xref: /illumos-gate/usr/src/lib/libsmbfs/netsmb/spnego.h (revision c2b09db8b5b01162dadf9205ddd83ccf4f7d5535)
1 /*
2  * Copyright (C) 2002 Microsoft Corporation
3  * All rights reserved.
4  *
5  * THIS CODE AND INFORMATION IS PROVIDED "AS IS"
6  * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
7  * OR IMPLIED, INCLUDING BUT NOT LIMITED
8  * TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY
9  * AND/OR FITNESS FOR A PARTICULAR PURPOSE.
10  *
11  * Date    - 10/08/2002
12  * Author  - Sanj Surati
13  */
14 
15 /*
16  * Copyright 2012 Nexenta Systems, Inc.  All rights reserved.
17  */
18 
19 /*
20  * spnego.h
21  *
22  * SPNEGO Token Handler Header File
23  *
24  * Contains the definitions required to interpret and create
25  * SPNEGO tokens so that Kerberos GSS tokens can be
26  * Unpackaged/packaged.
27  */
28 
29 #ifndef _SPNEGO_H
30 #define	_SPNEGO_H
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 /*
37  * Type Definitions
38  */
39 
40 /*
41  * Users of SPNEGO Token Handler API will request
42  * these as well as free them,
43  */
44 typedef void*  SPNEGO_TOKEN_HANDLE;
45 
46 /*
47  * Defines the element types that are found
48  * in each of the tokens.
49  */
50 
51 typedef enum spnego_element_type
52 {
53 	spnego_element_min,  /* Lower bound */
54 
55 	/* Init token elements */
56 	spnego_init_mechtypes,
57 	spnego_init_reqFlags,
58 	spnego_init_mechToken,
59 	spnego_init_mechListMIC,
60 
61 	/* Targ token elements */
62 	spnego_targ_negResult,
63 	spnego_targ_supportedMech,
64 	spnego_targ_responseToken,
65 	spnego_targ_mechListMIC,
66 
67 	spnego_element_max   /* Upper bound */
68 
69 } SPNEGO_ELEMENT_TYPE;
70 
71 /*
72  * Token Element Availability.  Elements in both
73  * token types are optional.  Since there are only
74  * 4 elements in each Token, we will allocate space
75  * to hold the information, but we need a way to
76  * indicate whether or not an element is available
77  */
78 
79 #define	SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0
80 #define	SPNEGO_TOKEN_ELEMENT_AVAILABLE 1
81 
82 /*
83  * Token type values.  SPNEGO has 2 token types:
84  * NegTokenInit and NegTokenTarg
85  */
86 
87 #define	SPNEGO_TOKEN_INIT 0
88 #define	SPNEGO_TOKEN_TARG 1
89 
90 /*
91  * GSS Mechanism OID enumeration.  We only really handle
92  * 3 different OIDs.  These are stored in an array structure
93  * defined in the parsing code.
94  */
95 
96 typedef enum spnego_mech_oid
97 {
98 	/* Init token elements */
99 	spnego_mech_oid_Kerberos_V5_Legacy, /* Really V5, but OID off by 1 */
100 	spnego_mech_oid_Kerberos_V5,
101 	spnego_mech_oid_Spnego,
102 	spnego_mech_oid_NTLMSSP,
103 	spnego_mech_oid_NotUsed = -1
104 
105 } SPNEGO_MECH_OID;
106 
107 /*
108  * Defines the negResult values.
109  */
110 
111 typedef enum spnego_negResult
112 {
113 	spnego_negresult_success,
114 	spnego_negresult_incomplete,
115 	spnego_negresult_rejected,
116 	spnego_negresult_NotUsed = -1
117 } SPNEGO_NEGRESULT;
118 
119 /*
120  * Context Flags in NegTokenInit
121  */
122 
123 /*
124  * ContextFlags values MUST be zero or a combination
125  * of the below
126  */
127 
128 #define	SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG	0x80
129 #define	SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG	0x40
130 #define	SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG	0x20
131 #define	SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG	0x10
132 #define	SPNEGO_NEGINIT_CONTEXT_ANON_FLAG	0x8
133 #define	SPNEGO_NEGINIT_CONTEXT_CONF_FLAG	0x4
134 #define	SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG	0x2
135 
136 /*
137  * Mask to retrieve valid values.
138  */
139 
140 #define	SPNEGO_NEGINIT_CONTEXT_MASK	0xFE
141 
142 /*
143  * SPNEGO API return codes.
