_ctx_id_t * /* context_handle */
295 );
296
297 krb5_error_code k5glue_ser_init(krb5_context);
298
299 static OM_uint32 k5glue_internal_release_oid
300 (void *, OM_uint32 *, /* minor_status */
301 gss_OID * /* oid */
302 );
303
304 static OM_uint32 k5glue_inquire_names_for_mech
305 (void *, OM_uint32 *, /* minor_status */
306 gss_OID, /* mechanism */
307 gss_OID_set * /* name_types */
308 );
309
310 #if 0
311 static OM_uint32 k5glue_canonicalize_name
312 (void *, OM_uint32 *, /* minor_status */
313 const gss_name_t, /* input_name */
314 const gss_OID, /* mech_type */
315 gss_name_t * /* output_name */
316 );
317 #endif
318
319 static OM_uint32 k5glue_export_name
320 (void *, OM_uint32 *, /* minor_status */
321 const gss_name_t, /* input_name */
322 gss_buffer_t /* exported_name */
323 );
324
325 /* SUNW15resync - Solaris specific */
326 static OM_uint32 k5glue_store_cred (
327 void *,
328 OM_uint32 *, /* minor_status */
329 const gss_cred_id_t, /* input_cred */
330 gss_cred_usage_t, /* cred_usage */
331 const gss_OID, /* desired_mech */
332 OM_uint32, /* overwrite_cred */
333 OM_uint32, /* default_cred */
334 gss_OID_set *, /* elements_stored */
335 gss_cred_usage_t * /* cred_usage_stored */
336 );
337
338 /* SUNW17PACresync - this decl not needed in MIT but is for Sol */
339 /* Note code is in gsspi_krb5.c */
340 OM_uint32 krb5_gss_inquire_sec_context_by_oid(
341 OM_uint32 *,
342 const gss_ctx_id_t,
343 const gss_OID,
344 gss_buffer_set_t *);
345
346 static OM_uint32
347 k5glue_userok(
348 void *, /* context */
349 OM_uint32 *, /* minor_status */
350 const gss_name_t, /* pname */
351 const char *, /* local user */
352 int * /* user ok? */
353 /* */);
354
355 static OM_uint32
356 k5glue_pname_to_uid(
357 void *, /* context */
358 OM_uint32 *, /* minor_status */
359 const gss_name_t, /* pname */
360 uid_t * /* uid */
361 /* */);
362
363
364
365
366 #if 0
367 static OM_uint32 k5glue_duplicate_name
368 (void *, OM_uint32 *, /* minor_status */
369 const gss_name_t, /* input_name */
370 gss_name_t * /* dest_name */
371 );
372 #endif
373
374 #if 0
375 static OM_uint32 k5glue_validate_cred
376 (void *, OM_uint32 *, /* minor_status */
377 gss_cred_id_t /* cred */
378 );
379 #endif
380
381 #if 0
382 /*
383 * SUNW15resync
384 * Solaris can't use the KRB5_GSS_CONFIG_INIT macro because of the src
385 * slicing&dicing needs of the "nightly -SD" build. When it goes away,
386 * we should use it assuming MIT still uses it then.
387 */
388
389 /*
390 * The krb5 mechanism provides two mech OIDs; use this initializer to
391 * ensure that both dispatch tables contain identical function
392 * pointers.
393 */
394 #define KRB5_GSS_CONFIG_INIT \
395 NULL, \
396 ...
