xref: /illumos-gate/usr/src/uts/common/gssapi/gssapi_ext.h (revision 9fb67ea305c66b6a297583b9b0db6796b0dfe497)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * Private extensions and utilities to the GSS-API.
26  * These are not part of the GSS-API specification
27  * but may be useful to GSS-API users.
28  */
29 
30 #ifndef _GSSAPI_EXT_H
31 #define	_GSSAPI_EXT_H
32 
33 #include <gssapi/gssapi.h>
34 #ifdef	_KERNEL
35 #include <sys/systm.h>
36 #else
37 #include <strings.h>
38 #endif
39 
40 
41 #ifdef	__cplusplus
42 extern "C" {
43 #endif
44 
45 /* MACRO for comparison of gss_OID's */
46 #define	g_OID_equal(o1, o2) \
47 	(((o1)->length == (o2)->length) && \
48 	(memcmp((o1)->elements, (o2)->elements, (int)(o1)->length) == 0))
49 
50 
51 /*
52  * MACRO for copying of OIDs - memory must already be allocated
53  * o2 is copied to o1
54  */
55 #define	g_OID_copy(o1, o2) \
56 	bcopy((o2)->elements, (o1)->elements, (o2)->length);\
57 	(o1)->length = (o2)->length;
58 
59 
60 /* MACRO to check if input buffer is valid */
61 #define	GSS_EMPTY_BUFFER(buf)	((buf) == NULL ||\
62 	(buf)->value == NULL || (buf)->length == 0)
63 
64 
65 /*
66  * GSSAPI Extension functions -- these functions aren't
67  * in the GSSAPI specification, but are provided in our
68  * GSS library.
69  */
70 
71 #ifndef	_KERNEL
72 
73 /*
74  * qop configuration file handling.
75  */
76 #define	MAX_QOP_NUM_PAIRS	128
77 #define	MAX_QOPS_PER_MECH	128
78 
79 typedef struct _qop_num {
80 	char *qop;
81 	OM_uint32 num;
82 	char *mech;
83 } qop_num;
84 
85 OM_uint32
86 __gss_qop_to_num(
87 	char		*qop,		/* input qop string */
88 	char		*mech,		/* input mech string */
89 	OM_uint32	*num		/* output qop num */
90 );
91 
92 OM_uint32
93 __gss_num_to_qop(
94 	char		*mech,		/* input mech string */
95 	OM_uint32	num,		/* input qop num */
96 	char		**qop		/* output qop name */
97 );
98 
99 OM_uint32
100 __gss_get_mech_info(
101 	char		*mech,		/* input mech string */
102 	char		**qops		/* buffer for return qops */
103 );
104 
105 OM_uint32
106 __gss_mech_qops(
107 	char *mech,			/* input mech */
108 	qop_num *mech_qops,		/* mech qops buffer */
109 	int *numqops			/* buffer to return numqops */
110 );
111 
112 OM_uint32
113 __gss_mech_to_oid(
114 	const char *mech,		/* mechanism string name */
115 	gss_OID *oid			/* mechanism oid */
116 );
117 
118 const char *
119 __gss_oid_to_mech(
120 	const gss_OID oid		/* mechanism oid */
121 );
122 
123 OM_uint32
124 __gss_get_mechanisms(
125 	char *mechArray[],		/* array to populate with mechs */
126 	int arrayLen			/* length of passed in array */
127 );
128 
129 OM_uint32
130 __gss_get_mech_type(
131 	gss_OID oid,			/* mechanism oid */
132 	const gss_buffer_t token	/* token */
133 );
134 
135 OM_uint32
136 __gss_userok(
137 	OM_uint32 *,		/* minor status */
138 	const gss_name_t,	/* remote user principal name */
139 	const char *,		/* local unix user name */
140 	int *);			/* remote principal ok to login w/out pw? */
141 
142 OM_uint32
143 gsscred_expname_to_unix_cred(
144 	const gss_buffer_t,	/* export name */
145 	uid_t *,		/* uid out */
146 	gid_t *,		/* gid out */
147 	gid_t *[],		/* gid array out */
148 	int *);			/* gid array length */
149 
150 OM_uint32
151 gsscred_name_to_unix_cred(
152 	const gss_name_t,	/* gss name */
153 	const gss_OID,		/* mechanim type */
154 	uid_t *,		/* uid out */
155 	gid_t *,		/* gid out */
156 	gid_t *[],		/* gid array out */
157 	int *);			/* gid array length */
158 
159 
160 /*
161  * The following function will be used to resolve group
162  * ids from a UNIX uid.
