1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * Private extensions and utilities to the GSS-API. 26 * These are not part of the GSS-API specification 27 * but may be useful to GSS-API users. 28 */ 29 30 #ifndef _GSSAPI_EXT_H 31 #define _GSSAPI_EXT_H 32 33 #include <gssapi/gssapi.h> 34 #ifdef _KERNEL 35 #include <sys/systm.h> 36 #else 37 #include <strings.h> 38 #endif 39 40 41 #ifdef __cplusplus 42 extern "C" { 43 #endif 44 45 /* MACRO for comparison of gss_OID's */ 46 #define g_OID_equal(o1, o2) \ 47 (((o1)->length == (o2)->length) && \ 48 (memcmp((o1)->elements, (o2)->elements, (int)(o1)->length) == 0)) 49 50 51 /* 52 * MACRO for copying of OIDs - memory must already be allocated 53 * o2 is copied to o1 54 */ 55 #define g_OID_copy(o1, o2) \ 56 bcopy((o2)->elements, (o1)->elements, (o2)->length);\ 57 (o1)->length = (o2)->length; 58 59 60 /* MACRO to check if input buffer is valid */ 61 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 62 (buf)->value == NULL || (buf)->length == 0) 63 64 65 /* 66 * GSSAPI Extension functions -- these functions aren't 67 * in the GSSAPI specification, but are provided in our 68 * GSS library. 69 */ 70 71 #ifndef _KERNEL 72 73 /* 74 * qop configuration file handling. 75 */ 76 #define MAX_QOP_NUM_PAIRS 128 77 #define MAX_QOPS_PER_MECH 128 78 79 typedef struct _qop_num { 80 char *qop; 81 OM_uint32 num; 82 char *mech; 83 } qop_num; 84 85 OM_uint32 86 __gss_qop_to_num( 87 char *qop, /* input qop string */ 88 char *mech, /* input mech string */ 89 OM_uint32 *num /* output qop num */ 90 ); 91 92 OM_uint32 93 __gss_num_to_qop( 94 char *mech, /* input mech string */ 95 OM_uint32 num, /* input qop num */ 96 char **qop /* output qop name */ 97 ); 98 99 OM_uint32 100 __gss_get_mech_info( 101 char *mech, /* input mech string */ 102 char **qops /* buffer for return qops */ 103 ); 104 105 OM_uint32 106 __gss_mech_qops( 107 char *mech, /* input mech */ 108 qop_num *mech_qops, /* mech qops buffer */ 109 int *numqops /* buffer to return numqops */ 110 ); 111 112 OM_uint32 113 __gss_mech_to_oid( 114 const char *mech, /* mechanism string name */ 115 gss_OID *oid /* mechanism oid */ 116 ); 117 118 const char * 119 __gss_oid_to_mech( 120 const gss_OID oid /* mechanism oid */ 121 ); 122 123 OM_uint32 124 __gss_get_mechanisms( 125 char *mechArray[], /* array to populate with mechs */ 126 int arrayLen /* length of passed in array */ 127 ); 128 129 OM_uint32 130 __gss_get_mech_type( 131 gss_OID oid, /* mechanism oid */ 132 const gss_buffer_t token /* token */ 133 ); 134 135 OM_uint32 136 __gss_userok( 137 OM_uint32 *, /* minor status */ 138 const gss_name_t, /* remote user principal name */ 139 const char *, /* local unix user name */ 140 int *); /* remote principal ok to login w/out pw? */ 141 142 OM_uint32 143 gsscred_expname_to_unix_cred( 144 const gss_buffer_t, /* export name */ 145 uid_t *, /* uid out */ 146 gid_t *, /* gid out */ 147 gid_t *[], /* gid array out */ 148 int *); /* gid array length */ 149 150 OM_uint32 151 gsscred_name_to_unix_cred( 152 const