1181344Sdfr/*- 2181344Sdfr * Copyright (c) 2008 Doug Rabson 3181344Sdfr * All rights reserved. 4181344Sdfr * 5181344Sdfr * Redistribution and use in source and binary forms, with or without 6181344Sdfr * modification, are permitted provided that the following conditions 7181344Sdfr * are met: 8181344Sdfr * 1. Redistributions of source code must retain the above copyright 9181344Sdfr * notice, this list of conditions and the following disclaimer. 10181344Sdfr * 2. Redistributions in binary form must reproduce the above copyright 11181344Sdfr * notice, this list of conditions and the following disclaimer in the 12181344Sdfr * documentation and/or other materials provided with the distribution. 13181344Sdfr * 14181344Sdfr * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15181344Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16181344Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17181344Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18181344Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19181344Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20181344Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21181344Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22181344Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23181344Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24181344Sdfr * SUCH DAMAGE. 25181344Sdfr * 26181344Sdfr * $FreeBSD$ 27181344Sdfr */ 28181344Sdfr 29181344Sdfr#ifndef _RPCSEC_GSS_H 30181344Sdfr#define _RPCSEC_GSS_H 31181344Sdfr 32181344Sdfr#include <gssapi/gssapi.h> 33181344Sdfr 34181344Sdfr#ifndef MAX_GSS_MECH 35181344Sdfr#define MAX_GSS_MECH 64 36181344Sdfr#endif 37181344Sdfr 38181344Sdfr/* 39181344Sdfr * Define the types of security service required for rpc_gss_seccreate(). 40181344Sdfr */ 41181344Sdfrtypedef enum { 42181344Sdfr rpc_gss_svc_default = 0, 43181344Sdfr rpc_gss_svc_none = 1, 44181344Sdfr rpc_gss_svc_integrity = 2, 45181344Sdfr rpc_gss_svc_privacy = 3 46181344Sdfr} rpc_gss_service_t; 47181344Sdfr 48181344Sdfr/* 49181344Sdfr * Structure containing options for rpc_gss_seccreate(). 50181344Sdfr */ 51181344Sdfrtypedef struct { 52181344Sdfr int req_flags; /* GSS request bits */ 53181344Sdfr int time_req; /* requested credential lifetime */ 54181344Sdfr gss_cred_id_t my_cred; /* GSS credential */ 55181344Sdfr gss_channel_bindings_t input_channel_bindings; 56181344Sdfr} rpc_gss_options_req_t; 57181344Sdfr 58181344Sdfr/* 59181344Sdfr * Structure containing options returned by rpc_gss_seccreate(). 60181344Sdfr */ 61181344Sdfrtypedef struct { 62181344Sdfr int major_status; 63181344Sdfr int minor_status; 64181344Sdfr u_int rpcsec_version; 65181344Sdfr int ret_flags; 66181344Sdfr int time_req; 67181344Sdfr gss_ctx_id_t gss_context; 68181344Sdfr char actual_mechanism[MAX_GSS_MECH]; 69181344Sdfr} rpc_gss_options_ret_t; 70181344Sdfr 71181344Sdfr/* 72181344Sdfr * Client principal type. Used as an argument to 73181344Sdfr * rpc_gss_get_principal_name(). Also referenced by the 74181344Sdfr * rpc_gss_rawcred_t structure. 75181344Sdfr */ 76181344Sdfrtypedef struct { 77181344Sdfr int len; 78181344Sdfr char name[1]; 79181344Sdfr} *rpc_gss_principal_t; 80181344Sdfr 81181344Sdfr/* 82181344Sdfr * Structure for raw credentials used by rpc_gss_getcred() and 83181344Sdfr * rpc_gss_set_callback(). 84181344Sdfr */ 85181344Sdfrtypedef struct { 86181344Sdfr u_int version; /* RPC version number */ 87181344Sdfr const char *mechanism; /* security mechanism */ 88181344Sdfr const char *qop; /* quality of protection */ 89181344Sdfr rpc_gss_principal_t client_principal; /* client name */ 90181344Sdfr const char *svc_principal; /* server name */ 91181344Sdfr rpc_gss_service_t service; /* service type */ 92181344Sdfr} rpc_gss_rawcred_t; 93181344Sdfr 94181344Sdfr/* 95181344Sdfr * Unix credentials derived from raw credentials. Returned by 96181344Sdfr * rpc_gss_getcred(). 