397 #endif
398
399
400 static struct gss_config krb5_mechanism = {
401 #if 0 /* Solaris Kerberos */
402 100, "kerberos_v5",
403 #endif
404 { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
405 NULL,
406 k5glue_acquire_cred,
407 k5glue_release_cred,
408 k5glue_init_sec_context,
409 k5glue_accept_sec_context,
410 k5glue_unseal,
411 k5glue_process_context_token,
412 k5glue_delete_sec_context,
413 k5glue_context_time,
414 k5glue_display_status,
415 k5glue_indicate_mechs,
416 k5glue_compare_name,
417 k5glue_display_name,
418 k5glue_import_name,
419 k5glue_release_name,
420 k5glue_inquire_cred,
421 k5glue_add_cred,
422 k5glue_seal,
423 k5glue_export_sec_context,
424 k5glue_import_sec_context,
425 k5glue_inquire_cred_by_mech,
426 k5glue_inquire_names_for_mech,
427 k5glue_inquire_context,
428 k5glue_internal_release_oid,
429 k5glue_wrap_size_limit,
430 k5glue_pname_to_uid,
431 k5glue_userok,
432 k5glue_export_name,
433 k5glue_sign,
434 k5glue_verify,
435 k5glue_store_cred,
436 krb5_gss_inquire_sec_context_by_oid
437 };
438
439 static struct gss_config krb5_mechanism_old = {
440 #if 0 /* Solaris Kerberos */
441 200, "kerberos_v5 (pre-RFC OID)",
442 #endif
443 { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID },
444 NULL,
445 k5glue_acquire_cred,
446 k5glue_release_cred,
447 k5glue_init_sec_context,
448 k5glue_accept_sec_context,
449 k5glue_unseal,
450 k5glue_process_context_token,
451 k5glue_delete_sec_context,
452 k5glue_context_time,
453 k5glue_display_status,
454 k5glue_indicate_mechs,
455 k5glue_compare_name,
456 k5glue_display_name,
457 k5glue_import_name,
458 k5glue_release_name,
459 k5glue_inquire_cred,
460 k5glue_add_cred,
461 k5glue_seal,
462 k5glue_export_sec_context,
463 k5glue_import_sec_context,
464 k5glue_inquire_cred_by_mech,
465 k5glue_inquire_names_for_mech,
466 k5glue_inquire_context,
467 k5glue_internal_release_oid,
468 k5glue_wrap_size_limit,
469 k5glue_pname_to_uid,
470 k5glue_userok,
471 k5glue_export_name,
472 k5glue_sign,
473 k5glue_verify,
474 k5glue_store_cred,
475 krb5_gss_inquire_sec_context_by_oid
476 };
477
478 static struct gss_config krb5_mechanism_wrong = {
479 #if 0 /* Solaris Kerberos */
480 300, "kerberos_v5 (wrong OID)",
481 #endif
482 { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID },
483 NULL,
484 k5glue_acquire_cred,
485 k5glue_release_cred,
486 k5glue_init_sec_context,
487 k5glue_accept_sec_context,
488 k5glue_unseal,
489 k5glue_process_context_token,
490 k5glue_delete_sec_context,
491 k5glue_context_time,
492 k5glue_display_status,
493 k5glue_indicate_mechs,
494 k5glue_compare_name,
495 k5glue_display_name,
496 k5glue_import_name,
497 k5glue_release_name,
498 k5glue_inquire_cred,
499 k5glue_add_cred,
500 k5glue_seal,
501 k5glue_export_sec_context,
502 k5glue_import_sec_context,
503 k5glue_inquire_cred_by_mech,
504 k5glue_inquire_names_for_mech,
505 k5glue_inquire_context,
506 k5glue_internal_release_oid,
507 k5glue_wrap_size_limit,
508 k5glue_pname_to_uid,
509 k5glue_userok,
510 k5glue_export_name,
511 k5glue_sign,
512 k5glue_verify,
513 k5glue_store_cred,
514 krb5_gss_inquire_sec_context_by_oid
515 };
516
517 static gss_mechanism krb5_mech_configs[] = {
518 &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL
519 };
520
521 #ifdef MS_BUG_TEST
522 static gss_mechanism krb5_mech_configs_hack[] = {
523 &krb5_mechanism, &krb5_mechanism_old, NULL
524 };
525 #endif
526
527 #if 1
528 #define gssint_get_mech_configs krb5_gss_get_mech_configs
529 #endif
530
531 gss_mechanism *
532 gssint_get_mech_configs(void)
533 {
534 #ifdef MS_BUG_TEST
535 char *envstr = getenv("MS_FORCE_NO_MSOID");
536
537 if (envstr != NULL && strcmp(envstr, "1") == 0) {
538 return krb5_mech_configs_hack;
539 }
540 #endif
541 return krb5_mech_configs;
542 }
543
544 static OM_uint32
545 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
546 input_token, input_chan_bindings, src_name, mech_type,
547 output_token, ret_flags, time_rec, delegated_cred_handle)
548 void *ctx;
549 OM_uint32 *minor_status;
