1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2011 Nexenta Systems, Inc. All rights reserved. 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * 26 * Private extensions and utilities to the GSS-API. 27 * These are not part of the GSS-API specification 28 * but may be useful to GSS-API users. 29 */ 30 31 #ifndef _GSSAPI_EXT_H 32 #define _GSSAPI_EXT_H 33 34 #include <gssapi/gssapi.h> 35 #ifdef _KERNEL 36 #include <sys/systm.h> 37 #else 38 #include <strings.h> 39 #endif 40 41 42 #ifdef __cplusplus 43 extern "C" { 44 #endif 45 46 /* MACRO for comparison of gss_OID's */ 47 #define g_OID_equal(o1, o2) \ 48 (((o1)->length == (o2)->length) && \ 49 (memcmp((o1)->elements, (o2)->elements, (int)(o1)->length) == 0)) 50 51 52 /* 53 * MACRO for copying of OIDs - memory must already be allocated 54 * o2 is copied to o1 55 */ 56 #define g_OID_copy(o1, o2) \ 57 bcopy((o2)->elements, (o1)->elements, (o2)->length);\ 58 (o1)->length = (o2)->length; 59 60 61 /* MACRO to check if input buffer is valid */ 62 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 63 (buf)->value == NULL || (buf)->length == 0) 64 65 66 /* 67 * GSSAPI Extension functions -- these functions aren't 68 * in the GSSAPI specification, but are provided in our 69 * GSS library. 70 */ 71 72 #ifndef _KERNEL 73 74 /* 75 * qop configuration file handling. 76 */ 77 #define MAX_QOP_NUM_PAIRS 128 78 #define MAX_QOPS_PER_MECH 128 79 80 typedef struct _qop_num { 81 char *qop; 82 OM_uint32 num; 83 char *mech; 84 } qop_num; 85 86 OM_uint32 87 __gss_qop_to_num( 88 char *qop, /* input qop string */ 89 char *mech, /* input mech string */ 90 OM_uint32 *num /* output qop num */ 91 ); 92 93 OM_uint32 94 __gss_num_to_qop( 95 char *mech, /* input mech string */ 96 OM_uint32 num, /* input qop num */ 97 char **qop /* output qop name */ 98 ); 99 100 OM_uint32 101 __gss_get_mech_info( 102 char *mech, /* input mech string */ 103 char **qops /* buffer for return qops */ 104 ); 105 106 OM_uint32 107 __gss_mech_qops( 108 char *mech, /* input mech */ 109 qop_num *mech_qops, /* mech qops buffer */ 110 int *numqops /* buffer to return numqops */ 111 ); 112 113 OM_uint32 114 __gss_mech_to_oid( 115 const char *mech, /* mechanism string name */ 116 gss_OID *oid /* mechanism oid */ 117 ); 118 119 const char * 120 __gss_oid_to_mech( 121 const gss_OID oid /* mechanism oid */ 122 ); 123 124 OM_uint32 125 __gss_get_mechanisms( 126 char *mechArray[], /* array to populate with mechs */ 127 int arrayLen /* length of passed in array */ 128 ); 129 130 OM_uint32 131 __gss_get_mech_type( 132 gss_OID oid, /* mechanism oid */ 133 const gss_buffer_t token /* token */ 134 ); 135 136 OM_uint32 137 __gss_userok( 138 OM_uint32 *, /* minor status */ 139 const gss_name_t, /* remote user principal name */ 140 const char *, /* local unix user name */ 141 int *); /* remote principal ok to login w/out pw? */ 142 143 OM_uint32 144 gsscred_expname_to_unix_cred( 145 const gss_buffer_t, /* export name */ 146 uid_t *, /* uid out */ 147 gid_t *, /* gid out */ 148 gid_t *[], /* gid array out */ 149 int *); /* gid array length */ 150 151 OM_uint32 152 gsscred_name_to_unix_cred( 153 const gss_name_t, /* gss name */ 154 