4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
23 % * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
24 % * Use is subject to license terms.
28 % * RPC protocol information for gssd, the usermode daemon that
29 % * assists the kernel with gssapi. It is gssd that executes all
30 % * gssapi calls except for some such as gss_sign(), and
31 % * gss_verify(), which are executed in the kernel itself.
33 % * File generated from gssd.x
40 %#include <sys/types.h>
41 %#include <sys/time.h>
42 %#include <rpc/auth_sys.h>
45 %#endif /* not _KERNEL */
49 %extern void killgssd_handle(CLIENT *);
50 %extern CLIENT *getgssd_handle(void);
54 * These are the definitions for the interface to GSSD.
57 typedef unsigned int OM_UINT32;
59 typedef opaque GSS_CTX_ID_T<>;
60 typedef opaque GSS_CRED_ID_T<>;
61 typedef opaque GSS_OID<>;
62 typedef opaque GSS_BUFFER_T<>;
63 typedef gid_t GSSCRED_GIDS<>;
65 typedef GSS_OID GSS_OID_SET<>;
67 struct GSS_CHANNEL_BINDINGS_STRUCT {
69 OM_UINT32 initiator_addrtype;
70 GSS_BUFFER_T initiator_address;
71 OM_UINT32 acceptor_addrtype;
72 GSS_BUFFER_T acceptor_address;
73 GSS_BUFFER_T application_data;
76 typedef struct GSS_CHANNEL_BINDINGS_STRUCT GSS_CHANNEL_BINDINGS;
78 struct gss_acquire_cred_arg {
79 uid_t uid; /* client uid */
80 GSS_BUFFER_T desired_name; /* name of cred */
81 GSS_OID name_type; /* type of desired name */
82 OM_UINT32 time_req; /* context validity interval */
83 GSS_OID_SET desired_mechs; /* cred mechanisms */
84 int cred_usage; /* init/accept/both */
87 struct gss_acquire_cred_res {
88 OM_UINT32 minor_status; /* status from the mechanism */
89 GSS_CRED_ID_T output_cred_handle; /* returned credential handle */
90 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
91 GSS_OID_SET actual_mechs; /* found cred mechanisms */
92 OM_UINT32 time_rec; /* actual context validity */
93 OM_UINT32 status; /* status of GSSAPI call */
96 struct gss_add_cred_arg {
97 uid_t uid; /* client uid */
98 GSS_CRED_ID_T input_cred_handle; /* input credential handle */
99 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
100 GSS_BUFFER_T desired_name; /* name of cred */
101 GSS_OID name_type; /* type of desired name */
102 GSS_OID desired_mech_type; /* cred mechanisms */
103 int cred_usage; /* init/accept/both */
104 OM_UINT32 initiator_time_req; /* context validity interval */
105 OM_UINT32 acceptor_time_req; /* context validity interval */
107 /* Note: For gss_add_cred we always update the underlying credentials of
108 * input_cred_handle. We always pass NULL as output_cred_handle when the call
109 * to gss_add_cred is made
111 struct gss_add_cred_res {
112 OM_UINT32 minor_status; /* status from the mechanism */
113 GSS_OID_SET actual_mechs; /* found cred mechanisms */
114 OM_UINT32 initiator_time_rec; /* cred validity interval */
115 OM_UINT32 acceptor_time_rec; /* cred validity interval */
116 OM_UINT32 status; /* status of GSSAPI call */
119 struct gss_release_cred_arg {
120 uid_t uid; /* client uid */
121 OM_UINT32 gssd_cred_verifier; /* verifier for cred handles */
122 GSS_CRED_ID_T cred_handle; /* credential handle */
125 struct gss_release_cred_res {
126 OM_UINT32 minor_status; /* status from the mechanism */
127 OM_UINT32 status; /* status of GSSAPI call */
130 struct gss_init_sec_context_arg {
131 uid_t uid; /* client uid */
132 GSS_CTX_ID_T context_handle; /* handle to existing context */
133 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
134 GSS_CRED_ID_T claimant_cred_handle; /* must = GSS_C_NO_CREDENTIAL */
135 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
136 GSS_BUFFER_T target_name; /* name of server */
137 GSS_OID name_type; /* type of principal name */
138 GSS_OID mech_type; /* requested mechanism */
139 int req_flags; /* requested context options */
140 OM_UINT32 time_req; /* context validity interval */
142 input_chan_bindings; /* requested channel bindings */
143 GSS_BUFFER_T input_token; /* token to send to peer */
146 struct gss_init_sec_context_res {
147 GSS_CTX_ID_T context_handle; /* handle to created context */
148 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
149 OM_UINT32 minor_status; /* status from the mechanism */
150 GSS_OID actual_mech_type; /* actual mechanism used */
151 GSS_BUFFER_T output_token; /* where peer token is put */
152 OM_UINT32 ret_flags; /* options of context */
153 OM_UINT32 time_rec; /* actual context validity */
154 OM_UINT32 status; /* status of GSSAPI call */