550 gss_ctx_id_t *context_handle;
551 gss_cred_id_t verifier_cred_handle;
552 gss_buffer_t input_token;
553 gss_channel_bindings_t input_chan_bindings;
554 gss_name_t *src_name;
555 gss_OID *mech_type;
556 gss_buffer_t output_token;
557 OM_uint32 *ret_flags;
558 OM_uint32 *time_rec;
559 gss_cred_id_t *delegated_cred_handle;
560 {
561 return(krb5_gss_accept_sec_context(minor_status,
562 context_handle,
563 verifier_cred_handle,
564 input_token,
565 input_chan_bindings,
566 src_name,
567 mech_type,
568 output_token,
569 ret_flags,
570 time_rec,
571 delegated_cred_handle));
572 }
573
574 static OM_uint32
575 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
576 cred_usage, output_cred_handle, actual_mechs, time_rec)
577 void *ctx;
578 OM_uint32 *minor_status;
579 gss_name_t desired_name;
580 OM_uint32 time_req;
581 gss_OID_set desired_mechs;
582 gss_cred_usage_t cred_usage;
583 gss_cred_id_t *output_cred_handle;
584 gss_OID_set *actual_mechs;
585 OM_uint32 *time_rec;
586 {
587 return(krb5_gss_acquire_cred(minor_status,
588 desired_name,
589 time_req,
590 desired_mechs,
591 cred_usage,
592 output_cred_handle,
593 actual_mechs,
594 time_rec));
595 }
596
597 /* V2 */
598 static OM_uint32
599 k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech,
600 cred_usage, initiator_time_req, acceptor_time_req,
601 output_cred_handle, actual_mechs, initiator_time_rec,
602 acceptor_time_rec)
603 void *ctx;
604 OM_uint32 *minor_status;
605 gss_cred_id_t input_cred_handle;
606 gss_name_t desired_name;
607 gss_OID desired_mech;
608 gss_cred_usage_t cred_usage;
609 OM_uint32 initiator_time_req;
610 OM_uint32 acceptor_time_req;
611 gss_cred_id_t *output_cred_handle;
612 gss_OID_set *actual_mechs;
613 OM_uint32 *initiator_time_rec;
614 OM_uint32 *acceptor_time_rec;
615 {
616 return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name,
617 desired_mech, cred_usage, initiator_time_req,
618 acceptor_time_req, output_cred_handle,
619 actual_mechs, initiator_time_rec,
620 acceptor_time_rec));
621 }
622
623 #if 0
624 /* V2 */
625 static OM_uint32
626 k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set)
627 void *ctx;
628 OM_uint32 *minor_status;
629 gss_OID member_oid;
630 gss_OID_set *oid_set;
631 {
632 return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set));
633 }
634 #endif
635
636 static OM_uint32
637 k5glue_compare_name(ctx, minor_status, name1, name2, name_equal)
638 void *ctx;
639 OM_uint32 *minor_status;
640 gss_name_t name1;
641 gss_name_t name2;
642 int *name_equal;
643 {
644 return(krb5_gss_compare_name(minor_status, name1,
645 name2, name_equal));
646 }
647
648 static OM_uint32
649 k5glue_context_time(ctx, minor_status, context_handle, time_rec)
650 void *ctx;
651 OM_uint32 *minor_status;
652 gss_ctx_id_t context_handle;
653 OM_uint32 *time_rec;
654 {
655 return(krb5_gss_context_time(minor_status, context_handle,
656 time_rec));
657 }
658
659 #if 0
660 /* V2 */
661 static OM_uint32
662 k5glue_create_empty_oid_set(ctx, minor_status, oid_set)
663 void *ctx;
664 OM_uint32 *minor_status;
665 gss_OID_set *oid_set;
666 {
667 return(generic_gss_create_empty_oid_set(minor_status, oid_set));
668 }
669 #endif
670
671 static OM_uint32
672 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token)
673 void *ctx;
674 OM_uint32 *minor_status;
675 gss_ctx_id_t *context_handle;
676 gss_buffer_t output_token;
677 {
678 return(krb5_gss_delete_sec_context(minor_status,
679 context_handle, output_token));
680 }
681
682 static OM_uint32
683 k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type)
684 void *ctx;
685 OM_uint32 *minor_status;
686 gss_name_t input_name;
687 gss_buffer_t output_name_buffer;
688 gss_OID *output_name_type;
689 {
690 return(krb5_gss_display_name(minor_status, input_name,
691 output_name_buffer, output_name_type));
692 }
693
694 static OM_uint32
695 k5glue_display_status(ctx, minor_status, status_value, status_type,
696 mech_type, message_context, status_string)
697 void *ctx;
698 OM_uint32 *minor_status;
