17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5ba7b222eSGlenn Barry * Common Development and Distribution License (the "License"). 6ba7b222eSGlenn Barry * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*80ac04ddSGordon Ross * Copyright 2011 Nexenta Systems, Inc. All rights reserved. 23ba7b222eSGlenn Barry * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate * 267c478bd9Sstevel@tonic-gate * Private extensions and utilities to the GSS-API. 277c478bd9Sstevel@tonic-gate * These are not part of the GSS-API specification 287c478bd9Sstevel@tonic-gate * but may be useful to GSS-API users. 297c478bd9Sstevel@tonic-gate */ 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate #ifndef _GSSAPI_EXT_H 327c478bd9Sstevel@tonic-gate #define _GSSAPI_EXT_H 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate #include <gssapi/gssapi.h> 357c478bd9Sstevel@tonic-gate #ifdef _KERNEL 367c478bd9Sstevel@tonic-gate #include <sys/systm.h> 377c478bd9Sstevel@tonic-gate #else 387c478bd9Sstevel@tonic-gate #include <strings.h> 397c478bd9Sstevel@tonic-gate #endif 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate #ifdef __cplusplus 437c478bd9Sstevel@tonic-gate extern "C" { 447c478bd9Sstevel@tonic-gate #endif 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate /* MACRO for comparison of gss_OID's */ 477c478bd9Sstevel@tonic-gate #define g_OID_equal(o1, o2) \ 487c478bd9Sstevel@tonic-gate (((o1)->length == (o2)->length) && \ 497c478bd9Sstevel@tonic-gate (memcmp((o1)->elements, (o2)->elements, (int)(o1)->length) == 0)) 507c478bd9Sstevel@tonic-gate 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate /* 537c478bd9Sstevel@tonic-gate * MACRO for copying of OIDs - memory must already be allocated 547c478bd9Sstevel@tonic-gate * o2 is copied to o1 557c478bd9Sstevel@tonic-gate */ 567c478bd9Sstevel@tonic-gate #define g_OID_copy(o1, o2) \ 577c478bd9Sstevel@tonic-gate bcopy((o2)->elements, (o1)->elements, (o2)->length);\ 587c478bd9Sstevel@tonic-gate (o1)->length = (o2)->length; 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate /* MACRO to check if input buffer is valid */ 627c478bd9Sstevel@tonic-gate #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 637c478bd9Sstevel@tonic-gate (buf)->value == NULL || (buf)->length == 0) 647c478bd9Sstevel@tonic-gate 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate /* 677c478bd9Sstevel@tonic-gate * GSSAPI Extension functions -- these functions aren't 687c478bd9Sstevel@tonic-gate * in the GSSAPI specification, but are provided in our 697c478bd9Sstevel@tonic-gate * GSS library. 707c478bd9Sstevel@tonic-gate */ 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate #ifndef _KERNEL 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate /* 757c478bd9Sstevel@tonic-gate * qop configuration file handling. 