1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  *
26  * Private extensions and utilities to the GSS-API.
27  * These are not part of the GSS-API specification
28  * but may be useful to GSS-API users.
29  */
30 
31 #ifndef _GSSAPI_EXT_H
32 #define	_GSSAPI_EXT_H
33 
34 #include <gssapi/gssapi.h>
35 #ifdef	_KERNEL
36 #include <sys/systm.h>
37 #else
38 #include <strings.h>
39 #endif
40 
41 
42 #ifdef	__cplusplus
43 extern "C" {
44 #endif
45 
46 /* MACRO for comparison of gss_OID's */
47 #define	g_OID_equal(o1, o2) \
48 	(((o1)->length == (o2)->length) && \
49 	(memcmp((o1)->elements, (o2)->elements, (int)(o1)->length) == 0))
50 
51 
52 /*
53  * MACRO for copying of OIDs - memory must already be allocated
54  * o2 is copied to o1
55  */
56 #define	g_OID_copy(o1, o2) \
57 	bcopy((o2)->elements, (o1)->elements, (o2)->length);\
58 	(o1)->length = (o2)->length;
59 
60 
61 /* MACRO to check if input buffer is valid */
62 #define	GSS_EMPTY_BUFFER(buf)	((buf) == NULL ||\
63 	(buf)->value == NULL || (buf)->length == 0)
64 
65 
66 /*
67  * GSSAPI Extension functions -- these functions aren't
68  * in the GSSAPI specification, but are provided in our
69  * GSS library.
70  */
71 
72 #ifndef	_KERNEL
73 
74 /*
75  * qop configuration file handling.
76  */
77 #define	MAX_QOP_NUM_PAIRS	128
78 #define	MAX_QOPS_PER_MECH	128
79 
80 typedef struct _qop_num {
81 	char *qop;
82 	OM_uint32 num;
83 	char *mech;
84 } qop_num;
85 
86 OM_uint32
87 __gss_qop_to_num(
88 	char		*qop,		/* input qop string */
89 	char		*mech,		/* input mech string */
90 	OM_uint32	*num		/* output qop num */
91 );
92 
93 OM_uint32
94 __gss_num_to_qop(
95 	char		*mech,		/* input mech string */
96 	OM_uint32	num,		/* input qop num */
97 	char		**qop		/* output qop name */
98 );
99 
100 OM_uint32
101 __gss_get_mech_info(
102 	char		*mech,		/* input mech string */
103 	char		**qops		/* buffer for return qops */
104 );
105 
106 OM_uint32
107 __gss_mech_qops(
108 	char *mech,			/* input mech */
109 	qop_num *mech_qops,		/* mech qops buffer */
110 	int *numqops			/* buffer to return numqops */
111 );
112 
113 OM_uint32
114 __gss_mech_to_oid(
115 	const char *mech,		/* mechanism string name */
116 	gss_OID *oid			/* mechanism oid */
117 );
118 
119 const char *
120 __gss_oid_to_mech(
121 	const gss_OID oid		/* mechanism oid */
122 );
123 
124 OM_uint32
125 __gss_get_mechanisms(
126 	char *mechArray[],		/* array to populate with mechs */
127 	int arrayLen			/* length of passed in array */
128 );
129 
130 OM_uint32
131 __gss_get_mech_type(
132 	gss_OID oid,			/* mechanism oid */
133 	const gss_buffer_t token	/* token */
134 );
135 
136 OM_uint32
137 __gss_userok(
138 	OM_uint32 *,		/* minor status */
139 	const gss_name_t,	/* remote user principal name */
140 	const char *,		/* local unix user name */
141 	int *);			/* remote principal ok to login w/out pw? */
142 
143 OM_uint32
144 gsscred_expname_to_unix_cred(
145 	const gss_buffer_t,	/* export name */
146 	uid_t *,		/* uid out */
147 	gid_t *,		/* gid out */
148 	gid_t *[],		/* gid array out */
149 	int *);			/* gid array length */
150 
151 OM_uint32
152 gsscred_name_to_unix_cred(
153 	const gss_name_t,	/* gss name */
154 	const gss_OID,		/* mechanim type */
155 	uid_t *,		/* uid out */
156 	gid_t *,		/* gid out */
157 	gid_t *[],		/* gid array out */
158 	int *);			/* gid array length */
159 
160 
161 /*
162  * The following function will be used to resolve group
163  * ids from a UNIX uid.
