usr/src/uts/common/gssapi/gssapi_ext.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
  23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  *
  26  * Private extensions and utilities to the GSS-API.
  27  * These are not part of the GSS-API specification
  28  * but may be useful to GSS-API users.
  29  */
  30
  31 #ifndef _GSSAPI_EXT_H
  32 #define _GSSAPI_EXT_H
  33
  34 #include <gssapi/gssapi.h>
  35 #ifdef  _KERNEL
  36 #include <sys/systm.h>
  37 #else
  38 #include <strings.h>
  39 #endif
  40
  41
  42 #ifdef  __cplusplus
  43 extern "C" {
  44 #endif
  45
  46 /* MACRO for comparison of gss_OID's */
  47 #define g_OID_equal(o1, o2) \
  48         (((o1)->length == (o2)->length) && \
  49         (memcmp((o1)->elements, (o2)->elements, (int)(o1)->length) == 0))
  50
  51
  52 /*
  53  * MACRO for copying of OIDs - memory must already be allocated
  54  * o2 is copied to o1
  55  */
  56 #define g_OID_copy(o1, o2) \
  57         bcopy((o2)->elements, (o1)->elements, (o2)->length);\
  58         (o1)->length = (o2)->length;
  59
  60
  61 /* MACRO to check if input buffer is valid */
  62 #define GSS_EMPTY_BUFFER(buf)   ((buf) == NULL ||\
  63         (buf)->value == NULL || (buf)->length == 0)
  64
  65
  66 /*
  67  * GSSAPI Extension functions -- these functions aren't
  68  * in the GSSAPI specification, but are provided in our
  69  * GSS library.
  70  */
  71
  72 #ifndef _KERNEL
  73
  74 /*
  75  * qop configuration file handling.
  76  */
  77 #define MAX_QOP_NUM_PAIRS       128
  78 #define MAX_QOPS_PER_MECH       128
  79
  80 typedef struct _qop_num {
  81         char *qop;
  82         OM_uint32 num;
  83         char *mech;
  84 } qop_num;
  85
  86 OM_uint32
  87 __gss_qop_to_num(
  88         char            *qop,           /* input qop string */
  89         char            *mech,          /* input mech string */
  90         OM_uint32       *num            /* output qop num */
  91 );
  92
  93 OM_uint32
  94 __gss_num_to_qop(
  95         char            *mech,          /* input mech string */
  96         OM_uint32       num,            /* input qop num */
  97         char            **qop           /* output qop name */
  98 );
  99
 100 OM_uint32
 101 __gss_get_mech_info(
 102         char            *mech,          /* input mech string */
 103         char            **qops          /* buffer for return qops */
 104 );
 105
 106 OM_uint32
 107 __gss_mech_qops(
 108         char *mech,                     /* input mech */
 109         qop_num *mech_qops,             /* mech qops buffer */
 110         int *numqops                    /* buffer to return numqops */
 111 );
 112
 113 OM_uint32
 114 __gss_mech_to_oid(
 115         const char *mech,               /* mechanism string name */
 116         gss_OID *oid                    /* mechanism oid */
 117 );
 118
 119 const char *
 120 __gss_oid_to_mech(
 121         const gss_OID oid               /* mechanism oid */
 122 );
 123
 124 OM_uint32
 125 __gss_get_mechanisms(
 126         char *mechArray[],              /* array to populate with mechs */
 127         int arrayLen                    /* length of passed in array */
 128 );
 129
 130 OM_uint32
 131 __gss_get_mech_type(
 132         gss_OID oid,                    /* mechanism oid */
 133         const gss_buffer_t token        /* token */
 134 );
 135
 136 OM_uint32
 137 __gss_userok(
 138         OM_uint32 *,            /* minor status */
 139         const gss_name_t,       /* remote user principal name */
 140         const char *,           /* local unix user name */
 141         int *);                 /* remote principal ok to login w/out pw? */
 142
 143 OM_uint32
 144 gsscred_expname_to_unix_cred(
 145         const gss_buffer_t,     /* export name */
 146         uid_t *,                /* uid out */
 147         gid_t *,                /* gid out */
 148         gid_t *[],              /* gid array out */
 149         int *);                 /* gid array length */
 150
 151 OM_uint32
 152 gsscred_name_to_unix_cred(
 153         const gss_name_t,       /* gss name */
 154         const gss_OID,          /* mechanim type */
 155         uid_t *,                /* uid out */
 156         gid_t *,                /* gid out */
 157         gid_t *[],              /* gid array out */
 158         int *);                 /* gid array length */
 159
 160
 161 /*
 162  * The following function will be used to resolve group
 163  * ids from a UNIX uid.