767c478bd9Sstevel@tonic-gate */ 777c478bd9Sstevel@tonic-gate #define MAX_QOP_NUM_PAIRS 128 787c478bd9Sstevel@tonic-gate #define MAX_QOPS_PER_MECH 128 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate typedef struct _qop_num { 817c478bd9Sstevel@tonic-gate char *qop; 827c478bd9Sstevel@tonic-gate OM_uint32 num; 837c478bd9Sstevel@tonic-gate char *mech; 847c478bd9Sstevel@tonic-gate } qop_num; 857c478bd9Sstevel@tonic-gate 867c478bd9Sstevel@tonic-gate OM_uint32 877c478bd9Sstevel@tonic-gate __gss_qop_to_num( 887c478bd9Sstevel@tonic-gate char *qop, /* input qop string */ 897c478bd9Sstevel@tonic-gate char *mech, /* input mech string */ 907c478bd9Sstevel@tonic-gate OM_uint32 *num /* output qop num */ 917c478bd9Sstevel@tonic-gate ); 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate OM_uint32 947c478bd9Sstevel@tonic-gate __gss_num_to_qop( 957c478bd9Sstevel@tonic-gate char *mech, /* input mech string */ 967c478bd9Sstevel@tonic-gate OM_uint32 num, /* input qop num */ 977c478bd9Sstevel@tonic-gate char **qop /* output qop name */ 987c478bd9Sstevel@tonic-gate ); 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate OM_uint32 1017c478bd9Sstevel@tonic-gate __gss_get_mech_info( 1027c478bd9Sstevel@tonic-gate char *mech, /* input mech string */ 1037c478bd9Sstevel@tonic-gate char **qops /* buffer for return qops */ 1047c478bd9Sstevel@tonic-gate ); 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate OM_uint32 1077c478bd9Sstevel@tonic-gate __gss_mech_qops( 1087c478bd9Sstevel@tonic-gate char *mech, /* input mech */ 1097c478bd9Sstevel@tonic-gate qop_num *mech_qops, /* mech qops buffer */ 1107c478bd9Sstevel@tonic-gate int *numqops /* buffer to return numqops */ 1117c478bd9Sstevel@tonic-gate ); 1127c478bd9Sstevel@tonic-gate 1137c478bd9Sstevel@tonic-gate OM_uint32 1147c478bd9Sstevel@tonic-gate __gss_mech_to_oid( 1157c478bd9Sstevel@tonic-gate const char *mech, /* mechanism string name */ 1167c478bd9Sstevel@tonic-gate gss_OID *oid /* mechanism oid */ 1177c478bd9Sstevel@tonic-gate ); 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate const char * 1207c478bd9Sstevel@tonic-gate __gss_oid_to_mech( 1217c478bd9Sstevel@tonic-gate const gss_OID oid /* mechanism oid */ 1227c478bd9Sstevel@tonic-gate ); 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate OM_uint32 1257c478bd9Sstevel@tonic-gate __gss_get_mechanisms( 1267c478bd9Sstevel@tonic-gate char *mechArray[], /* array to populate with mechs */ 1277c478bd9Sstevel@tonic-gate int arrayLen /* length of passed in array */ 1287c478bd9Sstevel@tonic-gate ); 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate OM_uint32 1317c478bd9Sstevel@tonic-gate __gss_get_mech_type( 1327c478bd9Sstevel@tonic-gate gss_OID oid, /* mechanism oid */ 1337c478bd9Sstevel@tonic-gate const gss_buffer_t token /* token */ 1347c478bd9Sstevel@tonic-gate ); 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate OM_uint32 1377c478bd9Sstevel@tonic-gate __gss_userok( 1387c478bd9Sstevel@tonic-gate OM_uint32 *, /* minor status */ 1397c478bd9Sstevel@tonic-gate const gss_name_t, /* remote user principal name */ 1407c478bd9Sstevel@tonic-gate const char *, /* local unix user name */ 1417c478bd9Sstevel@tonic-gate int *); /* remote principal ok to login w/out pw? */ 1427c478bd9Sstevel@tonic-gate 1437c478bd9Sstevel@tonic-gate OM_uint32 1447c478bd9Sstevel@tonic-gate gsscred_expname_to_unix_cred( 1457c478bd9Sstevel@tonic-gate const gss_buffer_t, /* export name */ 1467c478bd9Sstevel@tonic-gate uid_t *, /* uid out */ 1477c478bd9Sstevel@tonic-gate gid_t *, /* gid out */ 1487c478bd9Sstevel@tonic-gate gid_t *[], /* gid array out */ 