1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _GSSAPIP_SPNEGO_H_ 28 #define _GSSAPIP_SPNEGO_H_ 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <gssapi/gssapi.h> 37 #include <synch.h> 38 #include <syslog.h> 39 40 #define SEC_CONTEXT_TOKEN 1 41 #define SPNEGO_SIZE_OF_INT 4 42 43 #define ACCEPT_COMPLETE 0 44 #define ACCEPT_INCOMPLETE 1 45 #define REJECT 2 46 #define ACCEPT_DEFECTIVE_TOKEN 3 47 48 /* 49 * constants for der encoding/decoding routines. 50 */ 51 52 #define MECH_OID 0x06 53 #define OCTET_STRING 0x04 54 #define CONTEXT 0xa0 55 #define SEQUENCE 0x30 56 #define SEQUENCE_OF 0x30 57 #define ENUMERATED 0x0a 58 #define ENUMERATION_LENGTH 1 59 #define HEADER_ID 0x60 60 61 /* 62 * SPNEGO specific error codes (minor status codes) 63 */ 64 #define ERR_SPNEGO_NO_MECHS_AVAILABLE 0x20000001 65 #define ERR_SPNEGO_NO_CREDS_ACQUIRED 0x20000002 66 #define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR 0x20000003 67 #define ERR_SPNEGO_NEGOTIATION_FAILED 0x20000004 68 #define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR 0x20000005 69 70 /* 71 * send_token_flag is used to indicate in later steps what type 72 * of token, if any should be sent or processed. 73 * NO_TOKEN_SEND = no token should be sent 74 * INIT_TOKEN_SEND = initial token will be sent 75 * CONT_TOKEN_SEND = continuing tokens to be sent 76 * CHECK_MIC = no token to be sent, but have a MIC to check. 77 * ERROR_TOKEN_SEND = error token from peer needs to be sent. 78 */ 79 80 typedef enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND, 81 CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag; 82 83 /* 84 * The Mech OID: 85 * { iso(1) org(3) dod(6) internet(1) security(5) 86 * mechanism(5) spnego(2) } 87 */ 88 89 #define SPNEGO_OID_LENGTH 6 90 #define SPNEGO_OID "\053\006\001\005\005\002" 91 92 typedef void *spnego_token_t; 93 94 /* Structure for context handle */ 95 typedef struct { 96 gss_buffer_desc DER_mechTypes; 97 gss_OID internal_mech; 98 gss_ctx_id_t ctx_handle; 99 char *optionStr; 100 int MS_Interop; 101 int optimistic; 102 OM_uint32 last_status; 103 } spnego_gss_ctx_id_rec, *spnego_gss_ctx_id_t; 104 105 /* SPNEGO oid structure */ 106 static const gss_OID_desc spnego_oids[] = { 107 {SPNEGO_OID_LENGTH, SPNEGO_OID}, 108 }; 109 110 const gss_OID_desc * const gss_mech_spnego = spnego_oids+0; 111 static const gss_OID_set_desc spnego_oidsets[] = { 112 {1, (gss_OID) spnego_oids+0}, 113 }; 114 const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0; 115 116 #define TWRITE_STR(ptr, str, len) \ 117 memcpy((ptr), (char *)(str), (len)); \ 118 (ptr) += (len); 119 120 #ifdef DEBUG 121 #define dsyslog(a) syslog(LOG_DEBUG, a) 122 #else 123 #define dsyslog(a) 124 #define SPNEGO_STATIC 125 #endif /* DEBUG */ 126 127 /* 128 * declarations of internal name mechanism functions 129 */ 130 131 OM_uint32 spnego_gss_acquire_cred 132 ( 133 void *, /* spnego context */ 134 OM_uint32 *, /* minor_status */ 135 gss_name_t, /* desired_name */ 136 OM_uint32, /* time_req */ 137 gss_OID_set, /* desired_mechs */ 138 gss_cred_usage_t, /* cred_usage */ 139 gss_cred_id_t *, /* output_cred_handle */ 140 gss_OID_set *, /* actual_mechs */ 141 OM_uint32 * /* time_rec */ 142 ); 143 144 OM_uint32 spnego_gss_release_cred 145 ( 146 void *, /* spnego context */ 147 OM_uint32 *, /* minor_status */ 148 /* CSTYLED */ 149 gss_cred_id_t * /* cred_handle */ 150 ); 151 152 OM_uint32 spnego_gss_init_sec_context 153 ( 154 void *, /* spnego context */ 155 OM_uint32 *, /* minor_status */ 156 gss_cred_id_t, /* claimant_cred_handle */ 157 gss_ctx_id_t *, /* context_handle */ 158 gss_name_t, /* target_name */ 159 gss_OID, /* mech_type */ 160 OM_uint32, /* req_flags */ 161 OM_uint32, /* time_req */ 162 gss_channel_bindings_t, /* input_chan_bindings */ 163 gss_buffer_t, /* input_token */ 164 gss_OID *, /* actual_mech_type */ 165 gss_buffer_t, /* output_token */ 166 OM_uint32 *, /* ret_flags */ 167 OM_uint32 * /* time_rec */ 168 ); 169 170 OM_uint32 spnego_gss_accept_sec_context 171 ( 172 void *, /* spnego context */ 173 OM_uint32 *, /* minor_status */ 174 gss_ctx_id_t *, /* context_handle */ 175 gss_cred_id_t, /* verifier_cred_handle */ 176 gss_buffer_t, /* input_token_buffer */ 