164  */
165 OM_uint32
166 gss_get_group_info(
167 	const uid_t,		/* entity UNIX uid */
168 	gid_t *,		/* gid out */
169 	gid_t *[],		/* gid array */
170 	int *);			/* length of the gid array */
171 
172 
173 
174 OM_uint32
175 gss_acquire_cred_with_password(
176 	OM_uint32 *		minor_status,
177 	const gss_name_t	desired_name,
178 	const gss_buffer_t	password,
179 	OM_uint32		time_req,
180 	const gss_OID_set	desired_mechs,
181 	int			cred_usage,
182 	gss_cred_id_t 		*output_cred_handle,
183 	gss_OID_set *		actual_mechs,
184 	OM_uint32 *		time_rec);
185 
186 OM_uint32
187 gss_add_cred_with_password(
188 	OM_uint32		*minor_status,
189 	const gss_cred_id_t	input_cred_handle,
190 	const gss_name_t	desired_name,
191 	const gss_OID		desired_mech,
192 	const gss_buffer_t	password,
193 	gss_cred_usage_t	cred_usage,
194 	OM_uint32		initiator_time_req,
195 	OM_uint32		acceptor_time_req,
196 	gss_cred_id_t		*output_cred_handle,
197 	gss_OID_set		*actual_mechs,
198 	OM_uint32		*initiator_time_rec,
199 	OM_uint32		*acceptor_time_rec);
200 
201 /*
202  * Returns a buffer set with the first member containing the
203  * session key for SSPI compatibility. The optional second
204  * member contains an OID identifying the session key type.
205  */
206 extern const gss_OID GSS_C_INQ_SSPI_SESSION_KEY;
207 
208 /*
209  * For compatability with other GSSAPI implementations.
210  * This is needed by Samba.
211  */
212 extern const gss_OID_desc * const gss_mech_krb5;
213 
214 #else	/*	_KERNEL	*/
215 
216 OM_uint32
217 kgsscred_expname_to_unix_cred(
218 	const gss_buffer_t expName,
219 	uid_t *uidOut,
220 	gid_t *gidOut,
221 	gid_t *gids[],
222 	int *gidsLen,
223 	uid_t uid);
224 
225 OM_uint32
226 kgsscred_name_to_unix_cred(
227 	const gss_name_t intName,
228 	const gss_OID mechType,
229 	uid_t *uidOut,
230 	gid_t *gidOut,
231 	gid_t *gids[],
232 	int *gidsLen,
233 	uid_t uid);
234 
235 OM_uint32
236 kgss_get_group_info(
237 	const uid_t puid,
238 	gid_t *gidOut,
239 	gid_t *gids[],
240 	int *gidsLen,
241 	uid_t uid);
242 #endif
243 
244 /*
245  * GGF extensions
246  */
247 typedef struct gss_buffer_set_desc_struct {
248     size_t count;
249     gss_buffer_desc *elements;
250 } gss_buffer_set_desc, *gss_buffer_set_t;
251 
252 #define	GSS_C_NO_BUFFER_SET ((gss_buffer_set_t)0)
253 
254 OM_uint32 gss_create_empty_buffer_set
255 	(OM_uint32 *, /* minor_status */
256 	gss_buffer_set_t *); /* buffer_set */
257 
258 OM_uint32 gss_add_buffer_set_member
259 	(OM_uint32 *, /* minor_status */
260 	const gss_buffer_t, /* member_buffer */
261 	gss_buffer_set_t *); /* buffer_set */
262 
263 OM_uint32  gss_release_buffer_set
264 	(OM_uint32 *, /* minor_status */
265 	gss_buffer_set_t *); /* buffer_set */
266 
267 OM_uint32 gss_inquire_sec_context_by_oid
268 	(OM_uint32 *, /* minor_status */
269 	const gss_ctx_id_t, /* context_handle */
270 	const gss_OID, /* desired_object */
271 	gss_buffer_set_t *); /* data_set */
272 
273 #ifdef	__cplusplus
274 }
275 #endif
276 
277 #endif	/* _GSSAPI_EXT_H */
278