diff options
-rw-r--r-- | CVS/Entries | 17 | ||||
-rw-r--r-- | CVS/Repository | 1 | ||||
-rw-r--r-- | CVS/Root | 1 | ||||
-rw-r--r-- | Makefile | 72 | ||||
-rw-r--r-- | README | 447 | ||||
-rwxr-xr-x | build.AIX | 45 | ||||
-rwxr-xr-x | build.HP-UX | 36 | ||||
-rwxr-xr-x | build.OSF1 | 37 | ||||
-rwxr-xr-x | build.SunOS | 32 | ||||
-rw-r--r-- | gssapi_2.h | 718 | ||||
-rwxr-xr-x | gssntlm.dll | bin | 0 -> 70144 bytes | |||
-rwxr-xr-x | gssntlm.lib | bin | 0 -> 29714 bytes | |||
-rwxr-xr-x | make.bat | 35 | ||||
-rw-r--r-- | platform.h | 113 | ||||
-rw-r--r-- | sncadapt.c | 1063 | ||||
-rwxr-xr-x | sncgss.exp | 54 | ||||
-rw-r--r-- | sncgss.h | 601 | ||||
-rw-r--r-- | sncgss32.def | 57 | ||||
-rw-r--r-- | snckrb5.c | 1060 | ||||
-rw-r--r-- | sncntlm.c | 1060 | ||||
-rw-r--r-- | sncsecud.c | 1060 | ||||
-rw-r--r-- | sncspkm1.c | 1060 |
22 files changed, 7569 insertions, 0 deletions
diff --git a/CVS/Entries b/CVS/Entries new file mode 100644 index 0000000..7f8de80 --- /dev/null +++ b/CVS/Entries @@ -0,0 +1,17 @@ +/gssapi_2.h/1.1.1.1/Tue Aug 24 14:36:21 1999// +/platform.h/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncadapt.c/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncgss.h/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncgss32.def/1.1.1.1/Tue Aug 24 14:36:22 1999// +/snckrb5.c/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncntlm.c/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncsecud.c/1.1.1.1/Tue Aug 24 14:36:22 1999// +/sncspkm1.c/1.1.1.1/Tue Aug 24 14:36:21 1999// +/Makefile/1.2/Tue Aug 24 14:37:57 1999// +/build.AIX/1.2/Tue Aug 24 14:39:31 1999// +/build.HP-UX/1.2/Tue Aug 24 14:39:31 1999// +/build.OSF1/1.2/Tue Aug 24 14:39:31 1999// +/build.SunOS/1.2/Tue Aug 24 14:39:31 1999// +/sncgss.exp/1.2/Tue Aug 24 14:39:32 1999// +/README/1.2/Tue Aug 24 14:59:34 1999// +D diff --git a/CVS/Repository b/CVS/Repository new file mode 100644 index 0000000..7c08f7e --- /dev/null +++ b/CVS/Repository @@ -0,0 +1 @@ +/sapmnt/uw1048/a/CVSroot/sncadapt diff --git a/CVS/Root b/CVS/Root new file mode 100644 index 0000000..3a23edb --- /dev/null +++ b/CVS/Root @@ -0,0 +1 @@ +/sapmnt/uw1048/a/CVSroot diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..179ec85 --- /dev/null +++ b/Makefile @@ -0,0 +1,72 @@ +## +## $Id: Makefile,v 1.2 1999/08/24 14:37:57 d019080 Exp $ +## +## (C) Copyright 1999 SAP AG Walldorf +## +## SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, +## INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO +## EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL +## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE +## OF THIS SOFTWARE. +## + +MDEFS= CC=cc CFLAGS=-g RM="rm -f" OBJ=.o EXE= LD=cc LDFLAGS=-g LIBS=-ldl XD= LDTARGET='-o $@' +TAIL="`uname -s`" +BUILD=./build.$(TAIL) + +XNAME = sncntlm +SRCS = $(XNAME).c + +ALL_HDRS= gssapi_2.h platform.h sncgss.h + +OBJS= $(XD)$(XNAME)$(OBJ) + +TARGET= $(XD)$(XNAME)$(SHEXT) + +.c.o: + $(CC) $(SHFLAGS) $(CFLAGS) -c $< + +### targets + +all: + $(BUILD) $(MAKE) do-all + +clean: + $(BUILD) $(MAKE) do-clean + + +do-all: $(TARGET) + + +z $(XOBJS): $(SRCS) + $(CC) $(SHFLAGS) $(CFLAGS) -c $(SRCS) + +$(TARGET): $(OBJS) + $(LINK_SHARED) $(LDTARGET) $(LDFLAGS) $(OBJS) $(VENLIB) $(LINK_SHARED_END) + + +do-clean: $(WIN_CLEAN) + $(RM) core + $(RM) $(XD)*$(OBJ) + $(RM) $(TARGET) + +win-clean: + del 2>NUL *.pdb + del 2>NUL *.idb + del 2>NUL *.plg + del 2>NUL *.ncb + del 2>NUL *.opt + del 2>NUL $(XD)*.sbr + del 2>NUL $(XD)*.lib + del 2>NUL $(XD)*.exp + del 2>NUL $(XD)*.pdb + del 2>NUL $(XD)*.ilk + + +### dependencies + +$(XD)$(XNAME)$(OBJ): $(XNAME).c $(ALL_HDRS) + + @@ -0,0 +1,447 @@ +/*========================================================================*/ +/* $Id: README,v 1.2 1999/08/24 14:59:34 d019080 Exp $ */ +/*========================================================================*/ + +SNC Adapter README + +Martin Rex, +SAP AG Walldorf +Email: <Martin.Rex@sap-ag.de> + + + +SNC stands for "Secure Network Communication" and refers to the +functionality in SAP R/3 components that performs strong authentication +and message protection via external software products that implement +the IETF-defined standard "Generic Security Services API Version 2" +(GSS-API v2). + +This "document" briefly describes purpose, structure, usage of +the SNC Adapter and tells you how to build an SNC Adapter for +(new) gssapi mechanisms that SNC doesn't know about. + + + 1. Purpose + -- What is an SNC Adapter ? + + 2. Operational model + -- How the SNC Adapter works + + 3. Usage / Installation + -- Installation/configuration/use of a + product with an SNC Adapter. + + 4. Configuration Items for a custom SNC-Adapter + + 5. Registering a SAPGSS_ID and a PREFIX with SAP + + 6. MAKE + -- How to build your own/custom SNC Adapter. + + 7. References + -- Additional reading material. + + + +1. Purpose: What is an SNC-Adapter. +=================================== + + The SNC-Adapter is a thin wrapper or intermediate component + to attach a third party security software to the SNC functionality + of SAP R/3 via an GSS-API v2 compatible interface. + + The SNC Adapter includes an additional (initialization) call + that provides SNC with static information about some characteristics + of the gssapi mechanism that cannot be queried via the regular + GSS-API functions. All regular GSS-API v2 functions are simply + passed on to the gssapi mechanism. + + GSS-API mechanisms can be distinguished by their mechanism OID. + There are 3 mechanism OIDs which SNC already knows about, and for + which it may use a built-in SNC-Adapter -- provided that the shared + library GSS-API interface of the particular product/implementation + is directly compatible with SNC: + + (1) The Kerberos 5 GSS-API mechanism (rfc1964), + mechanism OIDs {1 3 5 1 5 2} and {1 2 840 113554 1 2 2} + + (2) The proprietary SECUDE 5 gssapi mechanism, + mechanism OID {1 3 36 3 1 37 1} + + (3) The SAPNTLM gssapi mechanism supplied by SAP which + offers NTLM-based Single Sign-On for Win32 platforms, + mechanism OID {1 3 6 1 4 1 694 2 1 2} + + External SNC-Adapters for arbitrary GSS-API mechanisms can be built + with the sample sources provided in this distribution. + See "Section 6: MAKE" on how to do this. + + + +2. Operational model +==================== + + An SNC-Adapter is intended as a very thin wrapper on top of the + gssapi functions of an arbitrary GSS-API v2 compliant gssapi mechanism. + I doesn't change any of the functionality available at the gssapi + level, it only provides a little additional configuration information + to SNC how to deal with this mechanism and it will allow to accomodate + for differences at the binary shared library interface between SAP R/3 + and the gssapi library. + + All gss-api functions are imported by the SNC-Adapter with their + original name and are re-exported with the prefix "sap" to the + function name, e.g.: + + gss_acquire_cred() --> sapgss_acquire_cred() + + + Besides the regular gssapi functions there are 3 additional + SNC-specific functions: + + (1) sapsnc_init_adapter() + + (2) sapsnc_export_cname_blob() -- HISTORIC, LEAVE IT ALONE + (3) sapsnc_import_cname_blob() -- HISTORIC, LEAVE IT ALONE + + Function (1) "sapsnc_init_adapter()" provides static information + about some characteristics of the underlying gssapi mechanism to + which this SNC-Adapter is linked. + + The functions (2) and (3) are historic and they are no longer used + by SNC in R/3 Releases 3.1I and newer. + + The only function where the sample adapter source contains extra code + is sapgss_indicate_mechs(), because SNC will use exactly the first + mechanism OID from the list of mechanisms returned by + sapgss_indicate_mechs(). + + If SNC is enabled for an R/3 component, SNC will try to dynamically + load the configured gssapi library at runtime. + + (a) If SNC finds the 3 additional SNC functions in the library, + the library is assumed to be an external SNC-Adapter and + all gssapi functions will be resolved with the function + name prefixed by "sap". + When loading is complete, sapsnc_init_adapter() will be + called followed by a call to sapgss_indicate_mechs(). + + (b) If SNC doesn't find the 3 additional SNC functions in the + library, the library is assumed to be a vanilla gssapi + library and the gssapi functions will be resolved with their + regular names. + When loading is complete, gss_indicate_mechs() will be + called, and the returned OID_set will be searched for + a known mechanism, for which the SNC-Adapter information + is already compiled into SNC (see Section 1). + + It is possible to supply an external SNC-Adapter for any of the + mechanism already known by SNC. Sample external SNC-Adapters + for Kerberos5, SECUDE and SAPNTLM are contained in this distribution + (snckrb5.c, sncsecud.c, sncntlm.c). + + + +3. Usage / Installation / Operation of a Product with SNC-Adapter +================================================================= + + In