OM_uint32 gss_export_name(OM_uint32 *minor_status, gss_name_t input_name, gss_buffer_t exported_name) { struct export_name_res res; struct export_name_args args; enum clnt_stat stat; CLIENT *cl; *minor_status = 0; cl = kgss_gssd_client(); if (cl == NULL) return (GSS_S_FAILURE); args.input_name = input_name->handle; bzero(&res, sizeof(res)); stat = gssd_export_name_1(&args, &res, cl); CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); } if (res.major_status != GSS_S_COMPLETE) { *minor_status = res.minor_status; return (res.major_status); } kgss_copy_buffer(&res.exported_name, exported_name); xdr_free((xdrproc_t) xdr_export_name_res, &res); return (GSS_S_COMPLETE); }
OM_uint32 gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) { struct release_cred_res res; struct release_cred_args args; enum clnt_stat stat; CLIENT *cl; *minor_status = 0; if (!kgss_gssd_handle) return (GSS_S_FAILURE); if (*cred_handle) { args.cred = (*cred_handle)->handle; cl = kgss_gssd_client(); if (cl == NULL) return (GSS_S_FAILURE); stat = gssd_release_cred_1(&args, &res, cl); CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); } free((*cred_handle), M_GSSAPI); *cred_handle = NULL; *minor_status = res.minor_status; return (res.major_status); } return (GSS_S_COMPLETE); }
OM_uint32 gss_delete_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t output_token) { struct delete_sec_context_res res; struct delete_sec_context_args args; enum clnt_stat stat; gss_ctx_id_t ctx; CLIENT *cl; *minor_status = 0; if (!kgss_gssd_handle) return (GSS_S_FAILURE); if (*context_handle) { ctx = *context_handle; /* * If we are past the context establishment phase, let * the in-kernel code do the delete, otherwise * userland needs to deal with it. */ if (ctx->handle) { args.ctx = ctx->handle; cl = kgss_gssd_client(); if (cl == NULL) return (GSS_S_FAILURE); bzero(&res, sizeof(res)); stat = gssd_delete_sec_context_1(&args, &res, cl); CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); } if (output_token) kgss_copy_buffer(&res.output_token, output_token); xdr_free((xdrproc_t) xdr_delete_sec_context_res, &res); kgss_delete_context(ctx, NULL); } else { kgss_delete_context(ctx, output_token); } *context_handle = NULL; } else { if (output_token) { output_token->length = 0; output_token->value = NULL; } } return (GSS_S_COMPLETE); }
OM_uint32 gss_pname_to_unix_cred(OM_uint32 *minor_status, const gss_name_t pname, const gss_OID mech, uid_t *uidp, gid_t *gidp, int *numgroups, gid_t *groups) { struct pname_to_uid_res res; struct pname_to_uid_args args; enum clnt_stat stat; int i, n; CLIENT *cl; *minor_status = 0; if (pname == GSS_C_NO_NAME) return (GSS_S_BAD_NAME); cl = kgss_gssd_client(); if (cl == NULL) return (GSS_S_FAILURE); args.pname = pname->handle; args.mech = mech; bzero(&res, sizeof(res)); stat = gssd_pname_to_uid_1(&args, &res, cl); CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); } if (res.major_status != GSS_S_COMPLETE) { *minor_status = res.minor_status; return (res.major_status); } *uidp = res.uid; *gidp = res.gid; n = res.gidlist.gidlist_len; if (n > *numgroups) n = *numgroups; for (i = 0; i < n; i++) groups[i] = res.gidlist.gidlist_val[i]; *numgroups = n; xdr_free((xdrproc_t) xdr_pname_to_uid_res, &res); return (GSS_S_COMPLETE); }
OM_uint32 gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value, int status_type, const gss_OID mech_type, OM_uint32 *message_context, gss_buffer_t status_string) /* status_string */ { struct display_status_res res; struct display_status_args args; enum clnt_stat stat; CLIENT *cl; *minor_status = 0; cl = kgss_gssd_client(); if (cl == NULL) return (GSS_S_FAILURE); args.status_value = status_value; args.status_type = status_type; args.mech_type = mech_type; args.message_context = *message_context; bzero(&res, sizeof(res)); stat = gssd_display_status_1(&args, &res, cl); CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); } if (res.major_status != GSS_S_COMPLETE) { *minor_status = res.minor_status; return (res.major_status); } *message_context = res.message_context; kgss_copy_buffer(&res.status_string, status_string); xdr_free((xdrproc_t) xdr_display_status_res, &res); return (GSS_S_COMPLETE); }
