1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * 26 * Private extensions and utilities to the GSS-API. 27 * These are not part of the GSS-API specification 28 * but may be useful to GSS-API users. 29 */ 30 31 #ifndef _GSSAPI_EXT_H 32 #define _GSSAPI_EXT_H 33 34 #pragma ident "%Z%%M% %I% %E% SMI" 35 36 #include <gssapi/gssapi.h> 37 #ifdef _KERNEL 38 #include <sys/systm.h> 39 #else 40 #include <strings.h> 41 #endif 42 43 44 #ifdef __cplusplus 45 extern "C" { 46 #endif 47 48 /* MACRO for comparison of gss_OID's */ 49 #define g_OID_equal(o1, o2) \ 50 (((o1)->length == (o2)->length) && \ 51 (memcmp((o1)->elements, (o2)->elements, (int)(o1)->length) == 0)) 52 53 54 /* 55 * MACRO for copying of OIDs - memory must already be allocated 56 * o2 is copied to o1 57 */ 58 #define g_OID_copy(o1, o2) \ 59 bcopy((o2)->elements, (o1)->elements, (o2)->length);\ 60 (o1)->length = (o2)->length; 61 62 63 /* MACRO to check if input buffer is valid */ 64 #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 65 (buf)->value == NULL || (buf)->length == 0) 66 67 68 /* 69 * GSSAPI Extension functions -- these functions aren't 70 * in the GSSAPI specification, but are provided in our 71 * GSS library. 72 */ 73 74 #ifndef _KERNEL 75 76 /* 77 * qop configuration file handling. 78 */ 79 #define MAX_QOP_NUM_PAIRS 128 80 #define MAX_QOPS_PER_MECH 128 81 82 typedef struct _qop_num { 83 char *qop; 84 OM_uint32 num; 85 char *mech; 86 } qop_num; 87 88 OM_uint32 89 __gss_qop_to_num( 90 char *qop, /* input qop string */ 91 char *mech, /* input mech string */ 92 OM_uint32 *num /* output qop num */ 93 ); 94 95 OM_uint32 96 __gss_num_to_qop( 97 char *mech, /* input mech string */ 98 OM_uint32 num, /* input qop num */ 99 char **qop /* output qop name */ 100 ); 101 102 OM_uint32 103 __gss_get_mech_info( 104 char *mech, /* input mech string */ 105 char **qops /* buffer for return qops */ 106 ); 107 108 OM_uint32 109 __gss_mech_qops( 110 char *mech, /* input mech */ 111 qop_num *mech_qops, /* mech qops buffer */ 112 int *numqops /* buffer to return numqops */ 113 ); 114 115 OM_uint32 116 __gss_mech_to_oid( 117 const char *mech, /* mechanism string name */ 118 gss_OID *oid /* mechanism oid */ 119 ); 120 121 const char * 122 __gss_oid_to_mech( 123 const gss_OID oid /* mechanism oid */ 124 ); 125 126 OM_uint32 127 __gss_get_mechanisms( 128 char *mechArray[], /* array to populate with mechs */ 129 int arrayLen /* length of passed in array */ 130 ); 131 132 OM_uint32 133 __gss_get_mech_type( 134 gss_OID oid, /* mechanism oid */ 135 const gss_buffer_t token /* token */ 136 ); 137 138 OM_uint32 139 __gss_userok( 140 OM_uint32 *, /* minor status */ 141 const gss_name_t, /* remote user principal name */ 142 const char *, /* local unix user name */ 143 int *); /* remote principal ok to login w/out pw? */ 144 145 OM_uint32 146 gsscred_expname_to_unix_cred( 147 const gss_buffer_t, /* export name */ 148 uid_t *, /* uid out */ 149 gid_t *, /* gid out */ 150 gid_t *[], /* gid array out */ 151 int *); /* gid array length */ 152 153 OM_uint32 154 gsscred_name_to_unix_cred( 155 const gss_name_t, /* gss name */ 156 const gss_OID, /* mechanim type */ 157 uid_t *, /* uid out */ 158 gid_t *, /* gid out */ 159 gid_t *[], /* gid array out */ 160 int *); /* gid array length */ 161 162 163 /* 164 * The following function will be used to resolve group 165 * ids from a UNIX uid. 166 */ 167 OM_uint32 168 gss_get_group_info( 169 const uid_t, /* entity UNIX uid */ 170 gid_t *, /* gid out */ 171 gid_t *[], /* gid array */ 172 int *); /* length of the gid array */ 173 174 175 176 OM_uint32 177 gss_acquire_cred_with_password( 178 OM_uint32 * minor_status, 179 const gss_name_t desired_name, 180 const gss_buffer_t password, 181 OM_uint32 time_req, 182 const gss_OID_set desired_mechs, 183 int cred_usage, 184 gss_cred_id_t *output_cred_handle, 185 gss_OID_set * actual_mechs, 186 OM_uint32 * time_rec); 187 188 OM_uint32 189 gss_add_cred_with_password( 190 OM_uint32 *minor_status, 191 const gss_cred_id_t input_cred_handle, 192 const gss_name_t desired_name, 193 const gss_OID desired_mech, 194 const gss_buffer_t password, 195 gss_cred_usage_t cred_usage, 196 OM_uint32 initiator_time_req, 197 OM_uint32 acceptor_time_req, 198 gss_cred_id_t *output_cred_handle, 199 gss_OID_set *actual_mechs, 200 OM_uint32 *initiator_time_rec, 201 OM_uint32 *acceptor_time_rec); 202 203 #else /* _KERNEL */ 204 205 OM_uint32 206 kgsscred_expname_to_unix_cred( 207 const gss_buffer_t expName, 208 uid_t *uidOut, 209 gid_t *gidOut, 210 gid_t *gids[], 211 int *gidsLen, 212 uid_t uid); 213 214 OM_uint32 215 kgsscred_name_to_unix_cred( 216 const gss_name_t intName, 217 const gss_OID mechType, 218 uid_t *uidOut, 219 gid_t *gidOut, 220 gid_t *gids[], 221 int *gidsLen, 222 uid_t uid); 223 224 OM_uint32 225 kgss_get_group_info( 226 const uid_t puid, 227 gid_t *gidOut, 228 gid_t *gids[], 229 int *gidsLen, 230 uid_t uid); 231 232 #endif 233 234 235 #ifdef __cplusplus 236 } 237 #endif 238 239 #endif /* _GSSAPI_EXT_H */ 240