10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*10598SGlenn.Barry@Sun.COM * Common Development and Distribution License (the "License"). 6*10598SGlenn.Barry@Sun.COM * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*10598SGlenn.Barry@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate * 250Sstevel@tonic-gate * Private extensions and utilities to the GSS-API. 260Sstevel@tonic-gate * These are not part of the GSS-API specification 270Sstevel@tonic-gate * but may be useful to GSS-API users. 280Sstevel@tonic-gate */ 290Sstevel@tonic-gate 300Sstevel@tonic-gate #ifndef _GSSAPI_EXT_H 310Sstevel@tonic-gate #define _GSSAPI_EXT_H 320Sstevel@tonic-gate 330Sstevel@tonic-gate #include <gssapi/gssapi.h> 340Sstevel@tonic-gate #ifdef _KERNEL 350Sstevel@tonic-gate #include <sys/systm.h> 360Sstevel@tonic-gate #else 370Sstevel@tonic-gate #include <strings.h> 380Sstevel@tonic-gate #endif 390Sstevel@tonic-gate 400Sstevel@tonic-gate 410Sstevel@tonic-gate #ifdef __cplusplus 420Sstevel@tonic-gate extern "C" { 430Sstevel@tonic-gate #endif 440Sstevel@tonic-gate 450Sstevel@tonic-gate /* MACRO for comparison of gss_OID's */ 460Sstevel@tonic-gate #define g_OID_equal(o1, o2) \ 470Sstevel@tonic-gate (((o1)->length == (o2)->length) && \ 480Sstevel@tonic-gate (memcmp((o1)->elements, (o2)->elements, (int)(o1)->length) == 0)) 490Sstevel@tonic-gate 500Sstevel@tonic-gate 510Sstevel@tonic-gate /* 520Sstevel@tonic-gate * MACRO for copying of OIDs - memory must already be allocated 530Sstevel@tonic-gate * o2 is copied to o1 540Sstevel@tonic-gate */ 550Sstevel@tonic-gate #define g_OID_copy(o1, o2) \ 560Sstevel@tonic-gate bcopy((o2)->elements, (o1)->elements, (o2)->length);\ 570Sstevel@tonic-gate (o1)->length = (o2)->length; 580Sstevel@tonic-gate 590Sstevel@tonic-gate 600Sstevel@tonic-gate /* MACRO to check if input buffer is valid */ 610Sstevel@tonic-gate #define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ 620Sstevel@tonic-gate (buf)->value == NULL || (buf)->length == 0) 630Sstevel@tonic-gate 640Sstevel@tonic-gate 650Sstevel@tonic-gate /* 660Sstevel@tonic-gate * GSSAPI Extension functions -- these functions aren't 670Sstevel@tonic-gate * in the GSSAPI specification, but are provided in our 680Sstevel@tonic-gate * GSS library. 690Sstevel@tonic-gate */ 700Sstevel@tonic-gate 710Sstevel@tonic-gate #ifndef _KERNEL 720Sstevel@tonic-gate 730Sstevel@tonic-gate /* 740Sstevel@tonic-gate * qop configuration file handling. 