xref: /titanic_41/usr/src/lib/libnsl/include/rpcsvc/nis_dhext.h (revision 7c2fbfb345896881c631598ee3852ce9ce33fb07)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  *	nis_dhext.h: NIS+ extended Diffie-Hellman interface.
29  */
30 
31 #ifndef _NIS_DHEXT_H
32 #define	_NIS_DHEXT_H
33 
34 #pragma ident	"%Z%%M%	%I%	%E% SMI"
35 
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39 
40 #include <rpc/rpc.h>
41 #include <rpc/key_prot.h>
42 #include <rpcsvc/nis.h>   /* to get nis_server */
43 
44 
45 #define	AUTH_DES_KEYLEN  192
46 #define	AUTH_DES_ALGTYPE 0
47 #define	AUTH_DES_AUTH_TYPE "DES"
48 
49 #define	AUTH_DES_KEY(k, a) (((k) == AUTH_DES_KEYLEN) && \
50 			    ((a) == AUTH_DES_ALGTYPE))
51 
52 #define	BITS2NIBBLES(b)	((b)/4)
53 
54 #define	NIS_SVCNAME_NISD	"nisd"
55 #define	NIS_SVCNAME_NISPASSWD	"nispasswd"
56 
57 typedef struct extdhkey {
58 	ushort_t	keylen;
59 	ushort_t	algtype;
60 	uchar_t		key[1];
61 } extdhkey_t;
62 
63 char *__nis_dhext_extract_pkey(netobj *, keylen_t, algtype_t);
64 int __nis_dhext_extract_keyinfo(nis_server *, extdhkey_t **);
65 
66 
67 /*
68  * NIS+ Security conf file
69  */
70 
71 #define	NIS_SEC_CF_PATHNAME		"/etc/rpcsec/nisplussec.conf"
72 #define	NIS_SEC_CF_MAX_FLDLEN		MAX_GSS_NAME
73 
74 
75 typedef struct {
76 		char			*mechname;
77 		char			*alias;
78 		keylen_t		keylen;
79 		algtype_t		algtype;
80 		char			*qop;
81 		rpc_gss_service_t	secserv;
82 } mechanism_t;
83 
84 /* The string that indicates AUTH_DES compat in the nis sec conf file. */
85 #define	NIS_SEC_CF_DES_ALIAS		"des"
86 
87 /*
88  * The value a keylen or algtype mechanism_t element will be set
89  * to if the conf file indicates "not applicable" for that field.
90  * Except if the alias is equal to NIS_SEC_CF_DES_ALIAS,
91  * then the keylen is set to 192 and the algtype to 0.
92  */
93 #define	NIS_SEC_CF_NA_KA		-1
94 
95 /* Is the NIS+ security conf file mech entry a real live GSS mech? */
96 #define	NIS_SEC_CF_GSS_MECH(mp)	((mp)->mechname != NULL)
97 
98 #define	AUTH_DES_COMPAT_CHK(mp)	((mp)->alias && \
99 					(strncasecmp(NIS_SEC_CF_DES_ALIAS, \
100 					(mp)->alias,\
101 					sizeof (NIS_SEC_CF_DES_ALIAS) + 1) \
102 					== 0))
103 
104 #define	VALID_GSS_MECH(m)	((m) != NULL)
105 
106 /* valid keylen and algtype check */
107 #define	VALID_KEYALG(k, a)	((k) != NIS_SEC_CF_NA_KA && \
108 					(a) != NIS_SEC_CF_NA_KA)
109 
110 #define	VALID_ALIAS(a)	((a) != NULL)
111 
112 #define	VALID_MECH_ENTRY(mp) (VALID_GSS_MECH((mp)->mechname) && \
113 				VALID_KEYALG((mp)->keylen, (mp)->algtype) &&\
114 				VALID_ALIAS((mp)->alias))
115 
116 /* Is the mech entry of the public key crypto variety? */
117 #define	MECH_PK_TECH(mp)  (((mp)->alias)[0] == 'd' && ((mp)->alias)[1] == 'h')
118 
119 #define	MECH_MAXATNAME 32	/* Mechanism max size of auth_type name */
120 #define	MECH_MAXALIASNAME 32	/* Mechanism max size of mech alias name */
121 
122 mechanism_t ** __nis_get_mechanisms(bool_t);
123 int __nis_translate_mechanism(const char *, int *, int *);
124 void __nis_release_mechanisms(mechanism_t **);
125 char *__nis_mechname2alias(const char *, char *, size_t);
126 char *__nis_authtype2mechalias(const char *, char *, size_t);
127 char *__nis_mechalias2authtype(const char *, char *, size_t);
128 char *__nis_keyalg2mechalias(keylen_t, algtype_t, char *, size_t);
129 char *__nis_keyalg2authtype(keylen_t, algtype_t, char *, size_t);
130 
131 
132 /*
133  * NIS+ GSS Mech Dynamic Library Loading
134  */
135 
136 #define	MAXDHNAME	64
137 
138 char *__nis_get_mechanism_library(keylen_t keylen, algtype_t algtype,
139 					char *buffer, size_t buflen);
140 
141 void *__nis_get_mechanism_symbol(keylen_t keylen, algtype_t algtype,
142 					const char *);
143 
144 
145 /*
146  * misc prototypes
147  */
148 
149 CLIENT *nis_make_rpchandle_gss_svc(nis_server *, int, rpcprog_t, rpcvers_t,
150 					uint_t, int, int, char *, char *);
151 CLIENT *nis_make_rpchandle_gss_svc_ruid(nis_server *, int, rpcprog_t, rpcvers_t,
152 					uint_t, int, int, char *, char *);
153 nis_server *__nis_host2nis_server_g(const char *, bool_t, bool_t, int *);
154 int __nis_gssprin2netname(rpc_gss_principal_t, char []);
155 void __nis_auth2princ_rpcgss(char *, struct svc_req *, bool_t, int);
156 
157 void des_setparity_g(des_block *);
158 int passwd2des_g(const char *, const char *, int, des_block *, bool_t);
159 int getpublickey_g(const char [], keylen_t, algtype_t, char *, size_t);
160 int getsecretkey_g(const char *, keylen_t, algtype_t, char *, size_t,
161 			const char *);
162 int __getpublickey_cached_g(const char [], keylen_t, algtype_t, char *, size_t,
163 					int *);
164 void __getpublickey_flush_g(const char *, keylen_t, algtype_t);
165 int __gen_dhkeys_g(char *, char *, keylen_t, algtype_t, char *);
166 int __gen_common_dhkeys_g(char *, char *, keylen_t, algtype_t, des_block [],
167 	keynum_t);
168 int __cbc_triple_crypt(des_block [], char *, uint_t, uint_t, char *);
169 int key_get_conv_g(const char *, keylen_t, algtype_t, des_block [], keynum_t);
170 int key_secretkey_is_set_g(keylen_t, algtype_t);
171 int key_removesecret_g(void);
172 int key_setnet_g(const char *, const char *, keylen_t, const char *,
173 			keylen_t, algtype_t);
174 int xencrypt_g(char *, keylen_t, algtype_t, const char *, const char [],
175 		char **, bool_t);
176 int xdecrypt_g(char *, keylen_t, algtype_t, const char *, const char [],
177 		bool_t);
178 
179 #ifdef __cplusplus
180 }
181 #endif
182 
183 #endif /* !_NIS_DHEXT_H */
184