699 OM_uint32 status_value;
700 int status_type;
701 gss_OID mech_type;
702 OM_uint32 *message_context;
703 gss_buffer_t status_string;
704 {
705 return(krb5_gss_display_status(minor_status, status_value,
706 status_type, mech_type, message_context,
707 status_string));
708 }
709
710 /* V2 */
711 static OM_uint32
712 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
713 void *ctx;
714 OM_uint32 *minor_status;
715 gss_ctx_id_t *context_handle;
716 gss_buffer_t interprocess_token;
717 {
718 return(krb5_gss_export_sec_context(minor_status,
719 context_handle,
720 interprocess_token));
721 }
722
723 #if 0
724 /* V2 */
725 static OM_uint32
726 k5glue_get_mic(ctx, minor_status, context_handle, qop_req,
727 message_buffer, message_token)
728 void *ctx;
729 OM_uint32 *minor_status;
730 gss_ctx_id_t context_handle;
731 gss_qop_t qop_req;
732 gss_buffer_t message_buffer;
733 gss_buffer_t message_token;
734 {
735 return(krb5_gss_get_mic(minor_status, context_handle,
736 qop_req, message_buffer, message_token));
737 }
738 #endif
739
740 static OM_uint32
741 k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name)
742 void *ctx;
743 OM_uint32 *minor_status;
744 gss_buffer_t input_name_buffer;
745 gss_OID input_name_type;
746 gss_name_t *output_name;
747 {
748 #if 0
749 OM_uint32 err;
750 err = gssint_initialize_library();
751 if (err) {
752 *minor_status = err;
753 return GSS_S_FAILURE;
754 }
755 #endif
756 return(krb5_gss_import_name(minor_status, input_name_buffer,
757 input_name_type, output_name));
758 }
759
760 /* V2 */
761 static OM_uint32
762 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
763 void *ctx;
764 OM_uint32 *minor_status;
765 gss_buffer_t interprocess_token;
766 gss_ctx_id_t *context_handle;
767 {
768 return(krb5_gss_import_sec_context(minor_status,
769 interprocess_token,
770 context_handle));
771 }
772
773 static OM_uint32
774 k5glue_indicate_mechs(ctx, minor_status, mech_set)
775 void *ctx;
776 OM_uint32 *minor_status;
777 gss_OID_set *mech_set;
778 {
779 return(krb5_gss_indicate_mechs(minor_status, mech_set));
780 }
781
782 static OM_uint32
783 k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle,
784 target_name, mech_type, req_flags, time_req,
785 input_chan_bindings, input_token, actual_mech_type,
786 output_token, ret_flags, time_rec)
787 void *ctx;
788 OM_uint32 *minor_status;
789 gss_cred_id_t claimant_cred_handle;
790 gss_ctx_id_t *context_handle;
791 gss_name_t target_name;
792 gss_OID mech_type;
793 OM_uint32 req_flags;
794 OM_uint32 time_req;
795 gss_channel_bindings_t input_chan_bindings;
796 gss_buffer_t input_token;
797 gss_OID *actual_mech_type;
798 gss_buffer_t output_token;
799 OM_uint32 *ret_flags;
800 OM_uint32 *time_rec;
801 {
802 return(krb5_gss_init_sec_context(minor_status,
803 claimant_cred_handle, context_handle,
804 target_name, mech_type, req_flags,
805 time_req, input_chan_bindings, input_token,
806 actual_mech_type, output_token, ret_flags,
807 time_rec));
808 }
809
810 static OM_uint32
811 k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
812 lifetime_rec, mech_type, ret_flags,
813 locally_initiated, open)
814 void *ctx;
815 OM_uint32 *minor_status;
816 gss_ctx_id_t context_handle;
817 gss_name_t *initiator_name;
818 gss_name_t *acceptor_name;
819 OM_uint32 *lifetime_rec;
820 gss_OID *mech_type;
821 OM_uint32 *ret_flags;
822 int *locally_initiated;
823 int *open;
824 {
825 return(krb5_gss_inquire_context(minor_status, context_handle,
826 initiator_name, acceptor_name, lifetime_rec,
827 mech_type, ret_flags, locally_initiated,
828 open));
829 }
830
831 static OM_uint32
832 k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
833 cred_usage, mechanisms)
834 void *ctx;
835 OM_uint32 *minor_status;
836 gss_cred_id_t cred_handle;
837 gss_name_t *name;
838 OM_uint32 *lifetime_ret;
839 gss_cred_usage_t *cred_usage;
840 gss_OID_set *mechanisms;
841 {
842 return(krb5_gss_inquire_cred(minor_status, cred_handle,
843 name, lifetime_ret, cred_usage, mechanisms));