1497c478bd9Sstevel@tonic-gate int *); /* gid array length */ 1507c478bd9Sstevel@tonic-gate 1517c478bd9Sstevel@tonic-gate OM_uint32 1527c478bd9Sstevel@tonic-gate gsscred_name_to_unix_cred( 1537c478bd9Sstevel@tonic-gate const gss_name_t, /* gss name */ 1547c478bd9Sstevel@tonic-gate const gss_OID, /* mechanim type */ 1557c478bd9Sstevel@tonic-gate uid_t *, /* uid out */ 1567c478bd9Sstevel@tonic-gate gid_t *, /* gid out */ 1577c478bd9Sstevel@tonic-gate gid_t *[], /* gid array out */ 1587c478bd9Sstevel@tonic-gate int *); /* gid array length */ 1597c478bd9Sstevel@tonic-gate 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate /* 1627c478bd9Sstevel@tonic-gate * The following function will be used to resolve group 1637c478bd9Sstevel@tonic-gate * ids from a UNIX uid. 1647c478bd9Sstevel@tonic-gate */ 1657c478bd9Sstevel@tonic-gate OM_uint32 1667c478bd9Sstevel@tonic-gate gss_get_group_info( 1677c478bd9Sstevel@tonic-gate const uid_t, /* entity UNIX uid */ 1687c478bd9Sstevel@tonic-gate gid_t *, /* gid out */ 1697c478bd9Sstevel@tonic-gate gid_t *[], /* gid array */ 1707c478bd9Sstevel@tonic-gate int *); /* length of the gid array */ 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate 1737c478bd9Sstevel@tonic-gate 1747c478bd9Sstevel@tonic-gate OM_uint32 1757c478bd9Sstevel@tonic-gate gss_acquire_cred_with_password( 1767c478bd9Sstevel@tonic-gate OM_uint32 * minor_status, 1777c478bd9Sstevel@tonic-gate const gss_name_t desired_name, 1787c478bd9Sstevel@tonic-gate const gss_buffer_t password, 1797c478bd9Sstevel@tonic-gate OM_uint32 time_req, 1807c478bd9Sstevel@tonic-gate const gss_OID_set desired_mechs, 1817c478bd9Sstevel@tonic-gate int cred_usage, 1827c478bd9Sstevel@tonic-gate gss_cred_id_t *output_cred_handle, 1837c478bd9Sstevel@tonic-gate gss_OID_set * actual_mechs, 1847c478bd9Sstevel@tonic-gate OM_uint32 * time_rec); 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate OM_uint32 1877c478bd9Sstevel@tonic-gate gss_add_cred_with_password( 1887c478bd9Sstevel@tonic-gate OM_uint32 *minor_status, 1897c478bd9Sstevel@tonic-gate const gss_cred_id_t input_cred_handle, 1907c478bd9Sstevel@tonic-gate const gss_name_t desired_name, 1917c478bd9Sstevel@tonic-gate const gss_OID desired_mech, 1927c478bd9Sstevel@tonic-gate const gss_buffer_t password, 1937c478bd9Sstevel@tonic-gate gss_cred_usage_t cred_usage, 1947c478bd9Sstevel@tonic-gate OM_uint32 initiator_time_req, 1957c478bd9Sstevel@tonic-gate OM_uint32 acceptor_time_req, 1967c478bd9Sstevel@tonic-gate gss_cred_id_t *output_cred_handle, 1977c478bd9Sstevel@tonic-gate gss_OID_set *actual_mechs, 1987c478bd9Sstevel@tonic-gate OM_uint32 *initiator_time_rec, 1997c478bd9Sstevel@tonic-gate OM_uint32 *acceptor_time_rec); 2007c478bd9Sstevel@tonic-gate 201ba7b222eSGlenn Barry /* 202ba7b222eSGlenn Barry * Returns a buffer set with the first member containing the 203ba7b222eSGlenn Barry * session key for SSPI compatibility. The optional second 204ba7b222eSGlenn Barry * member contains an OID identifying the session key type. 205ba7b222eSGlenn Barry */ 206ba7b222eSGlenn Barry extern const gss_OID GSS_C_INQ_SSPI_SESSION_KEY; 207ba7b222eSGlenn Barry 208*80ac04ddSGordon Ross /* 209*80ac04ddSGordon Ross * For compatability with other GSSAPI implementations. 