1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
23 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24 * Use is subject to license terms.
25 *
26 * Private extensions and utilities to the GSS-API.
27 * These are not part of the GSS-API specification
28 * but may be useful to GSS-API users.
29 */
30
31#ifndef _GSSAPI_EXT_H
32#define	_GSSAPI_EXT_H
33
34#include <gssapi/gssapi.h>
35#ifdef	_KERNEL
36#include <sys/systm.h>
37#else
38#include <strings.h>
39#endif
40
41
42#ifdef	__cplusplus
43extern "C" {
44#endif
45
46/* MACRO for comparison of gss_OID's */
47#define	g_OID_equal(o1, o2) \
48	(((o1)->length == (o2)->length) && \
49	(memcmp((o1)->elements, (o2)->elements, (int)(o1)->length) == 0))
50
51
52/*
53 * MACRO for copying of OIDs - memory must already be allocated
54 * o2 is copied to o1
55 */
56#define	g_OID_copy(o1, o2) \
57	bcopy((o2)->elements, (o1)->elements, (o2)->length);\
58	(o1)->length = (o2)->length;
59
60
61/* MACRO to check if input buffer is valid */
62#define	GSS_EMPTY_BUFFER(buf)	((buf) == NULL ||\
63	(buf)->value == NULL || (buf)->length == 0)
64
65
66/*
67 * GSSAPI Extension functions -- these functions aren't
68 * in the GSSAPI specification, but are provided in our
69 * GSS library.
70 */
71
72#ifndef	_KERNEL
73
74/*
75 * qop configuration file handling.
76 */
77#define	MAX_QOP_NUM_PAIRS	128
78#define	MAX_QOPS_PER_MECH	128
79
80typedef struct _qop_num {
81	char *qop;
82	OM_uint32 num;
83	char *mech;
84} qop_num;
85
86OM_uint32
87__gss_qop_to_num(
88	char		*qop,		/* input qop string */
89	char		*mech,		/* input mech string */
90	OM_uint32	*num		/* output qop num */
91);
92
93OM_uint32
94__gss_num_to_qop(
95	char		*mech,		/* input mech string */
96	OM_uint32	num,		/* input qop num */
97	char		**qop		/* output qop name */
98);
99
100OM_uint32
101__gss_get_mech_info(
102	char		*mech,		/* input mech string */
103	char		**qops		/* buffer for return qops */
104);
105
106OM_uint32
107__gss_mech_qops(
108	char *mech,			/* input mech */
109	qop_num *mech_qops,		/* mech qops buffer */
110	int *numqops			/* buffer to return numqops */
111);
112
113OM_uint32
114__gss_mech_to_oid(
115	const char *mech,		/* mechanism string name */
116	gss_OID *oid			/* mechanism oid */
117);
118
119const char *
120__gss_oid_to_mech(
121	const gss_OID oid		/* mechanism oid */
122);
123
124OM_uint32
125__gss_get_mechanisms(
126	char *mechArray[],		/* array to populate with mechs */
127	int arrayLen			/* length of passed in array */
128);
129
130OM_uint32
131__gss_get_mech_type(
132	gss_OID oid,			/* mechanism oid */
133	const gss_buffer_t token	/* token */
134);
135
136OM_uint32
137__gss_userok(
138	OM_uint32 *,		/* minor status */
139	const gss_name_t,	/* remote user principal name */
140	const char *,		/* local unix user name */
141	int *);			/* remote principal ok to login w/out pw? */
142
143OM_uint32
144gsscred_expname_to_unix_cred(
145	const gss_buffer_t,	/* export name */
146	uid_t *,		/* uid out */
147	gid_t *,		/* gid out */
148	gid_t *[],		/* gid array out */
149	int *);			/* gid array length */
150
151OM_uint32
152gsscred_name_to_unix_cred(
153	const gss_name_t,	/* gss name */
154	const gss_OID,		/* mechanim type */
155	uid_t *,		/* uid out */
156	gid_t *,		/* gid out */
157	gid_t *[],		/* gid array out */
158	int *);			/* gid array length */
159
160
161/*
162 * The following function will be used to resolve group
163 * ids from a UNIX uid.