order to enable Secure Network Communications (SNC) for any + R/3 component, you must specify the location of shared library + that provides the gssapi services. Depending on the component + this may be through the profile parameter "snc/gssapi_lib", + the command line parameter SNC_LIB, environment variable SNC_LIB + or rfc.ini-parameter SNC_LIB. + + Specifying the gssapi shared library directly without an + intermediate SNC-Adapter works only for the 3 gssapi mechanisms + (Kerberos5,SECUDE,SAPNTLM) which SNC already knows. + It is up to the vendor of the third party security software + whether he includes the SNC-Adapter code directly within + his own library or provides it as a seperate shared library. + SNC will always try to load the library as an SNC-Adapter, + before it checks for a known gssapi library. Therefore it is + ok if the shared library exports not only the SNC-Adapter + functions but lots of other functions/APIs as well, + including a regular gssapi. + + There are several potential issues with shared libraries and + dynamic dependencies of one shared library on another one, + so you should carefully consider your options how you want + to build and finally ship a shared library suitable for use + with SNC respectively SAP R/3. + (The severity of these potential issues vary across platforms.) + + My recommendation: link all of your object files, including the + SNC-Adapter into one single large shared library (respectively DLL). + On Unix platforms, relink all of your object files including + the SNC-Adapter into one large object file with "ld -r" + and then link that single object into one shared library. + This will probably save yourself and your customers some headaches + in the long run. + + Potential issues with shared libraries: + + (1) shared library initialization/cleanup during load/unload + + Certain languages (e.g. C++) may require that an initialization + function is called when the library is loaded and a cleanup + function is called before the library is unloaded. + + On Microsoft Windows this is fairly easy, adequately documented + and it works. (DllMain entry point). + + I don't know how it works on the various Unix platforms, + but I've heard of various problems, and I haven't seen + any documentation from any vendor so far. + (There is apparently a bug in the HP-UX 10.20 linker, + and AIX supports it only from Release 4.2 onward). + If your code needs it, GOOD LUCK! + + (2) implicit loading of dependent shared libraries + + If a shared library (or DLL) is not self-contained, but + contains implicit dynamic dependencies to other shared libraries + placed there when the shared library was compiled and linked, + then the system loader will attempt to load the dependents + whenever the top-level shared library is loaded. + + When dynamic runtime loading (via dlopen()/LoadLibrary()/...) + is used by the application to load a shared library at runtime, + it can be loaded from anywhere in the filesystem. + When the shared library that is to be runtime loaded + contains implicit dependencies on other shared libraries, + very platform specific rules will determine where the + system loader will look for those other shared libraries + and what it will do when it cannot find suitable libraries. + + Win32 search locations for dependents: + the normal search order would be: + path of the executable + %SystemRoot%\System32 + %SystemRoot% + PATH environment variable + + but beware of "Highlanders" -- i.e. registered shared + libraries and the shared library cache. + + Unix search locations for dependents: + Is hard to impossible to give any reliable rules, since + every platform is different and has their own knobs and + switches to change the behaviour. Here are some general + Unix rules: + * Unix does NOT know the directory of the executable, + and it does NOT look for shared libraries in the + PATH environment variable. + + * There is a system-default list of directories where + system loader can search for shared libraries. + (e.g. /lib, /usr/lib, /usr/share/lib, ...) + + * Every platform respects an environment variable that + may contain one or more directories to search when + looking for a shared library. But this environment + variable is only honored when (uid)==(euid). + LD_LIBRARY_PATH Digital Unix, Linux, Reliant Unix, + Sinix, Solaris + SHLIB_PATH HP-UX + LIB_PATH AIX + + * Most platforms allow to compile-in a list of directories + into the executable(!) where to search for shared libraries + + * HP-UX memorizes the exact and full pathname where "ld" found + the shared library during the link step of the executable + (or higher-level shared library). This original path + will be used if other locations fail. This may cause + usability problems to NOT show up on development machines. + + * Some platforms allow to reorder the priority of + (original location), (compiled-in directory list) and + (environment variable), and some platforms allow to + selectively disable one or the other feature. + (e.g. HP-UX "chatr" command) + + * When (uid)==(euid) a platform-dependent environment variable + (LD_LIBRARY_PATH, SHLIB_PATH or LIBPATH) may contain a + list of directories where to look for the library. + + * When (uid)!=(euid) or when disabled for the executable, + only the compiled-in search path and system-default + shared library directories are searched + (e.g. /lib,/usr/lib,/usr/share/lib,/usr/local/lib) + + * On some platforms it is possible to compile a shared + library search list into executables as well as into shared + libraries. Probably the list of the executable takes + precedence. However, you cannot set/change the compiled-in + search path in executables from other vendors ... + + + + +4. Configuration Items for a custom SNC-Adapter +================================================ + + In order to create a custom SNC-Adapter that interfaces to + your own gssapi mechanism, you need to fill in the following + information into the "sncadapt.c" sample source: + + ADAPTER_MECH_ID -- register with SAP + ADAPTER_MECH_PREFIX -- register with SAP + ADAPTER_MECH_NAME + ADAPTER_MECHANISM_OID + ADAPTER_NAMETYPE_OID + ADAPTER_CONF_AVAIL + ADAPTER_INTEG_AVAIL + ADAPTER_MUTUAL_AUTH + ADAPTER_REPLAY_PROT + + In detail: + + ADAPTER_MECH_ID (16-bit unsigned integer) -- register with SAP + This is a numeric tag that SNC uses internally to distinguish + different gssapi mechanisms. + + ADAPTER_MECH_PREFIX (ASCII string) -- register with SAP + This prefix must be at most 7 alphanumeric lowercase characters, + and it is used internally by SNC in the nametype-prefix of SNC-Names + to bind printable names to specific mechanisms. This prefix can + be passed to SNC within printable SNC-Names, however the concurrent + use of multiple gssapi libraries is NOT supported by SNC. + + ADAPTER_MECH_NAME (ASCII string) + This name is used for the printable identification of + the SNC-Adapter and used for diagnostic purposes only. + + ADAPTER_MECHANISM_OID (gss_OID) + This is the mechanism OID of your gssapi mechanism. + + ADAPTER_NAMETYPE_OID (gss_OID) + This is the nametype OID that your gssapi mechanism uses + to tag canonical printable names. It is also the nametype oid + that will be used to pass SNC-Names to _this_ gssapi library + when they were prefixed with "p:" + (Other valid SNC-Name prefixes are "u:" and "s:", which indicate + to use the standardized generic nametypes GSS_C_NT_USER_NAME + and GSS_C_NT_HOSTBASED_SERVICE) + + ADAPTER_CONF_AVAIL (Boolean) + Indicates whether this gssapi mechanism will unconditionally + support message confidentiality protection on all successfully + established security contexts. + + ADAPTER_INTEG_AVAIL (Boolean) + Indicates whether this gssapi mechanism will unconditionally + support message integrity protection on all successfully + established security contexts. + + ADAPTER_MUTUAL_AUTH (Boolean) + Indicates whether this gssapi mechanism will unconditionally + support mutual authentication on all successfully established + security context where this feature was requested during + gss_init_sec_context(). + + ADAPTER_REPLAY_PROT (Boolean) + Indicates whether this gssapi mechanism will unconditionally + support message replay protection on all successfully established + security contexts where this feature was requested during + gss_init_sec_context() + + + + +5. Registering a SAPGSS_ID and a PREFIX with SAP +================================================= + + Send an Email to <Martin.Rex@sap-ag.de> and request a SAPGSS_ID + and propose a prefix up to 7 alphanumeric lowercase characters. + Please include the name of your product and the list of + features (see Section 4) that you are going to configure. + + I would really appreciate if could additionally enclose the output + from our gssapi verification program GSSTEST when running it with + your gssapi implementation. + + + +6. MAKE -- How to build your own/custom SNC-Adapter +===================================================== + + This distribution contains the sample sources for several preconfigured + SNC-Adapters (sncntlm.c, snckrb5.c, sncspkm1.c, sncsecud.c) and the + template "sncadapt.c" which you can use to build your own SNC-Adapter. + + You are free to tear the "sncadapt.c" template apart and integrate + the necessary pieces into your own product. See Section 4 what + you will need to configure to build an SNC-Adapter for your own + custom gssapi mechanism. + + Included are a Makefile and build scripts for the following platforms: + AIX 4.x, Solaris 2.x, Digital Unix 4.x, HP-UX 10.x + and a batch file "make.bat" for Microsoft Win32 platforms using + the Microsoft Visual C compiler v5 or v6 (Visual Studio 97 or 98). + + For both, Unix and Win32, the filename for the source and the + basename of the target shared library is defined in the + Makefile with "XNAME=". Edit this definition when necessary. + + On the Unix platforms, you need to add the necessary linker + parameters into the build.