157 struct gss_accept_sec_context_arg {
158 uid_t uid; /* client uid */
159 GSS_CTX_ID_T context_handle; /* handle to existing context */
160 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
161 GSS_CRED_ID_T verifier_cred_handle; /* must = GSS_C_NO_CREDENTIAL */
162 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
163 GSS_BUFFER_T input_token_buffer; /* token to send to peer */
165 input_chan_bindings; /* requested channel bindings */
168 struct gss_accept_sec_context_res {
169 GSS_CTX_ID_T context_handle; /* handle to created context */
170 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
171 OM_UINT32 minor_status; /* status from the mechanism */
172 GSS_BUFFER_T src_name; /* authenticated name of peer */
173 GSS_OID mech_type; /* mechanism used */
174 GSS_BUFFER_T output_token; /* where peer token is put */
175 OM_UINT32 ret_flags; /* options of context */
176 OM_UINT32 time_rec; /* actual context validity */
177 GSS_CRED_ID_T delegated_cred_handle; /* always GSS_C_NO_CREDENTIAL */
178 OM_UINT32 status; /* status of GSSAPI call */
181 struct gss_process_context_token_arg {
182 uid_t uid; /* client uid */
183 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
184 GSS_CTX_ID_T context_handle; /* handle to existing context */
185 GSS_BUFFER_T token_buffer; /* token to process */
188 struct gss_process_context_token_res {
189 OM_UINT32 minor_status; /* status from the mechanism */
190 OM_UINT32 status; /* status of GSSAPI call */
193 struct gss_delete_sec_context_arg {
194 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
195 GSS_CTX_ID_T context_handle; /* handle to existing context */
198 struct gss_delete_sec_context_res {
199 OM_UINT32 minor_status; /* status from the mechanism */
200 GSS_CTX_ID_T context_handle; /* handle to deleted context */
201 GSS_BUFFER_T output_token; /* output token for peer */
202 OM_UINT32 status; /* status of GSSAPI call */
205 struct gss_export_sec_context_arg {
206 GSS_CTX_ID_T context_handle; /* handle to existing context */
207 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
210 struct gss_export_sec_context_res {
211 OM_UINT32 minor_status; /* status from the mechanism */
212 GSS_CTX_ID_T context_handle; /* handle to existing context */
213 GSS_BUFFER_T output_token; /* input token for import_sec_context */
214 OM_UINT32 status; /* status of GSSAPI call */
217 struct gss_import_sec_context_arg {
218 GSS_BUFFER_T input_token; /* input token for import_sec_context */
219 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
222 struct gss_import_sec_context_res {
223 OM_UINT32 minor_status; /* status from the mechanism */
224 GSS_CTX_ID_T context_handle; /* handle to created context */
225 OM_UINT32 status; /* status of GSSAPI call */
228 struct gss_context_time_arg {
229 uid_t uid; /* client uid */
230 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
231 GSS_CTX_ID_T context_handle; /* handle to existing context */
234 struct gss_context_time_res {
235 OM_UINT32 minor_status; /* status from the mechanism */
236 OM_UINT32 time_rec; /* actual context validity */
237 OM_UINT32 status; /* status of GSSAPI call */
240 struct gss_sign_arg {
241 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
242 GSS_CTX_ID_T context_handle; /* handle to existing context */
243 int qop_req; /* quality of protection */
244 GSS_BUFFER_T message_buffer; /* message to sign */
247 struct gss_sign_res {
248 OM_UINT32 minor_status; /* status from the mechanism */
249 GSS_BUFFER_T msg_token; /* msg_token */
250 OM_UINT32 status; /* status of GSSAPI call */
253 struct gss_verify_arg {
254 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
255 GSS_CTX_ID_T context_handle; /* handle to existing context */
256 GSS_BUFFER_T message_buffer; /* message to verify */
257 GSS_BUFFER_T token_buffer; /* buffer containg token */
260 struct gss_verify_res {
261 OM_UINT32 minor_status; /* status from the mechanism */
262 int qop_state; /* quality of protection */
263 OM_UINT32 status; /* status of GSSAPI call */
266 struct gss_seal_arg {
267 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
268 GSS_CTX_ID_T context_handle; /* handle to existing context */
269 int conf_req_flag; /* type of conf requested */
270 int qop_req; /* quality of prot. requested */
271 GSS_BUFFER_T input_message_buffer; /* message to protect */
274 struct gss_seal_res {
275 OM_UINT32 minor_status; /* status from the mechanism */
276 int conf_state; /* type of conf. applied */
