From 7bb8b22d8da0f6a398e2102a20d885d885339496 Mon Sep 17 00:00:00 2001 From: Guido Günther Date: Thu, 8 Jan 2009 15:39:24 +0100 Subject: import initial version from https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/dd6fc290-0201-0010-c190-86ce775d5673 --- CVS/Entries | 17 + CVS/Repository | 1 + CVS/Root | 1 + Makefile | 72 ++++ README | 447 ++++++++++++++++++++++++ build.AIX | 45 +++ build.HP-UX | 36 ++ build.OSF1 | 37 ++ build.SunOS | 32 ++ gssapi_2.h | 718 ++++++++++++++++++++++++++++++++++++++ gssntlm.dll | Bin 0 -> 70144 bytes gssntlm.lib | Bin 0 -> 29714 bytes make.bat | 35 ++ platform.h | 113 ++++++ sncadapt.c | 1063 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ sncgss.exp | 54 +++ sncgss.h | 601 ++++++++++++++++++++++++++++++++ sncgss32.def | 57 +++ snckrb5.c | 1060 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ sncntlm.c | 1060 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ sncsecud.c | 1060 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ sncspkm1.c | 1060 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 22 files changed, 7569 insertions(+) create mode 100644 CVS/Entries create mode 100644 CVS/Repository create mode 100644 CVS/Root create mode 100644 Makefile create mode 100644 README create mode 100755 build.AIX create mode 100755 build.HP-UX create mode 100755 build.OSF1 create mode 100755 build.SunOS create mode 100644 gssapi_2.h create mode 100755 gssntlm.dll create mode 100755 gssntlm.lib create mode 100755 make.bat create mode 100644 platform.h create mode 100644 sncadapt.c create mode 100755 sncgss.exp create mode 100644 sncgss.h create mode 100644 sncgss32.def create mode 100644 snckrb5.c create mode 100644 sncntlm.c create mode 100644 sncsecud.c create mode 100644 sncspkm1.c diff --git a/CVS/Entries b/CVS/Entries new file mode 100644 index 0000000..7f8de80 --- /dev/null +++ b/CVS/Entries @@ -0,0 +1,17 @@ +/gssapi_2.h/1.1.1.1/Tue Aug 24 14:36:21 1999// +/platform.h/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncadapt.c/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncgss.h/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncgss32.def/1.1.1.1/Tue Aug 24 14:36:22 1999// +/snckrb5.c/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncntlm.c/1.1.1.1/Tue Aug 24 14:36:21 1999// +/sncsecud.c/1.1.1.1/Tue Aug 24 14:36:22 1999// +/sncspkm1.c/1.1.1.1/Tue Aug 24 14:36:21 1999// +/Makefile/1.2/Tue Aug 24 14:37:57 1999// +/build.AIX/1.2/Tue Aug 24 14:39:31 1999// +/build.HP-UX/1.2/Tue Aug 24 14:39:31 1999// +/build.OSF1/1.2/Tue Aug 24 14:39:31 1999// +/build.SunOS/1.2/Tue Aug 24 14:39:31 1999// +/sncgss.exp/1.2/Tue Aug 24 14:39:32 1999// +/README/1.2/Tue Aug 24 14:59:34 1999// +D diff --git a/CVS/Repository b/CVS/Repository new file mode 100644 index 0000000..7c08f7e --- /dev/null +++ b/CVS/Repository @@ -0,0 +1 @@ +/sapmnt/uw1048/a/CVSroot/sncadapt diff --git a/CVS/Root b/CVS/Root new file mode 100644 index 0000000..3a23edb --- /dev/null +++ b/CVS/Root @@ -0,0 +1 @@ +/sapmnt/uw1048/a/CVSroot diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..179ec85 --- /dev/null +++ b/Makefile @@ -0,0 +1,72 @@ +## +## $Id: Makefile,v 1.2 1999/08/24 14:37:57 d019080 Exp $ +## +## (C) Copyright 1999 SAP AG Walldorf +## +## SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, +## INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO +## EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL +## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE +## OF THIS SOFTWARE. +## + +MDEFS= CC=cc CFLAGS=-g RM="rm -f" OBJ=.o EXE= LD=cc LDFLAGS=-g LIBS=-ldl XD= LDTARGET='-o $@' +TAIL="`uname -s`" +BUILD=./build.$(TAIL) + +XNAME = sncntlm +SRCS = $(XNAME).c + +ALL_HDRS= gssapi_2.h platform.h sncgss.h + +OBJS= $(XD)$(XNAME)$(OBJ) + +TARGET= $(XD)$(XNAME)$(SHEXT) + +.c.o: + $(CC) $(SHFLAGS) $(CFLAGS) -c $< + +### targets + +all: + $(BUILD) $(MAKE) do-all + +clean: + $(BUILD) $(MAKE) do-clean + + +do-all: $(TARGET) + + +z $(XOBJS): $(SRCS) + $(CC) $(SHFLAGS) $(CFLAGS) -c $(SRCS) + +$(TARGET): $(OBJS) + $(LINK_SHARED) $(LDTARGET) $(LDFLAGS) $(OBJS) $(VENLIB) $(LINK_SHARED_END) + + +do-clean: $(WIN_CLEAN) + $(RM) core + $(RM) $(XD)*$(OBJ) + $(RM) $(TARGET) + +win-clean: + del 2>NUL *.pdb + del 2>NUL *.idb + del 2>NUL *.plg + del 2>NUL *.ncb + del 2>NUL *.opt + del 2>NUL $(XD)*.sbr + del 2>NUL $(XD)*.lib + del 2>NUL $(XD)*.exp + del 2>NUL $(XD)*.pdb + del 2>NUL $(XD)*.ilk + + +### dependencies + +$(XD)$(XNAME)$(OBJ): $(XNAME).c $(ALL_HDRS) + + diff --git a/README b/README new file mode 100644 index 0000000..85b6367 --- /dev/null +++ b/README @@ -0,0 +1,447 @@ +/*========================================================================*/ +/* $Id: README,v 1.2 1999/08/24 14:59:34 d019080 Exp $ */ +/*========================================================================*/ + +SNC Adapter README + +Martin Rex, +SAP AG Walldorf +Email: + + + +SNC stands for "Secure Network Communication" and refers to the +functionality in SAP R/3 components that performs strong authentication +and message protection via external software products that implement +the IETF-defined standard "Generic Security Services API Version 2" +(GSS-API v2). + +This "document" briefly describes purpose, structure, usage of +the SNC Adapter and tells you how to build an SNC Adapter for +(new) gssapi mechanisms that SNC doesn't know about. + + + 1. Purpose + -- What is an SNC Adapter ? + + 2. Operational model + -- How the SNC Adapter works + + 3. Usage / Installation + -- Installation/configuration/use of a + product with an SNC Adapter. + + 4. Configuration Items for a custom SNC-Adapter + + 5. Registering a SAPGSS_ID and a PREFIX with SAP + + 6. MAKE + -- How to build your own/custom SNC Adapter. + + 7. References + -- Additional reading material. + + + +1. Purpose: What is an SNC-Adapter. +=================================== + + The SNC-Adapter is a thin wrapper or intermediate component + to attach a third party security software to the SNC functionality + of SAP R/3 via an GSS-API v2 compatible interface. + + The SNC Adapter includes an additional (initialization) call + that provides SNC with static information about some characteristics + of the gssapi mechanism that cannot be queried via the regular + GSS-API functions. All regular GSS-API v2 functions are simply + passed on to the gssapi mechanism. + + GSS-API mechanisms can be distinguished by their mechanism OID. + There are 3 mechanism OIDs which SNC already knows about, and for + which it may use a built-in SNC-Adapter -- provided that the shared + library GSS-API interface of the particular product/implementation + is directly compatible with SNC: + + (1) The Kerberos 5 GSS-API mechanism (rfc1964), + mechanism OIDs {1 3 5 1 5 2} and {1 2 840 113554 1 2 2} + + (2) The proprietary SECUDE 5 gssapi mechanism, + mechanism OID {1 3 36 3 1 37 1} + + (3) The SAPNTLM gssapi mechanism supplied by SAP which + offers NTLM-based Single Sign-On for Win32 platforms, + mechanism OID {1 3 6 1 4 1 694 2 1 2} + + External SNC-Adapters for arbitrary GSS-API mechanisms can be built + with the sample sources provided in this distribution. + See "Section 6: MAKE" on how to do this. + + + +2. Operational model +==================== + + An SNC-Adapter is intended as a very thin wrapper on top of the + gssapi functions of an arbitrary GSS-API v2 compliant gssapi mechanism. + I doesn't change any of the functionality available at the gssapi + level, it only provides a little additional configuration information + to SNC how to deal with this mechanism and it will allow to accomodate + for differences at the binary shared library interface between SAP R/3 + and the gssapi library. + + All gss-api functions are imported by the SNC-Adapter with their + original name and are re-exported with the prefix "sap" to the + function name, e.g.: + + gss_acquire_cred() --> sapgss_acquire_cred() + + + Besides the regular gssapi functions there are 3 additional + SNC-specific functions: + + (1) sapsnc_init_adapter() + + (2) sapsnc_export_cname_blob() -- HISTORIC, LEAVE IT ALONE + (3) sapsnc_import_cname_blob() -- HISTORIC, LEAVE IT ALONE + + Function (1) "sapsnc_init_adapter()" provides static information + about some characteristics of the underlying gssapi mechanism to + which this SNC-Adapter is linked. + + The functions (2) and (3) are historic and they are no longer used + by SNC in R/3 Releases 3.1I and newer. + + The only function where the sample adapter source contains extra code + is sapgss_indicate_mechs(), because SNC will use exactly the first + mechanism OID from the list of mechanisms returned by + sapgss_indicate_mechs(). + + If SNC is enabled for an R/3 component, SNC will try to dynamically + load the configured gssapi library at runtime. + + (a) If SNC finds the 3 additional SNC functions in the library, + the library is assumed to be an external SNC-Adapter and + all gssapi functions will be resolved with the function + name prefixed by "sap". + When loading is complete, sapsnc_init_adapter() will be + called followed by a call to sapgss_indicate_mechs(). + + (b) If SNC doesn't find the 3 additional SNC functions in the + library, the library is assumed to be a vanilla gssapi + library and the gssapi functions will be resolved with their + regular names. + When loading is complete, gss_indicate_mechs() will be + called, and the returned OID_set will be searched for + a known mechanism, for which the SNC-Adapter information + is already compiled into SNC (see Section 1). + + It is possible to supply an external SNC-Adapter for any of the + mechanism already known by SNC. Sample external SNC-Adapters + for Kerberos5, SECUDE and SAPNTLM are contained in this distribution + (snckrb5.c, sncsecud.c, sncntlm.c). + + + +3. Usage / Installation / Operation of a Product with SNC-Adapter +================================================================= + + In order to enable Secure Network Communications (SNC) for any + R/3 component, you must specify the location of shared library + that provides the gssapi services. Depending on the component + this may be through the profile parameter "snc/gssapi_lib", + the command line parameter SNC_LIB, environment variable SNC_LIB + or rfc.ini-parameter SNC_LIB. + + Specifying the gssapi shared library directly without an + intermediate SNC-Adapter works only for the 3 gssapi mechanisms + (Kerberos5,SECUDE,SAPNTLM) which SNC already knows. + It is up to the vendor of the third party security software + whether he includes the SNC-Adapter code directly within + his own library or provides it as a seperate shared library. + SNC will always try to load the library as an SNC-Adapter, + before it checks for a known gssapi library. Therefore it is + ok if the shared library exports not only the SNC-Adapter + functions but lots of other functions/APIs as well, + including a regular gssapi. + + There are several potential issues with shared libraries and + dynamic dependencies of one shared library on another one, + so you should carefully consider your options how you want + to build and finally ship a shared library suitable for use + with SNC respectively SAP R/3. + (The severity of these potential issues vary across platforms.) + + My recommendation: link all of your object files, including the + SNC-Adapter into one single large shared library (respectively DLL). + On Unix platforms, relink all of your object files including + the SNC-Adapter into one large object file with "ld -r" + and then link that single object into one shared library. + This will probably save yourself and your customers some headaches + in the long run. + + Potential issues with shared libraries: + + (1) shared library initialization/cleanup during load/unload + + Certain languages (e.g. C++) may require that an initialization + function is called when the library is loaded and a cleanup + function is called before the library is unloaded. + + On Microsoft Windows this is fairly easy, adequately documented + and it works. (DllMain entry point). + + I don't know how it works on the various Unix platforms, + but I've heard of various problems, and I haven't seen + any documentation