usr/src/lib/libc/inc/rpcsvc/nis_dhext.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26
  27 /*
  28  *      nis_dhext.h: NIS+ extended Diffie-Hellman interface.
  29  */
  30
  31 #ifndef _NIS_DHEXT_H
  32 #define _NIS_DHEXT_H
  33
  34 #pragma ident   "%Z%%M% %I%     %E% SMI"
  35
  36 #ifdef __cplusplus
  37 extern "C" {
  38 #endif
  39
  40 #include <rpc/rpc.h>
  41 #include <rpc/key_prot.h>
  42 #include <rpcsvc/nis.h>   /* to get nis_server */
  43
  44
  45 #define AUTH_DES_KEYLEN  192
  46 #define AUTH_DES_ALGTYPE 0
  47 #define AUTH_DES_AUTH_TYPE "DES"
  48
  49 #define AUTH_DES_KEY(k, a) (((k) == AUTH_DES_KEYLEN) && \
  50                             ((a) == AUTH_DES_ALGTYPE))
  51
  52 #define BITS2NIBBLES(b) ((b)/4)
  53
  54 #define NIS_SVCNAME_NISD        "nisd"
  55 #define NIS_SVCNAME_NISPASSWD   "nispasswd"
  56
  57 typedef struct extdhkey {
  58         ushort_t        keylen;
  59         ushort_t        algtype;
  60         uchar_t         key[1];
  61 } extdhkey_t;
  62
  63 char *__nis_dhext_extract_pkey(netobj *, keylen_t, algtype_t);
  64 int __nis_dhext_extract_keyinfo(nis_server *, extdhkey_t **);
  65
  66
  67 /*
  68  * NIS+ Security conf file
  69  */
  70
  71 #define NIS_SEC_CF_PATHNAME             "/etc/rpcsec/nisplussec.conf"
  72 #define NIS_SEC_CF_MAX_FLDLEN           MAX_GSS_NAME
  73
  74
  75 typedef struct {
  76                 char                    *mechname;
  77                 char                    *alias;
  78                 keylen_t                keylen;
  79                 algtype_t               algtype;
  80                 char                    *qop;
  81                 rpc_gss_service_t       secserv;
  82 } mechanism_t;
  83
  84 /* The string that indicates AUTH_DES compat in the nis sec conf file. */
  85 #define NIS_SEC_CF_DES_ALIAS            "des"
  86
  87 /*
  88  * The value a keylen or algtype mechanism_t element will be set
  89  * to if the conf file indicates "not applicable" for that field.
  90  * Except if the alias is equal to NIS_SEC_CF_DES_ALIAS,
  91  * then the keylen is set to 192 and the algtype to 0.
  92  */
  93 #define NIS_SEC_CF_NA_KA                -1
  94
  95 /* Is the NIS+ security conf file mech entry a real live GSS mech? */
  96 #define NIS_SEC_CF_GSS_MECH(mp) ((mp)->mechname != NULL)
  97
  98 #define AUTH_DES_COMPAT_CHK(mp) ((mp)->alias && \
  99                                         (strncasecmp(NIS_SEC_CF_DES_ALIAS, \
 100                                         (mp)->alias,\
 101                                         sizeof (NIS_SEC_CF_DES_ALIAS) + 1) \
 102                                         == 0))
 103
 104 #define VALID_GSS_MECH(m)       ((m) != NULL)
 105
 106 /* valid keylen and algtype check */
 107 #define VALID_KEYALG(k, a)      ((k) != NIS_SEC_CF_NA_KA && \
 108                                         (a) != NIS_SEC_CF_NA_KA)
 109
 110 #define VALID_ALIAS(a)  ((a) != NULL)
 111
 112 #define VALID_MECH_ENTRY(mp) (VALID_GSS_MECH((mp)->mechname) && \
 113                                 VALID_KEYALG((mp)->keylen, (mp)->algtype) &&\
 114                                 VALID_ALIAS((mp)->alias))
 115
 116 /* Is the mech entry of the public key crypto variety? */
 117 #define MECH_PK_TECH(mp)  (((mp)->alias)[0] == 'd' && ((mp)->alias)[1] == 'h')
 118
 119 #define MECH_MAXATNAME 32       /* Mechanism max size of auth_type name */
 120 #define MECH_MAXALIASNAME 32    /* Mechanism max size of mech alias name */
 121
 122 mechanism_t ** __nis_get_mechanisms(bool_t);
 123 int __nis_translate_mechanism(const char *, int *, int *);
 124 void __nis_release_mechanisms(mechanism_t **);
 125 char *__nis_mechname2alias(const char *, char *, size_t);
 126 char *__nis_authtype2mechalias(const char *, char *, size_t);
 127 char *__nis_mechalias2authtype(const char *, char *, size_t);
 128 char *__nis_keyalg2mechalias(keylen_t, algtype_t, char *, size_t);
 129 char *__nis_keyalg2authtype(keylen_t, algtype_t, char *, size_t);
 130
 131
 132 /*
 133  * NIS+ GSS Mech Dynamic Library Loading
 134  */
 135
 136 #define MAXDHNAME       64
 137
 138 char *__nis_get_mechanism_library(keylen_t keylen, algtype_t algtype,
 139                                         char *buffer, size_t buflen);
 140
 141 void *__nis_get_mechanism_symbol(keylen_t keylen, algtype_t algtype,
 142                                         const char *);
 143
 144
 145 /*
 146  * misc prototypes
 147  */
 148
 149 CLIENT *nis_make_rpchandle_gss_svc(nis_server *, int, rpcprog_t, rpcvers_t,
 150                                         uint_t, int, int, char *, char *);
 151 CLIENT *nis_make_rpchandle_gss_svc_ruid(nis_server *, int, rpcprog_t, rpcvers_t,
 152                                         uint_t, int, int, char *, char *);
 153 nis_server *__nis_host2nis_server_g(const char *, bool_t, bool_t, int *);
 154 int __nis_gssprin2netname(rpc_gss_principal_t, char []);
 155 void __nis_auth2princ_rpcgss(char *, struct svc_req *, bool_t, int);
 156
 157 void des_setparity_g(des_block *);
 158 int getpublickey_g(const char [], keylen_t, algtype_t, char *, size_t);
 159 int getsecretkey_g(const char *, keylen_t, algtype_t, char *, size_t,
 160                         const char *);
 161 int __getpublickey_cached_g(const char [], keylen_t, algtype_t, char *, size_t,
 162                                         int *);
 163 void __getpublickey_flush_g(const char *, keylen_t, algtype_t);
 164 int __gen_dhkeys_g(char *, char *, keylen_t, algtype_t, char *);
 165 int __gen_common_dhkeys_g(char *, char *, keylen_t, algtype_t, des_block [],
 166         keynum_t);
 167 int __cbc_triple_crypt(des_block [], char *, uint_t, uint_t, char *);
 168 int key_get_conv_g(const char *, keylen_t, algtype_t, des_block [], keynum_t);
 169 int key_secretkey_is_set_g(keylen_t, algtype_t);
 170 int key_removesecret_g(void);
 171 int key_setnet_g(const char *, const char *, keylen_t, const char *,
 172                         keylen_t, algtype_t);
 173 int xdecrypt_g(char *, keylen_t, algtype_t, const char *, const char [],
 174                 bool_t);
 175
 176 #ifdef __cplusplus
 177 }
 178 #endif
 179
 180 #endif /* !_NIS_DHEXT_H */