210*80ac04ddSGordon Ross * This is needed by Samba. 211*80ac04ddSGordon Ross */ 212*80ac04ddSGordon Ross extern const gss_OID_desc * const gss_mech_krb5; 213*80ac04ddSGordon Ross 2147c478bd9Sstevel@tonic-gate #else /* _KERNEL */ 2157c478bd9Sstevel@tonic-gate 2167c478bd9Sstevel@tonic-gate OM_uint32 2177c478bd9Sstevel@tonic-gate kgsscred_expname_to_unix_cred( 2187c478bd9Sstevel@tonic-gate const gss_buffer_t expName, 2197c478bd9Sstevel@tonic-gate uid_t *uidOut, 2207c478bd9Sstevel@tonic-gate gid_t *gidOut, 2217c478bd9Sstevel@tonic-gate gid_t *gids[], 2227c478bd9Sstevel@tonic-gate int *gidsLen, 2237c478bd9Sstevel@tonic-gate uid_t uid); 2247c478bd9Sstevel@tonic-gate 2257c478bd9Sstevel@tonic-gate OM_uint32 2267c478bd9Sstevel@tonic-gate kgsscred_name_to_unix_cred( 2277c478bd9Sstevel@tonic-gate const gss_name_t intName, 2287c478bd9Sstevel@tonic-gate const gss_OID mechType, 2297c478bd9Sstevel@tonic-gate uid_t *uidOut, 2307c478bd9Sstevel@tonic-gate gid_t *gidOut, 2317c478bd9Sstevel@tonic-gate gid_t *gids[], 2327c478bd9Sstevel@tonic-gate int *gidsLen, 2337c478bd9Sstevel@tonic-gate uid_t uid); 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate OM_uint32 2367c478bd9Sstevel@tonic-gate kgss_get_group_info( 2377c478bd9Sstevel@tonic-gate const uid_t puid, 2387c478bd9Sstevel@tonic-gate gid_t *gidOut, 2397c478bd9Sstevel@tonic-gate gid_t *gids[], 2407c478bd9Sstevel@tonic-gate int *gidsLen, 2417c478bd9Sstevel@tonic-gate uid_t uid); 2427c478bd9Sstevel@tonic-gate #endif 2437c478bd9Sstevel@tonic-gate 244ba7b222eSGlenn Barry /* 245ba7b222eSGlenn Barry * GGF extensions 246ba7b222eSGlenn Barry */ 247ba7b222eSGlenn Barry typedef struct gss_buffer_set_desc_struct { 248ba7b222eSGlenn Barry size_t count; 249ba7b222eSGlenn Barry gss_buffer_desc *elements; 250ba7b222eSGlenn Barry } gss_buffer_set_desc, *gss_buffer_set_t; 251ba7b222eSGlenn Barry 252ba7b222eSGlenn Barry #define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t)0) 253ba7b222eSGlenn Barry 254ba7b222eSGlenn Barry OM_uint32 gss_create_empty_buffer_set 255ba7b222eSGlenn Barry (OM_uint32 *, /* minor_status */ 256ba7b222eSGlenn Barry gss_buffer_set_t *); /* buffer_set */ 257ba7b222eSGlenn Barry 258ba7b222eSGlenn Barry OM_uint32 gss_add_buffer_set_member 259ba7b222eSGlenn Barry (OM_uint32 *, /* minor_status */ 260ba7b222eSGlenn Barry const gss_buffer_t, /* member_buffer */ 261ba7b222eSGlenn Barry gss_buffer_set_t *); /* buffer_set */ 262ba7b222eSGlenn Barry 263ba7b222eSGlenn Barry OM_uint32 gss_release_buffer_set 264ba7b222eSGlenn Barry (OM_uint32 *, /* minor_status */ 265ba7b222eSGlenn Barry gss_buffer_set_t *); /* buffer_set */ 266ba7b222eSGlenn Barry 267ba7b222eSGlenn Barry OM_uint32 gss_inquire_sec_context_by_oid 268ba7b222eSGlenn Barry (OM_uint32 *, /* minor_status */ 269ba7b222eSGlenn Barry const gss_ctx_id_t, /* context_handle */ 270ba7b222eSGlenn Barry const gss_OID, /* desired_object */ 271ba7b222eSGlenn Barry gss_buffer_set_t *); /* data_set */ 2727c478bd9Sstevel@tonic-gate 2737c478bd9Sstevel@tonic-gate #ifdef __cplusplus 2747c478bd9Sstevel@tonic-gate } 2757c478bd9Sstevel@tonic-gate #endif 2767c478bd9Sstevel@tonic-gate 2777c478bd9Sstevel@tonic-gate #endif /* _GSSAPI_EXT_H */ 278