from any vendor so far. + (There is apparently a bug in the HP-UX 10.20 linker, + and AIX supports it only from Release 4.2 onward). + If your code needs it, GOOD LUCK! + + (2) implicit loading of dependent shared libraries + + If a shared library (or DLL) is not self-contained, but + contains implicit dynamic dependencies to other shared libraries + placed there when the shared library was compiled and linked, + then the system loader will attempt to load the dependents + whenever the top-level shared library is loaded. + + When dynamic runtime loading (via dlopen()/LoadLibrary()/...) + is used by the application to load a shared library at runtime, + it can be loaded from anywhere in the filesystem. + When the shared library that is to be runtime loaded + contains implicit dependencies on other shared libraries, + very platform specific rules will determine where the + system loader will look for those other shared libraries + and what it will do when it cannot find suitable libraries. + + Win32 search locations for dependents: + the normal search order would be: + path of the executable + %SystemRoot%\System32 + %SystemRoot% + PATH environment variable + + but beware of "Highlanders" -- i.e. registered shared + libraries and the shared library cache. + + Unix search locations for dependents: + Is hard to impossible to give any reliable rules, since + every platform is different and has their own knobs and + switches to change the behaviour. Here are some general + Unix rules: + * Unix does NOT know the directory of the executable, + and it does NOT look for shared libraries in the + PATH environment variable. + + * There is a system-default list of directories where + system loader can search for shared libraries. + (e.g. /lib, /usr/lib, /usr/share/lib, ...) + + * Every platform respects an environment variable that + may contain one or more directories to search when + looking for a shared library. But this environment + variable is only honored when (uid)==(euid). + LD_LIBRARY_PATH Digital Unix, Linux, Reliant Unix, + Sinix, Solaris + SHLIB_PATH HP-UX + LIB_PATH AIX + + * Most platforms allow to compile-in a list of directories + into the executable(!) where to search for shared libraries + + * HP-UX memorizes the exact and full pathname where "ld" found + the shared library during the link step of the executable + (or higher-level shared library). This original path + will be used if other locations fail. This may cause + usability problems to NOT show up on development machines. + + * Some platforms allow to reorder the priority of + (original location), (compiled-in directory list) and + (environment variable), and some platforms allow to + selectively disable one or the other feature. + (e.g. HP-UX "chatr" command) + + * When (uid)==(euid) a platform-dependent environment variable + (LD_LIBRARY_PATH, SHLIB_PATH or LIBPATH) may contain a + list of directories where to look for the library. + + * When (uid)!=(euid) or when disabled for the executable, + only the compiled-in search path and system-default + shared library directories are searched + (e.g. /lib,/usr/lib,/usr/share/lib,/usr/local/lib) + + * On some platforms it is possible to compile a shared + library search list into executables as well as into shared + libraries. Probably the list of the executable takes + precedence. However, you cannot set/change the compiled-in + search path in executables from other vendors ... + + + + +4. Configuration Items for a custom SNC-Adapter +================================================ + + In order to create a custom SNC-Adapter that interfaces to + your own gssapi mechanism, you need to fill in the following + information into the "sncadapt.c" sample source: + + ADAPTER_MECH_ID -- register with SAP + ADAPTER_MECH_PREFIX -- register with SAP + ADAPTER_MECH_NAME + ADAPTER_MECHANISM_OID + ADAPTER_NAMETYPE_OID + ADAPTER_CONF_AVAIL + ADAPTER_INTEG_AVAIL + ADAPTER_MUTUAL_AUTH + ADAPTER_REPLAY_PROT + + In detail: + + ADAPTER_MECH_ID (16-bit unsigned integer) -- register with SAP + This is a numeric tag that SNC uses internally to distinguish + different gssapi mechanisms. + + ADAPTER_MECH_PREFIX (ASCII string) -- register with SAP + This prefix must be at most 7 alphanumeric lowercase characters, + and it is used internally by SNC in the nametype-prefix of SNC-Names + to bind printable names to specific mechanisms. This prefix can + be passed to SNC within printable SNC-Names, however the concurrent + use of multiple gssapi libraries is NOT supported by SNC. + + ADAPTER_MECH_NAME (ASCII string) + This name is used for the printable identification of + the SNC-Adapter and used for diagnostic purposes only. + + ADAPTER_MECHANISM_OID (gss_OID) + This is the mechanism OID of your gssapi mechanism. + + ADAPTER_NAMETYPE_OID (gss_OID) + This is the nametype OID that your gssapi mechanism uses + to tag canonical printable names. It is also the nametype oid + that will be used to pass SNC-Names to _this_ gssapi library + when they were prefixed with "p:" + (Other valid SNC-Name prefixes are "u:" and "s:", which indicate + to use the standardized generic nametypes GSS_C_NT_USER_NAME + and GSS_C_NT_HOSTBASED_SERVICE) + + ADAPTER_CONF_AVAIL (Boolean) + Indicates whether this gssapi mechanism will unconditionally + support message confidentiality protection on all successfully + established security contexts. + + ADAPTER_INTEG_AVAIL (Boolean) + Indicates whether this gssapi mechanism will unconditionally + support message integrity protection on all successfully + established security contexts. + + ADAPTER_MUTUAL_AUTH (Boolean) + Indicates whether this gssapi mechanism will unconditionally + support mutual authentication on all successfully established + security context where this feature was requested during + gss_init_sec_context(). + + ADAPTER_REPLAY_PROT (Boolean) + Indicates whether this gssapi mechanism will unconditionally + support message replay protection on all successfully established + security contexts where this feature was requested during + gss_init_sec_context() + + + + +5. Registering a SAPGSS_ID and a PREFIX with SAP +================================================= + + Send an Email to and request a SAPGSS_ID + and propose a prefix up to 7 alphanumeric lowercase characters. + Please include the name of your product and the list of + features (see Section 4) that you are going to configure. + + I would really appreciate if could additionally enclose the output + from our gssapi verification program GSSTEST when running it with + your gssapi implementation. + + + +6. MAKE -- How to build your own/custom SNC-Adapter +===================================================== + + This distribution contains the sample sources for several preconfigured + SNC-Adapters (sncntlm.c, snckrb5.c, sncspkm1.c, sncsecud.c) and the + template "sncadapt.c" which you can use to build your own SNC-Adapter. + + You are free to tear the "sncadapt.c" template apart and integrate + the necessary pieces into your own product. See Section 4 what + you will need to configure to build an SNC-Adapter for your own + custom gssapi mechanism. + + Included are a Makefile and build scripts for the following platforms: + AIX 4.x, Solaris 2.x, Digital Unix 4.x, HP-UX 10.x + and a batch file "make.bat" for Microsoft Win32 platforms using + the Microsoft Visual C compiler v5 or v6 (Visual Studio 97 or 98). + + For both, Unix and Win32, the filename for the source and the + basename of the target shared library is defined in the + Makefile with "XNAME=". Edit this definition when necessary. + + On the Unix platforms, you need to add the necessary linker + parameters into the build. shell script into the + variable definition for VENLIB so that your own gssapi library + can be found and linked to the SNC-Adapter. + + On Windows platforms you also need to edit make.bat and modify + the variable definition VENLIB. Currently make.bat is configured + to supply the name of the included gssntlm.lib so that the + sample SNC-Adapter debug\sncntlm.dll will be generated if you + enter "make" in the directory (provided that the Visual compiler + environment is available). + + + If you supply the name of your shared library for "VENLIB=" + then this sample build environment will create a standalone + SNC-Adapter shared library with an implicit dependency on + your shared library. As discussed in Section 3, this approach + may have significant administrative disadvantages, especially + on Unix (because this will usually require the environment + variable for the shared library search path to make it work). + For Unix, you could either supply an archive library of + position independent object files or integrate the + SNC-Adapter source into your own shared library, so + that you end up with a single shared libraries without + implicit dependencies on custom libraries, thus removing + the administrative requirement for the environment variable. + + + + +7. References: Additional reading material +=========================================== + + * "Generic Security Service Application Program Interface, + Version 2, Update 1", John Linn, December 1998 + NOTE: This document is available only as an Internet draft with the + name "draft-ietf-cat-rfc2078bis-08.txt". However, this draft + is expected to become an RFC in Fall 1999 + + * RFC2078: "Generic Security Service Application Program Interface, + Version 2", John Linn, January 1997 + NOTE: This document will soon be updated/replaced by + "draft-ietf-cat-rfc2078bis-08.txt", see above + + * "Generic Security Service API Version 2 : C-bindings" + John Wray, November 1998 + NOTE: This document is available only as an internet draft with the + name "draft-ietf-cat-gssv2-cbind-08.txt". However, this draft + is expected to become an RFC in Fall 1999 + + + * RFC-1964: "The Kerberos Version 5 GSS-API Mechanism" + John Linn, June 1996 + + + * RFC-2025: "The Simple Public-Key GSS-API Mechanism (SPKM)" + Carlisle Adams, October 1996 + +============================================================================ + diff --git a/build.AIX b/build.AIX new file mode 100755 index 0000000..6d188a3 --- /dev/null +++ b/build.AIX @@ -0,0 +1,45 @@ +#!/bin/sh +# +# $Id: build.AIX,v 1.2 1999/08/24 14:39:31 d019080 Exp $ +# +OBJ=".o" +CC="xlc" +MAJOR="`uname -v`" +MINOR="`uname -r`" +CFLAGS="-z -qlanglvl=ansi -qarch=com -qspill=1024" +if [ "${MAJOR}${MINOR}" -ge 40 ] ; then + CFLAGS="$CFLAGS -qinfo" +else + CFLAGS="$CFLAGS -D_POSIX_SOURCE -D_ALL_SOURCE" +fi +RM="rm -f" +EXE="" +LD="$CC" +LDFLAGS="" +LDTARGET='-o $@' +XD="" +if [ "${MAJOR}${MINOR}" -ge 42 ] ; then + # dlopen() is used in AIX 4.2 + SHLIB=".so" + LDLIBS="-ldl" +else + SHLIB=".o" + LDLIBS="" +fi +SHFLAGS="" +LINK_SHARED="ld -L/usr/lib -bM:SRE -T512 -H512 -bnoentry" +LINK_SHARED_END=" -lc $LDLIBS -bE:sncgss.exp" + +#VENLIB="-L/your/software/path -lgssapi" +VENLIB="" +if [ "$VENLIB" = "" ] ; then + echo "***" + echo "*** Please edit $0 and define VENLIB to link your" + echo "*** GSS-API v2 shared library" + echo "***" + exit 1 +fi + +export OBJ CC CFLAGS RM EXE LDLIBS LD LDTARGET LDFLAGS XD +export SHEXT SHFLAGS LINK_SHARED LINK_SHARED_END VENLIB +"$@" diff --git a/build.HP-UX b/build.HP-UX new file mode 100755 index 0000000..d015f77 --- /dev/null +++ b/build.HP-UX @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $Id: build.HP-UX,v 1.2 1999/08/24 14:39:31 d019080 Exp $ +# +OBJ=".o" +CC="cc" +CFLAGS="-Ae -g -DXDEBUG=1" +RM="rm -f" +EXE="" +LD="$CC" +LDFLAGS="" +LDTARGET='-o $@' +XD="" +LDLIBS="-Wl,-a,default -lc -ldld" +if [ -f /opt/langtools/lib/end.o ] ; then + # this is for shared library debugging on HP-UX (10.20) ... + LDLIBS="${LDLIBS} /opt/langtools/lib/end.o" +fi +SHEXT=".sl" +SHFLAGS="+z" +LINK_SHARED="ld +vshlibunsats +s -b" +LINK_SHARED_END="-a default -lc" + +#VENLIB="-L/your/software/path +b /your/software/path -lgssapi" +VENLIB="-L/sapmnt/hs0101/b/security/secude5.2/hp/lib.secude -lsecude" +if [ "$VENLIB" = "" ] ; then + echo "***" + echo "*** Please edit $0 and define VENLIB to link your" + echo "*** GSS-API v2 shared library" + echo "***" + exit 1 +fi + +export OBJ CC CFLAGS RM EXE LDLIBS LD LDTARGET LDFLAGS XD +export SHEXT SHFLAGS LINK_SHARED LINK_SHARED_END VENLIB +"$@" diff --git a/build.OSF1 b/build.OSF1 new file mode 100755 index 0000000..b7134d4 --- /dev/null +++ b/build.OSF1 @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $Id: build.OSF1,v 1.2 1999/08/24 14:39:31 d019080 Exp $ +# +OBJ=".o" +CC="cc" +CFLAGS="-std1 -g -DXDEBUG=1" +RM="rm -f" +EXE="" +LD="$CC" +LDFLAGS="" +LDTARGET='-o $@' +XD="" +LDLIBS="" +SHEXT=".so" +SHFLAGS="" +LINK_SHARED="ld -shared" +LINK_SHARED_END="-lc" + +# needs LD_LIBRAR_PATH if gssapi library is a true shared library +# preferably, the gssapi library should be an archive library +# of position-independent objects so that setting LD_LIBRARY_PATH +# will not be necessary for the executable +# +#VENLIB="-L/your/software/path -rpath /your/software/path -lgssapi" +VENLIB="" +if [ "$VENLIB" = "" ] ; then + echo "***" + echo "*** Please edit $0 and define VENLIB to link your" + echo "*** GSS-API v2 shared library" + echo "***" + exit 1 +fi + +export OBJ CC CFLAGS RM EXE LDLIBS LD LDTARGET LDFLAGS XD +export SHEXT SHFLAGS LINK_SHARED LINK_SHARED_END VENLIB +"$@" diff --git a/build.SunOS b/build.SunOS new file mode 100755 index 0000000..60d3130 --- /dev/null +++ b/build.SunOS @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $Id: build.SunOS,v 1.2 1999/08/24 14:39:31 d019080 Exp $ +# +OBJ=".o" +CC="/opt/SUNWspro/bin/cc" +CFLAGS="-Xa -g -DXDEBUG=1" +RM="rm -f" +EXE="" +LD="$CC" +LDFLAGS="$CFLAGS -ldl -lnsl -lthread" +LDTARGET='-o $@' +XD="" +LDLIBS="-ldl" +SHEXT=".so" +SHFLAGS="-Kpic" +LINK_SHARED="$(CC) -G" +LINK_SHARED_END="" + +#VENLIB="-L/your/software/path -R/your/software/path -lgssapi" +VENLIB="" +if [ "$VENLIB" = "" ] ; then + echo "***" + echo "*** Please edit $0 and define VENLIB to link your" + echo "*** GSS-API v2 shared library" + echo "***" + exit 1 +fi + +export OBJ CC CFLAGS RM EXE LDLIBS LD LDTARGET LDFLAGS XD +export SHEXT SHFLAGS LINK_SHARED LINK_SHARED_END VENLIB +"$@" diff --git a/gssapi_2.h b/gssapi_2.h new file mode 100644 index 0000000..95330c2 --- /dev/null +++ b/gssapi_2.h @@ -0,0 +1,718 @@ +/********************************************************************* + * $Id: gssapi_2.h,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $ + *********************************************************************/ + +/* + * GSS-API Version 2 Header File, See RFC 2xxx + */ + +#ifndef _GSSAPI_H_ +#define _GSSAPI_H_ + +/* + * Determine platform-dependent configuration. + */ + +#ifndef _XX_PLATFORM_H_ +# include "platform.h" +#endif + +#define GSS_SIZEOF_SHORT XX_SIZEOF_SHORT +#define GSS_SIZEOF_INT XX_SIZEOF_INT +#define GSS_SIZEOF_LONG XX_SIZEOF_LONG + +/* + * The following type must be defined as the smallest natural + * unsigned integer supported by the platform that has at least + * 32 bits of precision. + */ +typedef Uint32 gss_uint32; + + + + +/* + *########################################################### + *## One common gssapi_2.h Header file for all platforms ## + *########################################################### + */ + + + +/* + * First, include stddef.h to get size_t defined. + */ +#include + + +/* + * First, define the three platform-dependent pointer types. + */ +typedef void FAR * gss_ctx_id_t; +typedef void FAR * gss_cred_id_t; +typedef void FAR * gss_name_t; + + +typedef gss_uint32 OM_uint32; + +typedef struct gss_OID_desc_struct { + OM_uint32 length; + void FAR * elements; +} gss_OID_desc, FAR * gss_OID; + + +typedef struct gss_OID_set_desc_struct { + size_t count; + gss_OID elements; +} gss_OID_set_desc, FAR * gss_OID_set; + +typedef struct gss_buffer_desc_struct { + size_t length; + void FAR * value; +} gss_buffer_desc, FAR * gss_buffer_t; + +typedef struct gss_channel_bindings_struct { + OM_uint32 initiator_addrtype; + gss_buffer_desc initiator_address; + OM_uint32 acceptor_addrtype; + gss_buffer_desc acceptor_address; + gss_buffer_desc application_data; +} FAR * gss_channel_bindings_t; + +/* + * For now, define a QOP-type as an OM_uint32 (pending resolution + * of ongoing discussions). + */ +typedef OM_uint32 gss_qop_t; +typedef int gss_cred_usage_t; + +/* + * Flag bits for context-level services. + */ +#define GSS_C_DELEG_FLAG 1 +#define GSS_C_MUTUAL_FLAG 2 +#define GSS_C_REPLAY_FLAG 4 +#define GSS_C_SEQUENCE_FLAG 8 +#define GSS_C_CONF_FLAG 16 +#define GSS_C_INTEG_FLAG 32 +#define GSS_C_ANON_FLAG 64 +#define GSS_C_PROT_READY_FLAG 128 +#define GSS_C_TRANS_FLAG 256 + +/* + * Credential usage options + */ +#define GSS_C_BOTH 0 +#define GSS_C_INITIATE 1 +#define GSS_C_ACCEPT 2 + +/* + * Status code types for gss_display_status + */ +#define GSS_C_GSS_CODE 1 +#define GSS_C_MECH_CODE 2 + +/* + * The constant definitions for channel-bindings address families + */ +#define GSS_C_AF_UNSPEC 0 +#define GSS_C_AF_LOCAL 1 +#define GSS_C_AF_INET 2 +#define GSS_C_AF_IMPLINK 3 +#define GSS_C_AF_PUP 4 +#define GSS_C_AF_CHAOS 5 +#define GSS_C_AF_NS 6 +#define GSS_C_AF_NBS 7 +#define GSS_C_AF_ECMA 8 +#define GSS_C_AF_DATAKIT 9 +#define GSS_C_AF_CCITT 10 +#define GSS_C_AF_SNA 11 +#define GSS_C_AF_DECnet 12 +#define GSS_C_AF_DLI 13 +#define GSS_C_AF_LAT 14 +#define GSS_C_AF_HYLINK 15 +#define GSS_C_AF_APPLETALK 16 +#define GSS_C_AF_BSC 17 +#define GSS_C_AF_DSS 18 +#define GSS_C_AF_OSI 19 +#define GSS_C_AF_X25 21 + +#define GSS_C_AF_NULLADDR 255 + +/* + * Various Null values + */ +#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) +#define GSS_C_NO_NAME ((gss_name_t) 0) +#define GSS_C_NO_OID ((gss_OID) 0) +#define GSS_C_NO_OID_SET ((gss_OID_set) 0) +#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) +#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) +#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) +#define GSS_C_EMPTY_BUFFER {0, NULL} + +/* + * Some alternate names for a couple of the above values. + * These are defined for V1 compatibility. + */ +#define GSS_C_NULL_OID GSS_C_NO_OID +#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET + +/* + * Define the default Quality of Protection for per-message + * services. Note that an implementation that offers multiple + * levels of QOP may either reserve a value (for example zero, + * as assumed here) to mean "default protection", or + * alternatively may simply equate GSS_C_QOP_DEFAULT to a specific + * explicit QOP value. However, a value of 0 should always be + * interpreted by a GSSAPI implementation as a request for the + * default protection level. + */ +#define GSS_C_QOP_DEFAULT 0 + +/* + * Expiration time of 2^32-1 seconds means infinite lifetime for a + * credential or security context + */ +#define GSS_C_INDEFINITE 0xfffffffful +#define GSS_C_EXPIRED 0ul + + + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, + * corresponding to an object identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 3(gss-anonymous-name)}. The constant + * and GSS_C_NT_ANONYMOUS should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_ANONYMOUS; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, + * corresponding to an object-identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 4(gss-api-exported-name)}. The constant + * GSS_C_NT_EXPORT_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_EXPORT_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_USER_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_MACHINE_UID_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_STRING_UID_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x04"}, corresponding to an + * object-identifier value of {iso(1) member-body(2) + * Unites States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) service_name(4)}. The constant + * GSS_C_NT_HOSTBASED_SERVICE should be initialized + * to point to that gss_OID_desc. + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_HOSTBASED_SERVICE; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, + * corresponding to an object-identifier value of + * {iso(1) org(3) dod(6) internet(1) security(5) + * nametypes(6) gss-host-based-services(2)). The constant + * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point + * to that gss_OID_desc. This is a deprecated OID value, and + * implementations wishing to support hostbased-service names + * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, + * defined below, to identify such names; + * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym + * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input + * parameter, but should not be emitted by GSSAPI + * implementations + */ +extern gss_OID DLL_DATA_DECO GSS_C_NT_HOSTBASED_SERVICE_X; + + + +/* Major status codes */ + +#define GSS_S_COMPLETE 0 + +/* + * Some "helper" definitions to make the status code macros obvious. + */ +#define GSS_C_CALLING_ERROR_OFFSET 24 +#define GSS_C_ROUTINE_ERROR_OFFSET 16 +#define GSS_C_SUPPLEMENTARY_OFFSET 0 +#define GSS_C_CALLING_ERROR_MASK 0377ul +#define GSS_C_ROUTINE_ERROR_MASK 0377ul +#define GSS_C_SUPPLEMENTARY_MASK 0177777ul + +/* + * The macros that test status codes for error conditions. Note that the + * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now + * evaluates its argument only once. + */ +#define GSS_CALLING_ERROR(x) \ + ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) +#define GSS_ROUTINE_ERROR(x) \ + ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) +#define GSS_SUPPLEMENTARY_INFO(x) \ + ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) +#define GSS_ERROR(x) \ + ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ + (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) + +/* + * Now the actual status code definitions + */ + +/* + * Calling errors: + */ +#define GSS_S_CALL_INACCESSIBLE_READ (1ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_INACCESSIBLE_WRITE (2ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_BAD_STRUCTURE (3ul << GSS_C_CALLING_ERROR_OFFSET) + +/* + * Routine errors: + */ +#define GSS_S_BAD_MECH ( 1ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAME ( 2ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAMETYPE ( 3ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_BINDINGS ( 4ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_STATUS ( 5ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MIC ( 6ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_SIG GSS_S_BAD_MIC +#define GSS_S_NO_CRED ( 7ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NO_CONTEXT ( 8ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_TOKEN ( 9ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) + +/* + * Supplementary info bits: + */ +#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) +#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) +#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) +#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) +#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) + + +/* + * Finally, function prototypes for the GSSAPI routines. + */ + +OM_uint32 DLL_FUNC_DECO gss_acquire_cred( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* desired_name */ + OM_uint32, /* time_req */ + gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t FAR *, /* output_cred_handle */ + gss_OID_set FAR *, /* actual_mechs */ + OM_uint32 FAR * /* time_rec */ +); + + +OM_uint32 DLL_FUNC_DECO gss_release_cred( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t FAR * /* cred_handle */ +); + + +OM_uint32 DLL_FUNC_DECO gss_init_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t, /* claimant_cred_handle */ + gss_ctx_id_t FAR *, /* context_handle */ + gss_name_t, /* target_name */ + gss_OID, /* mech_type */ + OM_uint32, /* req_flags */ + OM_uint32, /* time_req */ + gss_channel_bindings_t, /* input_chan_bindings */ + gss_buffer_t, /* input_token */ + gss_OID FAR *, /* actual_mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 FAR *, /* ret_flags */ + OM_uint32 FAR * /* time_rec */ +); + + +OM_uint32 DLL_FUNC_DECO gss_accept_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t FAR *, /* context_handle */ + gss_cred_id_t, /* acceptor_cred_handle */ + gss_buffer_t, /* input_token_buffer */ + gss_channel_bindings_t, /* input_chan_bindings */ + gss_name_t FAR *, /* src_name */ + gss_OID FAR *, /* mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 FAR *, /* ret_flags */ + OM_uint32 FAR *, /* time_rec */ + gss_cred_id_t FAR * /* delegated_cred_handle */ +); + + +OM_uint32 DLL_FUNC_DECO gss_process_context_token( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t /* token_buffer */ +); + + +OM_uint32 DLL_FUNC_DECO gss_delete_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t FAR *, /* context_handle */ + gss_buffer_t /* output_token */ +); + + +OM_uint32 DLL_FUNC_DECO gss_context_time( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + OM_uint32 FAR * /* time_rec */ +); + + +/* New name in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_get_mic( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ +); + + +/* New name in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_verify_mic( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* message_token */ + gss_qop_t * /* qop_state */ +); + + +/* New name in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_wrap( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int FAR *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ +); + + +/* New name in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_unwrap( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int FAR *, /* conf_state */ + gss_qop_t FAR * /* qop_state */ +); + + +OM_uint32 DLL_FUNC_DECO gss_display_status( + OM_uint32 FAR *, /* minor_status */ + OM_uint32, /* status_value */ + int, /* status_type */ + gss_OID, /* mech_type */ + OM_uint32 FAR *, /* message_context */ + gss_buffer_t /* status_string */ +); + + +OM_uint32 DLL_FUNC_DECO gss_indicate_mechs( + OM_uint32 FAR *, /* minor_status */ + gss_OID_set FAR * /* mech_set */ +); + + +OM_uint32 DLL_FUNC_DECO gss_compare_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* name1 */ + gss_name_t, /* name2 */ + int FAR * /* name_equal */ +); + + +OM_uint32 DLL_FUNC_DECO gss_display_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* input_name */ + gss_buffer_t, /* output_name_buffer */ + gss_OID FAR * /* output_name_type */ +); + + +OM_uint32 DLL_FUNC_DECO gss_import_name( + OM_uint32 FAR *, /* minor_status */ + gss_buffer_t, /* input_name_buffer */ + gss_OID, /* input_name_type */ + gss_name_t FAR * /* output_name */ +); + + +OM_uint32 DLL_FUNC_DECO gss_release_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t FAR * /* input_name */ +); + + +OM_uint32 DLL_FUNC_DECO gss_release_buffer( + OM_uint32 FAR *, /* minor_status */ + gss_buffer_t /* buffer */ +); + + +OM_uint32 DLL_FUNC_DECO gss_release_oid_set( + OM_uint32 FAR *, /* minor_status */ + gss_OID_set FAR * /* set */ +); + + +OM_uint32 DLL_FUNC_DECO gss_inquire_cred( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_name_t FAR *, /* name */ + OM_uint32 FAR *, /* lifetime */ + gss_cred_usage_t FAR *, /* cred_usage */ + gss_OID_set FAR * /* mechanisms */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_inquire_context( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_name_t FAR *, /* src_name */ + gss_name_t FAR *, /* targ_name */ + OM_uint32 FAR *, /* lifetime_rec */ + gss_OID FAR *, /* mech_type */ + OM_uint32 FAR *, /* ctx_flags */ + int FAR *, /* locally_initiated */ + int FAR * /* open */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_wrap_size_limit( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + OM_uint32, /* req_output_size */ + OM_uint32 * /* max_input_size */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_add_cred( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t, /* input_cred_handle */ + gss_name_t, /* desired_name */ + gss_OID, /* desired_mech */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t FAR *, /* output_cred_handle */ + gss_OID_set FAR *, /* actual_mechs */ + OM_uint32 FAR *, /* initiator_time_rec */ + OM_uint32 FAR * /* acceptor_time_rec */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_inquire_cred_by_mech( + OM_uint32 FAR *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_OID, /* mech_type */ + gss_name_t FAR *, /* name */ + OM_uint32 FAR *, /* initiator_lifetime */ + OM_uint32 FAR *, /* acceptor_lifetime */ + gss_cred_usage_t FAR * /* cred_usage */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_export_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t FAR *, /* context_handle */ + gss_buffer_t /* interprocess_token */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_import_sec_context( + OM_uint32 FAR *, /* minor_status */ + gss_buffer_t, /* interprocess_token */ + gss_ctx_id_t FAR * /* context_handle */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_create_empty_oid_set( + OM_uint32 FAR *, /* minor_status */ + gss_OID_set FAR * /* oid_set */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_add_oid_set_member( + OM_uint32 FAR *, /* minor_status */ + gss_OID, /* member_oid */ + gss_OID_set FAR * /* oid_set */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_test_oid_set_member( + OM_uint32 FAR *, /* minor_status */ + gss_OID, /* member */ + gss_OID_set, /* set */ + int FAR * /* present */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_inquire_names_for_mech( + OM_uint32 FAR *, /* minor_status */ + gss_OID, /* mechanism */ + gss_OID_set FAR * /* name_types */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_inquire_mechs_for_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* input_name */ + gss_OID_set FAR * /* mechanism_oids */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_canonicalize_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* input_name */ + gss_OID, /* mech_type */ + gss_name_t FAR * /* output_name */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_export_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* input_name */ + gss_buffer_t /* output_name_blob */ +); + + +/* New in GSS-API V2 */ +OM_uint32 DLL_FUNC_DECO gss_duplicate_name( + OM_uint32 FAR *, /* minor_status */ + gss_name_t, /* src_name */ + gss_name_t FAR * /* dest_name */ +); + + +/* + * The following routines are obsolete variants of gss_get_mic, + * gss_wrap, gss_verify_mic and gss_unwrap. They should be + * provided by GSSAPI V2 implementations for backwards + * compatibility with V1 applications. Distinct entrypoints + * (as opposed to #defines) should be provided, both allow GSSAPI + * V1 applications to link against GSSAPI V2 implementations, and + * to retain the slight parameter type differences between the + * obsolete versions of these routines and their current forms. + */ + +OM_uint32 DLL_FUNC_DECO gss_sign( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ +); + + +OM_uint32 DLL_FUNC_DECO gss_verify( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* token_buffer */ + int FAR * /* qop_state */ +); + + +OM_uint32 DLL_FUNC_DECO gss_seal( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + int, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int FAR *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ +); + + +OM_uint32 DLL_FUNC_DECO gss_unseal( + OM_uint32 FAR *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int FAR *, /* conf_state */ + int FAR * /* qop_state */ +); + +#endif /* _GSSAPI_H_ */ diff --git a/gssntlm.dll b/gssntlm.dll new file mode 100755 index 0000000..60bcc3f Binary files /dev/null and b/gssntlm.dll differ diff --git a/gssntlm.lib b/gssntlm.lib new file mode 100755 index 0000000..9bc1c21 Binary files /dev/null and b/gssntlm.lib differ diff --git a/make.bat b/make.bat new file mode 100755 index 0000000..922e429 --- /dev/null +++ b/make.bat @@ -0,0 +1,35 @@ +@echo off +set CC=cl +set CFLAGS=/nologo /MD /W3 /GX /Zi /Od /Fo"Debug/" +set LDFLAGS=/nologo /subsystem:console /incremental:no /pdb:"$*.pdb" /debug /pdbtype:sept /libpath:debug +set LD=link +set LDTARGET=/out:$(TARGET) +set "RM=del 2>NUL " +set OBJ=.obj +set XOBJS=$(OBJS) +set XD=Debug\ +set EXE=.exe +set BUILD= +set WIN_CLEAN=win-clean +set LIBS=kernel32.lib +set SHEXT=.dll +set SHFLAGS=/LD +set LINK_SHARED=$(LD) /DLL /DEF:sncgss32.def /IMPLIB:$*.lib /SUBSYSTEM:CONSOLE +set LINK_SHARED_END= + +set VENLIB=.\gssntlm.lib +if NOT %VENLIB%. == . goto :trymake +echo *** +echo *** Please edit MAKE.BAT and define VENLIB to point to the *.LIB stub +echo *** of your GSS-API v2 windows library (DLL) +echo *** +goto :finish + +:trymake + +if %1. == clean. nmake /NOLOGO do-clean +if %1. == . nmake /NOLOGO do-all +if %1. == all. nmake /NOLOGO do-all + +@echo off + diff --git a/platform.h b/platform.h new file mode 100644 index 0000000..71a6d4d --- /dev/null +++ b/platform.h @@ -0,0 +1,113 @@ +/************************************************************************/ +/* $Id: platform.h,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $ + ************************************************************************/ +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + +#ifndef _XX_PLATFORM_H_ +# define _XX_PLATFORM_H_ + + +#ifndef USHRT_MAX +# include +#endif + + +#if USHRT_MAX >= 0x10000ul +# define XX_SIZEOF_USHORT 4 +# error cannot handle unsigned short > 2 bytes +#else +# define XX_SIZEOF_USHORT 2 +#endif + +#if UINT_MAX >= 0x10000ul +# define XX_SIZEOF_UINT 4 +#else +# define XX_SIZEOF_UINT 2 +#endif + +#if ULONG_MAX > 0xFFFFFFFFul +# define XX_SIZEOF_ULONG 8 +#else +# define XX_SIZEOF_ULONG 4 +#endif + + +#if (XX_SIZEOF_UINT == 4) + + typedef unsigned int Uint32; + +#elif (XX_SIZEOF_ULONG == 4) + + typedef unsigned long Uint32; + +#elif (XX_SIZEOF_USHORT == 4) + + typedef unsigned short Uint32; + +#endif + + + +/* + * Define DLL_FUNC_DECO, DLL_DATA_DECO, FUNCPTR_DECO and FAR + */ + +#if defined(_WIN32) +# if !defined(WINAPI) +# if !defined(_M_IX86) +# include +# else +# /* shortcutting Microsoft Win32 on Intel x86i, because including */ +# /* is painfully timeconsuming during development ... */ +# define WINAPI __stdcall +# endif +# endif +# define FUNCPTR_DECO WINAPI +# define EXPORT_FUNCTION __declspec(dllexport) WINAPI +# define EXPORT_DATA __declspec(dllexport) +# define IMPORT_FUNCTION __declspec(dllimport) WINAPI +# define IMPORT_DATA __declspec(dllimport) +#elif defined(_WINDOWS) +# if !defined(WINAPI) +# define WINAPI __far __pascal +# endif +# define FUNCPTR_DECO WINAPI +# define EXPORT_FUNCTION __export WINAPI +# define EXPORT_DATA __export +# define IMPORT_FUNCTION __export WINAPI +# define IMPORT_DATA __export +# define FAR __far +#else +# define EXPORT_FUNCTION +# define EXPORT_DATA +# define IMPORT_FUNCTION +# define IMPORT_DATA +# define FUNCPTR_DECO +#endif + +#ifdef BUILDING_DLL +# define DLL_DATA_DECO EXPORT_DATA +# define DLL_FUNC_DECO EXPORT_FUNCTION +#else +# define DLL_DATA_DECO IMPORT_DATA +# define DLL_FUNC_DECO IMPORT_FUNCTION +#endif + +#ifndef FAR +# define FAR +#endif + + + +#endif /* _XX_PLATFORM_H_ */ diff --git a/sncadapt.c b/sncadapt.c new file mode 100644 index 0000000..e91f8e9 --- /dev/null +++ b/sncadapt.c @@ -0,0 +1,1063 @@ +static char * this_File = "sncadapt.c"; +static char * cvs_id = + "$Id: sncadapt.c,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME >>> "X X X X X X X X X X X X X X X" + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX >>> "xxxx" + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID >>> SAPGSS_ID_XXXX + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID \ + >>> { 7, "\053\006\001\005\005\001\001" } + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID \ + >>> { 9, "\053\006\001\004\001\201\172\002\001" } + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION >>> 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION >>> 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL >>> 1 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL >>> 1 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH >>> 1 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT >>> 1 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include +#include +#include + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of sncadapt.c */ + diff --git a/sncgss.exp b/sncgss.exp new file mode 100755 index 0000000..ea27fad --- /dev/null +++ b/sncgss.exp @@ -0,0 +1,54 @@ +#! sncgss.o +* $Id: sncgss.exp,v 1.2 1999/08/24 14:39:32 d019080 Exp $ +* export definition for shared libraries/objects on AIX +* + +* SNC-Adapter calls +* +sapsnc_init_adapter +sapsnc_export_cname_blob +sapsnc_import_cname_blob + +* wrapper calls for GSS-API Version 1 (RFC 1508/1509) +* +sapgss_acquire_cred +sapgss_release_cred +sapgss_init_sec_context +sapgss_accept_sec_context +sapgss_process_context_token +sapgss_delete_sec_context +sapgss_context_time +sapgss_get_mic +sapgss_verify_mic +sapgss_wrap +sapgss_unwrap +sapgss_display_status +sapgss_indicate_mechs +sapgss_compare_name +sapgss_display_name +sapgss_import_name +sapgss_release_name +sapgss_release_buffer +sapgss_release_oid_set +sapgss_inquire_cred + +* wrapper calls for GSS-API Version 2 +* +sapgss_add_cred +sapgss_inquire_cred_by_mech + +sapgss_inquire_context +sapgss_wrap_size_limit +sapgss_export_sec_context +sapgss_import_sec_context + +sapgss_create_empty_oid_set +sapgss_add_oid_set_member +sapgss_test_oid_set_member + +sapgss_canonicalize_name +sapgss_export_name +sapgss_inquire_names_for_mech +sapgss_inquire_mechs_for_name + + diff --git a/sncgss.h b/sncgss.h new file mode 100644 index 0000000..a0e2925 --- /dev/null +++ b/sncgss.h @@ -0,0 +1,601 @@ +/**********************************************************************/ +/* $Id: sncgss.h,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $ + **********************************************************************/ +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + +#ifndef _SNCGSS_H +#define _SNCGSS_H 1 + +#ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(a) ((a)=(a)) +#endif + +/**********************************************************************/ +/* */ +/* Public type definitions */ +/* */ +/**********************************************************************/ + +/********************************************************************** + * + * SAPGSS type definitions for use within the snc*.