<platform> shell script into the + variable definition for VENLIB so that your own gssapi library + can be found and linked to the SNC-Adapter. + + On Windows platforms you also need to edit make.bat and modify + the variable definition VENLIB. Currently make.bat is configured + to supply the name of the included gssntlm.lib so that the + sample SNC-Adapter debug\sncntlm.dll will be generated if you + enter "make" in the directory (provided that the Visual compiler + environment is available). + + + If you supply the name of your shared library for "VENLIB=" + then this sample build environment will create a standalone + SNC-Adapter shared library with an implicit dependency on + your shared library. As discussed in Section 3, this approach + may have significant administrative disadvantages, especially + on Unix (because this will usually require the environment + variable for the shared library search path to make it work). + For Unix, you could either supply an archive library of + position independent object files or integrate the + SNC-Adapter source into your own shared library, so + that you end up with a single shared libraries without + implicit dependencies on custom libraries, thus removing + the administrative requirement for the environment variable. + + + + +7. References: Additional reading material +=========================================== + + * "Generic Security Service Application Program Interface, + Version 2, Update 1", John Linn, December 1998 + NOTE: This document is available only as an Internet draft with the + name "draft-ietf-cat-rfc2078bis-08.txt". However, this draft + is expected to become an RFC in Fall 1999 + + * RFC2078: "Generic Security Service Application Program Interface, + Version 2", John Linn, January 1997 + NOTE: This document will soon be updated/replaced by + "draft-ietf-cat-rfc2078bis-08.txt", see above + + * "Generic Security Service API Version 2 : C-bindings" + John Wray, November 1998 + NOTE: This document is available only as an internet draft with the + name "draft-ietf-cat-gssv2-cbind-08.txt". However, this draft + is expected to become an RFC in Fall 1999 + + + * RFC-1964: "The Kerberos Version 5 GSS-API Mechanism" + John Linn, June 1996 + + + * RFC-2025: "The Simple Public-Key GSS-API Mechanism (SPKM)" + Carlisle Adams, October 1996 + +============================================================================ + diff --git a/build.AIX b/build.AIX new file mode 100755 index 0000000..6d188a3 --- /dev/null +++ b/build.AIX @@ -0,0 +1,45 @@ +#!/bin/sh +# +# $Id: build.AIX,v 1.2 1999/08/24 14:39:31 d019080 Exp $ +# +OBJ=".o" +CC="xlc" +MAJOR="`uname -v`" +MINOR="`uname -r`" +CFLAGS="-z -qlanglvl=ansi -qarch=com -qspill=1024" +if [ "${MAJOR}${MINOR}" -ge 40 ] ; then + CFLAGS="$CFLAGS -qinfo" +else + CFLAGS="$CFLAGS -D_POSIX_SOURCE -D_ALL_SOURCE" +fi +RM="rm -f" +EXE="" +LD="$CC" +LDFLAGS="" +LDTARGET='-o $@' +XD="" +if [ "${MAJOR}${MINOR}" -ge 42 ] ; then + # dlopen() is used in AIX 4.2 + SHLIB=".so" + LDLIBS="-ldl" +else + SHLIB=".o" + LDLIBS="" +fi +SHFLAGS="" +LINK_SHARED="ld -L/usr/lib -bM:SRE -T512 -H512 -bnoentry" +LINK_SHARED_END=" -lc $LDLIBS -bE:sncgss.exp" + +#VENLIB="-L/your/software/path -lgssapi" +VENLIB="" +if [ "$VENLIB" = "" ] ; then + echo "***" + echo "*** Please edit $0 and define VENLIB to link your" + echo "*** GSS-API v2 shared library" + echo "***" + exit 1 +fi + +export OBJ CC CFLAGS RM EXE LDLIBS LD LDTARGET LDFLAGS XD +export SHEXT SHFLAGS LINK_SHARED LINK_SHARED_END VENLIB +"$@" diff --git a/build.HP-UX b/build.HP-UX new file mode 100755 index 0000000..d015f77 --- /dev/null +++ b/build.HP-UX @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $Id: build.HP-UX,v 1.2 1999/08/24 14:39:31 d019080 Exp $ +# +OBJ=".o" +CC="cc" +CFLAGS="-Ae -g -DXDEBUG=1" +RM="rm -f" +EXE="" +LD="$CC" +LDFLAGS="" +LDTARGET='-o $@' +XD="" +LDLIBS="-Wl,-a,default -lc -ldld" +if [ -f /opt/langtools/lib/end.o ] ; then + # this is for shared library debugging on HP-UX (10.20) ... + LDLIBS="${LDLIBS} /opt/langtools/lib/end.o" +fi +SHEXT=".sl" +SHFLAGS="+z" +LINK_SHARED="ld +vshlibunsats +s -b" +LINK_SHARED_END="-a default -lc" + +#VENLIB="-L/your/software/path +b /your/software/path -lgssapi" +VENLIB="-L/sapmnt/hs0101/b/security/secude5.2/hp/lib.secude -lsecude" +if [ "$VENLIB" = "" ] ; then + echo "***" + echo "*** Please edit $0 and define VENLIB to link your" + echo "*** GSS-API v2 shared library" + echo "***" + exit 1 +fi + +export OBJ CC CFLAGS RM EXE LDLIBS LD LDTARGET LDFLAGS XD +export SHEXT SHFLAGS LINK_SHARED LINK_SHARED_END VENLIB +"$@" diff --git a/build.OSF1 b/build.OSF1 new file mode 100755 index 0000000..b7134d4 --- /dev/null +++ b/build.OSF1 @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $Id: build.OSF1,v 1.2 1999/08/24 14:39:31 d019080 Exp $ +# +OBJ=".o" +CC="cc" +CFLAGS="-std1 -g -DXDEBUG=1" +RM="rm -f" +EXE="" +LD="$CC" +LDFLAGS="" +LDTARGET='-o $@' +XD="" +LDLIBS="" +SHEXT=".so" +SHFLAGS="" +LINK_SHARED="ld -shared" +LINK_SHARED_END="-lc" + +# needs LD_LIBRAR_PATH if gssapi library is a true shared library +# preferably, the gssapi library should be an archive library +# of position-independent objects so that setting LD_LIBRARY_PATH +# will not be necessary for the executable +# +#VENLIB="-L/your/software/path -rpath /your/software/path -lgssapi" +VENLIB="" +if [ "$VENLIB" = "" ] ; then + echo "***" + echo "*** Please edit $0 and define VENLIB to link your" + echo "*** GSS-API v2 shared library" + echo "***" + exit 1 +fi + +export OBJ CC CFLAGS RM EXE LDLIBS LD LDTARGET LDFLAGS XD +export SHEXT SHFLAGS LINK_SHARED LINK_SHARED_END VENLIB +"$@" diff --git a/build.SunOS b/build.SunOS new file mode 100755 index 0000000..60d3130 --- /dev/null +++ b/build.SunOS @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $Id: build.SunOS,v 1.2 1999/08/24 14:39:31 d019080 Exp $ +# +OBJ=".o" +CC="/opt/SUNWspro/bin/cc" +CFLAGS="-Xa -g -DXDEBUG=1" +RM="rm -f" +EXE="" +LD="$CC" +LDFLAGS="$CFLAGS -ldl -lnsl -lthread" +LDTARGET='-o $@' +XD="" +LDLIBS="-ldl" +SHEXT=".so" +SHFLAGS="-Kpic" +LINK_SHARED="$(CC) -G" +LINK_SHARED_END="" + +#VENLIB="-L/your/software/path -R/your/software/path -lgssapi" +VENLIB="" +if [ "$VENLIB" = "" ] ; then + echo "***" + echo "*** Please edit $0 and define VENLIB to link your" + echo "*** GSS-API v2 shared library" + echo "***" + exit 1 +fi + +export OBJ CC CFLAGS RM EXE LDLIBS LD LDTARGET LDFLAGS XD +export SHEXT SHFLAGS LINK_SHARED LINK_SHARED_END VENLIB +"$@" diff --git a/gssapi_2.h b/gssapi_2.h new file mode 100644 index 0000000..95330c2 --- /dev/null +++ b/gssapi_2.h @@ -0,0 +1,718 @@ +/********************************************************************* + * $Id: gssapi_2.h,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $ + *********************************************************************/ + +/* + * GSS-API Version 2 Header File, See RFC 2xxx + */ + +#ifndef _GSSAPI_H_ +#define _GSSAPI_H_ + +/* + * Determine platform-dependent configuration. + */ + +#ifndef _XX_PLATFORM_H_ +# include "platform.h" +#endif + +#define GSS_SIZEOF_SHORT XX_SIZEOF_SHORT +#define GSS_SIZEOF_INT XX_SIZEOF_INT +#define GSS_SIZEOF_LONG XX_SIZEOF_LONG + +/* + * The following type must be defined as the smallest natural + * unsigned integer supported by the platform that has at least + * 32 bits of precision. + */ +typedef Uint32 gss_uint32; + + + + +/* + *########################################################### + *## One common gssapi_2.h Header file for all platforms ## + *########################################################### + */ + + + +/* + * First, include stddef.h to get size_t defined. + */ +#include <stddef.h> + + +/* + * First, define the three platform-dependent pointer types. + */ +typedef void FAR * gss_ctx_id_t; +typedef void FAR * gss_cred_id_t; +typedef void FAR * gss_name_t; + + +typedef