OM_uint32 gss_import_name(OM_uint32 *minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, gss_name_t *output_name) { struct import_name_res res; struct import_name_args args; enum clnt_stat stat; gss_name_t name; CLIENT *cl; *minor_status = 0; *output_name = GSS_C_NO_NAME; cl = kgss_gssd_client(); if (cl == NULL) return (GSS_S_FAILURE); args.input_name_buffer = *input_name_buffer; args.input_name_type = input_name_type; bzero(&res, sizeof(res)); stat = gssd_import_name_1(&args, &res, cl); CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); } if (res.major_status != GSS_S_COMPLETE) { *minor_status = res.minor_status; return (res.major_status); } name = malloc(sizeof(struct _gss_name_t), M_GSSAPI, M_WAITOK); name->handle = res.output_name; *minor_status = 0; *output_name = name; return (GSS_S_COMPLETE); }
OM_uint32 gss_release_name(OM_uint32 *minor_status, gss_name_t *input_name) { struct release_name_res res; struct release_name_args args; enum clnt_stat stat; gss_name_t name; CLIENT *cl; *minor_status = 0; if (!kgss_gssd_handle) return (GSS_S_FAILURE); if (*input_name) { name = *input_name; args.input_name = name->handle; cl = kgss_gssd_client(); if (cl == NULL) return (GSS_S_FAILURE); stat = gssd_release_name_1(&args, &res, cl); CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); } free(name, M_GSSAPI); *input_name = NULL; if (res.major_status != GSS_S_COMPLETE) { *minor_status = res.minor_status; return (res.major_status); } } return (GSS_S_COMPLETE); }
OM_uint32 gss_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname, const gss_OID mech, uid_t *uidp) { struct pname_to_uid_res res; struct pname_to_uid_args args; enum clnt_stat stat; CLIENT *cl; *minor_status = 0; if (pname == GSS_C_NO_NAME) return (GSS_S_BAD_NAME); cl = kgss_gssd_client(); if (cl == NULL) return (GSS_S_FAILURE); args.pname = pname->handle; args.mech = mech; bzero(&res, sizeof(res)); stat = gssd_pname_to_uid_1(&args, &res, cl); CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); } if (res.major_status != GSS_S_COMPLETE) { *minor_status = res.minor_status; return (res.major_status); } *uidp = res.uid; return (GSS_S_COMPLETE); }
OM_uint32 gss_acquire_cred(OM_uint32 *minor_status, const gss_name_t desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, gss_cred_usage_t cred_usage, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, OM_uint32 *time_rec) { OM_uint32 major_status; struct acquire_cred_res res; struct acquire_cred_args args; enum clnt_stat stat; gss_cred_id_t cred; int i; CLIENT *cl; *minor_status = 0; cl = kgss_gssd_client(); if (cl == NULL) return (GSS_S_FAILURE); args.uid = curthread->td_ucred->cr_uid; if (desired_name) args.desired_name = desired_name->handle; else args.desired_name = 0; args.time_req = time_req; args.desired_mechs = desired_mechs; args.cred_usage = cred_usage; bzero(&res, sizeof(res)); stat = gssd_acquire_cred_1(&args, &res, cl); CLNT_RELEASE(cl); if (stat != RPC_SUCCESS) { *minor_status = stat; return (GSS_S_FAILURE); } if (res.major_status != GSS_S_COMPLETE) { *minor_status = res.minor_status; return (res.major_status); } cred = malloc(sizeof(struct _gss_cred_id_t), M_GSSAPI, M_WAITOK); cred->handle = res.output_cred; *output_cred_handle = cred; if (actual_mechs) { major_status = gss_create_empty_oid_set(minor_status, actual_mechs); if (major_status) return (major_status); for (i = 0; i < res.actual_mechs->count; i++) { major_status = gss_add_oid_set_member(minor_status, &res.actual_mechs->elements[i], actual_mechs); if (major_status) return (major_status); } } if (time_rec) *time_rec = res.time_rec; xdr_free((xdrproc_t) xdr_acquire_cred_res, &res); return (GSS_S_COMPLETE); }