177 gss_channel_bindings_t, /* input_chan_bindings */ 178 gss_name_t *, /* src_name */ 179 gss_OID *, /* mech_type */ 180 gss_buffer_t, /* output_token */ 181 OM_uint32 *, /* ret_flags */ 182 OM_uint32 *, /* time_rec */ 183 /* CSTYLED */ 184 gss_cred_id_t * /* delegated_cred_handle */ 185 ); 186 187 OM_uint32 spnego_gss_display_name 188 ( 189 void *, 190 OM_uint32 *, /* minor_status */ 191 gss_name_t, /* input_name */ 192 gss_buffer_t, /* output_name_buffer */ 193 gss_OID * /* output_name_type */ 194 ); 195 196 OM_uint32 spnego_gss_display_status 197 ( 198 void *, /* spnego context */ 199 OM_uint32 *, /* minor_status */ 200 OM_uint32, /* status_value */ 201 int, /* status_type */ 202 gss_OID, /* mech_type */ 203 OM_uint32 *, /* message_context */ 204 gss_buffer_t /* status_string */ 205 ); 206 207 OM_uint32 spnego_gss_import_name 208 ( 209 void *, /* spnego context */ 210 OM_uint32 *, /* minor_status */ 211 gss_buffer_t, /* input_name_buffer */ 212 gss_OID, /* input_name_type */ 213 /* CSTYLED */ 214 gss_name_t * /* output_name */ 215 ); 216 217 OM_uint32 spnego_gss_release_name 218 ( 219 void *, /* spnego context */ 220 OM_uint32 *, /* minor_status */ 221 /* CSTYLED */ 222 gss_name_t * /* input_name */ 223 ); 224 225 OM_uint32 spnego_gss_inquire_names_for_mech 226 ( 227 void *, /* spnego context */ 228 OM_uint32 *, /* minor_status */ 229 gss_OID, /* mechanism */ 230 gss_OID_set * /* name_types */ 231 ); 232 233 OM_uint32 spnego_gss_unseal 234 ( 235 void *context, 236 OM_uint32 *minor_status, 237 gss_ctx_id_t context_handle, 238 gss_buffer_t input_message_buffer, 239 gss_buffer_t output_message_buffer, 240 int *conf_state, 241 int *qop_state 242 ); 243 244 OM_uint32 spnego_gss_seal 245 ( 246 void *context, 247 OM_uint32 *minor_status, 248 gss_ctx_id_t context_handle, 249 int conf_req_flag, 250 int qop_req, 251 gss_buffer_t input_message_buffer, 252 int *conf_state, 253 gss_buffer_t output_message_buffer 254 ); 255 256 OM_uint32 spnego_gss_process_context_token 257 ( 258 void *context, 259 OM_uint32 *minor_status, 260 const gss_ctx_id_t context_handle, 261 const gss_buffer_t token_buffer 262 ); 263 264 OM_uint32 spnego_gss_delete_sec_context 265 ( 266 void *context, 267 OM_uint32 *minor_status, 268 gss_ctx_id_t *context_handle, 269 gss_buffer_t output_token 270 ); 271 272 OM_uint32 spnego_gss_context_time 273 ( 274 void *context, 275 OM_uint32 *minor_status, 276 const gss_ctx_id_t context_handle, 277 OM_uint32 *time_rec 278 ); 279 280 OM_uint32 spnego_gss_export_sec_context 281 ( 282 void *context, 283 OM_uint32 *minor_status, 284 gss_ctx_id_t *context_handle, 285 gss_buffer_t interprocess_token 286 ); 287 288 OM_uint32 spnego_gss_import_sec_context 289 ( 290 void *context, 291 OM_uint32 *minor_status, 292 const gss_buffer_t interprocess_token, 293 gss_ctx_id_t *context_handle 294 ); 295 296 OM_uint32 spnego_gss_inquire_context 297 ( 298 void *context, 299 OM_uint32 *minor_status, 300 const gss_ctx_id_t context_handle, 301 gss_name_t *src_name, 302 gss_name_t *targ_name, 303 OM_uint32 *lifetime_rec, 304 gss_OID *mech_type, 305 OM_uint32 *ctx_flags, 306 int *locally_initiated, 307 int *open 308 ); 309 310 OM_uint32 spnego_gss_wrap_size_limit 311 ( 312 void *context, 313 OM_uint32 *minor_status, 314 const gss_ctx_id_t context_handle, 315 int conf_req_flag, 316 gss_qop_t qop_req, 317 OM_uint32 req_output_size, 318 OM_uint32 *max_input_size 319 ); 320 321 OM_uint32 spnego_gss_sign 322 ( 323 void *context, 324 OM_uint32 *minor_status, 325 const gss_ctx_id_t context_handle, 326 int qop_req, 327 const gss_buffer_t message_buffer, 328 gss_buffer_t message_token 329 ); 330 331 OM_uint32 spnego_gss_verify 332 ( 333 void *context, 334 OM_uint32 *minor_status, 335 const gss_ctx_id_t context_handle, 336 const gss_buffer_t msg_buffer, 337 const gss_buffer_t token_buffer, 338 int *qop_state 339 ); 340 341 OM_uint32 spnego_gss_inquire_cred 342 ( 343 void *context, 344 OM_uint32 *minor_status, 345 const gss_cred_id_t cred_handle, 346 gss_name_t *name, 347 OM_uint32 *lifetime, 348 gss_cred_usage_t *cred_usage, 349 gss_OID_set *mechanisms 350 ); 351 352 353 #ifdef __cplusplus 354 } 355 #endif 356 357 #endif /* _GSSAPIP_SPNEGO_H_ */ 358