xref: /illumos-gate/usr/src/lib/gss_mechs/mech_spnego/mech/gssapiP_spnego.h (revision 581cede61ac9c14d8d4ea452562a567189eead78) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_GSSAPIP_SPNEGO_H_
27 #define	_GSSAPIP_SPNEGO_H_
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef	__cplusplus
32 extern "C" {
33 #endif
34 
35 #include <gssapi/gssapi.h>
36 #include <synch.h>
37 #include <syslog.h>
38 
39 #define	SEC_CONTEXT_TOKEN 1
40 #define	SPNEGO_SIZE_OF_INT 4
41 
42 #define	ACCEPT_COMPLETE 0
43 #define	ACCEPT_INCOMPLETE 1
44 #define	REJECT 2
45 #define	ACCEPT_DEFECTIVE_TOKEN 3
46 
47 /*
48  * constants for der encoding/decoding routines.
49  */
50 
51 #define	MECH_OID		0x06
52 #define	OCTET_STRING		0x04
53 #define	CONTEXT			0xa0
54 #define	SEQUENCE		0x30
55 #define	SEQUENCE_OF		0x30
56 #define	ENUMERATED		0x0a
57 #define	ENUMERATION_LENGTH	1
58 #define	HEADER_ID		0x60
59 
60 /*
61  * SPNEGO specific error codes (minor status codes)
62  */
63 #define	ERR_SPNEGO_NO_MECHS_AVAILABLE		0x20000001
64 #define	ERR_SPNEGO_NO_CREDS_ACQUIRED		0x20000002
65 #define	ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR	0x20000003
66 #define	ERR_SPNEGO_NEGOTIATION_FAILED		0x20000004
67 #define	ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR	0x20000005
68 #define	ERR_SPNEGO_BAD_INPUT_PARAMETER		0x20000006
69 
70 /*
71  * send_token_flag is used to indicate in later steps what type
72  * of token, if any should be sent or processed.
73  * NO_TOKEN_SEND = no token should be sent
74  * INIT_TOKEN_SEND = initial token will be sent
75  * CONT_TOKEN_SEND = continuing tokens to be sent
76  * CHECK_MIC = no token to be sent, but have a MIC to check.
77  * ERROR_TOKEN_SEND = error token from peer needs to be sent.
78  */
79 
80 typedef	enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND,
81 		CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag;
82 
83 /*
84  * The Mech OID:
85  * { iso(1) org(3) dod(6) internet(1) security(5)
86  *  mechanism(5) spnego(2) }
87  */
88 
89 #define	SPNEGO_OID_LENGTH 6
90 #define	SPNEGO_OID "\053\006\001\005\005\002"
91 
92 typedef void *spnego_token_t;
93 
94 /* Structure for context handle */
95 typedef struct {
96 	gss_buffer_desc DER_mechTypes;
97 	gss_OID internal_mech;
98 	gss_ctx_id_t ctx_handle;
99 	char  *optionStr;
100 	int MS_Interop;
101 	int optimistic;
102 	OM_uint32 last_status;
103 } spnego_gss_ctx_id_rec, *spnego_gss_ctx_id_t;
104 
105 /* SPNEGO oid structure */
106 static const gss_OID_desc spnego_oids[] = {
107 	{SPNEGO_OID_LENGTH, SPNEGO_OID},
108 };
109 
110 const gss_OID_desc * const gss_mech_spnego = spnego_oids+0;
111 static const gss_OID_set_desc spnego_oidsets[] = {
112 	{1, (gss_OID) spnego_oids+0},
113 };
114 const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0;
115 
116 #define	TWRITE_STR(ptr, str, len) \
117 	memcpy((ptr), (char *)(str), (len)); \
118 	(ptr) += (len);
119 
120 #ifdef DEBUG
121 #define	dsyslog(a) syslog(LOG_DEBUG, a)
122 #else
123 #define	dsyslog(a)