[ch] modules + * + * If these don't match with the GSS-API definitions, then + * we might have a problem + * + **********************************************************************/ + + + +typedef enum sapgss_prod_id { + SAPGSS_ID_DUMMY = 0, /* No security (26-jun-95) mrex */ + SAPGSS_ID_GENERIC = 1, /* Generic GSS-API v2 Mechanism, */ + /* let GSS-API fight it out ... */ + + + SAPGSS_ID_KERBEROS5 = 2, /* Kerberos 5 / MIT (26-jun-95) mrex */ +#define SAPGSS_KERBEROS5_PREFIX "krb5" +#define SAPGSS_KERBEROS5_NAME "Kerberos 5/GSS-API v2" +#define SAPGSS_KERBEROS5_MECH_OID { 9, "\052\206\110\206\367\022\001\002\002" } +#define SAPGSS_KERBEROS5_CNAME_OID { 10, "\052\206\110\206\367\022\001\002\002\001" } + + + SAPGSS_ID_SECUDE = 3, /* SecuDE 5 (21-sep-95) mrex */ +#define SAPGSS_SECUDE_PREFIX "secude" +#define SAPGSS_SECUDE_NAME "Secude 5 GSS-API v2" +#define SAPGSS_SECUDE_MECH_OID { 6, "\053\044\003\001\045\001" } +#define SAPGSS_SECUDE_CNAME_OID { 6, "\053\044\003\001\046\001" } + + + SAPGSS_ID_SAPNTLM = 4, /* SAPNTLM (08-okt-97) mrex */ +#define SAPGSS_SAPNTLM_PREFIX "sapntlm" +#define SAPGSS_SAPNTLM_NAME "SAP's GSS-API v2 over NTLM(SSPI)" +#define SAPGSS_SAPNTLM_MECH_OID { 10, "\053\006\001\004\001\205\066\002\001\002" } +#define SAPGSS_SAPNTLM_CNAME_OID { 11, "\053\006\001\004\001\205\066\002\001\002\001" } + + + + SAPGSS_ID_SPKM1 = 5, /* SPKM1 (18-aug-98) mrex */ +#define SAPGSS_SPKM1_PREFIX "spkm1" +#define SAPGSS_SPKM1_NAME "SPKM1 GSS-API v2 library" +#define SAPGSS_SPKM1_MECH_OID { 7, "\053\006\001\005\005\001\001" } +#define SAPGSS_SPKM1_CNAME_OID { 9, "\053\006\001\004\001\201\172\002\001" } + + + SAPGSS_ID_SPKM2 = 6, /* SPKM2 (18-aug-98) mrex */ +#define SAPGSS_SPKM2_PREFIX "spkm2" +#define SAPGSS_SPKM2_NAME "SPKM2 GSS-API v2 library" +#define SAPGSS_SPKM2_MECH_OID { 7, "\053\006\001\005\005\001\002" } +#define SAPGSS_SPKM2_CNAME_OID { 9, "\053\006\001\004\001\201\172\002\001" } + + + SAPGSS_ID_RESERVED_1 = 7, /* reserved ID (30-oct-96) mrex */ + + + SAPGSS_ID_ITSEC = 8, +#define SAPGSS_ITSEC_PREFIX "itsec" +#define SAPGSS_ITSEC_NAME +#define SAPGSS_ITSEC_MECH_OID +#define SAPGSS_ITSEC_CNAME_OID + + + SAPGSS_ID_SDTI = 9, +#define SAPGSS_SDTI_PREFIX "sdti" +#define SAPGSS_SDTI_NAME "SDTI Connect Agent" +#define SAPGSS_SDTI_MECH_OID { 9, "\052\206\110\206\367\015\005\004\001" } +#define SAPGSS_SDTI_CNAME_OID { 9, "\052\206\110\206\367\015\005\004\002" } + + + SAPGSS_ID_AMDCE = 10, +#define SAPGSS_AMDCE_PREFIX "amdce" +#define SAPGSS_AMDCE_NAME "AccessMaster DCE" +#define SAPGSS_AMDCE_MECH_OID { 7, "\053\014\001\056\001\062\002" } +#define SAPGSS_AMDCE_CNAME_OID { 10, "\052\206\110\206\367\022\001\002\002\001" } + + SAPGSS_ID_INVALID +} SAPGSS_MECH_ID; + +#define NUM_INTERNAL_STUBS (SAPGSS_ID_SAPNTLM+1) + + +struct sapgss_info_s { + int major_rev; /* major revision number of SNC-Adapter */ + int minor_rev; /* minor revision number of SNC-Adapter */ + + char * adapter_name; /* SNC-Adapter identification string */ + SAPGSS_MECH_ID mech_id; /* SAP-registered gssapi mechanism identifier */ + + char integ_avail; /* gssapi mechanism supports integrity protection */ + char conf_avail; /* gssapi mechanism supports confidentiality protection */ + + char unused1; /* historic -- not used -- MUST BE 0 */ + + char export_sec_context; + /* gssapi mechanism supports exporting */ + /* of an established security context, */ + /* as defined by GSS-API v2 */ + + OM_uint32 unused2; /* historic -- not used -- MUST BE 0 */ + + gss_OID_desc FAR * nt_canonical_name; + gss_OID_desc FAR * nt_private_name1; + gss_OID_desc FAR * nt_private_name2; + gss_OID_desc FAR * nt_private_name3; + gss_OID_desc FAR * nt_private_name4; + + char FAR * mech_prefix_string; + + char mutual_auth; /* gssapi mechanism supports mutual authentication */ + char replay_prot; /* gssapi mechanism supports replay detection */ + char reserved1; + char reserved2; + + gss_OID_desc FAR * mech_oid; + +}; + + +#define SNCADAPT_INFO_LEN(x) (offsetof(struct sapgss_info_s, x) + sizeof( ((struct sapgss_info_s *)0)->x ) ) +#define SNCADAPT_BASIC_INFO_LEN SNCADAPT_INFO_LEN( replay_prot ) + + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - Function list ( Prototype definitions ) */ +/* */ +/**********************************************************************/ + +#define ARG3_INIT_ADAPTER \ + struct sapgss_info_s FAR * , \ + size_t , \ + int + +OM_uint32 DLL_FUNC_DECO +sapsnc_init_adapter( ARG3_INIT_ADAPTER ); + + + +#define ARG4_EXPORT_CNAME_BLOB \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_buffer_t , /* output_name_buffer */ \ + int /* adapter_index (snc internal use) */ + +OM_uint32 DLL_FUNC_DECO +sapsnc_export_cname_blob( ARG4_EXPORT_CNAME_BLOB ); + + + +#define ARG4_IMPORT_CNAME_BLOB \ + OM_uint32 FAR * , /* minor_status */ \ + gss_buffer_t , /* input_name_buffer */ \ + gss_name_t FAR * , /* output_name */ \ + int /* adapter_index (snc internal use) */ + +OM_uint32 DLL_FUNC_DECO +sapsnc_import_cname_blob( ARG4_IMPORT_CNAME_BLOB ); + + + +/* + * GSS-API Version 1 functionality (RFC 1508 & 1509 ) + */ +#define ARG8_ACQUIRE_CRED \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* desired_name */ \ + OM_uint32 , /* time_req */ \ + gss_OID_set , /* desired_mechs */ \ + gss_cred_usage_t , /* cred_usage */ \ + gss_cred_id_t FAR * , /* output_cred_handle */ \ + gss_OID_set FAR * , /* actual_mechs */ \ + OM_uint32 FAR * /* time_rec */ + +OM_uint32 DLL_FUNC_DECO +sapgss_acquire_cred( ARG8_ACQUIRE_CRED ); + + + +#define ARG2_RELEASE_CRED \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t FAR * /* cred_handle */ + +OM_uint32 DLL_FUNC_DECO +sapgss_release_cred( ARG2_RELEASE_CRED ); + + + +#define ARG13_INIT_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t , /* claimant_cred_handle */ \ + gss_ctx_id_t FAR * , /* context_handle */ \ + gss_name_t , /* target_name */ \ + gss_OID , /* mech_type */ \ + OM_uint32 , /* req_flags */ \ + OM_uint32 , /* time_req */ \ + gss_channel_bindings_t , /* input_chan_bindings */ \ + gss_buffer_t , /* input_token */ \ + gss_OID FAR * , /* actual_mech_type */ \ + gss_buffer_t , /* output_token */ \ + OM_uint32 FAR * , /* ret_flags */ \ + OM_uint32 FAR * /* time_rec */ + +OM_uint32 DLL_FUNC_DECO +sapgss_init_sec_context( ARG13_INIT_SEC_CONTEXT ); + + + +#define ARG11_ACCEPT_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t FAR * , /* context_handle */ \ + gss_cred_id_t , /* verifier_cred_handle */ \ + gss_buffer_t , /* input_token_buffer */ \ + gss_channel_bindings_t , /* input_chan_bindings */ \ + gss_name_t FAR * , /* src_name */ \ + gss_OID FAR * , /* mech_type */ \ + gss_buffer_t , /* output_token */ \ + OM_uint32 FAR * , /* ret_flags */ \ + OM_uint32 FAR * , /* time_rec */ \ + gss_cred_id_t FAR * /* delegated_cred_handle */ + +OM_uint32 DLL_FUNC_DECO +sapgss_accept_sec_context( ARG11_ACCEPT_SEC_CONTEXT ); + + + +#define ARG3_PROCESS_CONTEXT_TOKEN \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_buffer_t /* token_buffer */ + +OM_uint32 DLL_FUNC_DECO +sapgss_process_context_token( ARG3_PROCESS_CONTEXT_TOKEN ); + + + +#define ARG3_DELETE_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t FAR * , /* context_handle */ \ + gss_buffer_t /* output_token */ + +OM_uint32 DLL_FUNC_DECO +sapgss_delete_sec_context( ARG3_DELETE_SEC_CONTEXT ); + + + +#define ARG3_CONTEXT_TIME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + OM_uint32 FAR * /* time_rec */ + +OM_uint32 DLL_FUNC_DECO +sapgss_context_time( ARG3_CONTEXT_TIME ); + + + +/* v2 name for gss_sign() */ +#define ARG5_GET_MIC \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_qop_t , /* qop_req */ \ + gss_buffer_t , /* message_buffer */ \ + gss_buffer_t /* message_token */ + +OM_uint32 DLL_FUNC_DECO +sapgss_get_mic( ARG5_GET_MIC ); + + + +/* v2 name for gss_verify() */ +#define ARG5_VERIFY_MIC \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_buffer_t , /* message_buffer */ \ + gss_buffer_t , /* token_buffer */ \ + gss_qop_t FAR * /* qop_state */ + +OM_uint32 DLL_FUNC_DECO +sapgss_verify_mic( ARG5_VERIFY_MIC ); + + + +/* v2 name for gss_seal() */ +#define ARG7_WRAP \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + int , /* conf_req_flag */ \ + gss_qop_t , /* qop_req */ \ + gss_buffer_t , /* input_message_buffer */ \ + int FAR * , /* conf_state */ \ + gss_buffer_t /* output_message_buffer */ + +OM_uint32 DLL_FUNC_DECO +sapgss_wrap( ARG7_WRAP ); + + + +/* v2 name for gss_unseal() */ +#define ARG6_UNWRAP \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_buffer_t , /* input_message_buffer */ \ + gss_buffer_t , /* output_message_buffer */ \ + int FAR * , /* conf_state */ \ + gss_qop_t FAR * /* qop_state */ + +OM_uint32 DLL_FUNC_DECO +sapgss_unwrap( ARG6_UNWRAP ); + + + +#define ARG6_DISPLAY_STATUS \ + OM_uint32 FAR * , /* minor_status */ \ + OM_uint32 , /* status_value */ \ + int , /* status_type */ \ + gss_OID , /* mech_type */ \ + OM_uint32 FAR * , /* message_context */ \ + gss_buffer_t /* status_string */ + +OM_uint32 DLL_FUNC_DECO +sapgss_display_status( ARG6_DISPLAY_STATUS ); + + + +#define ARG2_INDICATE_MECHS \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID_set FAR * /* mech_set */ + +OM_uint32 DLL_FUNC_DECO +sapgss_indicate_mechs( ARG2_INDICATE_MECHS ); + + + +#define ARG4_COMPARE_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* name1 */ \ + gss_name_t , /* name2 */ \ + int FAR * /* name_equal */ + +OM_uint32 DLL_FUNC_DECO +sapgss_compare_name( ARG4_COMPARE_NAME ); + + + +#define ARG4_DISPLAY_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_buffer_t , /* output_name_buffer */ \ + gss_OID FAR * /* output_name_type */ + +OM_uint32 DLL_FUNC_DECO +sapgss_display_name( ARG4_DISPLAY_NAME ); + + + +#define ARG4_IMPORT_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_buffer_t , /* input_name_buffer */ \ + gss_OID , /* input_name_type */ \ + gss_name_t FAR * /* output_name */ + +OM_uint32 DLL_FUNC_DECO +sapgss_import_name( ARG4_IMPORT_NAME ); + + + +#define ARG2_RELEASE_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t FAR * /* input_name */ + +OM_uint32 DLL_FUNC_DECO +sapgss_release_name( ARG2_RELEASE_NAME ); + + + +#define ARG2_RELEASE_BUFFER \ + OM_uint32 FAR * , /* minor_status */ \ + gss_buffer_t /* buffer */ + +OM_uint32 DLL_FUNC_DECO +sapgss_release_buffer( ARG2_RELEASE_BUFFER ); + + + +#define ARG2_RELEASE_OID_SET \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID_set