844 }
845
846 /* V2 */
847 static OM_uint32
848 k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name,
849 initiator_lifetime, acceptor_lifetime, cred_usage)
850 void *ctx;
851 OM_uint32 *minor_status;
852 gss_cred_id_t cred_handle;
853 gss_OID mech_type;
854 gss_name_t *name;
855 OM_uint32 *initiator_lifetime;
856 OM_uint32 *acceptor_lifetime;
857 gss_cred_usage_t *cred_usage;
858 {
859 return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
860 mech_type, name, initiator_lifetime,
861 acceptor_lifetime, cred_usage));
862 }
863
864 /* V2 */
865 static OM_uint32
866 k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
867 void *ctx;
868 OM_uint32 *minor_status;
869 gss_OID mechanism;
870 gss_OID_set *name_types;
871 {
872 return(krb5_gss_inquire_names_for_mech(minor_status,
873 mechanism,
874 name_types));
875 }
876
877 #if 0
878 /* V2 */
879 static OM_uint32
880 k5glue_oid_to_str(ctx, minor_status, oid, oid_str)
881 void *ctx;
882 OM_uint32 *minor_status;
883 gss_OID oid;
884 gss_buffer_t oid_str;
885 {
886 return(generic_gss_oid_to_str(minor_status, oid, oid_str));
887 }
888 #endif
889
890 static OM_uint32
891 k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer)
892 void *ctx;
893 OM_uint32 *minor_status;
894 gss_ctx_id_t context_handle;
895 gss_buffer_t token_buffer;
896 {
897 return(krb5_gss_process_context_token(minor_status,
898 context_handle, token_buffer));
899 }
900
901 static OM_uint32
902 k5glue_release_cred(ctx, minor_status, cred_handle)
903 void *ctx;
904 OM_uint32 *minor_status;
905 gss_cred_id_t *cred_handle;
906 {
907 return(krb5_gss_release_cred(minor_status, cred_handle));
908 }
909
910 static OM_uint32
911 k5glue_release_name(ctx, minor_status, input_name)
912 void *ctx;
913 OM_uint32 *minor_status;
914 gss_name_t *input_name;
915 {
916 return(krb5_gss_release_name(minor_status, input_name));
917 }
918
919 #if 0
920 static OM_uint32
921 k5glue_release_buffer(ctx, minor_status, buffer)
922 void *ctx;
923 OM_uint32 *minor_status;
924 gss_buffer_t buffer;
925 {
926 return(generic_gss_release_buffer(minor_status,
927 buffer));
928 }
929 #endif
930
931 /* V2 */
932 static OM_uint32
933 k5glue_internal_release_oid(ctx, minor_status, oid)
934 void *ctx;
935 OM_uint32 *minor_status;
936 gss_OID *oid;
937 {
938 return(krb5_gss_internal_release_oid(minor_status, oid));
939 }
940
941 #if 0
942 static OM_uint32
943 k5glue_release_oid_set(ctx, minor_status, set)
944 void *ctx;
945 OM_uint32 * minor_status;
946 gss_OID_set *set;
947 {
948 return(generic_gss_release_oid_set(minor_status, set));
949 }
950 #endif
951
952 /* V1 only */
953 static OM_uint32
954 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
955 input_message_buffer, conf_state, output_message_buffer)
956 void *ctx;
957 OM_uint32 *minor_status;
958 gss_ctx_id_t context_handle;
959 int conf_req_flag;
960 int qop_req;
961 gss_buffer_t input_message_buffer;
962 int *conf_state;
963 gss_buffer_t output_message_buffer;
964 {
965 return(krb5_gss_seal(minor_status, context_handle,
966 conf_req_flag, qop_req, input_message_buffer,
967 conf_state, output_message_buffer));
968 }
969
970 static OM_uint32
971 k5glue_sign(ctx, minor_status, context_handle,
972 qop_req, message_buffer,
973 message_token)
974 void *ctx;
975 OM_uint32 *minor_status;
976 gss_ctx_id_t context_handle;
977 int qop_req;
978 gss_buffer_t message_buffer;
979 gss_buffer_t message_token;
980 {
981 return(krb5_gss_sign(minor_status, context_handle,
982 qop_req, message_buffer, message_token));
983 }
984
985 #if 0
986 /* V2 */
987 static OM_uint32
988 k5glue_verify_mic(ctx, minor_status, context_handle,
989 message_buffer, token_buffer, qop_state)
990 void *ctx;
991 OM_uint32 *minor_status;
992 gss_ctx_id_t context_handle;
993 gss_buffer_t message_buffer;
994 gss_buffer_t token_buffer;
995 gss_qop_t *qop_state;
996 {
997 return(krb5_gss_verify_mic(minor_status, context_handle,
998 message_buffer, token_buffer, qop_state));
999 }
1000
1001 /* V2 */
1002 static OM_uint32