gss_uint32 OM_uint32; + +typedef struct gss_OID_desc_struct { + OM_uint32 length; + void FAR * elements; +} gss_OID_desc, FAR * gss_OID; + + +typedef struct gss_OID_set_desc_struct { + size_t count; + gss_OID elements; +} gss_OID_set_desc, FAR * gss_OID_set; + +typedef struct gss_buffer_desc_struct { + size_t length; + void FAR * value; +} gss_buffer_desc, FAR * gss_buffer_t; + +typedef struct gss_channel_bindings_struct { + OM_uint32 initiator_addrtype; + gss_buffer_desc initiator_address; + OM_uint32 acceptor_addrtype; + gss_buffer_desc acceptor_address; + gss_buffer_desc application_data; +} FAR * gss_channel_bindings_t; + +/* + * For now, define a QOP-type as an OM_uint32 (pending resolution + * of ongoing discussions). + */ +typedef OM_uint32 gss_qop_t; +typedef int gss_cred_usage_t; + +/* + * Flag bits for context-level services. + */ +#define GSS_C_DELEG_FLAG 1 +#define GSS_C_MUTUAL_FLAG 2 +#define GSS_C_REPLAY_FLAG 4 +#define GSS_C_SEQUENCE_FLAG 8 +#define GSS_C_CONF_FLAG 16 +#define GSS_C_INTEG_FLAG 32 +#define GSS_C_ANON_FLAG 64 +#define GSS_C_PROT_READY_FLAG 128 +#define GSS_C_TRANS_FLAG 256 + +/* + * Credential usage options + */ +#define GSS_C_BOTH 0 +#define GSS_C_INITIATE 1 +#define GSS_C_ACCEPT 2 + +/* + * Status code types for gss_display_status + */ +#define GSS_C_GSS_CODE 1 +#define GSS_C_MECH_CODE 2 + +/* + * The constant definitions for channel-bindings address families + */ +#define GSS_C_AF_UNSPEC 0 +#define GSS_C_AF_LOCAL 1 +#define GSS_C_AF_INET 2 +#define GSS_C_AF_IMPLINK 3 +#define GSS_C_AF_PUP 4 +#define GSS_C_AF_CHAOS 5 +#define GSS_C_AF_NS 6 +#define GSS_C_AF_NBS 7 +#define GSS_C_AF_ECMA 8 +#define GSS_C_AF_DATAKIT 9 +#define GSS_C_AF_CCITT 10 +#define GSS_C_AF_SNA 11 +#define GSS_C_AF_DECnet 12 +#define GSS_C_AF_DLI 13 +#define GSS_C_AF_LAT 14 +#define GSS_C_AF_HYLINK 15 +#define GSS_C_AF_APPLETALK 16 +#define GSS_C_AF_BSC 17 +#define GSS_C_AF_DSS 18 +#define GSS_C_AF_OSI 19 +#define GSS_C_AF_X25 21 + +#define GSS_C_AF_NULLADDR 255 + +/* + * Various Null values + */ +#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) +#define GSS_C_NO_NAME ((gss_name_t) 0) +#define GSS_C_NO_OID ((gss_OID) 0) +#define GSS_C_NO_OID_SET ((gss_OID_set) 0) +#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) +#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) +#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) +#define GSS_C_EMPTY_BUFFER {0, NULL} + +/* + * Some alternate names for a couple of the above values. + * These are defined for V1 compatibility. + */ +#define GSS_C_NULL_OID GSS_C_NO_OID +#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET + +/* + * Define the default Quality of Protection for per-message + * services. Note that an implementation that offers multiple + * levels of QOP may either reserve a value (for example zero, + * as assumed here) to mean "default protection", or + * alternatively may simply equate GSS_C_QOP_DEFAULT to a specific + * explicit QOP value. However, a value of 0 should always be + * interpreted by a GSSAPI implementation as a request for the + * default protection level. + */ +#define GSS_C_QOP_DEFAULT 0 + +/* + * Expiration time of 2^32-1 seconds means infinite lifetime for a + * credential or security context + */ +#define GSS_C_INDEFINITE 0xfffffffful +#define GSS_C_EXPIRED 0ul + + + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, + * corresponding to an object identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 3(gss-anonymous-name)}. The constant + * and GSS_C_NT_ANONYMOUS should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_ANONYMOUS; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, + * corresponding to an object-identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 4(gss-api-exported-name)}. The constant + * GSS_C_NT_EXPORT_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_EXPORT_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_USER_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_MACHINE_UID_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_STRING_UID_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x04"}, corresponding to an + * object-identifier value of {iso(1) member-body(2) + * Unites States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) service_name(4)}. The constant + * GSS_C_NT_HOSTBASED_SERVICE should be initialized + * to point to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_HOSTBASED_SERVICE; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, + * corresponding to an object-identifier value of + * {iso(1) org(3) dod(6) internet(1) security(5) + * nametypes(6) gss-host-based-services(2)). The constant + * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point + * to that gss_OID_desc. This is a deprecated OID value, and + * implementations wishing to support hostbased-service names + * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, + * defined below, to identify such names; + * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym + * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input + * parameter, but should not be emitted by GSSAPI + * implementations + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_HOSTBASED_SERVICE_X; + + + +/* Major status codes */ + +#define GSS_S_COMPLETE 0 + +/* + * Some "helper" definitions to make the status code macros obvious. + */ +#define GSS_C_CALLING_ERROR_OFFSET 24 +#define GSS_C_ROUTINE_ERROR_OFFSET 16 +#define GSS_C_SUPPLEMENTARY_OFFSET 0 +#define GSS_C_CALLING_ERROR_MASK 0377ul +#define GSS_C_ROUTINE_ERROR_MASK 0377ul +#define GSS_C_SUPPLEMENTARY_MASK 0177777ul + +/* + * The macros that test status codes for error conditions. Note that the + * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now + * evaluates its argument only once. + */ +#define GSS_CALLING_ERROR(x) \ + ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) +#define GSS_ROUTINE_ERROR(x) \ + ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) +#define GSS_SUPPLEMENTARY_INFO(x) \ + ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) +#define GSS_ERROR(x) \ + ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ + (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) + +/* + * Now the actual status code definitions + */ + +/* + * Calling errors: + */ +#define GSS_S_CALL_INACCESSIBLE_READ (1ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_INACCESSIBLE_WRITE (2ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_BAD_STRUCTURE (3ul << GSS_C_CALLING_ERROR_OFFSET) + +/* + * Routine errors: + */ +#define GSS_S_BAD_MECH ( 1ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAME ( 2ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAMETYPE ( 3ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_BINDINGS ( 4ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_STATUS ( 5ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MIC ( 6ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_SIG GSS_S_BAD_MIC +#define GSS_S_NO_CRED ( 7ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NO_CONTEXT ( 8ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_TOKEN ( 9ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) + +/* + * Supplementary info bits: + */ +#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) +#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) +#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) +#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) +#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) + + +/* + * Finally, function prototypes for the GSSAPI routines. + */ + +OM_uint32 DLL_FUNC_DECO gss_acquire_cred( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* desired_name */ + OM_uint32, /* time_req */ + gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t FAR *, /* output_cred_handle */ + gss_OID_set FAR *, /* actual_mechs */ + OM_uint32 FAR * /* time_rec */ +); + + +OM_uint32 DLL_FUNC_DECO gss_release_cred( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t FAR * /* cred_handle */ +); + + +OM_uint32 DLL_FUNC_DECO gss_init_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t, /* claimant_cred_handle */ + gss_ctx_id_t FAR *, /* context_handle */ + gss_name_t, /* target_name */ + gss_OID, /* mech_type */ + OM_uint32, /* req_flags */ + OM_uint32, /* time_req */ + gss_channel_bindings_t, /* input_chan_bindings */ + gss_buffer_t, /* input_token */ + gss_OID FAR *, /* actual_mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 FAR *, /* ret_flags */ + OM_uint32 FAR * /* time_rec */ +); + + +OM_uint32 DLL_FUNC_DECO gss_accept_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t FAR *, /* context_handle */ + gss_cred_id_t, /* acceptor_cred_handle */ + gss_buffer_t, /* input_token_buffer */ + gss_channel_bindings_t, /* input_chan_bindings */ + gss_name_t FAR *, /* src_name */ + gss_OID FAR *, /* mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 FAR *, /* ret_flags */ + OM_uint32 FAR *, /* time_rec */ + gss_cred_id_t FAR * /* delegated_cred_handle */ +); + + +OM_uint32 DLL_FUNC_DECO gss_process_context_token( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t /* token_buffer */ +); + + +OM_uint32 DLL_FUNC_DECO gss_delete_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t FAR *, /* context_handle */ + gss_buffer_t /* output_token */ +); + + +OM_uint32 DLL_FUNC_DECO gss_context_time( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + OM_uint32 FAR * /* time_rec */ +); + + +/* New name in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_get_mic( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ +); + + +/* New name in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_verify_mic( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* message_token */ + gss_qop_t * /* qop_state */ +); + + +/* New name in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_wrap( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int FAR *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ +); + + +/* New name in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_unwrap( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int FAR *, /* conf_state */ + gss_qop_t FAR * /* qop_state */ +); + + +OM_uint32 DLL_FUNC_DECO gss_display_status( + OM_uint32 FAR *, /* minor_status */ + OM_uint32, /* status_value */ + int, /* status_type */ + gss_OID, /* mech_type */ + OM_uint32 FAR *, /* message_context */ + gss_buffer_t /* status_string */ +); + + +OM_uint32 DLL_FUNC_DECO gss_indicate_mechs( + OM_uint32 FAR *, /* minor_status */ + gss_OID_set FAR * /* mech_set */ +); + + +OM_uint32 DLL_FUNC_DECO gss_compare_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* name1 */ + gss_name_t, /* name2 */ + int FAR * /* name_equal */ +); + + +OM_uint32 DLL_FUNC_DECO gss_display_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* input_name */ + gss_buffer_t, /* output_name_buffer */ + gss_OID FAR * /* output_name_type */ +); + + +OM_uint32 DLL_FUNC_DECO gss_import_name( + OM_uint32 FAR *, /* minor_status */ + gss_buffer_t, /* input_name_buffer */ + gss_OID, /* input_name_type */ + gss_name_t FAR * /* output_name */ +); + + +OM_uint32 DLL_FUNC_DECO gss_release_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t FAR * /* input_name */ +); + + +OM_uint32 DLL_FUNC_DECO gss_release_buffer( + OM_uint32 FAR *, /* minor_status */ + gss_buffer_t /* buffer */ +); + + +OM_uint32 DLL_FUNC_DECO gss_release_oid_set( + OM_uint32 FAR *, /* minor_status */ + gss_OID_set FAR * /* set */ +); + + +OM_uint32 DLL_FUNC_DECO gss_inquire_cred( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_name_t FAR *, /* name */ + OM_uint32 FAR *, /* lifetime */ + gss_cred_usage_t FAR *, /* cred_usage */ + gss_OID_set FAR * /* mechanisms */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_inquire_context( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_name_t FAR *, /* src_name */ + gss_name_t FAR *, /* targ_name */ + OM_uint32 FAR *, /* lifetime_rec */ + gss_OID FAR *, /* mech_type */ + OM_uint32 FAR *, /* ctx_flags */ + int FAR *, /* locally_initiated */ + int FAR * /* open */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_wrap_size_limit( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + OM_uint32, /* req_output_size */ + OM_uint32 * /* max_input_size */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_add_cred( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t, /* input_cred_handle */ + gss_name_t, /* desired_name */ + gss_OID, /* desired_mech */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t FAR *, /* output_cred_handle */ + gss_OID_set FAR *, /* actual_mechs */ + OM_uint32 FAR *, /* initiator_time_rec */ + OM_uint32 FAR * /* acceptor_time_rec */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_inquire_cred_by_mech( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_OID, /* mech_type */ + gss_name_t FAR *, /* name */ + OM_uint32 FAR *, /* initiator_lifetime */ + OM_uint32 FAR *, /* acceptor_lifetime */ + gss_cred_usage_t FAR * /* cred_usage */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_export_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t FAR *, /* context_handle */ + gss_buffer_t /* interprocess_token */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_import_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_buffer_t, /* interprocess_token */ + gss_ctx_id_t FAR * /* context_handle */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_create_empty_oid_set( + OM_uint32 FAR *, /* minor_status */ + gss_OID_set FAR * /* oid_set */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_add_oid_set_member( + OM_uint32 FAR *, /* minor_status */ + gss_OID, /* member_oid */ + gss_OID_set FAR * /* oid_set */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_test_oid_set_member( + OM_uint32 FAR *, /* minor_status */ + gss_OID, /* member */ + gss_OID_set, /* set */ + int FAR * /* present */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_inquire_names_for_mech( + OM_uint32 FAR *, /* minor_status */ + gss_OID, /* mechanism */ + gss_OID_set FAR * /* name_types */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_inquire_mechs_for_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* input_name */ + gss_OID_set FAR * /* mechanism_oids */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_canonicalize_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* input_name */ + gss_OID, /* mech_type */ + gss_name_t FAR * /* output_name */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_export_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* input_name */ + gss_buffer_t /* output_name_blob */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_duplicate_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* src_name */ + gss_name_t FAR * /* dest_name */ +); + + +/* + * The following routines are obsolete variants of gss_get_mic, + * gss_wrap, gss_verify_mic and gss_unwrap. They should be + * provided by GSSAPI V2 implementations for backwards + * compatibility with V1 applications. Distinct entrypoints + * (as opposed to #defines) should be provided, both allow GSSAPI + * V1 applications to link against GSSAPI V2 implementations, and + * to retain the slight parameter type differences between the + * obsolete versions of these routines and their current forms. + */ + +OM_uint32 DLL_FUNC_DECO gss_sign( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ +); + + +OM_uint32 DLL_FUNC_DECO gss_verify( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* token_buffer */ + int FAR * /* qop_state */ +); + + +OM_uint32 DLL_FUNC_DECO gss_seal( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + int, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int FAR *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ +); + + +OM_uint32 DLL_FUNC_DECO gss_unseal( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int FAR *, /* conf_state */ + int FAR * /* qop_state */ +); + +#endif /* _GSSAPI_H_ */ diff --git a/gssntlm.dll b/gssntlm.dll Binary files differnew file mode 100755 index 0000000..60bcc3f --- /dev/null +++ b/gssntlm.dll diff --git a/gssntlm.lib b/gssntlm.lib Binary files differnew file mode 100755 index 0000000..9bc1c21 --- /dev/null +++ b/gssntlm.lib diff --git a/make.bat b/make.bat new file mode 100755 index 0000000..922e429 --- /dev/null +++ b/make.bat @@ -0,0 +1,35 @@ +@echo off
+set CC=cl
+set CFLAGS=/nologo /MD /W3 /GX /Zi /Od /Fo"Debug/"
+set LDFLAGS=/nologo /subsystem:console /incremental:no /pdb:"$*.pdb" /debug /pdbtype:sept /libpath:debug
+set LD=link
+set LDTARGET=/out:$(TARGET)
+set "RM=del 2>NUL "
+set OBJ=.obj
+set XOBJS=$(OBJS)
+set XD=Debug\
+set EXE=.exe
+set BUILD=
+set WIN_CLEAN=win-clean
+set LIBS=kernel32.lib
+set SHEXT=.dll
+set SHFLAGS=/LD
+set LINK_SHARED=$(LD) /DLL /DEF:sncgss32.def /IMPLIB:$*.lib /SUBSYSTEM:CONSOLE
+set LINK_SHARED_END=
+
+set VENLIB=.\gssntlm.lib
+if NOT %VENLIB%. == . goto :trymake
+echo ***
+echo *** Please edit MAKE.BAT and define VENLIB to point to the *.LIB stub
+echo *** of your GSS-API v2 windows library (DLL)
+echo ***
+goto :finish
+
+:trymake
+
+if %1. == clean. nmake /NOLOGO do-clean
+if %1. == . nmake /NOLOGO do-all
+if %1. == all. nmake /NOLOGO do-all
+
+@echo off
+
