PageRenderTime 35ms CodeModel.GetById 15ms app.highlight 14ms RepoModel.GetById 1ms app.codeStats 1ms

/include/rpc/rpcsec_gss.h

https://bitbucket.org/freebsd/freebsd-head/
C++ Header | 179 lines | 94 code | 20 blank | 65 comment | 0 complexity | da692011f2ab8f783ca6ff40b4262c72 MD5 | raw file
  1/*-
  2 * Copyright (c) 2008 Doug Rabson
  3 * All rights reserved.
  4 *
  5 * Redistribution and use in source and binary forms, with or without
  6 * modification, are permitted provided that the following conditions
  7 * are met:
  8 * 1. Redistributions of source code must retain the above copyright
  9 *    notice, this list of conditions and the following disclaimer.
 10 * 2. Redistributions in binary form must reproduce the above copyright
 11 *    notice, this list of conditions and the following disclaimer in the
 12 *    documentation and/or other materials provided with the distribution.
 13 *
 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 24 * SUCH DAMAGE.
 25 *
 26 *	$FreeBSD$
 27 */
 28
 29#ifndef _RPCSEC_GSS_H
 30#define _RPCSEC_GSS_H
 31
 32#include <gssapi/gssapi.h>
 33
 34#ifndef MAX_GSS_MECH
 35#define MAX_GSS_MECH	64
 36#endif
 37
 38/*
 39 * Define the types of security service required for rpc_gss_seccreate().
 40 */
 41typedef enum {
 42	rpc_gss_svc_default	= 0,
 43	rpc_gss_svc_none	= 1,
 44	rpc_gss_svc_integrity	= 2,
 45	rpc_gss_svc_privacy	= 3
 46} rpc_gss_service_t;
 47
 48/*
 49 * Structure containing options for rpc_gss_seccreate().
 50 */
 51typedef struct {
 52	int		req_flags;	/* GSS request bits */
 53	int		time_req;	/* requested credential lifetime */
 54	gss_cred_id_t	my_cred;	/* GSS credential */
 55	gss_channel_bindings_t input_channel_bindings;
 56} rpc_gss_options_req_t;
 57
 58/*
 59 * Structure containing options returned by rpc_gss_seccreate().
 60 */
 61typedef struct {
 62	int		major_status;
 63	int		minor_status;
 64	u_int		rpcsec_version;
 65	int		ret_flags;
 66	int		time_req;
 67	gss_ctx_id_t	gss_context;
 68	char		actual_mechanism[MAX_GSS_MECH];
 69} rpc_gss_options_ret_t;
 70
 71/*
 72 * Client principal type. Used as an argument to
 73 * rpc_gss_get_principal_name(). Also referenced by the
 74 * rpc_gss_rawcred_t structure.
 75 */
 76typedef struct {
 77	int		len;
 78	char		name[1];
 79} *rpc_gss_principal_t;
 80
 81/*
 82 * Structure for raw credentials used by rpc_gss_getcred() and
 83 * rpc_gss_set_callback().
 84 */
 85typedef struct {
 86	u_int		version;	/* RPC version number */
 87	const char	*mechanism;	/* security mechanism */
 88	const char	*qop;		/* quality of protection */
 89	rpc_gss_principal_t client_principal; /* client name */
 90	const char	*svc_principal;	/* server name */
 91	rpc_gss_service_t service;	/* service type */
 92} rpc_gss_rawcred_t;
 93
 94/*
 95 * Unix credentials derived from raw credentials. Returned by
 96 * rpc_gss_getcred().
 97 */
 98typedef struct {
 99	uid_t		uid;		/* user ID */
100	gid_t		gid;		/* group ID */
101	short		gidlen;
102	gid_t		*gidlist;	/* list of groups */
103} rpc_gss_ucred_t;
104
105/*
106 * Structure used to enforce a particular QOP and service.
107 */
108typedef struct {
109	bool_t		locked;
110	rpc_gss_rawcred_t *raw_cred;
111} rpc_gss_lock_t;
112
113/*
114 * Callback structure used by rpc_gss_set_callback().
115 */
116typedef struct {
117	u_int		program;	/* RPC program number */
118	u_int		version;	/* RPC version number */
119					/* user defined callback */
120	bool_t		(*callback)(struct svc_req *req,
121				    gss_cred_id_t deleg,
122				    gss_ctx_id_t gss_context,
123				    rpc_gss_lock_t *lock,
124				    void **cookie);
125} rpc_gss_callback_t;
126
127/*
128 * Structure used to return error information by rpc_gss_get_error()
129 */
130typedef struct {
131	int		rpc_gss_error;
132	int		system_error;	/* same as errno */
133} rpc_gss_error_t;
134
135/*
136 * Values for rpc_gss_error
137 */
138#define RPC_GSS_ER_SUCCESS	0	/* no error */
139#define RPC_GSS_ER_SYSTEMERROR	1	/* system error */
140
141__BEGIN_DECLS
142
143AUTH	*rpc_gss_seccreate(CLIENT *clnt, const char *principal,
144    const char *mechanism, rpc_gss_service_t service, const char *qop,
145    rpc_gss_options_req_t *options_req, rpc_gss_options_ret_t *options_ret);
146bool_t	rpc_gss_set_defaults(AUTH *auth, rpc_gss_service_t service,
147    const char *qop);
148int	rpc_gss_max_data_length(AUTH *handle, int max_tp_unit_len);
149void	rpc_gss_get_error(rpc_gss_error_t *error);
150
151bool_t	rpc_gss_mech_to_oid(const char *mech, gss_OID *oid_ret);
152bool_t	rpc_gss_oid_to_mech(gss_OID oid, const char **mech_ret);
153bool_t	rpc_gss_qop_to_num(const char *qop, const char *mech, u_int *num_ret);
154const char **rpc_gss_get_mechanisms(void);
155const char **rpc_gss_get_mech_info(const char *mech, rpc_gss_service_t *service);
156bool_t	rpc_gss_get_versions(u_int *vers_hi, u_int *vers_lo);
157bool_t	rpc_gss_is_installed(const char *mech);
158
159bool_t	rpc_gss_set_svc_name(const char *principal, const char *mechanism,
160    u_int req_time, u_int program, u_int version);
161bool_t	rpc_gss_getcred(struct svc_req *req, rpc_gss_rawcred_t **rcred,
162    rpc_gss_ucred_t **ucred, void **cookie);
163bool_t	rpc_gss_set_callback(rpc_gss_callback_t *cb);
164bool_t	rpc_gss_get_principal_name(rpc_gss_principal_t *principal,
165    const char *mech, const char *name, const char *node, const char *domain);
166int	rpc_gss_svc_max_data_length(struct svc_req *req, int max_tp_unit_len);
167
168/*
169 * Internal interface from the RPC implementation.
170 */
171bool_t	__rpc_gss_wrap(AUTH *auth, void *header, size_t headerlen,
172    XDR* xdrs, xdrproc_t xdr_args, void *args_ptr);
173bool_t	__rpc_gss_unwrap(AUTH *auth, XDR* xdrs, xdrproc_t xdr_args,
174    void *args_ptr);
175bool_t __rpc_gss_set_error(int rpc_gss_error, int system_error);
176
177__END_DECLS
178
179#endif /* !_RPCSEC_GSS_H */