1003 k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req,
1004 input_message_buffer, conf_state, output_message_buffer)
1005 void *ctx;
1006 OM_uint32 *minor_status;
1007 gss_ctx_id_t context_handle;
1008 int conf_req_flag;
1009 gss_qop_t qop_req;
1010 gss_buffer_t input_message_buffer;
1011 int *conf_state;
1012 gss_buffer_t output_message_buffer;
1013 {
1014 return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req,
1015 input_message_buffer, conf_state,
1016 output_message_buffer));
1017 }
1018
1019 /* V2 */
1020 static OM_uint32
1021 k5glue_str_to_oid(ctx, minor_status, oid_str, oid)
1022 void *ctx;
1023 OM_uint32 *minor_status;
1024 gss_buffer_t oid_str;
1025 gss_OID *oid;
1026 {
1027 return(generic_gss_str_to_oid(minor_status, oid_str, oid));
1028 }
1029
1030 /* V2 */
1031 static OM_uint32
1032 k5glue_test_oid_set_member(ctx, minor_status, member, set, present)
1033 void *ctx;
1034 OM_uint32 *minor_status;
1035 gss_OID member;
1036 gss_OID_set set;
1037 int *present;
1038 {
1039 return(generic_gss_test_oid_set_member(minor_status, member, set,
1040 present));
1041 }
1042 #endif
1043
1044 /* V1 only */
1045 static OM_uint32
1046 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
1047 output_message_buffer, conf_state, qop_state)
1048 void *ctx;
1049 OM_uint32 *minor_status;
1050 gss_ctx_id_t context_handle;
1051 gss_buffer_t input_message_buffer;
1052 gss_buffer_t output_message_buffer;
1053 int *conf_state;
1054 int *qop_state;
1055 {
1056 return(krb5_gss_unseal(minor_status, context_handle,
1057 input_message_buffer, output_message_buffer,
1058 conf_state, qop_state));
1059 }
1060
1061 #if 0
1062 /* V2 */
1063 static OM_uint32
1064 k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer,
1065 output_message_buffer, conf_state, qop_state)
1066 void *ctx;
1067 OM_uint32 *minor_status;
1068 gss_ctx_id_t context_handle;
1069 gss_buffer_t input_message_buffer;
1070 gss_buffer_t output_message_buffer;
1071 int *conf_state;
1072 gss_qop_t *qop_state;
1073 {
1074 return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer,
1075 output_message_buffer, conf_state, qop_state));
1076 }
1077 #endif
1078
1079 /* V1 only */
1080 static OM_uint32
1081 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
1082 token_buffer, qop_state)
1083 void *ctx;
1084 OM_uint32 *minor_status;
1085 gss_ctx_id_t context_handle;
1086 gss_buffer_t message_buffer;
1087 gss_buffer_t token_buffer;
1088 int *qop_state;
1089 {
1090 return(krb5_gss_verify(minor_status,
1091 context_handle,
1092 message_buffer,
1093 token_buffer,
1094 qop_state));
1095 }
1096
1097 /* V2 interface */
1098 static OM_uint32
1099 k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag,
1100 qop_req, req_output_size, max_input_size)
1101 void *ctx;
1102 OM_uint32 *minor_status;
1103 gss_ctx_id_t context_handle;
1104 int conf_req_flag;
1105 gss_qop_t qop_req;
1106 OM_uint32 req_output_size;
1107 OM_uint32 *max_input_size;
1108 {
1109 return(krb5_gss_wrap_size_limit(minor_status, context_handle,
1110 conf_req_flag, qop_req,
1111 req_output_size, max_input_size));
1112 }
1113
1114 #if 0
1115 /* V2 interface */
1116 static OM_uint32
1117 k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name)
1118 void *ctx;
1119 OM_uint32 *minor_status;
1120 const gss_name_t input_name;
1121 const gss_OID mech_type;
1122 gss_name_t *output_name;
1123 {
1124 return krb5_gss_canonicalize_name(minor_status, input_name,
1125 mech_type, output_name);
1126 }
1127 #endif
1128
1129 /* V2 interface */
1130 static OM_uint32
1131 k5glue_export_name(ctx, minor_status, input_name, exported_name)
1132 void *ctx;
1133 OM_uint32 *minor_status;
1134 const gss_name_t input_name;
1135 gss_buffer_t exported_name;
1136 {
1137 return krb5_gss_export_name(minor_status, input_name, exported_name);
1138 }
1139
1140 /* SUNW15resync - this is not in the MIT mech (lib) yet */
1141 static OM_uint32
1142 k5glue_store_cred(ctx, minor_status, input_cred, cred_usage, desired_mech,