FAR * /* set */ + +OM_uint32 DLL_FUNC_DECO +sapgss_release_oid_set( ARG2_RELEASE_OID_SET ); + + + +#define ARG6_INQUIRE_CRED \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t , /* cred_handle */ \ + gss_name_t FAR * , /* name */ \ + OM_uint32 FAR * , /* lifetime */ \ + gss_cred_usage_t FAR * , /* cred_usage */ \ + gss_OID_set FAR * /* mechanisms */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_cred( ARG6_INQUIRE_CRED ); + + + + +/* + * New functionality of GSS-API Version 2 + */ +#define ARG11_ADD_CRED \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t , /* input_cred_handle */ \ + gss_name_t , /* desired_name */ \ + gss_OID , /* desired_mech */ \ + gss_cred_usage_t , /* cred_usage */ \ + OM_uint32 , /* initiator_time_req */ \ + OM_uint32 , /* acceptor_time_req */ \ + gss_cred_id_t FAR * , /* output_cred_handle */ \ + gss_OID_set FAR * , /* actual_mechs */ \ + OM_uint32 FAR * , /* initiator_time_rec */ \ + OM_uint32 FAR * /* acceptor_time_rec */ + +OM_uint32 DLL_FUNC_DECO +sapgss_add_cred( ARG11_ADD_CRED ); + + + +#define ARG7_INQUIRE_CRED_BY_MECH \ + OM_uint32 FAR * , /* minor_status */ \ + gss_cred_id_t , /* cred_handle */ \ + gss_OID , /* mech_type */ \ + gss_name_t FAR * , /* name */ \ + OM_uint32 FAR * , /* initiator_lifetime */ \ + OM_uint32 FAR * , /* acceptor_lifetime */ \ + gss_cred_usage_t FAR * /* cred_usage */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_cred_by_mech( ARG7_INQUIRE_CRED_BY_MECH ); + + + +#define ARG9_INQUIRE_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context_handle */ \ + gss_name_t FAR * , /* initiator_name */ \ + gss_name_t FAR * , /* acceptor_name */ \ + OM_uint32 FAR * , /* lifetime_rec */ \ + gss_OID FAR * , /* mech_type */ \ + OM_uint32 FAR * , /* ret_flags */ \ + int FAR * , /* locally_initiated */ \ + int FAR * /* open */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_context( ARG9_INQUIRE_CONTEXT ); + + + +#define ARG6_WRAP_SIZE_LIMIT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t , /* context handle */ \ + int , /* conf_req_flag */ \ + gss_qop_t , /* qop_req */ \ + OM_uint32 , /* requested output size */ \ + OM_uint32 FAR * /* maximum input size */ + +OM_uint32 DLL_FUNC_DECO +sapgss_wrap_size_limit( ARG6_WRAP_SIZE_LIMIT ); + + + +#define ARG3_EXPORT_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_ctx_id_t FAR * , /* context_handle */ \ + gss_buffer_t /* interprocess_token */ + +OM_uint32 DLL_FUNC_DECO +sapgss_export_sec_context( ARG3_EXPORT_SEC_CONTEXT ); + + + +#define ARG3_IMPORT_SEC_CONTEXT \ + OM_uint32 FAR * , /* minor_status */ \ + gss_buffer_t , /* interprocess_token */ \ + gss_ctx_id_t FAR * /* context_handle */ + +OM_uint32 DLL_FUNC_DECO +sapgss_import_sec_context( ARG3_IMPORT_SEC_CONTEXT ); + + + +#define ARG2_CREATE_EMPTY_OID_SET \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID_set FAR * /* oid_set */ + +OM_uint32 DLL_FUNC_DECO +sapgss_create_emtpy_oid_set( ARG2_CREATE_EMPTY_OID_SET ); + + + +#define ARG3_ADD_OID_SET_MEMBER \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID , /* member_oid */ \ + gss_OID_set FAR * /* oid_set */ + +OM_uint32 DLL_FUNC_DECO +sapgss_add_oid_set_member( ARG3_ADD_OID_SET_MEMBER ); + + + +#define ARG4_TEST_OID_SET_MEMBER \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID , /* member */ \ + gss_OID_set , /* set */ \ + int FAR * /* present */ + +OM_uint32 DLL_FUNC_DECO +sapgss_test_oid_set_member( ARG4_TEST_OID_SET_MEMBER ); + + + +#define ARG3_INQUIRE_NAMES_FOR_MECH \ + OM_uint32 FAR * , /* minor_status */ \ + gss_OID , /* mechanism_oid */ \ + gss_OID_set FAR * /* name_types */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_names_for_mech( ARG3_INQUIRE_NAMES_FOR_MECH ); + + + +#define ARG3_INQUIRE_MECHS_FOR_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_OID_set FAR * /* mechanism oids */ + +OM_uint32 DLL_FUNC_DECO +sapgss_inquire_mechs_for_name( ARG3_INQUIRE_MECHS_FOR_NAME ); + + + +#define ARG4_CANONICALIZE_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_OID , /* mechanism_type */ \ + gss_name_t FAR * /* output_name */ + +OM_uint32 DLL_FUNC_DECO +sapgss_canonicalize_name( ARG4_CANONICALIZE_NAME ); + + + +#define ARG3_EXPORT_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* input_name */ \ + gss_buffer_t /* output_name_blob */ + +OM_uint32 DLL_FUNC_DECO +sapgss_export_name( ARG3_EXPORT_NAME ); + + + +#define ARG3_DUPLICATE_NAME \ + OM_uint32 FAR * , /* minor_status */ \ + gss_name_t , /* src_name */ \ + gss_name_t FAR * /* dest_name */ + +OM_uint32 DLL_FUNC_DECO +sapgss_duplicate_name( ARG3_DUPLICATE_NAME ); + +#endif /* _SNCGSS_H */ + diff --git a/sncgss32.def b/sncgss32.def new file mode 100644 index 0000000..a54080b --- /dev/null +++ b/sncgss32.def @@ -0,0 +1,57 @@ +; $Id: sncgss32.def,v 1.1.1.1 1999/08/24 14:36:22 d019080 Exp $ +;---------------------------------------------------------------------- +; SNCGSS32.DLL SAP-SecureNetworkCommunication to GSS-API adapter DLL +; Win32 Module Definition File (for Microsoft Visual C++ >= 2.1) +;---------------------------------------------------------------------- +; + +;LIBRARY SNCGSS32 +DESCRIPTION 'SNC to GSSAPI v2 DLL-Adapter Win32' + +EXPORTS +; SAP specific functions of the adapter + sapsnc_init_adapter @1 + sapsnc_export_cname_blob @2 + sapsnc_import_cname_blob @3 + +; GSS-API Version 1 (RFC 1508,1509) + sapgss_acquire_cred @11 + sapgss_release_cred @12 + sapgss_init_sec_context @13 + sapgss_accept_sec_context @14 + sapgss_process_context_token @15 + sapgss_delete_sec_context @16 + sapgss_context_time @17 + sapgss_get_mic @18 + sapgss_verify_mic @19 + sapgss_wrap @20 + sapgss_unwrap @21 + sapgss_display_status @22 + sapgss_indicate_mechs @23 + sapgss_compare_name @24 + sapgss_display_name @25 + sapgss_import_name @26 + sapgss_release_name @27 + sapgss_release_buffer @28 + sapgss_release_oid_set @29 + sapgss_inquire_cred @30 + +; GSS-API Version 2 new calls + sapgss_add_cred + sapgss_inquire_cred_by_mech + + sapgss_inquire_context + sapgss_wrap_size_limit + sapgss_export_sec_context + sapgss_import_sec_context + + sapgss_create_empty_oid_set + sapgss_add_oid_set_member + sapgss_test_oid_set_member + + sapgss_canonicalize_name + sapgss_export_name + sapgss_duplicate_name + sapgss_inquire_names_for_mech + sapgss_inquire_mechs_for_name + diff --git a/snckrb5.c b/snckrb5.c new file mode 100644 index 0000000..f706278 --- /dev/null +++ b/snckrb5.c @@ -0,0 +1,1060 @@ +static char * this_File = "snckrb5.c"; +static char * cvs_id = + "$Id: snckrb5.c,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME SAPGSS_KERBEROS5_NAME + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX SAPGSS_KERBEROS5_PREFIX + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID SAPGSS_ID_KERBEROS5 + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID SAPGSS_KERBEROS5_MECH_OID + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID SAPGSS_KERBEROS5_CNAME_OID + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL 1 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL 1 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH 1 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT 1 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include +#include +#include + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of snckrb5.c */ + diff --git a/sncntlm.c b/sncntlm.c new file mode 100644 index 0000000..8eab195 --- /dev/null +++ b/sncntlm.c @@ -0,0 +1,1060 @@ +static char * this_File = "sncntlm.c"; +static char * cvs_id = + "$Id: sncntlm.c,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME SAPGSS_SAPNTLM_NAME + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX SAPGSS_SAPNTLM_PREFIX + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID SAPGSS_ID_SAPNTLM + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID SAPGSS_SAPNTLM_MECH_OID + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID SAPGSS_SAPNTLM_CNAME_OID + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL 0 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL 0 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH 0 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT 0 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include +#include +#include + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of sncntlm.c */ + diff --git a/sncsecud.c b/sncsecud.c new file mode 100644 index 0000000..f3cadf9 --- /dev/null +++ b/sncsecud.c @@ -0,0 +1,1060 @@ +static char * this_File = "sncsecud.c"; +static char * cvs_id = + "$Id: sncsecud.c,v 1.1.1.1 1999/08/24 14:36:22 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME SAPGSS_SECUDE_NAME + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX SAPGSS_SECUDE_PREFIX + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID SAPGSS_ID_SECUDE + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID SAPGSS_SECUDE_MECH_OID + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID SAPGSS_SECUDE_CNAME_OID + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL 1 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL 1 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH 1 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT 1 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include +#include +#include + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of sncsecud.c */ + diff --git a/sncspkm1.c b/sncspkm1.c new file mode 100644 index 0000000..e565b6d --- /dev/null +++ b/sncspkm1.c @@ -0,0 +1,1060 @@ +static char * this_File = "sncspkm1.c"; +static char * cvs_id = + "$Id: sncspkm1.c,v 1.1.1.1 1999/08/24 14:36:21 d019080 Exp $"; +/* + * (C) Copyright 1999 SAP AG Walldorf + * + * SAP AG DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SAP AG BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE + * OF THIS SOFTWARE. + */ + + + + +/************************************************************************/ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/* */ +/* Configurable Parameters that describe the characteristics */ +/* of the security mechanism to which this adapter interfaces */ +/* To register a MECH_PREFIX or MECH_ID with SAP, */ +/* send a request via Email to including */ +/* the following information: */ +/* - mechanism OID of gssapi mechanism */ +/* - gssapi mechanism name (for open protocol specs) */ +/* OR product name of proprietary gssapi mechanism */ +/* - default nametype OID */ +/* - proposed printable prefix (up to seven characters) */ +/* - Email address of technical contact */ +/* */ +/* In case you're implementing a published gssapi mechanism spec, */ +/* a SAPGSS_MECH_ID and SAPGSS_MECH_PREFIX may already be assigned. */ +/* You can check the "sncgss.h" Header file first. */ +/* */ +/* */ +/* ADAPTER_MECH_NAME Name of gssapi mechanism protocol */ +/* (for open protocol specifications) */ +/* OR name of a software product for */ +/* a proprietary gssapi mechanism */ +/* */ +/* ADAPTER_MECH_PREFIX (must REGISTER with SAP) */ +/* ASCII-string up to 7 chars to */ +/* identify the mechanism */ +/* */ +/* ADAPTER_MECH_ID (must REGISTER with SAP) */ +/* numeric constant taken from the */ +/* SAPGSS_MECH_ID enumerator in "sncgss.h" */ +/* */ +/* ADAPTER_MECHANISM_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the gssapi mechanism to which this */ +/* SNC-Adapter will be linked */ +/* */ +/* ADAPTER_NAMETYPE_OID ASN.1 OID (written as gss_OID_desc) */ +/* of the default/canonical/native nametype*/ +/* of above gssapi mechanism */ +/* */ +/* ADAPTER_MAJOR_REVISION cosmetic, no functional purpose */ +/* ADAPTER_MINOR_REVISION cosmetic, no functional purpose */ +/* */ +/* ADAPTER_CONF_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message confidentiality protection */ +/* for all established security contexts */ +/* */ +/* ADAPTER_INTEG_AVAIL (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of message integrity protection for all */ +/* established security contexts */ +/* */ +/* ADAPTER_MUTUAL_AUTH (0 or 1) REQUIRED */ +/* implemenation guarantees availability */ +/* of mutual authentication on security */ +/* contexts. Absence of mutual auth is */ +/* a serious security problem in */ +/* distributed applications */ +/* */ +/* ADAPTER_REPLAY_PROT (0 or 