diff --git a/platform.h b/platform.h new file mode 100644 index 0000000..71a6d4d --- /dev/null +++ b/platform.h @@ -0,0 +1,113 @@ +/************************************************************************/ +/* $Id: platform.h,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $ + ************************************************************************/ +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + +#ifndef _XX_PLATFORM_H_ +# define _XX_PLATFORM_H_ + + +#ifndef USHRT_MAX +# include <limits.h> +#endif + + +#if USHRT_MAX >= 0x10000ul +# define XX_SIZEOF_USHORT 4 +# error cannot handle unsigned short > 2 bytes +#else +# define XX_SIZEOF_USHORT 2 +#endif + +#if UINT_MAX >= 0x10000ul +# define XX_SIZEOF_UINT 4 +#else +# define XX_SIZEOF_UINT 2 +#endif + +#if ULONG_MAX > 0xFFFFFFFFul +# define XX_SIZEOF_ULONG 8 +#else +# define XX_SIZEOF_ULONG 4 +#endif + + +#if (XX_SIZEOF_UINT == 4) + + typedef unsigned int Uint32; + +#elif (XX_SIZEOF_ULONG == 4) + + typedef unsigned long Uint32; + +#elif (XX_SIZEOF_USHORT == 4) + + typedef unsigned short Uint32; + +#endif + + + +/* + * Define DLL_FUNC_DECO, DLL_DATA_DECO, FUNCPTR_DECO and FAR + */ + +#if defined(_WIN32) +# if !defined(WINAPI) +# if !defined(_M_IX86) +# include <windows.h> +# else +# /* shortcutting Microsoft Win32 on Intel x86i, because including */ +# /* <windows.h> is painfully timeconsuming during development ... */ +# define WINAPI __stdcall +# endif +# endif +# define FUNCPTR_DECO WINAPI +# define EXPORT_FUNCTION __declspec(dllexport) WINAPI +# define EXPORT_DATA __declspec(dllexport) +# define IMPORT_FUNCTION __declspec(dllimport) WINAPI +# define IMPORT_DATA __declspec(dllimport) +#elif defined(_WINDOWS) +# if !defined(WINAPI) +# define WINAPI __far __pascal +# endif +# define FUNCPTR_DECO WINAPI +# define EXPORT_FUNCTION __export WINAPI +# define EXPORT_DATA __export +# define IMPORT_FUNCTION __export WINAPI +# define IMPORT_DATA __export +# define FAR __far +#else +# define EXPORT_FUNCTION +# define EXPORT_DATA +# define IMPORT_FUNCTION +# define IMPORT_DATA +# define FUNCPTR_DECO +#endif + +#ifdef BUILDING_DLL +# define DLL_DATA_DECO EXPORT_DATA +# define DLL_FUNC_DECO EXPORT_FUNCTION +#else +# define DLL_DATA_DECO IMPORT_DATA +# define DLL_FUNC_DECO IMPORT_FUNCTION +#endif + +#ifndef FAR +# define FAR +#endif + + + +#endif /* _XX_PLATFORM_H_ */ diff --git a/sncadapt.c b/sncadapt.c new file mode 100644 index 0000000..e91f8e9 --- /dev/null +++ b/sncadapt.c @@ -0,0 +1,1063 @@ +static char * this_File = "sncadapt.c"; +static char * cvs_id = + "$Id: sncadapt.c,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to <Martin.Rex@sap-ag.de> including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME >>> "X X X X X X X X X X X X X X X" + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX >>> "xxxx" + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID >>> SAPGSS_ID_XXXX + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID \ + >>> { 7, "\053\006\001\005\005\001\001" } + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID \ + >>> { 9, "\053\006\001\004\001\201\172\002\001" } + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION >>> 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION >>> 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL >>> 1 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL >>> 1 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH >>> 1 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT >>> 1 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include <stddef.h> +#include <stdlib.h> +#include <stdio.h> + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include <windows.h> + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include <windows.h> +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of sncadapt.c */ + diff --git a/sncgss.exp b/sncgss.exp new file mode 100755 index 0000000..ea27fad --- /dev/null +++ b/sncgss.exp @@ -0,0 +1,54 @@ +#! sncgss.o +* $Id: sncgss.exp,v 1.2 1999/08/24 14:39:32 d019080 Exp $ +* export definition for shared libraries/objects on AIX +* + +* SNC-Adapter calls +* +sapsnc_init_adapter +sapsnc_export_cname_blob +sapsnc_import_cname_blob + +* wrapper calls for GSS-API Version 1 (RFC 1508/1509) +* +sapgss_acquire_cred +sapgss_release_cred +sapgss_init_sec_context +sapgss_accept_sec_context +sapgss_process_context_token +sapgss_delete_sec_context +sapgss_context_time +sapgss_get_mic +sapgss_verify_mic +sapgss_wrap +sapgss_unwrap +sapgss_display_status +sapgss_indicate_mechs +sapgss_compare_name +sapgss_display_name +sapgss_import_name +sapgss_release_name +sapgss_release_buffer +sapgss_release_oid_set +sapgss_inquire_cred + +* wrapper calls for GSS-API Version 2 +* +sapgss_add_cred +sapgss_inquire_cred_by_mech + +sapgss_inquire_context +sapgss_wrap_size_limit +sapgss_export_sec_context +sapgss_import_sec_context + +sapgss_create_empty_oid_set +sapgss_add_oid_set_member +sapgss_test_oid_set_member + +sapgss_canonicalize_name +sapgss_export_name +sapgss_inquire_names_for_mech +sapgss_inquire_mechs_for_name + + diff --git a/sncgss.h b/sncgss.h new file mode 100644 index 0000000..a0e2925 --- /dev/null +++ b/sncgss.h @@ -0,0 +1,601 @@ +/**********************************************************************/ +/* $Id: sncgss.h,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $ + **********************************************************************/ +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + +#ifndef _SNCGSS_H +#define _SNCGSS_H 1 + +#ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(a) ((a)=(a)) +#endif + +/**********************************************************************/ +/* */ +/* Public type definitions */ +/* */ +/**********************************************************************/ + +/********************************************************************** + * + * SAPGSS type definitions for use within the snc*.[ch] modules + * + * If these don't match with the GSS-API definitions, then + * we might have a problem + * + **********************************************************************/ + + + +typedef enum sapgss_prod_id { + SAPGSS_ID_DUMMY = 0, /* No security (26-jun-95) mrex */ + SAPGSS_ID_GENERIC = 1, /* Generic GSS-API v2 Mechanism, */ + /* let GSS-API fight it out ... */ + + + SAPGSS_ID_KERBEROS5 = 2, /* Kerberos 5 / MIT (26-jun-95) mrex */ +#define SAPGSS_KERBEROS5_PREFIX "krb5" +#define SAPGSS_KERBEROS5_NAME "Kerberos 5/GSS-API v2" +#define SAPGSS_KERBEROS5_MECH_OID { 9, "\052\206\110\206\367\022\001\002\002" } +#define SAPGSS_KERBEROS5_CNAME_OID { 10, "\052\206\110\206\367\022\001\002\002\001" } + + + SAPGSS_ID_SECUDE = 3, /* SecuDE 5 (21-sep-95) mrex */ +#define SAPGSS_SECUDE_PREFIX "secude" +#define SAPGSS_SECUDE_NAME "Secude 5 GSS-API v2" +#define SAPGSS_SECUDE_MECH_OID { 6, "\053\044\003\001\045\001" } +#define SAPGSS_SECUDE_CNAME_OID { 6, "\053\044\003\001\046\001" } + + + SAPGSS_ID_SAPNTLM = 4, /* SAPNTLM (08-okt-97) mrex */ +#define SAPGSS_SAPNTLM_PREFIX "sapntlm" +#define SAPGSS_SAPNTLM_NAME "SAP's GSS-API v2 over NTLM(SSPI)" +#define SAPGSS_SAPNTLM_MECH_OID { 10, "\053\006\001\004\001\205\066\002\001\002" } +#define SAPGSS_SAPNTLM_CNAME_OID { 11, "\053\006\001\004\001\205\066\002\001\002\001" } + + + + SAPGSS_ID_SPKM1 = 5, /* SPKM1 (18-aug-98) mrex */ +#define SAPGSS_SPKM1_PREFIX "spkm1" +#define SAPGSS_SPKM1_NAME "SPKM1 GSS-API v2 library" +#define SAPGSS_SPKM1_MECH_OID { 7, "\053\006\001\005\005\001\001" } +#define SAPGSS_SPKM1_CNAME_OID { 9, "\053\006\001\004\001\201\172\002\001" } + + + SAPGSS_ID_SPKM2 = 6, /* SPKM2 (18-aug-98) mrex */ +#define SAPGSS_SPKM2_PREFIX "spkm2" +#define SAPGSS_SPKM2_NAME "SPKM2 GSS-API v2 library" +#define SAPGSS_SPKM2_MECH_OID { 7, "\053\006\001\005\005\001\002" } +#define SAPGSS_SPKM2_CNAME_OID { 9, "\053\006\001\004\001\201\172\002\001" } + + + SAPGSS_ID_RESERVED_1 = 7, /* reserved ID (30-oct-96) mrex */ + + + SAPGSS_ID_ITSEC = 8, +#define SAPGSS_ITSEC_PREFIX "itsec" +#define SAPGSS_ITSEC_NAME +#define SAPGSS_ITSEC_MECH_OID +#define SAPGSS_ITSEC_CNAME_OID + + + SAPGSS_ID_SDTI = 9, +#define SAPGSS_SDTI_PREFIX "sdti" +#define SAPGSS_SDTI_NAME "SDTI Connect Agent" +#define SAPGSS_SDTI_MECH_OID { 9, "\052\206\110\206\367\015\005\004\001" } +#define SAPGSS_SDTI_CNAME_OID { 9, "\052\206\110\206\367\015\005\004\002" } + + + SAPGSS_ID_AMDCE = 10, +#define SAPGSS_AMDCE_PREFIX "amdce" +#define SAPGSS_AMDCE_NAME "AccessMaster DCE" +#define SAPGSS_AMDCE_MECH_OID { 7, "\053\014\001\056\001\062\002" } +#define SAPGSS_AMDCE_CNAME_OID { 10, "\052\206\110\206\367\022\001\002\002\001" } + + SAPGSS_ID_INVALID +} SAPGSS_MECH_ID; + +#define NUM_INTERNAL_STUBS (SAPGSS_ID_SAPNTLM+1) + + +struct sapgss_info_s { + int major_rev; /* major revision number of SNC-Adapter */ + int minor_rev; /* minor revision number of SNC-Adapter */ + + char * adapter_name; /* SNC-Adapter identification string */ + SAPGSS_MECH_ID mech_id; /* SAP-registered gssapi mechanism identifier */ + + char integ_avail; /* gssapi mechanism supports integrity protection */ + char conf_avail; /* gssapi mechanism supports confidentiality protection */ + + char unused1; /* historic -- not used -- MUST BE 0 */ + + char export_sec_context; + /* gssapi mechanism supports exporting */ + /* of an established security context, */ + /* as defined by GSS-API v2 */ + + OM_uint32 unused2; /* historic -- not used -- MUST BE 0 */ + + gss_OID_desc FAR * nt_canonical_name; + gss_OID_desc FAR * nt_private_name1; + gss_OID_desc FAR * nt_private_name2; + gss_OID_desc FAR * nt_private_name3; + gss_OID_desc FAR * nt_private_name4; + + char FAR * mech_prefix_string; + + char mutual_auth; /* gssapi mechanism supports mutual authentication */ + char replay_prot; /* gssapi mechanism supports replay detection */ + char reserved1; + char reserved2; + + gss_OID_desc FAR * mech_oid; + +}; + + +#define SNCADAPT_INFO_LEN(x) (offsetof(struct sapgss_info_s, x) + sizeof( ((struct sapgss_info_s *)0)->x ) ) +#define SNCADAPT_BASIC_INFO_LEN SNCADAPT_INFO_LEN( replay_prot ) + + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - Function list ( Prototype definitions ) */ +/* */ +/**********************************************************************/ + +#define ARG3_INIT_ADAPTER \ + struct sapgss_info_s FAR * , \ + size_t , \ + int + +OM_uint32 DLL_FUNC_DECO +sapsnc_init_adapter( ARG3_INIT_ADAPTER ); + + + +#define ARG4_EXPORT_CNAME_BLOB \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_buffer_t , /* output_name_buffer */ \ + int /* adapter_index (snc internal use) */ + +OM_uint32 DLL_FUNC_DECO +sapsnc_export_cname_blob( ARG4_EXPORT_CNAME_BLOB ); + + + +#define ARG4_IMPORT_CNAME_BLOB \ + OM_uint32 FAR * , /* minor_status */ \ + gss_buffer_t , /* input_name_buffer */ \ + gss_name_t FAR * , /* output_name */ \ + int /* adapter_index (snc internal use) */ + +OM_uint32 DLL_FUNC_DECO +sapsnc_import_cname_blob( ARG4_IMPORT_CNAME_BLOB ); + + + +/* + * GSS-API Version 1 functionality (RFC 1508 & 1509 ) + */ +#define ARG8_ACQUIRE_CRED \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* desired_name */ \ + OM_uint32 , /* time_req */ \ + gss_OID_set , /* desired_mechs */ \ + gss_cred_usage_t , /* cred_usage */ \ + gss_cred_id_t FAR * , /* output_cred_handle */ \ + gss_OID_set FAR * , /* actual_mechs */ \ + OM_uint32 FAR * /* time_rec */ + +OM_uint32 DLL_FUNC_DECO +sapgss_acquire_cred( ARG8_ACQUIRE_CRED ); + + + +#define ARG2_RELEASE_CRED \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t FAR * /* cred_handle */ + +OM_uint32 DLL_FUNC_DECO +sapgss_release_cred( ARG2_RELEASE_CRED ); + + + +#define ARG13_INIT_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t , /* claimant_cred_handle */ \ + gss_ctx_id_t FAR * , /* context_handle */ \ + gss_name_t , /* target_name */ \ + gss_OID , /* mech_type */ \ + OM_uint32 , /* req_flags */ \ + OM_uint32 , /* time_req */ \ + gss_channel_bindings_t , /* input_chan_bindings */ \ + gss_buffer_t , /* input_token */ \ + gss_OID FAR * , /* actual_mech_type */ \ + gss_buffer_t , /* output_token */ \ + OM_uint32 FAR * , /* ret_flags */ \ + OM_uint32 FAR * /* time_rec */ + +OM_uint32 DLL_FUNC_DECO +sapgss_init_sec_context( ARG13_INIT_SEC_CONTEXT ); + + + +#define ARG11_ACCEPT_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t FAR * , /* context_handle */ \ + gss_cred_id_t , /* verifier_cred_handle */ \ + gss_buffer_t , /* input_token_buffer */ \ + gss_channel_bindings_t , /* input_chan_bindings */ \ + gss_name_t FAR * , /* src_name */ \ + gss_OID FAR * , /* mech_type */ \ + gss_buffer_t , /* output_token */ \ + OM_uint32 FAR * , /* ret_flags */ \ + OM_uint32 FAR * , /* time_rec */ \ + gss_cred_id_t FAR * /* delegated_cred_handle */ + +OM_uint32 DLL_FUNC_DECO +sapgss_accept_sec_context( ARG11_ACCEPT_SEC_CONTEXT ); + + + +#define ARG3_PROCESS_CONTEXT_TOKEN \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_buffer_t /* token_buffer */ + +OM_uint32 DLL_FUNC_DECO +sapgss_process_context_token( ARG3_PROCESS_CONTEXT_TOKEN ); + + + +#define ARG3_DELETE_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t FAR * , /* context_handle */ \ + gss_buffer_t /* output_token */ + +OM_uint32 DLL_FUNC_DECO +sapgss_delete_sec_context( ARG3_DELETE_SEC_CONTEXT ); + + + +#define ARG3_CONTEXT_TIME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + OM_uint32 FAR * /* time_rec */ + +OM_uint32 DLL_FUNC_DECO +sapgss_context_time( ARG3_CONTEXT_TIME ); + + + +/* v2 name for gss_sign() */ +#define ARG5_GET_MIC \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_qop_t , /* qop_req */ \ + gss_buffer_t , /* message_buffer */ \ + gss_buffer_t /* message_token */ + +OM_uint32 DLL_FUNC_DECO +sapgss_get_mic( ARG5_GET_MIC ); + + + +/* v2 name for gss_verify() */ +#define ARG5_VERIFY_MIC \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_buffer_t , /* message_buffer */ \ + gss_buffer_t , /* token_buffer */ \ + gss_qop_t FAR * /* qop_state */ + +OM_uint32 DLL_FUNC_DECO +sapgss_verify_mic( ARG5_VERIFY_MIC ); + + + +/* v2 name for gss_seal() */ +#define ARG7_WRAP \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + int , /* conf_req_flag */ \ + gss_qop_t , /* qop_req */ \ + gss_buffer_t , /* input_message_buffer */ \ + int FAR * , /* conf_state */ \ + gss_buffer_t /* output_message_buffer */ + +OM_uint32 DLL_FUNC_DECO +sapgss_wrap( ARG7_WRAP ); + + + +/* v2 name for gss_unseal() */ +#define ARG6_UNWRAP \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_buffer_t , /* input_message_buffer */ \ + gss_buffer_t , /* output_message_buffer */ \ + int FAR * , /* conf_state */ \ + gss_qop_t FAR * /* qop_state */ + +OM_uint32 DLL_FUNC_DECO +sapgss_unwrap( ARG6_UNWRAP ); + + + +#define ARG6_DISPLAY_STATUS \ + OM_uint32 FAR * , /* minor_status */ \ + OM_uint32 , /* status_value */ \ + int , /* status_type */ \ + gss_OID , /* mech_type */ \ + OM_uint32 FAR * , /* message_context */ \ + gss_buffer_t /* status_string */ + +OM_uint32 DLL_FUNC_DECO +sapgss_display_status( ARG6_DISPLAY_STATUS ); + + + +#define ARG2_INDICATE_MECHS \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID_set FAR * /* mech_set */ + +OM_uint32 DLL_FUNC_DECO +sapgss_indicate_mechs( ARG2_INDICATE_MECHS ); + + + +#define ARG4_COMPARE_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* name1 */ \ + gss_name_t , /* name2 */ \ + int FAR * /* name_equal */ + +OM_uint32 DLL_FUNC_DECO +sapgss_compare_name( ARG4_COMPARE_NAME ); + + + +#define ARG4_DISPLAY_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_buffer_t , /* output_name_buffer */ \ + gss_OID FAR * /* output_name_type */ + +OM_uint32 DLL_FUNC_DECO +sapgss_display_name( ARG4_DISPLAY_NAME ); + + + +#define ARG4_IMPORT_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_buffer_t , /* input_name_buffer */ \ + gss_OID , /* input_name_type */ \ + gss_name_t FAR * /* output_name */ + +OM_uint32 DLL_FUNC_DECO +sapgss_import_name( ARG4_IMPORT_NAME ); + + + +#define ARG2_RELEASE_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t FAR * /* input_name */ + +OM_uint32 DLL_FUNC_DECO +sapgss_release_name( ARG2_RELEASE_NAME ); + + + +#define ARG2_RELEASE_BUFFER \ + OM_uint32 FAR * , /* minor_status */ \ + gss_buffer_t /* buffer */ + +OM_uint32 DLL_FUNC_DECO +sapgss_release_buffer( ARG2_RELEASE_BUFFER ); + + + +#define ARG2_RELEASE_OID_SET \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID_set FAR * /* set */ + +OM_uint32 DLL_FUNC_DECO +sapgss_release_oid_set( ARG2_RELEASE_OID_SET ); + + + +#define ARG6_INQUIRE_CRED \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t , /* cred_handle */ \ + gss_name_t FAR * , /* name */ \ + OM_uint32 FAR * , /* lifetime */ \ + gss_cred_usage_t FAR * , /* cred_usage */ \ + gss_OID_set FAR * /* mechanisms */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_cred( ARG6_INQUIRE_CRED ); + + + + +/* + * New functionality of GSS-API Version 2 + */ +#define ARG11_ADD_CRED \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t , /* input_cred_handle */ \ + gss_name_t , /* desired_name */ \ + gss_OID , /* desired_mech */ \ + gss_cred_usage_t , /* cred_usage */ \ + OM_uint32 , /* initiator_time_req */ \ + OM_uint32 , /* acceptor_time_req */ \ + gss_cred_id_t FAR * , /* output_cred_handle */ \ + gss_OID_set FAR * , /* actual_mechs */ \ + OM_uint32 FAR * , /* initiator_time_rec */ \ + OM_uint32 FAR * /* acceptor_time_rec */ + +OM_uint32 DLL_FUNC_DECO +sapgss_add_cred( ARG11_ADD_CRED ); + + + +#define ARG7_INQUIRE_CRED_BY_MECH \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t , /* cred_handle */ \ + gss_OID , /* mech_type */ \ + gss_name_t FAR * , /* name */ \ + OM_uint32 FAR * , /* initiator_lifetime */ \ + OM_uint32 FAR * , /* acceptor_lifetime */ \ + gss_cred_usage_t FAR * /* cred_usage */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_cred_by_mech( ARG7_INQUIRE_CRED_BY_MECH ); + + + +#define ARG9_INQUIRE_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_name_t FAR * , /* initiator_name */ \ + gss_name_t FAR * , /* acceptor_name */ \ + OM_uint32 FAR * , /* lifetime_rec */ \ + gss_OID FAR * , /* mech_type */ \ + OM_uint32 FAR * , /* ret_flags */ \ + int FAR * , /* locally_initiated */ \ + int FAR * /* open */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_context( ARG9_INQUIRE_CONTEXT ); + + + +#define ARG6_WRAP_SIZE_LIMIT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context handle */ \ + int , /* conf_req_flag */ \ + gss_qop_t , /* qop_req */ \ + OM_uint32 , /* requested output size */ \ + OM_uint32 FAR * /* maximum input size */ + +OM_uint32 DLL_FUNC_DECO +sapgss_wrap_size_limit( ARG6_WRAP_SIZE_LIMIT ); + + + +#define ARG3_EXPORT_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t FAR * , /* context_handle */ \ + gss_buffer_t /* interprocess_token */ + +OM_uint32 DLL_FUNC_DECO +sapgss_export_sec_context( ARG3_EXPORT_SEC_CONTEXT ); + + + +#define ARG3_IMPORT_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_buffer_t , /* interprocess_token */ \ + gss_ctx_id_t FAR * /* context_handle */ + +OM_uint32 DLL_FUNC_DECO +sapgss_import_sec_context( ARG3_IMPORT_SEC_CONTEXT ); + + + +#define ARG2_CREATE_EMPTY_OID_SET \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID_set FAR * /* oid_set */ + +OM_uint32 DLL_FUNC_DECO +sapgss_create_emtpy_oid_set( ARG2_CREATE_EMPTY_OID_SET ); + + + +#define ARG3_ADD_OID_SET_MEMBER \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID , /* member_oid */ \ + gss_OID_set FAR * /* oid_set */ + +OM_uint32 DLL_FUNC_DECO +sapgss_add_oid_set_member( ARG3_ADD_OID_SET_MEMBER ); + + + +#define ARG4_TEST_OID_SET_MEMBER \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID , /* member */ \ + gss_OID_set , /* set */ \ + int FAR * /* present */ + +OM_uint32 DLL_FUNC_DECO +sapgss_test_oid_set_member( ARG4_TEST_OID_SET_MEMBER ); + + + +#define ARG3_INQUIRE_NAMES_FOR_MECH \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID , /* mechanism_oid */ \ + gss_OID_set FAR * /* name_types */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_names_for_mech( ARG3_INQUIRE_NAMES_FOR_MECH ); + + + +#define ARG3_INQUIRE_MECHS_FOR_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_OID_set FAR * /* mechanism oids */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_mechs_for_name( ARG3_INQUIRE_MECHS_FOR_NAME ); + + + +#define ARG4_CANONICALIZE_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_OID , /* mechanism_type */ \ + gss_name_t FAR * /* output_name */ + +OM_uint32 DLL_FUNC_DECO +sapgss_canonicalize_name( ARG4_CANONICALIZE_NAME ); + + + +#define ARG3_EXPORT_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_buffer_t /* output_name_blob */ + +OM_uint32 DLL_FUNC_DECO +sapgss_export_name( ARG3_EXPORT_NAME ); + + + +#define ARG3_DUPLICATE_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* src_name */ \ + gss_name_t FAR * /* dest_name */ + +OM_uint32 DLL_FUNC_DECO +sapgss_duplicate_name( ARG3_DUPLICATE_NAME ); + +#endif /* _SNCGSS_H */ + diff --git a/sncgss32.def b/sncgss32.def new file mode 100644 index 0000000..a54080b --- /dev/null +++ b/sncgss32.def @@ -0,0 +1,57 @@ +; $Id: sncgss32.def,v 1.1.1.1 1999/08/24 14:36:22 d019080 Exp $ +;---------------------------------------------------------------------- +; SNCGSS32.DLL SAP-SecureNetworkCommunication to GSS-API adapter DLL +; Win32 Module Definition File (for Microsoft Visual C++ >= 2.1) +;---------------------------------------------------------------------- +; + +;LIBRARY SNCGSS32 +DESCRIPTION 'SNC to GSSAPI v2 DLL-Adapter Win32' + +EXPORTS +; SAP specific functions of the adapter + sapsnc_init_adapter @1 + sapsnc_export_cname_blob @2 + sapsnc_import_cname_blob @3 + +; GSS-API Version 1 (RFC 1508,1509) + sapgss_acquire_cred @11 + sapgss_release_cred @12 + sapgss_init_sec_context @13 + sapgss_accept_sec_context @14 + sapgss_process_context_token @15 + sapgss_delete_sec_context @16 + sapgss_context_time @17 + sapgss_get_mic @18 + sapgss_verify_mic @19 + sapgss_wrap @20 + sapgss_unwrap @21 + sapgss_display_status @22 + sapgss_indicate_mechs @23 + sapgss_compare_name @24 + sapgss_display_name @25 + sapgss_import_name @26 + sapgss_release_name @27 + sapgss_release_buffer @28 + sapgss_release_oid_set @29 + sapgss_inquire_cred @30 + +; GSS-API Version 2 new calls + sapgss_add_cred + sapgss_inquire_cred_by_mech + + sapgss_inquire_context + sapgss_wrap_size_limit + sapgss_export_sec_context + sapgss_import_sec_context + + sapgss_create_empty_oid_set + sapgss_add_oid_set_member + sapgss_test_oid_set_member + + sapgss_canonicalize_name + sapgss_export_name + sapgss_duplicate_name + sapgss_inquire_names_for_mech + sapgss_inquire_mechs_for_name + diff --git a/snckrb5.c b/snckrb5.c new file mode 100644 index 0000000..f706278 --- /dev/null +++ b/snckrb5.c @@ -0,0 +1,1060 @@ +static char * this_File = "snckrb5.c"; +static char * cvs_id = + "$Id: snckrb5.c,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to <Martin.Rex@sap-ag.de> including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME SAPGSS_KERBEROS5_NAME + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX SAPGSS_KERBEROS5_PREFIX + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID SAPGSS_ID_KERBEROS5 + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID SAPGSS_KERBEROS5_MECH_OID + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID SAPGSS_KERBEROS5_CNAME_OID + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL 1 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL 1 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH 1 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT 1 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include <stddef.h> +#include <stdlib.h> +#include <stdio.h> + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include <windows.h> + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include <windows.h> +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of snckrb5.c */ + diff --git a/sncntlm.c b/sncntlm.c new file mode 100644 index 0000000..8eab195 --- /dev/null +++ b/sncntlm.c @@ -0,0 +1,1060 @@ +static char * this_File = "sncntlm.c"; +static char * cvs_id = + "$Id: sncntlm.c,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to <Martin.Rex@sap-ag.de> including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME SAPGSS_SAPNTLM_NAME + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX SAPGSS_SAPNTLM_PREFIX + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID SAPGSS_ID_SAPNTLM + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID SAPGSS_SAPNTLM_MECH_OID + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID SAPGSS_SAPNTLM_CNAME_OID + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL 0 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL 0 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH 0 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT 0 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include <stddef.h> +#include <stdlib.h> +#include <stdio.h> + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include <windows.h> + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include <windows.h> +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of sncntlm.c */ + diff --git a/sncsecud.c b/sncsecud.c new file mode 100644 index 0000000..f3cadf9 --- /dev/null +++ b/sncsecud.c @@ -0,0 +1,1060 @@ +static char * this_File = "sncsecud.c"; +static char * cvs_id = + "$Id: sncsecud.c,v 1.1.1.1 1999/08/24 14:36:22 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to <Martin.Rex@sap-ag.de> including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME SAPGSS_SECUDE_NAME + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX SAPGSS_SECUDE_PREFIX + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID SAPGSS_ID_SECUDE + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID SAPGSS_SECUDE_MECH_OID + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID SAPGSS_SECUDE_CNAME_OID + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL 1 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL 1 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH 1 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT 1 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include <stddef.h> +#include <stdlib.h> +#include <stdio.h> + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include <windows.h> + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include <windows.h> +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of sncsecud.c */ + diff --git a/sncspkm1.c b/sncspkm1.c new file mode 100644 index 0000000..e565b6d --- /dev/null +++ b/sncspkm1.c @@ -0,0 +1,1060 @@ +static char * this_File = "sncspkm1.c"; +static char * cvs_id = + "$Id: sncspkm1.c,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to <Martin.Rex@sap-ag.de> including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME SAPGSS_SPKM1_NAME + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX SAPGSS_SPKM1_PREFIX + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID SAPGSS_ID_SPKM1 + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID SAPGSS_SPKM1_MECH_OID + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID SAPGSS_SPKM1_CNAME_OID + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL 1 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL 1 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH 1 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT 1 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include <stddef.h> +#include <stdlib.h> +#include <stdio.h> + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include <windows.h> + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include <windows.h> +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of sncspkm1.c */ + |