163  */
164 OM_uint32
165 gss_get_group_info(
166 	const uid_t,		/* entity UNIX uid */
167 	gid_t *,		/* gid out */
168 	gid_t *[],		/* gid array */
169 	int *);			/* length of the gid array */
170 
171 
172 
173 OM_uint32
174 gss_acquire_cred_with_password(
175 	OM_uint32 *		minor_status,
176 	const gss_name_t	desired_name,
177 	const gss_buffer_t	password,
178 	OM_uint32		time_req,
179 	const gss_OID_set	desired_mechs,
180 	int			cred_usage,
181 	gss_cred_id_t 		*output_cred_handle,
182 	gss_OID_set *		actual_mechs,
183 	OM_uint32 *		time_rec);
184 
185 OM_uint32
186 gss_add_cred_with_password(
187 	OM_uint32		*minor_status,
188 	const gss_cred_id_t	input_cred_handle,
189 	const gss_name_t	desired_name,
190 	const gss_OID		desired_mech,
191 	const gss_buffer_t	password,
192 	gss_cred_usage_t	cred_usage,
193 	OM_uint32		initiator_time_req,
194 	OM_uint32		acceptor_time_req,
195 	gss_cred_id_t		*output_cred_handle,
196 	gss_OID_set		*actual_mechs,
197 	OM_uint32		*initiator_time_rec,
198 	OM_uint32		*acceptor_time_rec);
199 
200 /*
201  * Returns a buffer set with the first member containing the
202  * session key for SSPI compatibility. The optional second
203  * member contains an OID identifying the session key type.
204  */
205 extern const gss_OID GSS_C_INQ_SSPI_SESSION_KEY;
206 
207 #else	/*	_KERNEL	*/
208 
209 OM_uint32
210 kgsscred_expname_to_unix_cred(
211 	const gss_buffer_t expName,
212 	uid_t *uidOut,
213 	gid_t *gidOut,
214 	gid_t *gids[],
215 	int *gidsLen,
216 	uid_t uid);
217 
218 OM_uint32
219 kgsscred_name_to_unix_cred(
220 	const gss_name_t intName,
221 	const gss_OID mechType,
222 	uid_t *uidOut,
223 	gid_t *gidOut,
224 	gid_t *gids[],
225 	int *gidsLen,
226 	uid_t uid);
227 
228 OM_uint32
229 kgss_get_group_info(
230 	const uid_t puid,
231 	gid_t *gidOut,
232 	gid_t *gids[],
233 	int *gidsLen,
234 	uid_t uid);
235 #endif
236 
237 /*
238  * GGF extensions
239  */
240 typedef struct gss_buffer_set_desc_struct {
241     size_t count;
242     gss_buffer_desc *elements;
243 } gss_buffer_set_desc, *gss_buffer_set_t;
244 
245 #define	GSS_C_NO_BUFFER_SET ((gss_buffer_set_t)0)
246 
247 OM_uint32 gss_create_empty_buffer_set
248 	(OM_uint32 *, /* minor_status */
249 	gss_buffer_set_t *); /* buffer_set */
250 
251 OM_uint32 gss_add_buffer_set_member
252 	(OM_uint32 *, /* minor_status */
253 	const gss_buffer_t, /* member_buffer */
254 	gss_buffer_set_t *); /* buffer_set */
255 
256 OM_uint32  gss_release_buffer_set
257 	(OM_uint32 *, /* minor_status */
258 	gss_buffer_set_t *); /* buffer_set */
259 
260 OM_uint32 gss_inquire_sec_context_by_oid
261 	(OM_uint32 *, /* minor_status */
262 	const gss_ctx_id_t, /* context_handle */
263 	const gss_OID, /* desired_object */
264 	gss_buffer_set_t *); /* data_set */
265 
266 #ifdef	__cplusplus
267 }
268 #endif
269 
270 #endif	/* _GSSAPI_EXT_H */
271