OM_uint32
gss_export_name(OM_uint32 *minor_status, gss_name_t input_name,
gss_buffer_t exported_name)
{
struct export_name_res res;
struct export_name_args args;
enum clnt_stat stat;
CLIENT *cl;
*minor_status = 0;
cl = kgss_gssd_client();
if (cl == NULL)
return (GSS_S_FAILURE);
args.input_name = input_name->handle;
bzero(&res, sizeof(res));
stat = gssd_export_name_1(&args, &res, cl);
CLNT_RELEASE(cl);
if (stat != RPC_SUCCESS) {
*minor_status = stat;
return (GSS_S_FAILURE);
}
if (res.major_status != GSS_S_COMPLETE) {
*minor_status = res.minor_status;
return (res.major_status);
}
kgss_copy_buffer(&res.exported_name, exported_name);
xdr_free((xdrproc_t) xdr_export_name_res, &res);
return (GSS_S_COMPLETE);
}
OM_uint32
gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
{
struct release_cred_res res;
struct release_cred_args args;
enum clnt_stat stat;
CLIENT *cl;
*minor_status = 0;
if (!kgss_gssd_handle)
return (GSS_S_FAILURE);
if (*cred_handle) {
args.cred = (*cred_handle)->handle;
cl = kgss_gssd_client();
if (cl == NULL)
return (GSS_S_FAILURE);
stat = gssd_release_cred_1(&args, &res, cl);
CLNT_RELEASE(cl);
if (stat != RPC_SUCCESS) {
*minor_status = stat;
return (GSS_S_FAILURE);
}
free((*cred_handle), M_GSSAPI);
*cred_handle = NULL;
*minor_status = res.minor_status;
return (res.major_status);
}
return (GSS_S_COMPLETE);
}
OM_uint32
gss_delete_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle,
gss_buffer_t output_token)
{
struct delete_sec_context_res res;
struct delete_sec_context_args args;
enum clnt_stat stat;
gss_ctx_id_t ctx;
CLIENT *cl;
*minor_status = 0;
if (!kgss_gssd_handle)
return (GSS_S_FAILURE);
if (*context_handle) {
ctx = *context_handle;
/*
* If we are past the context establishment phase, let
* the in-kernel code do the delete, otherwise
* userland needs to deal with it.
*/
if (ctx->handle) {
args.ctx = ctx->handle;
cl = kgss_gssd_client();
if (cl == NULL)
return (GSS_S_FAILURE);
bzero(&res, sizeof(res));
stat = gssd_delete_sec_context_1(&args, &res, cl);
CLNT_RELEASE(cl);
if (stat != RPC_SUCCESS) {
*minor_status = stat;
return (GSS_S_FAILURE);
}
if (output_token)
kgss_copy_buffer(&res.output_token,
output_token);
xdr_free((xdrproc_t) xdr_delete_sec_context_res, &res);
kgss_delete_context(ctx, NULL);
} else {
kgss_delete_context(ctx, output_token);
}
*context_handle = NULL;
} else {
if (output_token) {
output_token->length = 0;
output_token->value = NULL;
}
}
return (GSS_S_COMPLETE);
}
OM_uint32
gss_pname_to_unix_cred(OM_uint32 *minor_status, const gss_name_t pname,
const gss_OID mech, uid_t *uidp, gid_t *gidp,
int *numgroups, gid_t *groups)
{
struct pname_to_uid_res res;
struct pname_to_uid_args args;
enum clnt_stat stat;
int i, n;
CLIENT *cl;
*minor_status = 0;
if (pname == GSS_C_NO_NAME)
return (GSS_S_BAD_NAME);
cl = kgss_gssd_client();
if (cl == NULL)
return (GSS_S_FAILURE);
args.pname = pname->handle;
args.mech = mech;
bzero(&res, sizeof(res));
stat = gssd_pname_to_uid_1(&args, &res, cl);
CLNT_RELEASE(cl);
if (stat != RPC_SUCCESS) {
*minor_status = stat;
return (GSS_S_FAILURE);
}
if (res.major_status != GSS_S_COMPLETE) {
*minor_status = res.minor_status;
return (res.major_status);
}
*uidp = res.uid;
*gidp = res.gid;
n = res.gidlist.gidlist_len;
if (n > *numgroups)
n = *numgroups;
for (i = 0; i < n; i++)
groups[i] = res.gidlist.gidlist_val[i];
*numgroups = n;
xdr_free((xdrproc_t) xdr_pname_to_uid_res, &res);
return (GSS_S_COMPLETE);
}
OM_uint32
gss_display_status(OM_uint32 *minor_status,
OM_uint32 status_value,
int status_type,
const gss_OID mech_type,
OM_uint32 *message_context,
gss_buffer_t status_string) /* status_string */
{
struct display_status_res res;
struct display_status_args args;
enum clnt_stat stat;
CLIENT *cl;
*minor_status = 0;
cl = kgss_gssd_client();
if (cl == NULL)
return (GSS_S_FAILURE);
args.status_value = status_value;
args.status_type = status_type;
args.mech_type = mech_type;
args.message_context = *message_context;
bzero(&res, sizeof(res));
stat = gssd_display_status_1(&args, &res, cl);
CLNT_RELEASE(cl);
if (stat != RPC_SUCCESS) {
*minor_status = stat;