gss_name_t, /* gss name */ 153 const gss_OID, /* mechanim type */ 154 uid_t *, /* uid out */ 155 gid_t *, /* gid out */ 156 gid_t *[], /* gid array out */ 157 int *); /* gid array length */ 158 159 160 /* 161 * The following function will be used to resolve group 162 * ids from a UNIX uid. 163 */ 164 OM_uint32 165 gss_get_group_info( 166 const uid_t, /* entity UNIX uid */ 167 gid_t *, /* gid out */ 168 gid_t *[], /* gid array */ 169 int *); /* length of the gid array */ 170 171 172 173 OM_uint32 174 gss_acquire_cred_with_password( 175 OM_uint32 * minor_status, 176 const gss_name_t desired_name, 177 const gss_buffer_t password, 178 OM_uint32 time_req, 179 const gss_OID_set desired_mechs, 180 int cred_usage, 181 gss_cred_id_t *output_cred_handle, 182 gss_OID_set * actual_mechs, 183 OM_uint32 * time_rec); 184 185 OM_uint32 186 gss_add_cred_with_password( 187 OM_uint32 *minor_status, 188 const gss_cred_id_t input_cred_handle, 189 const gss_name_t desired_name, 190 const gss_OID desired_mech, 191 const gss_buffer_t password, 192 gss_cred_usage_t cred_usage, 193 OM_uint32 initiator_time_req, 194 OM_uint32 acceptor_time_req, 195 gss_cred_id_t *output_cred_handle, 196 gss_OID_set *actual_mechs, 197 OM_uint32 *initiator_time_rec, 198 OM_uint32 *acceptor_time_rec); 199 200 /* 201 * Returns a buffer set with the first member containing the 202 * session key for SSPI compatibility. The optional second 203 * member contains an OID identifying the session key type. 204 */ 205 extern const gss_OID GSS_C_INQ_SSPI_SESSION_KEY; 206 207 #else /* _KERNEL */ 208 209 OM_uint32 210 kgsscred_expname_to_unix_cred( 211 const gss_buffer_t expName, 212 uid_t *uidOut, 213 gid_t *gidOut, 214 gid_t *gids[], 215 int *gidsLen, 216 uid_t uid); 217 218 OM_uint32 219 kgsscred_name_to_unix_cred( 220 const gss_name_t intName, 221 const gss_OID mechType, 222 uid_t *uidOut, 223 gid_t *gidOut, 224 gid_t *gids[], 225 int *gidsLen, 226 uid_t uid); 227 228 OM_uint32 229 kgss_get_group_info( 230 const uid_t puid, 231 gid_t *gidOut, 232 gid_t *gids[], 233 int *gidsLen, 234 uid_t uid); 235 #endif 236 237 /* 238 * GGF extensions 239 */ 240 typedef struct gss_buffer_set_desc_struct { 241 size_t count; 242 gss_buffer_desc *elements; 243 } gss_buffer_set_desc, *gss_buffer_set_t; 244 245 #define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t)0) 246 247 OM_uint32 gss_create_empty_buffer_set 248 (OM_uint32 *, /* minor_status */ 249 gss_buffer_set_t *); /* buffer_set */ 250 251 OM_uint32 gss_add_buffer_set_member 252 (OM_uint32 *, /* minor_status */ 253 const gss_buffer_t, /* member_buffer */ 254 gss_buffer_set_t *); /* buffer_set */ 255 256 OM_uint32 gss_release_buffer_set 257 (OM_uint32 *, /* minor_status */ 258 gss_buffer_set_t *); /* buffer_set */ 259 260 OM_uint32 gss_inquire_sec_context_by_oid 261 (OM_uint32 *, /* minor_status */ 262 const gss_ctx_id_t, /* context_handle */ 263 const gss_OID, /* desired_object */ 264 gss_buffer_set_t *); /* data_set */ 265 266 #ifdef __cplusplus 267 } 268 #endif 269 270 #endif /* _GSSAPI_EXT_H */ 271