1143 overwrite_cred, default_cred, elements_stored,
1144 cred_usage_stored)
1145 void *ctx;
1146 OM_uint32 *minor_status;
1147 const gss_cred_id_t input_cred;
1148 gss_cred_usage_t cred_usage;
1149 gss_OID desired_mech;
1150 OM_uint32 overwrite_cred;
1151 OM_uint32 default_cred;
1152 gss_OID_set *elements_stored;
1153 gss_cred_usage_t *cred_usage_stored;
1154 {
1155 return(krb5_gss_store_cred(minor_status, input_cred,
1156 cred_usage, desired_mech,
1157 overwrite_cred, default_cred, elements_stored,
1158 cred_usage_stored));
1159 }
1160
1161 static OM_uint32
1162 k5glue_userok(
1163 void *ctxt, /* context */
1164 OM_uint32 *minor, /* minor_status */
1165 const gss_name_t pname, /* pname */
1166 const char *user, /* local user */
1167 int *user_ok /* user ok? */
1168 /* */)
1169 {
1170 return(krb5_gss_userok(minor, pname, user, user_ok));
1171 }
1172
1173 static OM_uint32
1174 k5glue_pname_to_uid(
1175 void *ctxt, /* context */
1176 OM_uint32 *minor, /* minor_status */
1177 const gss_name_t pname, /* pname */
1178 uid_t *uidOut /* uid */
1179 /* */)
1180 {
1181 return (krb5_pname_to_uid(minor, pname, uidOut));
1182 }
1183
1184
1185
1186 #if 0
1187 /* V2 interface */
1188 static OM_uint32
1189 k5glue_duplicate_name(ctx, minor_status, input_name, dest_name)
1190 void *ctx;
1191 OM_uint32 *minor_status;
1192 const gss_name_t input_name;
1193 gss_name_t *dest_name;
1194 {
1195 return krb5_gss_duplicate_name(minor_status, input_name, dest_name);
1196 }
1197 #endif
1198
1199
1200 OM_uint32 KRB5_CALLCONV
1201 gss_krb5_copy_ccache(
1202 OM_uint32 *minor_status,
1203 gss_cred_id_t cred_handle,
1204 krb5_ccache out_ccache)
1205 {
1206 gss_union_cred_t ucred;
1207 gss_cred_id_t mcred;
1208
1209 ucred = (gss_union_cred_t)cred_handle;
1210
1211 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1212 if (mcred != GSS_C_NO_CREDENTIAL)
1213 return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1214
1215 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1216 if (mcred != GSS_C_NO_CREDENTIAL)
1217 return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
1218
1219 return GSS_S_DEFECTIVE_CREDENTIAL;
1220 }
1221
1222 OM_uint32 KRB5_CALLCONV
1223 gss_krb5_set_allowable_enctypes(
1224 OM_uint32 *minor_status,
1225 gss_cred_id_t cred,
1226 OM_uint32 num_ktypes,
1227 krb5_enctype *ktypes)
1228 {
1229 gss_union_cred_t ucred;
1230 gss_cred_id_t mcred;
1231
1232 ucred = (gss_union_cred_t)cred;
1233 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
1234 if (mcred != GSS_C_NO_CREDENTIAL)
1235 return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1236 num_ktypes, ktypes);
1237
1238 mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
1239 if (mcred != GSS_C_NO_CREDENTIAL)
1240 return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
1241 num_ktypes, ktypes);
1242
1243 return GSS_S_DEFECTIVE_CREDENTIAL;
1244 }
1245
1246 /*
1247 * Glue routine for returning the mechanism-specific credential from a
1248 * external union credential.
1249 */
1250 /* SUNW15resync - in MIT 1.5, it's in g_glue.c (libgss) but we don't
1251 want to link against libgss so we put it here since we need it in the mech */
1252 gss_cred_id_t
1253 gssint_get_mechanism_cred(union_cred, mech_type)
1254 gss_union_cred_t union_cred;
1255 gss_OID mech_type;
1256 {
1257 int i;
1258
1259 if (union_cred == (gss_union_cred_t) GSS_C_NO_CREDENTIAL)
1260 return GSS_C_NO_CREDENTIAL;
1261
1262 for (i=0; i < union_cred->count; i++) {
1263 if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
1264 return union_cred->cred_array[i];
1265 }
1266 return GSS_C_NO_CREDENTIAL;
1267 }
1268
1269
1270
1271 /*
1272 * entry point for the gss layer,
1273 * called "krb5_gss_initialize()" in MIT 1.2.1
1274 */
1275 /* SUNW15resync - this used to be in k5mech.c */
1276 gss_mechanism
1277 gss_mech_initialize(oid)
1278 const gss_OID oid;
1279 {
1280 /*
1281 * Solaris Kerberos: We also want to use the same functions for KRB5 as
1282 * we do for the MS KRB5 (krb5_mechanism_wrong). So both are valid.