return (GSS_S_FAILURE);
}
if (res.major_status != GSS_S_COMPLETE) {
*minor_status = res.minor_status;
return (res.major_status);
}
*message_context = res.message_context;
kgss_copy_buffer(&res.status_string, status_string);
xdr_free((xdrproc_t) xdr_display_status_res, &res);
return (GSS_S_COMPLETE);
}
OM_uint32
gss_import_name(OM_uint32 *minor_status,
const gss_buffer_t input_name_buffer,
const gss_OID input_name_type,
gss_name_t *output_name)
{
struct import_name_res res;
struct import_name_args args;
enum clnt_stat stat;
gss_name_t name;
CLIENT *cl;
*minor_status = 0;
*output_name = GSS_C_NO_NAME;
cl = kgss_gssd_client();
if (cl == NULL)
return (GSS_S_FAILURE);
args.input_name_buffer = *input_name_buffer;
args.input_name_type = input_name_type;
bzero(&res, sizeof(res));
stat = gssd_import_name_1(&args, &res, cl);
CLNT_RELEASE(cl);
if (stat != RPC_SUCCESS) {
*minor_status = stat;
return (GSS_S_FAILURE);
}
if (res.major_status != GSS_S_COMPLETE) {
*minor_status = res.minor_status;
return (res.major_status);
}
name = malloc(sizeof(struct _gss_name_t), M_GSSAPI, M_WAITOK);
name->handle = res.output_name;
*minor_status = 0;
*output_name = name;
return (GSS_S_COMPLETE);
}
OM_uint32
gss_release_name(OM_uint32 *minor_status, gss_name_t *input_name)
{
struct release_name_res res;
struct release_name_args args;
enum clnt_stat stat;
gss_name_t name;
CLIENT *cl;
*minor_status = 0;
if (!kgss_gssd_handle)
return (GSS_S_FAILURE);
if (*input_name) {
name = *input_name;
args.input_name = name->handle;
cl = kgss_gssd_client();
if (cl == NULL)
return (GSS_S_FAILURE);
stat = gssd_release_name_1(&args, &res, cl);
CLNT_RELEASE(cl);
if (stat != RPC_SUCCESS) {
*minor_status = stat;
return (GSS_S_FAILURE);
}
free(name, M_GSSAPI);
*input_name = NULL;
if (res.major_status != GSS_S_COMPLETE) {
*minor_status = res.minor_status;
return (res.major_status);
}
}
return (GSS_S_COMPLETE);
}
OM_uint32
gss_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname,
const gss_OID mech, uid_t *uidp)
{
struct pname_to_uid_res res;
struct pname_to_uid_args args;
enum clnt_stat stat;
CLIENT *cl;
*minor_status = 0;
if (pname == GSS_C_NO_NAME)
return (GSS_S_BAD_NAME);
cl = kgss_gssd_client();
if (cl == NULL)
return (GSS_S_FAILURE);
args.pname = pname->handle;
args.mech = mech;
bzero(&res, sizeof(res));
stat = gssd_pname_to_uid_1(&args, &res, cl);
CLNT_RELEASE(cl);
if (stat != RPC_SUCCESS) {
*minor_status = stat;
return (GSS_S_FAILURE);
}
if (res.major_status != GSS_S_COMPLETE) {
*minor_status = res.minor_status;
return (res.major_status);
}
*uidp = res.uid;
return (GSS_S_COMPLETE);
}
OM_uint32
gss_acquire_cred(OM_uint32 *minor_status,
const gss_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
gss_cred_id_t *output_cred_handle,
gss_OID_set *actual_mechs,
OM_uint32 *time_rec)
{
OM_uint32 major_status;
struct acquire_cred_res res;
struct acquire_cred_args args;
enum clnt_stat stat;
gss_cred_id_t cred;
int i;
CLIENT *cl;
*minor_status = 0;
cl = kgss_gssd_client();
if (cl == NULL)
return (GSS_S_FAILURE);
args.uid = curthread->td_ucred->cr_uid;
if (desired_name)
args.desired_name = desired_name->handle;
else
args.desired_name = 0;
args.time_req = time_req;
args.desired_mechs = desired_mechs;
args.cred_usage = cred_usage;
bzero(&res, sizeof(res));
stat = gssd_acquire_cred_1(&args, &res, cl);
CLNT_RELEASE(cl);
if (stat != RPC_SUCCESS) {
*minor_status = stat;
return (GSS_S_FAILURE);
}
if (res.major_status != GSS_S_COMPLETE) {
*minor_status = res.minor_status;
return (res.major_status);
}
cred = malloc(sizeof(struct _gss_cred_id_t), M_GSSAPI, M_WAITOK);
cred->handle = res.output_cred;
*output_cred_handle = cred;
if (actual_mechs) {
major_status = gss_create_empty_oid_set(minor_status,
actual_mechs);
if (major_status)
return (major_status);
for (i = 0; i < res.actual_mechs->count; i++) {
major_status = gss_add_oid_set_member(minor_status,
&res.actual_mechs->elements[i], actual_mechs);
if (major_status)
return (major_status);
}
}
if (time_rec)
*time_rec = res.time_rec;
xdr_free((xdrproc_t) xdr_acquire_cred_res, &res);
return (GSS_S_COMPLETE);
}