144  */
145 
146 /* API function was successful */
147 #define	SPNEGO_E_SUCCESS		0
148 
149 /* The supplied Token was invalid */
150 #define	SPNEGO_E_INVALID_TOKEN		-1
151 
152 /* An invalid length was encountered */
153 #define	SPNEGO_E_INVALID_LENGTH		-2
154 
155 /* The Token Parse failed */
156 #define	SPNEGO_E_PARSE_FAILED		-3
157 
158 /* The requested value was not found */
159 #define	SPNEGO_E_NOT_FOUND		-4
160 
161 /* The requested element is not available */
162 #define	SPNEGO_E_ELEMENT_UNAVAILABLE	-5
163 
164 /* Out of Memory */
165 #define	SPNEGO_E_OUT_OF_MEMORY		-6
166 
167 /* Not Implemented */
168 #define	SPNEGO_E_NOT_IMPLEMENTED	-7
169 
170 /* Invalid Parameter */
171 #define	SPNEGO_E_INVALID_PARAMETER	-8
172 
173 /* Token Handler encountered an unexpected OID */
174 #define	SPNEGO_E_UNEXPECTED_OID		-9
175 
176 /* The requested token was not found */
177 #define	SPNEGO_E_TOKEN_NOT_FOUND	-10
178 
179 /* An unexpected type was encountered in the encoding */
180 #define	SPNEGO_E_UNEXPECTED_TYPE	-11
181 
182 /* The buffer was too small */
183 #define	SPNEGO_E_BUFFER_TOO_SMALL	-12
184 
185 /* A Token Element was invalid (e.g. improper length or value) */
186 #define	SPNEGO_E_INVALID_ELEMENT	-13
187 
188 /* Miscelaneous API Functions */
189 
190 /* Frees opaque data */
191 void spnegoFreeData(SPNEGO_TOKEN_HANDLE hSpnegoToken);
192 
193 /* Initializes SPNEGO_TOKEN structure from DER encoded binary data */
194 int spnegoInitFromBinary(unsigned char *pbTokenData, unsigned long ulLength,
195 	SPNEGO_TOKEN_HANDLE* phSpnegoToken);
196 
197 /* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
198 int spnegoCreateNegTokenHint(SPNEGO_MECH_OID *pMechTypeList, int MechTypeCnt,
199 	unsigned char *pbPrincipal, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
200 
201 /* Initializes SPNEGO_TOKEN structure for a NegTokenInit type */
202 int spnegoCreateNegTokenInit(SPNEGO_MECH_OID MechType,
203 	unsigned char ucContextFlags, unsigned char *pbMechToken,
204 	unsigned long ulMechTokenLen, unsigned char *pbMechTokenMIC,
205 	unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE *phSpnegoToken);
206 
207 /* Initializes SPNEGO_TOKEN structure for a NegTokenTarg type */
208 int spnegoCreateNegTokenTarg(SPNEGO_MECH_OID MechType,
209 	SPNEGO_NEGRESULT spnegoNegResult, unsigned char *pbMechToken,
210 	unsigned long ulMechTokenLen, unsigned char *pbMechListMIC,
211 	unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE* phSpnegoToken);
212 
213 /* Copies binary representation of SPNEGO Data into user supplied buffer */
214 int spnegoTokenGetBinary(SPNEGO_TOKEN_HANDLE hSpnegoToken,
215 	unsigned char *pbTokenData, unsigned long *pulDataLen);
216 
217 /* Returns SPNEGO Token Type */
218 int spnegoGetTokenType(SPNEGO_TOKEN_HANDLE hSpnegoToken, int *piTokenType);
219 
220 /* Reading an Init Token */
221 
222 /* Returns the Initial Mech Type in the MechList element in the NegInitToken. */
223 int spnegoIsMechTypeAvailable(SPNEGO_TOKEN_HANDLE hSpnegoToken,
224 	SPNEGO_MECH_OID MechOID, int *piMechTypeIndex);
225 
226 /* Returns the value from the context flags element in the NegInitToken */
227 int spnegoGetContextFlags(SPNEGO_TOKEN_HANDLE hSpnegoToken,
228 	unsigned char *pucContextFlags);
229 
230 /* Reading a Response Token */
231 
232 /*
233  * Returns the value from the negResult element
234  * (Status code of GSS call - 0,1,2)
235  */
236 int spnegoGetNegotiationResult(SPNEGO_TOKEN_HANDLE hSpnegoToken,
237 	SPNEGO_NEGRESULT* pnegResult);
238 
239 /* Returns the Supported Mech Type from the NegTokenTarg. */
240 int spnegoGetSupportedMechType(SPNEGO_TOKEN_HANDLE hSpnegoToken,
241 	SPNEGO_MECH_OID* pMechOID);
242 
243 /* Reading either Token Type */
244 
245 /*
246  * Returns the actual Mechanism data from the token
247  * (this is what is passed into GSS-API functions
248  */
249 int spnegoGetMechToken(SPNEGO_TOKEN_HANDLE hSpnegoToken,
250 	unsigned char *pbTokenData, unsigned long *pulDataLen);
251 
252 /* Returns the Message Integrity BLOB in the token */
253 int spnegoGetMechListMIC(SPNEGO_TOKEN_HANDLE hSpnegoToken,
254 	unsigned char *pbMICData, unsigned long *pulDataLen);
255 
256 #ifdef __cplusplus
257 }
258 #endif
259 
260 #endif /* _SPNEGO_H */
261