1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * nis_dhext.h: NIS+ extended Diffie-Hellman interface. 29 */ 30 31 #ifndef _NIS_DHEXT_H 32 #define _NIS_DHEXT_H 33 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 38 #include <rpc/rpc.h> 39 #include <rpc/key_prot.h> 40 #include <rpcsvc/nis.h> /* to get nis_server */ 41 42 43 #define AUTH_DES_KEYLEN 192 44 #define AUTH_DES_ALGTYPE 0 45 #define AUTH_DES_AUTH_TYPE "DES" 46 47 #define AUTH_DES_KEY(k, a) (((k) == AUTH_DES_KEYLEN) && \ 48 ((a) == AUTH_DES_ALGTYPE)) 49 50 #define BITS2NIBBLES(b) ((b)/4) 51 52 #define NIS_SVCNAME_NISD "nisd" 53 #define NIS_SVCNAME_NISPASSWD "nispasswd" 54 55 typedef struct extdhkey { 56 ushort_t keylen; 57 ushort_t algtype; 58 uchar_t key[1]; 59 } extdhkey_t; 60 61 char *__nis_dhext_extract_pkey(netobj *, keylen_t, algtype_t); 62 int __nis_dhext_extract_keyinfo(nis_server *, extdhkey_t **); 63 64 65 /* 66 * NIS+ Security conf file 67 */ 68 69 #define NIS_SEC_CF_PATHNAME "/etc/rpcsec/nisplussec.conf" 70 #define NIS_SEC_CF_MAX_FLDLEN MAX_GSS_NAME 71 72 73 typedef struct { 74 char *mechname; 75 char *alias; 76 keylen_t keylen; 77 algtype_t algtype; 78 char *qop; 79 rpc_gss_service_t secserv; 80 } mechanism_t; 81 82 /* The string that indicates AUTH_DES compat in the nis sec conf file. */ 83 #define NIS_SEC_CF_DES_ALIAS "des" 84 85 /* 86 * The value a keylen or algtype mechanism_t element will be set 87 * to if the conf file indicates "not applicable" for that field. 88 * Except if the alias is equal to NIS_SEC_CF_DES_ALIAS, 89 * then the keylen is set to 192 and the algtype to 0. 90 */ 91 #define NIS_SEC_CF_NA_KA -1 92 93 /* Is the NIS+ security conf file mech entry a real live GSS mech? */ 94 #define NIS_SEC_CF_GSS_MECH(mp) ((mp)->mechname != NULL) 95 96 #define AUTH_DES_COMPAT_CHK(mp) ((mp)->alias && \ 97 (strncasecmp(NIS_SEC_CF_DES_ALIAS, \ 98 (mp)->alias,\ 99 sizeof (NIS_SEC_CF_DES_ALIAS) + 1) \ 100 == 0)) 101 102 #define VALID_GSS_MECH(m) ((m) != NULL) 103 104 /* valid keylen and algtype check */ 105 #define VALID_KEYALG(k, a) ((k) != NIS_SEC_CF_NA_KA && \ 106 (a) != NIS_SEC_CF_NA_KA) 107 108 #define VALID_ALIAS(a) ((a) != NULL) 109 110 #define VALID_MECH_ENTRY(mp) (VALID_GSS_MECH((mp)->mechname) && \ 111 VALID_KEYALG((mp)->keylen, (mp)->algtype) &&\ 112 VALID_ALIAS((mp)->alias)) 113 114 /* Is the mech entry of the public key crypto variety? */ 115 #define MECH_PK_TECH(mp) (((mp)->alias)[0] == 'd' && ((mp)->alias)[1] == 'h') 116 117 #define MECH_MAXATNAME 32 /* Mechanism max size of auth_type name */ 118 #define MECH_MAXALIASNAME 32 /* Mechanism max size of mech alias name */ 119 120 mechanism_t ** __nis_get_mechanisms(bool_t); 121 int __nis_translate_mechanism(const char *, int *, int *); 122 void __nis_release_mechanisms(mechanism_t **); 123 char *__nis_mechname2alias(const char *, char *, size_t); 124 char *__nis_authtype2mechalias(const char *, char *, size_t); 125 char *__nis_mechalias2authtype(const char *, char *, size_t); 126 char *__nis_keyalg2mechalias(keylen_t, algtype_t, char *, size_t); 127 char *__nis_keyalg2authtype(keylen_t, algtype_t, char *, size_t); 128 129 130 /* 131 * NIS+ GSS Mech Dynamic Library Loading 132 */ 133 134 #define MAXDHNAME 64 135 136 char *__nis_get_mechanism_library(keylen_t keylen, algtype_t algtype, 137 char *buffer, size_t buflen); 138 139 void *__nis_get_mechanism_symbol(keylen_t keylen, algtype_t algtype, 140 const char *); 141 142 143 /* 144 * misc prototypes 145 */ 146 147 CLIENT *nis_make_rpchandle_gss_svc(nis_server *, int, rpcprog_t, rpcvers_t, 148 uint_t, int, int, char *, char *); 149 CLIENT *nis_make_rpchandle_gss_svc_ruid(nis_server *, int, rpcprog_t, rpcvers_t, 150 uint_t, int, int, char *, char *); 151 nis_server *__nis_host2nis_server_g(const char *, bool_t, bool_t, int *); 152 int __nis_gssprin2netname(rpc_gss_principal_t, char []); 153 void __nis_auth2princ_rpcgss(char *, struct svc_req *, bool_t, int); 154 155 void des_setparity_g(des_block *); 156 int passwd2des_g(const char *, const char *, int, des_block *, bool_t); 157 int getpublickey_g(const char [], keylen_t, algtype_t, char *, size_t); 158 int getsecretkey_g(const char *, keylen_t, algtype_t, char *, size_t, 159 const char *); 160 int __getpublickey_cached_g(const char [], keylen_t, algtype_t, char *, size_t, 161 int *); 162 void __getpublickey_flush_g(const char *, keylen_t, algtype_t); 163 int __gen_dhkeys_g(char *, char *, keylen_t, algtype_t, char *); 164 int __gen_common_dhkeys_g(char *, char *, keylen_t, algtype_t, des_block [], 165 keynum_t); 166 int __cbc_triple_crypt(des_block [], char *, uint_t, uint_t, char *); 167 int key_get_conv_g(const char *, keylen_t, algtype_t, des_block [], keynum_t); 168 int key_secretkey_is_set_g(keylen_t, algtype_t); 169 int key_removesecret_g(void); 170 int key_setnet_g(const char *, const char *, keylen_t, const char *, 171 keylen_t, algtype_t); 172 int xencrypt_g(char *, keylen_t, algtype_t, const char *, const char [], 173 char **, bool_t); 174 int xdecrypt_g(char *, keylen_t, algtype_t, const char *, const char [], 175 bool_t); 176 177 #ifdef __cplusplus 178 } 179 #endif 180 181 #endif /* !_NIS_DHEXT_H */ 182