750Sstevel@tonic-gate */ 760Sstevel@tonic-gate #define MAX_QOP_NUM_PAIRS 128 770Sstevel@tonic-gate #define MAX_QOPS_PER_MECH 128 780Sstevel@tonic-gate 790Sstevel@tonic-gate typedef struct _qop_num { 800Sstevel@tonic-gate char *qop; 810Sstevel@tonic-gate OM_uint32 num; 820Sstevel@tonic-gate char *mech; 830Sstevel@tonic-gate } qop_num; 840Sstevel@tonic-gate 850Sstevel@tonic-gate OM_uint32 860Sstevel@tonic-gate __gss_qop_to_num( 870Sstevel@tonic-gate char *qop, /* input qop string */ 880Sstevel@tonic-gate char *mech, /* input mech string */ 890Sstevel@tonic-gate OM_uint32 *num /* output qop num */ 900Sstevel@tonic-gate ); 910Sstevel@tonic-gate 920Sstevel@tonic-gate OM_uint32 930Sstevel@tonic-gate __gss_num_to_qop( 940Sstevel@tonic-gate char *mech, /* input mech string */ 950Sstevel@tonic-gate OM_uint32 num, /* input qop num */ 960Sstevel@tonic-gate char **qop /* output qop name */ 970Sstevel@tonic-gate ); 980Sstevel@tonic-gate 990Sstevel@tonic-gate OM_uint32 1000Sstevel@tonic-gate __gss_get_mech_info( 1010Sstevel@tonic-gate char *mech, /* input mech string */ 1020Sstevel@tonic-gate char **qops /* buffer for return qops */ 1030Sstevel@tonic-gate ); 1040Sstevel@tonic-gate 1050Sstevel@tonic-gate OM_uint32 1060Sstevel@tonic-gate __gss_mech_qops( 1070Sstevel@tonic-gate char *mech, /* input mech */ 1080Sstevel@tonic-gate qop_num *mech_qops, /* mech qops buffer */ 1090Sstevel@tonic-gate int *numqops /* buffer to return numqops */ 1100Sstevel@tonic-gate ); 1110Sstevel@tonic-gate 1120Sstevel@tonic-gate OM_uint32 1130Sstevel@tonic-gate __gss_mech_to_oid( 1140Sstevel@tonic-gate const char *mech, /* mechanism string name */ 1150Sstevel@tonic-gate gss_OID *oid /* mechanism oid */ 1160Sstevel@tonic-gate ); 1170Sstevel@tonic-gate 1180Sstevel@tonic-gate const char * 1190Sstevel@tonic-gate __gss_oid_to_mech( 1200Sstevel@tonic-gate const gss_OID oid /* mechanism oid */ 1210Sstevel@tonic-gate ); 1220Sstevel@tonic-gate 1230Sstevel@tonic-gate OM_uint32 1240Sstevel@tonic-gate __gss_get_mechanisms( 1250Sstevel@tonic-gate char *mechArray[], /* array to populate with mechs */ 1260Sstevel@tonic-gate int arrayLen /* length of passed in array */ 1270Sstevel@tonic-gate ); 1280Sstevel@tonic-gate 1290Sstevel@tonic-gate OM_uint32 1300Sstevel@tonic-gate __gss_get_mech_type( 1310Sstevel@tonic-gate gss_OID oid, /* mechanism oid */ 1320Sstevel@tonic-gate const gss_buffer_t token /* token */ 1330Sstevel@tonic-gate ); 1340Sstevel@tonic-gate 1350Sstevel@tonic-gate OM_uint32 1360Sstevel@tonic-gate __gss_userok( 1370Sstevel@tonic-gate OM_uint32 *, /* minor status */ 1380Sstevel@tonic-gate const gss_name_t, /* remote user principal name */ 1390Sstevel@tonic-gate const char *, /* local unix user name */ 1400Sstevel@tonic-gate int *); /* remote principal ok to login w/out pw? */ 1410Sstevel@tonic-gate 1420Sstevel@tonic-gate OM_uint32 1430Sstevel@tonic-gate gsscred_expname_to_unix_cred( 1440Sstevel@tonic-gate const gss_buffer_t, /* export name */ 1450Sstevel@tonic-gate uid_t *, /* uid out */ 1460Sstevel@tonic-gate gid_t *, /* gid out */ 1470Sstevel@tonic-gate gid_t *[], /* gid array out */ 1480Sstevel@tonic-gate int *); /* gid array length */ 1490Sstevel@tonic-gate 1500Sstevel@tonic-gate