164 */
165OM_uint32
166gss_get_group_info(
167	const uid_t,		/* entity UNIX uid */
168	gid_t *,		/* gid out */
169	gid_t *[],		/* gid array */
170	int *);			/* length of the gid array */
171
172
173
174OM_uint32
175gss_acquire_cred_with_password(
176	OM_uint32 *		minor_status,
177	const gss_name_t	desired_name,
178	const gss_buffer_t	password,
179	OM_uint32		time_req,
180	const gss_OID_set	desired_mechs,
181	int			cred_usage,
182	gss_cred_id_t 		*output_cred_handle,
183	gss_OID_set *		actual_mechs,
184	OM_uint32 *		time_rec);
185
186OM_uint32
187gss_add_cred_with_password(
188	OM_uint32		*minor_status,
189	const gss_cred_id_t	input_cred_handle,
190	const gss_name_t	desired_name,
191	const gss_OID		desired_mech,
192	const gss_buffer_t	password,
193	gss_cred_usage_t	cred_usage,
194	OM_uint32		initiator_time_req,
195	OM_uint32		acceptor_time_req,
196	gss_cred_id_t		*output_cred_handle,
197	gss_OID_set		*actual_mechs,
198	OM_uint32		*initiator_time_rec,
199	OM_uint32		*acceptor_time_rec);
200
201/*
202 * Returns a buffer set with the first member containing the
203 * session key for SSPI compatibility. The optional second
204 * member contains an OID identifying the session key type.
205 */
206extern const gss_OID GSS_C_INQ_SSPI_SESSION_KEY;
207
208/*
209 * For compatability with other GSSAPI implementations.
210 * This is needed by Samba.
211 */
212extern const gss_OID_desc * const gss_mech_krb5;
213
214#else	/*	_KERNEL	*/
215
216OM_uint32
217kgsscred_expname_to_unix_cred(
218	const gss_buffer_t expName,
219	uid_t *uidOut,
220	gid_t *gidOut,
221	gid_t *gids[],
222	int *gidsLen,
223	uid_t uid);
224
225OM_uint32
226kgsscred_name_to_unix_cred(
227	const gss_name_t intName,
228	const gss_OID mechType,
229	uid_t *uidOut,
230	gid_t *gidOut,
231	gid_t *gids[],
232	int *gidsLen,
233	uid_t uid);
234
235OM_uint32
236kgss_get_group_info(
237	const uid_t puid,
238	gid_t *gidOut,
239	gid_t *gids[],
240	int *gidsLen,
241	uid_t uid);
242#endif
243
244/*
245 * GGF extensions
246 */
247typedef struct gss_buffer_set_desc_struct {
248    size_t count;
249    gss_buffer_desc *elements;
250} gss_buffer_set_desc, *gss_buffer_set_t;
251
252#define	GSS_C_NO_BUFFER_SET ((gss_buffer_set_t)0)
253
254OM_uint32 gss_create_empty_buffer_set
255	(OM_uint32 *, /* minor_status */
256	gss_buffer_set_t *); /* buffer_set */
257
258OM_uint32 gss_add_buffer_set_member
259	(OM_uint32 *, /* minor_status */
260	const gss_buffer_t, /* member_buffer */
261	gss_buffer_set_t *); /* buffer_set */
262
263OM_uint32  gss_release_buffer_set
264	(OM_uint32 *, /* minor_status */
265	gss_buffer_set_t *); /* buffer_set */
266
267OM_uint32 gss_inquire_sec_context_by_oid
268	(OM_uint32 *, /* minor_status */
269	const gss_ctx_id_t, /* context_handle */
270	const gss_OID, /* desired_object */
271	gss_buffer_set_t *); /* data_set */
272
273#ifdef	__cplusplus
274}
275#endif
276
277#endif	/* _GSSAPI_EXT_H */
278