1283 */
1284 /* ensure that the requested oid matches our oid */
1285 if (oid == NULL || (!g_OID_equal(oid, &krb5_mechanism.mech_type) &&
1286 !g_OID_equal(oid, &krb5_mechanism_wrong.mech_type))) {
1287 (void) syslog(LOG_INFO, "krb5mech: gss_mech_initialize: bad oid");
1288 return (NULL);
1289 }
1290
1291 #if 0 /* SUNW15resync - no longer needed(?) */
1292 if (krb5_gss_get_context(&(krb5_mechanism.context)) !=
1293 GSS_S_COMPLETE)
1294 return (NULL);
1295 #endif
1296
1297 return (&krb5_mechanism);
1298 }
1299
1300 /*
1301 * This API should go away and be replaced with an accessor
1302 * into a gss_name_t.
1303 */
1304 OM_uint32 KRB5_CALLCONV
1305 gsskrb5_extract_authz_data_from_sec_context(
1306 OM_uint32 *minor_status,
1307 gss_ctx_id_t context_handle,
1308 int ad_type,
1309 gss_buffer_t ad_data)
1310 {
1311 gss_OID_desc req_oid;
1312 unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
1313 OM_uint32 major_status;
1314 gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1315
1316 if (ad_data == NULL)
1317 return GSS_S_CALL_INACCESSIBLE_WRITE;
1318
1319 req_oid.elements = oid_buf;
1320 req_oid.length = sizeof(oid_buf);
1321
1322 major_status = generic_gss_oid_compose(minor_status,
1323 GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
1324 GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
1325 ad_type,
1326 &req_oid);
1327 if (GSS_ERROR(major_status))
1328 return major_status;
1329
1330 major_status = gss_inquire_sec_context_by_oid(minor_status,
1331 context_handle,
1332 (gss_OID)&req_oid,
1333 &data_set);
1334 if (major_status != GSS_S_COMPLETE) {
1335 return major_status;
1336 }
1337
1338 /*
1339 * SUNW17PACresync / Solaris Kerberos
1340 * MIT17 allows only count==1 which is correct for pre-Win2008 but
1341 * our testing with Win2008 shows count==2 and Win7 count==3.
1342 */
1343 if ((data_set == GSS_C_NO_BUFFER_SET) || (data_set->count == 0)) {
1344 gss_release_buffer_set(minor_status, &data_set);
1345 *minor_status = EINVAL;
1346 return GSS_S_FAILURE;
1347 }
1348
1349 ad_data->length = data_set->elements[0].length;
1350 ad_data->value = malloc(ad_data->length);
1351 if (!ad_data->value) {
1352 gss_release_buffer_set(minor_status, &data_set);
1353 return ENOMEM;
1354 }
1355 bcopy(data_set->elements[0].value, ad_data->value, ad_data->length);
1356
1357 gss_release_buffer_set(minor_status, &data_set);
1358
1359 return GSS_S_COMPLETE;
1360 }
1361
1362
1363 OM_uint32 KRB5_CALLCONV
1364 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
1365 gss_ctx_id_t context_handle,
1366 krb5_timestamp *authtime)
1367 {
1368 static const gss_OID_desc req_oid = {
1369 GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
1370 GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
1371 OM_uint32 major_status;
1372 gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
1373
1374 if (authtime == NULL)
1375 return GSS_S_CALL_INACCESSIBLE_WRITE;
1376
1377 major_status = gss_inquire_sec_context_by_oid(minor_status,
1378 context_handle,
1379 (gss_OID)&req_oid,
1380 &data_set);
1381 if (major_status != GSS_S_COMPLETE)
1382 return major_status;
1383
1384 if (data_set == GSS_C_NO_BUFFER_SET ||
1385 data_set->count != 1 ||
1386 data_set->elements[0].length != sizeof(*authtime)) {
1387 *minor_status = EINVAL;
1388 return GSS_S_FAILURE;
1389 }
1390
1391 *authtime = *((krb5_timestamp *)data_set->elements[0].value);
1392
1393 gss_release_buffer_set(minor_status, &data_set);
1394
1395 *minor_status = 0;
1396
1397 return GSS_S_COMPLETE;
1398 }
Community developed and maintained version of the OS/Net consolidation