 164  */
 165 OM_uint32
 166 gss_get_group_info(
 167         const uid_t,            /* entity UNIX uid */
 168         gid_t *,                /* gid out */
 169         gid_t *[],              /* gid array */
 170         int *);                 /* length of the gid array */
 171
 172
 173
 174 OM_uint32
 175 gss_acquire_cred_with_password(
 176         OM_uint32 *             minor_status,
 177         const gss_name_t        desired_name,
 178         const gss_buffer_t      password,
 179         OM_uint32               time_req,
 180         const gss_OID_set       desired_mechs,
 181         int                     cred_usage,
 182         gss_cred_id_t           *output_cred_handle,
 183         gss_OID_set *           actual_mechs,
 184         OM_uint32 *             time_rec);
 185
 186 OM_uint32
 187 gss_add_cred_with_password(
 188         OM_uint32               *minor_status,
 189         const gss_cred_id_t     input_cred_handle,
 190         const gss_name_t        desired_name,
 191         const gss_OID           desired_mech,
 192         const gss_buffer_t      password,
 193         gss_cred_usage_t        cred_usage,
 194         OM_uint32               initiator_time_req,
 195         OM_uint32               acceptor_time_req,
 196         gss_cred_id_t           *output_cred_handle,
 197         gss_OID_set             *actual_mechs,
 198         OM_uint32               *initiator_time_rec,
 199         OM_uint32               *acceptor_time_rec);
 200
 201 /*
 202  * Returns a buffer set with the first member containing the
 203  * session key for SSPI compatibility. The optional second
 204  * member contains an OID identifying the session key type.
 205  */
 206 extern const gss_OID GSS_C_INQ_SSPI_SESSION_KEY;
 207
 208 /*
 209  * For compatability with other GSSAPI implementations.
 210  * This is needed by Samba.
 211  */
 212 extern const gss_OID_desc * const gss_mech_krb5;
 213
 214 #else   /*      _KERNEL */
 215
 216 OM_uint32
 217 kgsscred_expname_to_unix_cred(
 218         const gss_buffer_t expName,
 219         uid_t *uidOut,
 220         gid_t *gidOut,
 221         gid_t *gids[],
 222         int *gidsLen,
 223         uid_t uid);
 224
 225 OM_uint32
 226 kgsscred_name_to_unix_cred(
 227         const gss_name_t intName,
 228         const gss_OID mechType,
 229         uid_t *uidOut,
 230         gid_t *gidOut,
 231         gid_t *gids[],
 232         int *gidsLen,
 233         uid_t uid);
 234
 235 OM_uint32
 236 kgss_get_group_info(
 237         const uid_t puid,
 238         gid_t *gidOut,
 239         gid_t *gids[],
 240         int *gidsLen,
 241         uid_t uid);
 242 #endif
 243
 244 /*
 245  * GGF extensions
 246  */
 247 typedef struct gss_buffer_set_desc_struct {
 248     size_t count;
 249     gss_buffer_desc *elements;
 250 } gss_buffer_set_desc, *gss_buffer_set_t;
 251
 252 #define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t)0)
 253
 254 OM_uint32 gss_create_empty_buffer_set
 255         (OM_uint32 *, /* minor_status */
 256         gss_buffer_set_t *); /* buffer_set */
 257
 258 OM_uint32 gss_add_buffer_set_member
 259         (OM_uint32 *, /* minor_status */
 260         const gss_buffer_t, /* member_buffer */
 261         gss_buffer_set_t *); /* buffer_set */
 262
 263 OM_uint32  gss_release_buffer_set
 264         (OM_uint32 *, /* minor_status */
 265         gss_buffer_set_t *); /* buffer_set */
 266
 267 OM_uint32 gss_inquire_sec_context_by_oid
 268         (OM_uint32 *, /* minor_status */
 269         const gss_ctx_id_t, /* context_handle */
 270         const gss_OID, /* desired_object */
 271         gss_buffer_set_t *); /* data_set */
 272
 273 #ifdef  __cplusplus
 274 }
 275 #endif
 276
 277 #endif  /* _GSSAPI_EXT_H */