OM_uint32 1510Sstevel@tonic-gate gsscred_name_to_unix_cred( 1520Sstevel@tonic-gate const gss_name_t, /* gss name */ 1530Sstevel@tonic-gate const gss_OID, /* mechanim type */ 1540Sstevel@tonic-gate uid_t *, /* uid out */ 1550Sstevel@tonic-gate gid_t *, /* gid out */ 1560Sstevel@tonic-gate gid_t *[], /* gid array out */ 1570Sstevel@tonic-gate int *); /* gid array length */ 1580Sstevel@tonic-gate 1590Sstevel@tonic-gate 1600Sstevel@tonic-gate /* 1610Sstevel@tonic-gate * The following function will be used to resolve group 1620Sstevel@tonic-gate * ids from a UNIX uid. 1630Sstevel@tonic-gate */ 1640Sstevel@tonic-gate OM_uint32 1650Sstevel@tonic-gate gss_get_group_info( 1660Sstevel@tonic-gate const uid_t, /* entity UNIX uid */ 1670Sstevel@tonic-gate gid_t *, /* gid out */ 1680Sstevel@tonic-gate gid_t *[], /* gid array */ 1690Sstevel@tonic-gate int *); /* length of the gid array */ 1700Sstevel@tonic-gate 1710Sstevel@tonic-gate 1720Sstevel@tonic-gate 1730Sstevel@tonic-gate OM_uint32 1740Sstevel@tonic-gate gss_acquire_cred_with_password( 1750Sstevel@tonic-gate OM_uint32 * minor_status, 1760Sstevel@tonic-gate const gss_name_t desired_name, 1770Sstevel@tonic-gate const gss_buffer_t password, 1780Sstevel@tonic-gate OM_uint32 time_req, 1790Sstevel@tonic-gate const gss_OID_set desired_mechs, 1800Sstevel@tonic-gate int cred_usage, 1810Sstevel@tonic-gate gss_cred_id_t *output_cred_handle, 1820Sstevel@tonic-gate gss_OID_set * actual_mechs, 1830Sstevel@tonic-gate OM_uint32 * time_rec); 1840Sstevel@tonic-gate 1850Sstevel@tonic-gate OM_uint32 1860Sstevel@tonic-gate gss_add_cred_with_password( 1870Sstevel@tonic-gate OM_uint32 *minor_status, 1880Sstevel@tonic-gate const gss_cred_id_t input_cred_handle, 1890Sstevel@tonic-gate const gss_name_t desired_name, 1900Sstevel@tonic-gate const gss_OID desired_mech, 1910Sstevel@tonic-gate const gss_buffer_t password, 1920Sstevel@tonic-gate gss_cred_usage_t cred_usage, 1930Sstevel@tonic-gate OM_uint32 initiator_time_req, 1940Sstevel@tonic-gate OM_uint32 acceptor_time_req, 1950Sstevel@tonic-gate gss_cred_id_t *output_cred_handle, 1960Sstevel@tonic-gate gss_OID_set *actual_mechs, 1970Sstevel@tonic-gate OM_uint32 *initiator_time_rec, 1980Sstevel@tonic-gate OM_uint32 *acceptor_time_rec); 1990Sstevel@tonic-gate 200*10598SGlenn.Barry@Sun.COM /* 201*10598SGlenn.Barry@Sun.COM * Returns a buffer set with the first member containing the 202*10598SGlenn.Barry@Sun.COM * session key for SSPI compatibility. The optional second 203*10598SGlenn.Barry@Sun.COM * member contains an OID identifying the session key type. 204*10598SGlenn.Barry@Sun.COM */ 205*10598SGlenn.Barry@Sun.COM extern const gss_OID GSS_C_INQ_SSPI_SESSION_KEY; 206*10598SGlenn.Barry@Sun.COM 2070Sstevel@tonic-gate #else /* _KERNEL */ 2080Sstevel@tonic-gate 2090Sstevel@tonic-gate OM_uint32 