124 #define	SPNEGO_STATIC
125 #endif	/* DEBUG */
126 
127 /*
128  * declarations of internal name mechanism functions
129  */
130 
131 OM_uint32 spnego_gss_acquire_cred
132 (
133 	void *,			/* spnego context */
134 	OM_uint32 *,		/* minor_status */
135 	gss_name_t,		/* desired_name */
136 	OM_uint32,		/* time_req */
137 	gss_OID_set,		/* desired_mechs */
138 	gss_cred_usage_t,	/* cred_usage */
139 	gss_cred_id_t *,	/* output_cred_handle */
140 	gss_OID_set *,		/* actual_mechs */
141 	OM_uint32 *		/* time_rec */
142 );
143 
144 OM_uint32 spnego_gss_release_cred
145 (
146 	void *,			/* spnego context */
147 	OM_uint32 *,		/* minor_status */
148 	/* CSTYLED */
149 	gss_cred_id_t	*	/* cred_handle */
150 );
151 
152 OM_uint32 spnego_gss_init_sec_context
153 (
154 	void *,			/* spnego context */
155 	OM_uint32 *,		/* minor_status */
156 	gss_cred_id_t,		/* claimant_cred_handle */
157 	gss_ctx_id_t *,		/* context_handle */
158 	gss_name_t,		/* target_name */
159 	gss_OID,		/* mech_type */
160 	OM_uint32,		/* req_flags */
161 	OM_uint32,		/* time_req */
162 	gss_channel_bindings_t, /* input_chan_bindings */
163 	gss_buffer_t,		/* input_token */
164 	gss_OID *,		/* actual_mech_type */
165 	gss_buffer_t,		/* output_token */
166 	OM_uint32 *,		/* ret_flags */
167 	OM_uint32 *		/* time_rec */
168 );
169 
170 OM_uint32 spnego_gss_accept_sec_context
171 (
172 	void *,			/* spnego context */
173 	OM_uint32 *,		/* minor_status */
174 	gss_ctx_id_t *,		/* context_handle */
175 	gss_cred_id_t,		/* verifier_cred_handle */
176 	gss_buffer_t,		/* input_token_buffer */
177 	gss_channel_bindings_t, /* input_chan_bindings */
178 	gss_name_t *,		/* src_name */
179 	gss_OID *,		/* mech_type */
180 	gss_buffer_t,		/* output_token */
181 	OM_uint32 *,		/* ret_flags */
182 	OM_uint32 *,		/* time_rec */
183 	/* CSTYLED */
184 	gss_cred_id_t *		/* delegated_cred_handle */
185 );
186 
187 OM_uint32 spnego_gss_display_name
188 (
189 	void *,
190 	OM_uint32 *,		/* minor_status */
191 	gss_name_t,		/*  input_name */
192 	gss_buffer_t,		/*  output_name_buffer */
193 	gss_OID *		/* output_name_type */
194 );
195 
196 OM_uint32 spnego_gss_display_status
197 (
198 	void *,			/* spnego context */
199 	OM_uint32 *,		/* minor_status */
200 	OM_uint32,		/* status_value */
201 	int,			/* status_type */
202 	gss_OID,		/* mech_type */
203 	OM_uint32 *,		/* message_context */
204 	gss_buffer_t		/* status_string */
205 );
206 
207 OM_uint32 spnego_gss_import_name
208 (
209 	void *,			/* spnego context */
210 	OM_uint32 *,		/* minor_status */
211 	gss_buffer_t,		/* input_name_buffer */
212 	gss_OID,		/* input_name_type */
213 	/* CSTYLED */
214 	gss_name_t *		/* output_name */
215 );
216 
217 OM_uint32 spnego_gss_release_name
218 (
219 	void *,			/* spnego context */
220 	OM_uint32 *,		/* minor_status */
221 	/* CSTYLED */
222 	gss_name_t *		/* input_name */
223 );
224 
225 OM_uint32 spnego_gss_inquire_names_for_mech
226 (
227 	void *,			/* spnego context */
