1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * nis_dhext.h: NIS+ extended Diffie-Hellman interface. 29 */ 30 31 #ifndef _NIS_DHEXT_H 32 #define _NIS_DHEXT_H 33 34 #pragma ident "%Z%%M% %I% %E% SMI" 35 36 #ifdef __cplusplus 37 extern "C" { 38 #endif 39 40 #include <rpc/rpc.h> 41 #include <rpc/key_prot.h> 42 #include <rpcsvc/nis.h> /* to get nis_server */ 43 44 45 #define AUTH_DES_KEYLEN 192 46 #define AUTH_DES_ALGTYPE 0 47 #define AUTH_DES_AUTH_TYPE "DES" 48 49 #define AUTH_DES_KEY(k, a) (((k) == AUTH_DES_KEYLEN) && \ 50 ((a) == AUTH_DES_ALGTYPE)) 51 52 #define BITS2NIBBLES(b) ((b)/4) 53 54 #define NIS_SVCNAME_NISD "nisd" 55 #define NIS_SVCNAME_NISPASSWD "nispasswd" 56 57 typedef struct extdhkey { 58 ushort_t keylen; 59 ushort_t algtype; 60 uchar_t key[1]; 61 } extdhkey_t; 62 63 char *__nis_dhext_extract_pkey(netobj *, keylen_t, algtype_t); 64 int __nis_dhext_extract_keyinfo(nis_server *, extdhkey_t **); 65 66 67 /* 68 * NIS+ Security conf file 69 */ 70 71 #define NIS_SEC_CF_PATHNAME "/etc/rpcsec/nisplussec.conf" 72 #define NIS_SEC_CF_MAX_FLDLEN MAX_GSS_NAME 73 74 75 typedef struct { 76 char *mechname; 77 char *alias; 78 keylen_t keylen; 79 algtype_t algtype; 80 char *qop; 81 rpc_gss_service_t secserv; 82 } mechanism_t; 83 84 /* The string that indicates AUTH_DES compat in the nis sec conf file. */ 85 #define NIS_SEC_CF_DES_ALIAS "des" 86 87 /* 88 * The value a keylen or algtype mechanism_t element will be set 89 * to if the conf file indicates "not applicable" for that field. 90 * Except if the alias is equal to NIS_SEC_CF_DES_ALIAS, 91 * then the keylen is set to 192 and the algtype to 0. 92 */ 93 #define NIS_SEC_CF_NA_KA -1 94 95 /* Is the NIS+ security conf file mech entry a real live GSS mech? */ 96 #define NIS_SEC_CF_GSS_MECH(mp) ((mp)->mechname != NULL) 97 98 #define AUTH_DES_COMPAT_CHK(mp) ((mp)->alias && \ 99 (strncasecmp(NIS_SEC_CF_DES_ALIAS, \ 100 (mp)->alias,\ 101 sizeof (NIS_SEC_CF_DES_ALIAS) + 1) \ 102 == 0)) 103 104 #define VALID_GSS_MECH(m) ((m) != NULL) 105 106 /* valid keylen and algtype check */ 107 #define VALID_KEYALG(k, a) ((k) != NIS_SEC_CF_NA_KA && \ 108 (a) != NIS_SEC_CF_NA_KA) 109 110 #define VALID_ALIAS(a) ((a) != NULL) 111 112 #define VALID_MECH_ENTRY(mp) (VALID_GSS_MECH((mp)->mechname) && \ 113 VALID_KEYALG((mp)->keylen, (mp)->algtype) &&\ 114 VALID_ALIAS((mp)->alias)) 115 116 /* Is the mech entry of the public key crypto variety? */ 117 #define MECH_PK_TECH(mp) (((mp)->alias)[0] == 'd' && ((mp)->alias)[1] == 'h') 118 119 #define MECH_MAXATNAME 32 /* Mechanism max size of auth_type name */ 120 #define MECH_MAXALIASNAME 32 /* Mechanism max size of mech alias name */ 121 122 mechanism_t ** __nis_get_mechanisms(bool_t); 123 int __nis_translate_mechanism(const char *, int *, int *); 124 void __nis_release_mechanisms(mechanism_t **); 125 char *__nis_mechname2alias(const char *, char *, size_t); 126 char *__nis_authtype2mechalias(const char *, char *, size_t); 127 char *__nis_mechalias2authtype(const char *, char *, size_t); 128 char *__nis_keyalg2mechalias(keylen_t, algtype_t, char *, size_t); 129 char *__nis_keyalg2authtype(keylen_t, algtype_t, char *, size_t); 130 131 132 /* 133 * NIS+ GSS Mech Dynamic Library Loading 134 */ 135 136 #define MAXDHNAME 64 137 138 char *__nis_get_mechanism_library(keylen_t keylen, algtype_t algtype, 139 char *buffer, size_t buflen); 140 141 void *__nis_get_mechanism_symbol(keylen_t keylen, algtype_t algtype, 142 const char *); 143 144 145 /* 146 * misc prototypes 147 */ 148 149 CLIENT *nis_make_rpchandle_gss_svc(nis_server *, int, rpcprog_t, rpcvers_t, 150 uint_t, int, int, char *, char *); 151 CLIENT *nis_make_rpchandle_gss_svc_ruid(nis_server *, int, rpcprog_t, rpcvers_t, 152 uint_t, int, int, char *, char *); 153 nis_server *__nis_host2nis_server_g(const char *, bool_t, bool_t, int *); 154 int __nis_gssprin2netname(rpc_gss_principal_t, char []); 155 void __nis_auth2princ_rpcgss(char *, struct svc_req *, bool_t, int); 156 157 void des_setparity_g(des_block *); 158 int passwd2des_g(const char *, const char *, int, des_block *, bool_t); 159 int getpublickey_g(const char [], keylen_t, algtype_t, char *, size_t); 160 int getsecretkey_g(const char *, keylen_t, algtype_t, char *, size_t, 161 const char *); 162 int __getpublickey_cached_g(const char [], keylen_t, algtype_t, char *, size_t, 163 int *); 164 void __getpublickey_flush_g(const char *, keylen_t, algtype_t); 165 int __gen_dhkeys_g(char *, char *, keylen_t, algtype_t, char *); 166 int __gen_common_dhkeys_g(char *, char *, keylen_t, algtype_t, des_block [], 167 keynum_t); 168 int __cbc_triple_crypt(des_block [], char *, uint_t, uint_t, char *); 169 int key_get_conv_g(const char *, keylen_t, algtype_t, des_block [], keynum_t); 170 int key_secretkey_is_set_g(keylen_t, algtype_t); 171 int key_removesecret_g(void); 172 int key_setnet_g(const char *, const char *, keylen_t, const char *, 173 keylen_t, algtype_t); 174 int xencrypt_g(char *, keylen_t, algtype_t, const char *, const char [], 175 char **, bool_t); 176 int xdecrypt_g(char *, keylen_t, algtype_t, const char *, const char [], 177 bool_t); 178 179 #ifdef __cplusplus 180 } 181 #endif 182 183 #endif /* !_NIS_DHEXT_H */ 184