2100Sstevel@tonic-gate kgsscred_expname_to_unix_cred( 2110Sstevel@tonic-gate const gss_buffer_t expName, 2120Sstevel@tonic-gate uid_t *uidOut, 2130Sstevel@tonic-gate gid_t *gidOut, 2140Sstevel@tonic-gate gid_t *gids[], 2150Sstevel@tonic-gate int *gidsLen, 2160Sstevel@tonic-gate uid_t uid); 2170Sstevel@tonic-gate 2180Sstevel@tonic-gate OM_uint32 2190Sstevel@tonic-gate kgsscred_name_to_unix_cred( 2200Sstevel@tonic-gate const gss_name_t intName, 2210Sstevel@tonic-gate const gss_OID mechType, 2220Sstevel@tonic-gate uid_t *uidOut, 2230Sstevel@tonic-gate gid_t *gidOut, 2240Sstevel@tonic-gate gid_t *gids[], 2250Sstevel@tonic-gate int *gidsLen, 2260Sstevel@tonic-gate uid_t uid); 2270Sstevel@tonic-gate 2280Sstevel@tonic-gate OM_uint32 2290Sstevel@tonic-gate kgss_get_group_info( 2300Sstevel@tonic-gate const uid_t puid, 2310Sstevel@tonic-gate gid_t *gidOut, 2320Sstevel@tonic-gate gid_t *gids[], 2330Sstevel@tonic-gate int *gidsLen, 2340Sstevel@tonic-gate uid_t uid); 2350Sstevel@tonic-gate #endif 2360Sstevel@tonic-gate 237*10598SGlenn.Barry@Sun.COM /* 238*10598SGlenn.Barry@Sun.COM * GGF extensions 239*10598SGlenn.Barry@Sun.COM */ 240*10598SGlenn.Barry@Sun.COM typedef struct gss_buffer_set_desc_struct { 241*10598SGlenn.Barry@Sun.COM size_t count; 242*10598SGlenn.Barry@Sun.COM gss_buffer_desc *elements; 243*10598SGlenn.Barry@Sun.COM } gss_buffer_set_desc, *gss_buffer_set_t; 244*10598SGlenn.Barry@Sun.COM 245*10598SGlenn.Barry@Sun.COM #define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t)0) 246*10598SGlenn.Barry@Sun.COM 247*10598SGlenn.Barry@Sun.COM OM_uint32 gss_create_empty_buffer_set 248*10598SGlenn.Barry@Sun.COM (OM_uint32 *, /* minor_status */ 249*10598SGlenn.Barry@Sun.COM gss_buffer_set_t *); /* buffer_set */ 250*10598SGlenn.Barry@Sun.COM 251*10598SGlenn.Barry@Sun.COM OM_uint32 gss_add_buffer_set_member 252*10598SGlenn.Barry@Sun.COM (OM_uint32 *, /* minor_status */ 253*10598SGlenn.Barry@Sun.COM const gss_buffer_t, /* member_buffer */ 254*10598SGlenn.Barry@Sun.COM gss_buffer_set_t *); /* buffer_set */ 255*10598SGlenn.Barry@Sun.COM 256*10598SGlenn.Barry@Sun.COM OM_uint32 gss_release_buffer_set 257*10598SGlenn.Barry@Sun.COM (OM_uint32 *, /* minor_status */ 258*10598SGlenn.Barry@Sun.COM gss_buffer_set_t *); /* buffer_set */ 259*10598SGlenn.Barry@Sun.COM 260*10598SGlenn.Barry@Sun.COM OM_uint32 gss_inquire_sec_context_by_oid 261*10598SGlenn.Barry@Sun.COM (OM_uint32 *, /* minor_status */ 262*10598SGlenn.Barry@Sun.COM const gss_ctx_id_t, /* context_handle */ 263*10598SGlenn.Barry@Sun.COM const gss_OID, /* desired_object */ 264*10598SGlenn.Barry@Sun.COM gss_buffer_set_t *); /* data_set */ 2650Sstevel@tonic-gate 2660Sstevel@tonic-gate #ifdef __cplusplus 2670Sstevel@tonic-gate } 2680Sstevel@tonic-gate #endif 2690Sstevel@tonic-gate 2700Sstevel@tonic-gate #endif /* _GSSAPI_EXT_H */ 271