228 	OM_uint32 *,		/* minor_status */
229 	gss_OID,		/* mechanism */
230 	gss_OID_set *		/* name_types */
231 );
232 
233 OM_uint32 spnego_gss_unseal
234 (
235 	void *context,
236 	OM_uint32 *minor_status,
237 	gss_ctx_id_t context_handle,
238 	gss_buffer_t input_message_buffer,
239 	gss_buffer_t output_message_buffer,
240 	int *conf_state,
241 	int *qop_state
242 );
243 
244 OM_uint32 spnego_gss_seal
245 (
246 	void *context,
247 	OM_uint32 *minor_status,
248 	gss_ctx_id_t context_handle,
249 	int conf_req_flag,
250 	int qop_req,
251 	gss_buffer_t input_message_buffer,
252 	int *conf_state,
253 	gss_buffer_t output_message_buffer
254 );
255 
256 OM_uint32 spnego_gss_process_context_token
257 (
258 	void *context,
259 	OM_uint32	*minor_status,
260 	const gss_ctx_id_t context_handle,
261 	const gss_buffer_t token_buffer
262 );
263 
264 OM_uint32 spnego_gss_delete_sec_context
265 (
266 	void *context,
267 	OM_uint32 *minor_status,
268 	gss_ctx_id_t *context_handle,
269 	gss_buffer_t output_token
270 );
271 
272 OM_uint32 spnego_gss_context_time
273 (
274 	void *context,
275 	OM_uint32	*minor_status,
276 	const gss_ctx_id_t context_handle,
277 	OM_uint32	*time_rec
278 );
279 
280 OM_uint32 spnego_gss_export_sec_context
281 (
282 	void *context,
283 	OM_uint32	*minor_status,
284 	gss_ctx_id_t	*context_handle,
285 	gss_buffer_t	interprocess_token
286 );
287 
288 OM_uint32 spnego_gss_import_sec_context
289 (
290 	void			*context,
291 	OM_uint32		*minor_status,
292 	const gss_buffer_t	interprocess_token,
293 	gss_ctx_id_t		*context_handle
294 );
295 
296 OM_uint32 spnego_gss_inquire_context
297 (
298 	void		*context,
299 	OM_uint32	*minor_status,
300 	const gss_ctx_id_t context_handle,
301 	gss_name_t	*src_name,
302 	gss_name_t	*targ_name,
303 	OM_uint32	*lifetime_rec,
304 	gss_OID		*mech_type,
305 	OM_uint32	*ctx_flags,
306 	int		*locally_initiated,
307 	int		*open
308 );
309 
310 OM_uint32 spnego_gss_wrap_size_limit
311 (
312 	void		*context,
313 	OM_uint32	*minor_status,
314 	const gss_ctx_id_t context_handle,
315 	int		conf_req_flag,
316 	gss_qop_t	qop_req,
317 	OM_uint32	req_output_size,
318 	OM_uint32	*max_input_size
319 );
320 
321 OM_uint32 spnego_gss_sign
322 (
323 	void *context,
324 	OM_uint32 *minor_status,
325 	const gss_ctx_id_t context_handle,
326 	int  qop_req,
327 	const gss_buffer_t message_buffer,
328 	gss_buffer_t message_token
329 );
330 
331 OM_uint32 spnego_gss_verify
332 (
333 	void *context,
334 	OM_uint32 *minor_status,
335 	const gss_ctx_id_t context_handle,
336 	const gss_buffer_t msg_buffer,
337 	const gss_buffer_t token_buffer,
338 	int *qop_state
339 );
340 
341 OM_uint32 spnego_gss_inquire_cred
342 (
343 	void *context,
344 	OM_uint32 *minor_status,
345 	const gss_cred_id_t cred_handle,
346 	gss_name_t  *name,
347 	OM_uint32 *lifetime,
348 	gss_cred_usage_t *cred_usage,
349 	gss_OID_set *mechanisms
350 );
351 
352 
353 #ifdef	__cplusplus
354 }
355 #endif
356 
357 #endif /* _GSSAPIP_SPNEGO_H_ */
358