1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  *	nis_dhext.h: NIS+ extended Diffie-Hellman interface.
29  */
30 
31 #ifndef _NIS_DHEXT_H
32 #define	_NIS_DHEXT_H
33 
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37 
38 #include <rpc/rpc.h>
39 #include <rpc/key_prot.h>
40 #include <rpcsvc/nis.h>   /* to get nis_server */
41 
42 
43 #define	AUTH_DES_KEYLEN  192
44 #define	AUTH_DES_ALGTYPE 0
45 #define	AUTH_DES_AUTH_TYPE "DES"
46 
47 #define	AUTH_DES_KEY(k, a) (((k) == AUTH_DES_KEYLEN) && \
48 			    ((a) == AUTH_DES_ALGTYPE))
49 
50 #define	BITS2NIBBLES(b)	((b)/4)
51 
52 #define	NIS_SVCNAME_NISD	"nisd"
53 #define	NIS_SVCNAME_NISPASSWD	"nispasswd"
54 
55 typedef struct extdhkey {
56 	ushort_t	keylen;
57 	ushort_t	algtype;
58 	uchar_t		key[1];
59 } extdhkey_t;
60 
61 char *__nis_dhext_extract_pkey(netobj *, keylen_t, algtype_t);
62 int __nis_dhext_extract_keyinfo(nis_server *, extdhkey_t **);
63 
64 
65 /*
66  * NIS+ Security conf file
67  */
68 
69 #define	NIS_SEC_CF_PATHNAME		"/etc/rpcsec/nisplussec.conf"
70 #define	NIS_SEC_CF_MAX_FLDLEN		MAX_GSS_NAME
71 
72 
73 typedef struct {
74 		char			*mechname;
75 		char			*alias;
76 		keylen_t		keylen;
77 		algtype_t		algtype;
78 		char			*qop;
79 		rpc_gss_service_t	secserv;
80 } mechanism_t;
81 
82 /* The string that indicates AUTH_DES compat in the nis sec conf file. */
83 #define	NIS_SEC_CF_DES_ALIAS		"des"
84 
85 /*
86  * The value a keylen or algtype mechanism_t element will be set
87  * to if the conf file indicates "not applicable" for that field.
88  * Except if the alias is equal to NIS_SEC_CF_DES_ALIAS,
89  * then the keylen is set to 192 and the algtype to 0.
90  */
91 #define	NIS_SEC_CF_NA_KA		-1
92 
93 /* Is the NIS+ security conf file mech entry a real live GSS mech? */
94 #define	NIS_SEC_CF_GSS_MECH(mp)	((mp)->mechname != NULL)
95 
96 #define	AUTH_DES_COMPAT_CHK(mp)	((mp)->alias && \
97 					(strncasecmp(NIS_SEC_CF_DES_ALIAS, \
98 					(mp)->alias,\
99 					sizeof (NIS_SEC_CF_DES_ALIAS) + 1) \
100 					== 0))
101 
102 #define	VALID_GSS_MECH(m)	((m) != NULL)
103 
104 /* valid keylen and algtype check */
105 #define	VALID_KEYALG(k, a)	((k) != NIS_SEC_CF_NA_KA && \
106 					(a) != NIS_SEC_CF_NA_KA)
107 
108 #define	VALID_ALIAS(a)	((a) != NULL)
109 
110 #define	VALID_MECH_ENTRY(mp) (VALID_GSS_MECH((mp)->mechname) && \
111 				VALID_KEYALG((mp)->keylen, (mp)->algtype) &&\
112 				VALID_ALIAS((mp)->alias))
113 
114 /* Is the mech entry of the public key crypto variety? */
115 #define	MECH_PK_TECH(mp)  (((mp)->alias)[0] == 'd' && ((mp)->alias)[1] == 'h')
116 
117 #define	MECH_MAXATNAME 32	/* Mechanism max size of auth_type name */
118 #define	MECH_MAXALIASNAME 32	/* Mechanism max size of mech alias name */
119 
120 mechanism_t ** __nis_get_mechanisms(bool_t);
121 int __nis_translate_mechanism(const char *, int *, int *);
122 void __nis_release_mechanisms(mechanism_t **);
123 char *__nis_mechname2alias(const char *, char *, size_t);
124 char *__nis_authtype2mechalias(const char *, char *, size_t);
125 char *__nis_mechalias2authtype(const char *, char *, size_t);
126 char *__nis_keyalg2mechalias(keylen_t, algtype_t, char *, size_t);
127 char *__nis_keyalg2authtype(keylen_t, algtype_t, char *, size_t);
128 
129 
130 /*
131  * NIS+ GSS Mech Dynamic Library Loading
132  */
133 
134 #define	MAXDHNAME	64
135 
136 char *__nis_get_mechanism_library(keylen_t keylen, algtype_t algtype,
137 					char *buffer, size_t buflen);
138 
139 void *__nis_get_mechanism_symbol(keylen_t keylen, algtype_t algtype,
140 					const char *);
141 
142 
143 /*
144  * misc prototypes
145  */
146 
147 CLIENT *nis_make_rpchandle_gss_svc(nis_server *, int, rpcprog_t, rpcvers_t,
148 					uint_t, int, int, char *, char *);
149 CLIENT *nis_make_rpchandle_gss_svc_ruid(nis_server *, int, rpcprog_t, rpcvers_t,
150 					uint_t, int, int, char *, char *);
151 nis_server *__nis_host2nis_server_g(const char *, bool_t, bool_t, int *);
152 int __nis_gssprin2netname(rpc_gss_principal_t, char []);
153 void __nis_auth2princ_rpcgss(char *, struct svc_req *, bool_t, int);
154 
155 void des_setparity_g(des_block *);
156 int passwd2des_g(const char *, const char *, int, des_block *, bool_t);
157 int getpublickey_g(const char [], keylen_t, algtype_t, char *, size_t);
158 int getsecretkey_g(const char *, keylen_t, algtype_t, char *, size_t,
159 			const char *);
160 int __getpublickey_cached_g(const char [], keylen_t, algtype_t, char *, size_t,
161 					int *);
162 void __getpublickey_flush_g(const char *, keylen_t, algtype_t);
163 int __gen_dhkeys_g(char *, char *, keylen_t, algtype_t, char *);
164 int __gen_common_dhkeys_g(char *, char *, keylen_t, algtype_t, des_block [],
165 	keynum_t);
166 int __cbc_triple_crypt(des_block [], char *, uint_t, uint_t, char *);
167 int key_get_conv_g(const char *, keylen_t, algtype_t, des_block [], keynum_t);
168 int key_secretkey_is_set_g(keylen_t, algtype_t);
169 int key_removesecret_g(void);
170 int key_setnet_g(const char *, const char *, keylen_t, const char *,
171 			keylen_t, algtype_t);
172 int xencrypt_g(char *, keylen_t, algtype_t, const char *, const char [],
173 		char **, bool_t);
174 int xdecrypt_g(char *, keylen_t, algtype_t, const char *, const char [],
175 		bool_t);
176 
177 #ifdef __cplusplus
178 }
179 #endif
180 
181 #endif /* !_NIS_DHEXT_H */
182