97181344Sdfr */ 98181344Sdfrtypedef struct { 99181344Sdfr uid_t uid; /* user ID */ 100181344Sdfr gid_t gid; /* group ID */ 101181344Sdfr short gidlen; 102181344Sdfr gid_t *gidlist; /* list of groups */ 103181344Sdfr} rpc_gss_ucred_t; 104181344Sdfr 105181344Sdfr/* 106181344Sdfr * Structure used to enforce a particular QOP and service. 107181344Sdfr */ 108181344Sdfrtypedef struct { 109181344Sdfr bool_t locked; 110181344Sdfr rpc_gss_rawcred_t *raw_cred; 111181344Sdfr} rpc_gss_lock_t; 112181344Sdfr 113181344Sdfr/* 114181344Sdfr * Callback structure used by rpc_gss_set_callback(). 115181344Sdfr */ 116181344Sdfrtypedef struct { 117181344Sdfr u_int program; /* RPC program number */ 118181344Sdfr u_int version; /* RPC version number */ 119181344Sdfr /* user defined callback */ 120181344Sdfr bool_t (*callback)(struct svc_req *req, 121181344Sdfr gss_cred_id_t deleg, 122181344Sdfr gss_ctx_id_t gss_context, 123181344Sdfr rpc_gss_lock_t *lock, 124181344Sdfr void **cookie); 125181344Sdfr} rpc_gss_callback_t; 126181344Sdfr 127181344Sdfr/* 128181344Sdfr * Structure used to return error information by rpc_gss_get_error() 129181344Sdfr */ 130181344Sdfrtypedef struct { 131181344Sdfr int rpc_gss_error; 132181344Sdfr int system_error; /* same as errno */ 133181344Sdfr} rpc_gss_error_t; 134181344Sdfr 135181344Sdfr/* 136181344Sdfr * Values for rpc_gss_error 137181344Sdfr */ 138181344Sdfr#define RPC_GSS_ER_SUCCESS 0 /* no error */ 139181344Sdfr#define RPC_GSS_ER_SYSTEMERROR 1 /* system error */ 140181344Sdfr 141181344Sdfr__BEGIN_DECLS 142181344Sdfr 143181344SdfrAUTH *rpc_gss_seccreate(CLIENT *clnt, const char *principal, 144181344Sdfr const char *mechanism, rpc_gss_service_t service, const char *qop, 145181344Sdfr rpc_gss_options_req_t *options_req, rpc_gss_options_ret_t *options_ret); 146181344Sdfrbool_t rpc_gss_set_defaults(AUTH *auth, rpc_gss_service_t service, 147181344Sdfr const char *qop); 148181344Sdfrint rpc_gss_max_data_length(AUTH *handle, int max_tp_unit_len); 149181344Sdfrvoid rpc_gss_get_error(rpc_gss_error_t *error); 150181344Sdfr 151181344Sdfrbool_t rpc_gss_mech_to_oid(const char *mech, gss_OID *oid_ret); 152181344Sdfrbool_t rpc_gss_oid_to_mech(gss_OID oid, const char **mech_ret); 153181344Sdfrbool_t rpc_gss_qop_to_num(const char *qop, const char *mech, u_int *num_ret); 154181344Sdfrconst char **rpc_gss_get_mechanisms(void); 155181344Sdfrconst char **rpc_gss_get_mech_info(const char *mech, rpc_gss_service_t *service); 156181344Sdfrbool_t rpc_gss_get_versions(u_int *vers_hi, u_int *vers_lo); 157181344Sdfrbool_t rpc_gss_is_installed(const char *mech); 158181344Sdfr 159181344Sdfrbool_t rpc_gss_set_svc_name(const char *principal, const char *mechanism, 160181344Sdfr u_int req_time, u_int program, u_int version); 161181344Sdfrbool_t rpc_gss_getcred(struct svc_req *req, rpc_gss_rawcred_t **rcred, 162181344Sdfr rpc_gss_ucred_t **ucred, void **cookie); 163181344Sdfrbool_t rpc_gss_set_callback(rpc_gss_callback_t *cb); 164181344Sdfrbool_t rpc_gss_get_principal_name(rpc_gss_principal_t *principal, 165181344Sdfr const char *mech, const char *name, const char *node, const char *domain); 166181344Sdfrint rpc_gss_svc_max_data_length(struct svc_req *req, int max_tp_unit_len); 167181344Sdfr 168181344Sdfr/* 169181344Sdfr * Internal interface from the RPC implementation. 170181344Sdfr */ 171181344Sdfrbool_t __rpc_gss_wrap(AUTH *auth, void *header, size_t headerlen, 172181344Sdfr XDR* xdrs, xdrproc_t xdr_args, void *args_ptr); 173181344Sdfrbool_t __rpc_gss_unwrap(AUTH *auth, XDR* xdrs, xdrproc_t xdr_args, 174181344Sdfr void *args_ptr); 175181344Sdfrbool_t __rpc_gss_set_error(int rpc_gss_error, int system_error); 176181344Sdfr 177181344Sdfr__END_DECLS 178181344Sdfr 179181344Sdfr#endif /* !_RPCSEC_GSS_H */ 180