illumos-gate Sdiff usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto

Print this page

6429 SMB domain join doesn't work with libreSSL

  94      * Solaris Kerberos:
  95      * If PKCS#11 is already being used by the process then C_Finalize should
  96      * not be called by pkinit as it would invalidate any PKCS#11 sessions the
  97      * process was using prior to loading the pkinit plugin. "finalize_pkcs11"
  98      * indicates whether or not C_Finalize should be called by pkinit.
  99      */
 100     krb5_boolean finalize_pkcs11;
 101 #endif
 102 };
 103 
 104 /* Solaris Kerberos: need to know if login was done */
 105 #define C_LOGIN_DONE 0x1 /* The session is logged in. */
 106 #define C_PROMPTED_USER 0x2 /* The user was prompted for token. */
 107 #define C_SKIP_PKCS11_AUTH 0x4 /* User does not want to do PKCS11 auth */
 108 
 109 struct _pkinit_plg_crypto_context {
 110     DH *dh_1024;
 111     DH *dh_2048;
 112     DH *dh_4096;
 113     ASN1_OBJECT *id_pkinit_authData;
 114     ASN1_OBJECT *id_pkinit_authData9;
 115     ASN1_OBJECT *id_pkinit_DHKeyData;
 116     ASN1_OBJECT *id_pkinit_rkeyData;
 117     ASN1_OBJECT *id_pkinit_san;
 118     ASN1_OBJECT *id_ms_san_upn;
 119     ASN1_OBJECT *id_pkinit_KPClientAuth;
 120     ASN1_OBJECT *id_pkinit_KPKdc;
 121     ASN1_OBJECT *id_ms_kp_sc_logon;
 122     ASN1_OBJECT *id_kp_serverAuth;
 123 };
 124 
 125 struct _pkinit_req_crypto_context {
 126     X509 *received_cert;
 127     DH *dh;
 128 };
 129 
 130 #define CERT_MAGIC 0x53534c43
 131 struct _pkinit_cert_data {
 132     unsigned int magic;
 133     pkinit_plg_crypto_context plgctx;
 134     pkinit_req_crypto_context reqctx;

  94      * Solaris Kerberos:
  95      * If PKCS#11 is already being used by the process then C_Finalize should
  96      * not be called by pkinit as it would invalidate any PKCS#11 sessions the
  97      * process was using prior to loading the pkinit plugin. "finalize_pkcs11"
  98      * indicates whether or not C_Finalize should be called by pkinit.
  99      */
 100     krb5_boolean finalize_pkcs11;
 101 #endif
 102 };
 103 
 104 /* Solaris Kerberos: need to know if login was done */
 105 #define C_LOGIN_DONE 0x1 /* The session is logged in. */
 106 #define C_PROMPTED_USER 0x2 /* The user was prompted for token. */
 107 #define C_SKIP_PKCS11_AUTH 0x4 /* User does not want to do PKCS11 auth */
 108 
 109 struct _pkinit_plg_crypto_context {
 110     DH *dh_1024;
 111     DH *dh_2048;
 112     DH *dh_4096;
 113     ASN1_OBJECT *id_pkinit_authData;

 114     ASN1_OBJECT *id_pkinit_DHKeyData;
 115     ASN1_OBJECT *id_pkinit_rkeyData;
 116     ASN1_OBJECT *id_pkinit_san;
 117     ASN1_OBJECT *id_ms_san_upn;
 118     ASN1_OBJECT *id_pkinit_KPClientAuth;
 119     ASN1_OBJECT *id_pkinit_KPKdc;
 120     ASN1_OBJECT *id_ms_kp_sc_logon;
 121     ASN1_OBJECT *id_kp_serverAuth;
 122 };
 123 
 124 struct _pkinit_req_crypto_context {
 125     X509 *received_cert;
 126     DH *dh;
 127 };
 128 
 129 #define CERT_MAGIC 0x53534c43
 130 struct _pkinit_cert_data {
 131     unsigned int magic;
 132     pkinit_plg_crypto_context plgctx;
 133     pkinit_req_crypto_context reqctx;