const gss_OID, /* mechanim type */ 155 uid_t *, /* uid out */ 156 gid_t *, /* gid out */ 157 gid_t *[], /* gid array out */ 158 int *); /* gid array length */ 159 160 161 /* 162 * The following function will be used to resolve group 163 * ids from a UNIX uid. 164 */ 165 OM_uint32 166 gss_get_group_info( 167 const uid_t, /* entity UNIX uid */ 168 gid_t *, /* gid out */ 169 gid_t *[], /* gid array */ 170 int *); /* length of the gid array */ 171 172 173 174 OM_uint32 175 gss_acquire_cred_with_password( 176 OM_uint32 * minor_status, 177 const gss_name_t desired_name, 178 const gss_buffer_t password, 179 OM_uint32 time_req, 180 const gss_OID_set desired_mechs, 181 int cred_usage, 182 gss_cred_id_t *output_cred_handle, 183 gss_OID_set * actual_mechs, 184 OM_uint32 * time_rec); 185 186 OM_uint32 187 gss_add_cred_with_password( 188 OM_uint32 *minor_status, 189 const gss_cred_id_t input_cred_handle, 190 const gss_name_t desired_name, 191 const gss_OID desired_mech, 192 const gss_buffer_t password, 193 gss_cred_usage_t cred_usage, 194 OM_uint32 initiator_time_req, 195 OM_uint32 acceptor_time_req, 196 gss_cred_id_t *output_cred_handle, 197 gss_OID_set *actual_mechs, 198 OM_uint32 *initiator_time_rec, 199 OM_uint32 *acceptor_time_rec); 200 201 /* 202 * Returns a buffer set with the first member containing the 203 * session key for SSPI compatibility. The optional second 204 * member contains an OID identifying the session key type. 205 */ 206 extern const gss_OID GSS_C_INQ_SSPI_SESSION_KEY; 207 208 /* 209 * For compatability with other GSSAPI implementations. 210 * This is needed by Samba. 211 */ 212 extern const gss_OID_desc * const gss_mech_krb5; 213 214 #else /* _KERNEL */ 215 216 OM_uint32 217 kgsscred_expname_to_unix_cred( 218 const gss_buffer_t expName, 219 uid_t *uidOut, 220 gid_t *gidOut, 221 gid_t *gids[], 222 int *gidsLen, 223 uid_t uid); 224 225 OM_uint32 226 kgsscred_name_to_unix_cred( 227 const gss_name_t intName, 228 const gss_OID mechType, 229 uid_t *uidOut, 230 gid_t *gidOut, 231 gid_t *gids[], 232 int *gidsLen, 233 uid_t uid); 234 235 OM_uint32 236 kgss_get_group_info( 237 const uid_t puid, 238 gid_t *gidOut, 239 gid_t *gids[], 240 int *gidsLen, 241 uid_t uid); 242 #endif 243 244 /* 245 * GGF extensions 246 */ 247 typedef struct gss_buffer_set_desc_struct { 248 size_t count; 249 gss_buffer_desc *elements; 250 } gss_buffer_set_desc, *gss_buffer_set_t; 251 252 #define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t)0) 253 254 OM_uint32 gss_create_empty_buffer_set 255 (OM_uint32 *, /* minor_status */ 256 gss_buffer_set_t *); /* buffer_set */ 257 258 OM_uint32 gss_add_buffer_set_member 259 (OM_uint32 *, /* minor_status */ 260 const gss_buffer_t, /* member_buffer */ 261 gss_buffer_set_t *); /* buffer_set */ 262 263 OM_uint32 gss_release_buffer_set 264 (OM_uint32 *, /* minor_status */ 265 gss_buffer_set_t *); /* buffer_set */ 266 267 OM_uint32 gss_inquire_sec_context_by_oid 268 (OM_uint32 *, /* minor_status */ 269 const gss_ctx_id_t, /* context_handle */ 270 const gss_OID, /* desired_object */ 271 gss_buffer_set_t *); /* data_set */ 272 273 #ifdef __cplusplus 274 } 275 #endif 276 277 #endif /* _GSSAPI_EXT_H */ 278