1) REQUIRED */ +/* implementation guarantees availability */ +/* of replay detection of protected */ +/* messages on all security contexts. */ +/* SAP R/3 process all messages on a */ +/* particular security context strictly */ +/* sequential, so it's acceptable */ +/* if replay detection is only available */ +/* in combination with sequence protection */ +/* */ +/* >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> */ +/************************************************************************/ + + +#define ADAPTER_MECH_NAME SAPGSS_SPKM1_NAME + /* Name of the gssapi mechanism or product */ + /* that this SNC-Adapter interfaces to */ + /* (less than 80 characters, please !!) */ + + +#define ADAPTER_MECH_PREFIX SAPGSS_SPKM1_PREFIX + /* Mech prefix for mechanism */ + /* (register this prefix with SAP) */ + /* Alphanumeric, must be <= 7 characters long */ + /* This prefix may be used within SNC-Names */ + /* i.e. "p/sapntlm:NTDomain\User" */ + + +#define ADAPTER_MECH_ID SAPGSS_ID_SPKM1 + /* Mechanism identifier */ + /* numeric (16-bit unsigned integer) */ + /* used internally by SNC for tagging */ + /* and to distinguish different gssapi mechs */ + + + /* ASN.1 OID of the gssapi mechanism to which this */ + /* SNC-Adapter is linked */ +#define ADAPTER_MECHANISM_OID SAPGSS_SPKM1_MECH_OID + + /* ASN.1 OID of the default/canonical nametype that */ + /* this gssapi mechanism will accept with gss_import_name() */ + /* and emit with gss_display_name() for canonical names */ +#define ADAPTER_NAMETYPE_OID SAPGSS_SPKM1_CNAME_OID + + +/*******************/ +/* 16-bit Integers */ +/*******************/ +#define ADAPTER_MAJOR_REVISION 1 /* indicates API changes */ + +#define ADAPTER_MINOR_REVISION 0 /* indicates fixes or */ + /* cosmetic changes */ + +/*******************/ +/* BOOLEAN values */ +/*******************/ +#define ADAPTER_CONF_AVAIL 1 /* Confidentiality available */ +#define ADAPTER_INTEG_AVAIL 1 /* Integrity available */ + +#define ADAPTER_MUTUAL_AUTH 1 /* supports mutual authentication */ +#define ADAPTER_REPLAY_PROT 1 /* supports message replay detection */ + + +/************************************************************************/ +/*>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ +/************************************************************************/ + + + + +/* Some ANSI-C standard headers */ +#include +#include +#include + +/**********************************************************************/ +/* */ +/* Microsoft Windows DLL support */ +/* */ +/**********************************************************************/ + +#ifdef _WIN32 +# include + BOOL APIENTRY + DllMain(HANDLE hInst, DWORD ul_reason_being_called, LPVOID lpReserved) + { + return 1; + + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(ul_reason_being_called); + UNREFERENCED_PARAMETER(lpReserved); + } +#else + +# if defined(_WINDOWS) +# include +# ifndef UNREFERENCED_PARAMETER +# define UNREFERENCED_PARAMETER(x) ((x)=(x)) +# endif + + BOOL CALLBACK + LibMain (HINSTANCE hInst, WORD wDataSeg, WORD cbHeap, LPSTR CmdLine) + { + UNREFERENCED_PARAMETER(hInst); + UNREFERENCED_PARAMETER(wDataSeg); + UNREFERENCED_PARAMETER(cbHeap); + UNREFERENCED_PARAMETER(CmdLine); + + return 1; + } + + int CALLBACK __export + WEP(int nParam) + { + UNREFERENCED_PARAMETER(nParam); + + return 1; + } +# endif + +#endif + +/**********************************************************************/ +/* */ +/* Import interface */ +/* - include files of other projects */ +/* Declare gss_* function prototypes as __declspec(dllimport) */ +/* */ +/**********************************************************************/ + +#include "platform.h" + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO IMPORT_DATA +#define DLL_FUNC_DECO IMPORT_FUNCTION +#include "gssapi_2.h" + +/**********************************************************************/ +/* */ +/* Export interface */ +/* - header files of this project */ +/* Declare our sapgss_* function prototypes as __declspec(dllexport) */ +/* */ +/**********************************************************************/ + +#undef DLL_DATA_DECO +#undef DLL_FUNC_DECO +#define DLL_DATA_DECO EXPORT_DATA +#define DLL_FUNC_DECO EXPORT_FUNCTION +#include "sncgss.h" + + + + +/************************************************************************/ +/* (27-jun-95) Martin Rex */ +/* With the following two macros one can convert macros into */ +/* string literals to include them in constant strings. */ +/* see ANSI-C, X3.159-1989 section 3.8.3.2 and example on pg. 93 */ +/************************************************************************/ +#define LITERAL_MACRO(x) # x +#define XLITERAL_MACRO(x) LITERAL_MACRO(x) + + + +/****************************************************/ +/* we don't need to export/share OID data at the */ +/* shared library interface for SAP R/3, */ +/* and is not part of the draft-ietf-cat-wingss-... */ +/****************************************************/ + +static gss_OID_desc oids[] = { + ADAPTER_NAMETYPE_OID, /* nametype OID for canonical printable name */ + ADAPTER_MECHANISM_OID /* mechanism OID of the gssapi mechanism */ +}; + +static gss_OID sapsnc_nt_canon_printable_name = &(oids[0]); +static gss_OID sapsnc_mech_oid = &(oids[1]); + +#define SAPSNC_CANON_NAME_OID sapsnc_nt_canon_printable_name + +/********************************************************************** + * sapsnc_init_adapter(): + * + * Description: + * This function must be called before other functions of the + * gss-api are used. It sets up all translation pointers + * exported by the gss-api. + * + * Parameters: + * p_info IN REF the structure referenced by this + * pointer (see sapgss.h) describes + * some characteristics of the security + * mechanism to which this adapter interfaces + * + * p_length IN Length of the structure supplied by the + * SNC-Layer. + * Initialization policy for future enhancements: + * * SNC-Layer zeroes out structure before calling. + * * future extensions must be appended to the + * existing structure only + * * Unknown structure elements will not be changed. + * * The Adapter must initialize only fields known + * to the calling SNC-layer + * (i.e. no elements past p_length) + * + * Returns: + * 0 Initialization o.k. + * -1 FAILURE -- something is definitely broken if this happens + **********************************************************************/ +OM_uint32 EXPORT_FUNCTION +sapsnc_init_adapter( struct sapgss_info_s *p_info, size_t p_length, + int adapter_idx ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + if ( p_info==NULL || p_length<=SNCADAPT_BASIC_INFO_LEN ) { + + /* At least we want to fill in the basic set of information */ + return(1); + + } else { + + memset( p_info, 0, p_length ); + + p_info->major_rev = (int) ADAPTER_MAJOR_REVISION; + p_info->minor_rev = (int) ADAPTER_MINOR_REVISION; + + p_info->adapter_name = + "External SNC-Adapter" + " (Rev " XLITERAL_MACRO(ADAPTER_MAJOR_REVISION) + "." XLITERAL_MACRO(ADAPTER_MINOR_REVISION) ") to " + ADAPTER_MECH_NAME; + + p_info->mech_id = ADAPTER_MECH_ID; + + p_info->nt_canonical_name = SAPSNC_CANON_NAME_OID; + p_info->nt_private_name1 = sapsnc_nt_canon_printable_name; + p_info->nt_private_name2 = (gss_OID_desc *)0; + p_info->nt_private_name3 = (gss_OID_desc *)0; + p_info->nt_private_name4 = (gss_OID_desc *)0; + + p_info->integ_avail = ADAPTER_INTEG_AVAIL; + p_info->conf_avail = ADAPTER_CONF_AVAIL; + p_info->unused1 = 0; /* historic/expirmental, MUST be 0 */ + p_info->export_sec_context = 1; /* required functionality, MUST be 1 */ + p_info->mutual_auth = ADAPTER_MUTUAL_AUTH; + p_info->replay_prot = ADAPTER_REPLAY_PROT; + + p_info->unused2 = 0; /* historic/experimental, MUST be 0 */ + + p_info->mech_prefix_string = ADAPTER_MECH_PREFIX; + + if ( p_length>=SNCADAPT_INFO_LEN(mech_oid) ) { + p_info->mech_oid = sapsnc_mech_oid; + } + + } + + /* Initialize future elements only if the supplied structure is large */ + /* enough, */ + /* i.e. the calling SNC-layer is as recent or newer as the adapter */ + + return(0); + +} /* sapsnc_init_adapter() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ + +OM_uint32 EXPORT_FUNCTION +sapsnc_export_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + UNREFERENCED_PARAMETER(in_name); + + if ( out_identity!=NULL ) { + out_identity->length = 0; + out_identity->value = NULL; + } + + if ( min_stat!=NULL ) + (*min_stat) = 0; + + return(GSS_S_FAILURE); + +} /* sapsnc_export_cname_blob() */ + + + +/* + * sapsnc_export_cname_blob() + * + * BETTER LEAVE THIS ALONE !! + * + * This call was a temporary intermediate before the two calls + * gss_canonicalize_name() and gss_export_name() were added + * to the GSS-API v2 spec. + * + * However it is still required for R/3 up to 3.1H components + * and for interoperability with those components or incomplete + * gssapi v2 implementations of (MIT) Kerberos 5 and SECUDE + */ +OM_uint32 EXPORT_FUNCTION +sapsnc_import_cname_blob( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_name_t * out_name, /* output_name */ + int adapter_idx + ) +{ + UNREFERENCED_PARAMETER(adapter_idx); + + return( gss_import_name( min_stat, in_identity, + (gss_OID)SAPSNC_CANON_NAME_OID, out_name ) ); + +} /* sapsnc_import_cname_blob() */ + + +/********************************************************************* + * + * All functions following this comment are CALL ADAPTERS + * to the GSS-API functions. + * + *********************************************************************/ + +/**********************************************************************/ +/**********************************************************************/ +/******************* *******************/ +/******************* GSS-API v1 ( RFC 1508/1509 ) *******************/ +/******************* *******************/ +/**********************************************************************/ +/**********************************************************************/ + + +/* sapgss_acquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_acquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_name_t my_gss_name, /* desired_name */ + OM_uint32 in_lifetime, /* time_req */ + gss_OID_set in_mechs, /* desired_mechs */ + gss_cred_usage_t in_cred_usage, /* cred_usage */ + gss_cred_id_t * out_cred, /* output_cred_handle */ + gss_OID_set * out_mechs, /* actual_mechs */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_acquire_cred( min_stat, my_gss_name, in_lifetime, + in_mechs, in_cred_usage, + out_cred, out_mechs, out_lifetime ) ); +} + + + +/* sapgss_release_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t * in_cred /* cred_handle */ + ) +{ + return( gss_release_cred( min_stat, in_cred ) ); +} + + + +/* sapgss_init_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_init_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* claimant_cred_handle */ + gss_ctx_id_t * in_context, /* context_handle */ + gss_name_t in_name, /* target_name */ + gss_OID in_mech, /* mech_type */ + OM_uint32 in_service_opts, /* req_flags */ + OM_uint32 in_lifetime, /* time_req */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_buffer_t in_token, /* input_token */ + gss_OID * out_mech, /* actual_mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 * out_service_opts, /* ret_flags */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_init_sec_context( min_stat, in_cred, in_context, in_name, + in_mech, in_service_opts, in_lifetime, + in_channel_bind, in_token, out_mech, + out_token, out_service_opts, out_lifetime ) ); +} + + + +/* sapgss_accept_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_accept_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_cred_id_t in_cred, /* verifier_cred_handle */ + gss_buffer_t in_token, /* input_token_buffer */ + gss_channel_bindings_t + in_channel_bind, /* input_chan_bindings */ + gss_name_t *peer_name, /* src_name */ + gss_OID *out_mech, /* mech_type */ + gss_buffer_t out_token, /* output_token */ + OM_uint32 *out_service_opts, /* ret_flags */ + OM_uint32 *out_lifetime, /* time_rec */ + gss_cred_id_t *out_cred /* delegated_cred_handle */ + ) +{ + return( gss_accept_sec_context( min_stat, in_context, in_cred, in_token, + in_channel_bind, peer_name, out_mech, + out_token, out_service_opts, out_lifetime, + out_cred ) ); +} + + + +/* sapgss_process_context_token() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_process_context_token( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token /* token_buffer */ + ) +{ + return( gss_process_context_token( min_stat, in_context, in_token ) ); +} + + + +/* sapgss_delete_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_delete_sec_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t *in_context, /* context_handle */ + gss_buffer_t out_token /* output_token */ + ) +{ + return( gss_delete_sec_context( min_stat, in_context, out_token ) ); +} + + + +/* sapgss_context_time() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_context_time( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + OM_uint32 * out_lifetime /* time_rec */ + ) +{ + return( gss_context_time( min_stat, in_context, out_lifetime ) ); +} + + + +/* sapgss_get_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_get_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t out_token /* message_token */ + ) +{ + return( gss_get_mic( min_stat, in_context, in_qop, in_msg, out_token ) ); +} + + + +/* sapgss_verify_mic() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_verify_mic( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_msg, /* message_buffer */ + gss_buffer_t in_token, /* token_buffer */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_verify_mic( min_stat, in_context, in_msg, in_token, out_qop ) ); +} + + + +/* sapgss_wrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_wrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t in_qop, /* qop_req */ + gss_buffer_t in_msg, /* input_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_buffer_t out_token /* output_message_buffer */ + ) +{ + return( gss_wrap( min_stat, in_context, in_want_conf, + in_qop, in_msg, out_is_conf, out_token ) ); +} + + + +/* sapgss_unwrap() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_unwrap( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_buffer_t in_token, /* input_message_buffer */ + gss_buffer_t out_msg, /* output_message_buffer */ + int * out_is_conf, /* conf_state */ + gss_qop_t * out_qop /* qop_state */ + ) +{ + return( gss_unwrap( min_stat, in_context, in_token, + out_msg, out_is_conf, out_qop ) ); +} + + + +/* sapgss_display_status() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_status( + OM_uint32 *min_stat, /* minor_status */ + OM_uint32 in_status, /* status_value */ + int in_status_type, /* status_type */ + gss_OID in_mech, /* mech_type */ + OM_uint32 *out_more_text, /* message_context */ + gss_buffer_t out_text /* status_string */ + ) +{ + return( gss_display_status( min_stat, in_status, in_status_type, + in_mech, out_more_text, out_text ) ); +} + + + +/* + * sapgss_indicate_mechs() + * + * IMPORTANT: This call MUST return the correct mech_OID + * for this implementation in the first position of the + * out_mechs OID array! + */ +OM_uint32 EXPORT_FUNCTION +sapgss_indicate_mechs( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *out_mechs /* mech_set */ + ) +{ + OM_uint32 maj_stat; + OM_uint32 min_stat2; + + maj_stat = gss_indicate_mechs( min_stat, out_mechs ); + + if ( maj_stat==GSS_S_COMPLETE ) { + if ( out_mechs==NULL + || (*out_mechs)==GSS_C_NO_OID_SET + || (*out_mechs)->count==0 + || (*out_mechs)->elements==GSS_C_NO_OID + || ((*out_mechs)->elements[0]).length!=sapsnc_mech_oid->length + || memcmp( ((*out_mechs)->elements[0]).elements, + sapsnc_mech_oid->elements, sapsnc_mech_oid->length )!=0 ) { + + (void)sapgss_release_oid_set( &min_stat2, out_mechs ); + + (*out_mechs) = GSS_C_NO_OID_SET; + (*min_stat) = 0; + + return(GSS_S_BAD_MECH); + + } + } + + return(maj_stat); + +} + + + +/* sapgss_compare_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_compare_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name1, /* name1 */ + gss_name_t in_name2, /* name2 */ + int *out_are_equal /* name_equal */ + ) +{ + return( gss_compare_name( min_stat, in_name1, in_name2, out_are_equal ) ); +} + + + +/* sapgss_display_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_display_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t in_name, /* input_name */ + gss_buffer_t out_identity, /* output_name_buffer */ + gss_OID *out_oid /* output_name_type */ + ) +{ + return( gss_display_name( min_stat, in_name, out_identity, out_oid ) ); +} + + + +/* sapgss_import_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_name( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_identity, /* input_name_buffer */ + gss_OID in_oid, /* input_name_type */ + gss_name_t *out_name /* output_name */ + ) +{ + return( gss_import_name( min_stat, in_identity, in_oid, out_name ) ); +} + + + +/* sapgss_release_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_name( + OM_uint32 *min_stat, /* minor_status */ + gss_name_t *in_name /* input_name */ + ) +{ + return( gss_release_name( min_stat, in_name ) ); +} + + + +/* sapgss_release_buffer() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_buffer( + OM_uint32 *min_stat, /* minor_status */ + gss_buffer_t in_buffer /* buffer */ + ) +{ + return( gss_release_buffer( min_stat, in_buffer ) ); +} + + + +/* sapgss_release_oid_set() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_release_oid_set( + OM_uint32 *min_stat, /* minor_status */ + gss_OID_set *in_oids /* set */ + ) +{ + return( gss_release_oid_set( min_stat, in_oids ) ); +} + + + +/* sapgss_inquire_cred() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred( + OM_uint32 * min_stat, /* minor_status */ + gss_cred_id_t in_cred, /* cred_handle */ + gss_name_t * out_name, /* name */ + OM_uint32 * out_lifetime, /* lifetime */ + gss_cred_usage_t * out_cred_usage, /* cred_usage */ + gss_OID_set * out_mechs /* mechanisms */ + ) +{ + return( gss_inquire_cred( min_stat, in_cred, out_name, + out_lifetime, out_cred_usage, out_mechs ) ); +} + + +/**********************************************************************/ +/**********************************************************************/ +/******************* ********************/ +/******************* New fuctions for GSS-API v2 ********************/ +/******************* ********************/ +/**********************************************************************/ +/**********************************************************************/ + +/* + * sapgss_add_cred() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_cred( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t input_cred_handle, /* input_cred_handle */ + gss_name_t desired_name, /* desired_name */ + gss_OID desired_mech, /* desired_mech */ + gss_cred_usage_t cred_usage, /* cred_usage */ + OM_uint32 initiator_time_req, /* initiator_time_req */ + OM_uint32 acceptor_time_req, /* acceptor_time_req */ + gss_cred_id_t FAR * output_cred_handle, /* output_cred_handle */ + gss_OID_set FAR * actual_mechs, /* actual_mechs */ + OM_uint32 FAR * initiator_time_rec, /* initiator_time_rec */ + OM_uint32 FAR * acceptor_time_rec /* acceptor_time_rec */ + ) +{ + return( gss_add_cred( min_stat, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, + acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec ) ); +} + + + +/* + * sapgss_inquire_cred_by_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_cred_by_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_cred_id_t cred_handle, /* cred_handle */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * name, /* name */ + OM_uint32 FAR * initiator_lifetime, /* initiator_lifetime */ + OM_uint32 FAR * acceptor_lifetime, /* acceptor_lifetime */ + gss_cred_usage_t FAR * cred_usage /* cred_usage */ + ) +{ + return( gss_inquire_cred_by_mech( min_stat, cred_handle, mech_type, + name, initiator_lifetime, + acceptor_lifetime, cred_usage ) ); +} + + + +/* sapgss_inquire_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_context( + OM_uint32 *min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context_handle */ + gss_name_t *out_myname, /* initiator_name */ + gss_name_t *out_peername, /* acceptor_name */ + OM_uint32 *out_lifetime, /* lifetime_rec */ + gss_OID *out_mech, /* mech_type */ + OM_uint32 *out_service_opts, /* ctx_flags */ + int *out_initiator, /* locally_initiated */ + int *out_open /* open */ + ) +{ + return( gss_inquire_context( min_stat, in_context, out_myname, + out_peername, out_lifetime, out_mech, + out_service_opts, out_initiator, out_open) ); +} + + + +/* + * sapgss_wrap_size_limit() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ +OM_uint32 EXPORT_FUNCTION +sapgss_wrap_size_limit( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t in_context, /* context handle */ + int in_want_conf, /* conf_req_flag */ + gss_qop_t qop_req, /* qop_req */ + OM_uint32 out_size, /* requested output size */ + OM_uint32 * max_in_size /* maximum input size */ + ) +{ + return( gss_wrap_size_limit( min_stat, in_context, in_want_conf, + qop_req, out_size, max_in_size) ); +} + + + +/* sapgss_export_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_ctx_id_t * in_ctx, /* context_handle */ + gss_buffer_t out_buffer /* interprocess_token */ + ) +{ + return( gss_export_sec_context( min_stat, in_ctx, out_buffer ) ); +} + + + +/* sapgss_import_sec_context() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_import_sec_context( + OM_uint32 * min_stat, /* minor_status */ + gss_buffer_t in_buffer, /* interprocess_token */ + gss_ctx_id_t * out_ctx /* context_handle */ + ) +{ + return( gss_import_sec_context( min_stat, in_buffer, out_ctx ) ); +} + + + +/* + * sapgss_create_empty_oid_set() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_create_empty_oid_set( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_create_empty_oid_set( min_stat, oid_set ) ); +} + + + +/* + * sapgss_add_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_add_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member_oid, /* member_oid */ + gss_OID_set FAR * oid_set /* oid_set */ + ) +{ + return( gss_add_oid_set_member( min_stat, member_oid, oid_set ) ); +} + + + +/* + * sapgss_test_oid_set_member() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_test_oid_set_member( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID member, /* member */ + gss_OID_set set, /* set */ + int FAR * present /* present */ + ) +{ + return( gss_test_oid_set_member( min_stat, member, set, present ) ); +} + + + +/* + * sapgss_inquire_names_for_mech() + * + * Status: not used by SNC in R/3 release 3.x and 4.0 + * this may change in future releases + */ + +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_names_for_mech( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_OID mech_oid, /* mechanism_oid */ + gss_OID_set FAR * name_types /* name_types */ + ) +{ + return( gss_inquire_names_for_mech( min_stat, mech_oid, name_types ) ); +} + + + +/* + * sapgss_inquire_mechs_for_name() + * + * Status: don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_inquire_mechs_for_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID_set FAR * mech_set /* mechanism_oids */ + ) +{ + return( gss_inquire_mechs_for_name( min_stat, input_name, mech_set ) ); +} + + +/* sapgss_canonicalize_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_canonicalize_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_OID mech_type, /* mech_type */ + gss_name_t FAR * output_name /* output_name */ + ) +{ + return( gss_canonicalize_name( min_stat, input_name, + mech_type, output_name ) ); +} + + +/* sapgss_export_name() */ + +OM_uint32 EXPORT_FUNCTION +sapgss_export_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t input_name, /* input_name */ + gss_buffer_t output_name_blob /* output_name_blob */ + ) +{ + return( gss_export_name( min_stat, input_name, output_name_blob ) ); +} + + +/* + * sapgss_duplicate_name() + * + * Status: Don't care + */ +OM_uint32 EXPORT_FUNCTION +sapgss_duplicate_name( + OM_uint32 FAR * min_stat, /* minor_status */ + gss_name_t src_name, /* src_name */ + gss_name_t FAR * dest_name /* dest_name */ + ) +{ + return( gss_duplicate_name( min_stat, src_name, dest_name ) ); +} + + +/* end of sncspkm1.c */ + -- cgit v1.2.3