277 GSS_BUFFER_T output_message_buffer; /* protected message */
278 OM_UINT32 status; /* status of GSSAPI call */
281 struct gss_unseal_arg {
282 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
283 GSS_CTX_ID_T context_handle; /* handle to existing context */
284 GSS_BUFFER_T input_message_buffer; /* message to protect */
287 struct gss_unseal_res {
288 OM_UINT32 minor_status; /* status from the mechanism */
289 GSS_BUFFER_T output_message_buffer; /* protected message */
290 int conf_state; /* type of conf. provided */
291 int qop_state; /* quality of prot. provided */
292 OM_UINT32 status; /* status of GSSAPI call */
295 struct gss_display_status_arg {
296 uid_t uid; /* client uid */
297 int status_value; /* status to be converted */
298 int status_type; /* GSS or mech status */
299 GSS_OID mech_type; /* mechanism */
300 OM_UINT32 message_context; /* recursion flag */
303 struct gss_display_status_res {
304 OM_UINT32 minor_status; /* status from the mechanism */
305 int message_context; /* recursion flag */
306 GSS_BUFFER_T status_string; /* text equiv of status */
307 OM_UINT32 status; /* status of GSSAPI call */
310 %/* gss_indicate_mechs_arg is void. This appears in the rpc call def */
312 struct gss_indicate_mechs_res {
313 OM_UINT32 minor_status; /* status from the mechanism */
314 GSS_OID_SET mech_set; /* mechanism set supported */
315 OM_UINT32 status; /* status of GSSAPI call */
318 struct gss_inquire_cred_arg {
319 uid_t uid; /* client uid */
320 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
321 GSS_CRED_ID_T cred_handle; /* credential handle */
324 struct gss_inquire_cred_res {
325 OM_UINT32 minor_status; /* status from the mechanism */
326 GSS_BUFFER_T name; /* name associated with cred */
327 GSS_OID name_type; /* type of name */
328 OM_UINT32 lifetime; /* remaining validiy period */
329 int cred_usage; /* how creds may be used */
330 GSS_OID_SET mechanisms; /* mechs associated with cred */
331 OM_UINT32 status; /* status of GSSAPI call */
334 struct gss_inquire_cred_by_mech_arg {
335 uid_t uid; /* client uid */
336 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
337 GSS_CRED_ID_T cred_handle; /* credential handle */
338 GSS_OID mech_type; /* cred mechanism */
341 struct gss_inquire_cred_by_mech_res {
342 OM_UINT32 minor_status; /* status from the mechanism */
343 OM_UINT32 status; /* status of GSSAPI call */
346 struct gsscred_name_to_unix_cred_arg {
347 uid_t uid; /* client uid */
348 GSS_BUFFER_T pname; /* principal name */
349 GSS_OID name_type; /* oid of principal name */
350 GSS_OID mech_type; /* for which mechanism to use */
353 struct gsscred_name_to_unix_cred_res {
354 uid_t uid; /* principal's uid */
355 gid_t gid; /* principal's gid */
356 GSSCRED_GIDS gids; /* array of principal's gids */
357 OM_UINT32 major; /* status of the GSSAPI call */
362 gsscred_expname_to_unix_cred_arg {
363 uid_t uid; /* client uid */
364 GSS_BUFFER_T expname; /* principal in export format */
368 gsscred_expname_to_unix_cred_res {
369 uid_t uid; /* principal's uid */
370 gid_t gid; /* principal's gid */
371 GSSCRED_GIDS gids; /* array of principal's gids */
372 OM_UINT32 major; /* major status code */
376 struct gss_get_group_info_arg {
377 uid_t uid; /* client uid */
378 uid_t puid; /* principal's uid */
381 struct gss_get_group_info_res {
382 gid_t gid; /* principal's gid */
383 GSSCRED_GIDS gids; /* array of principal's gids */
384 OM_UINT32 major; /* major status code */
388 struct gss_get_kmod_arg {
393 union gss_get_kmod_res switch (bool module_follow) {
402 * The server accepts requests only from the loopback address.
403 * Unix authentication is used, and the port must be in the reserved range.
410 * Called by the client to acquire a credential.
413 GSS_ACQUIRE_CRED(gss_acquire_cred_arg) = 1;
416 * Called by the client to release a credential.
419 GSS_RELEASE_CRED(gss_release_cred_arg) = 2;
422 * Called by the client to initialize a security context.
424 gss_init_sec_context_res
425 GSS_INIT_SEC_CONTEXT(gss_init_sec_context_arg) = 3;
428 * Called by the server to initialize a security context.
430 gss_accept_sec_context_res
431 GSS_ACCEPT_SEC_CONTEXT(gss_accept_sec_context_arg) = 4;
434 * Called to pass token to underlying mechanism.
436 gss_process_context_token_res
437 GSS_PROCESS_CONTEXT_TOKEN(gss_process_context_token_arg) = 5;
440 * Called to delete a security context.
442 gss_delete_sec_context_res
443 GSS_DELETE_SEC_CONTEXT(gss_delete_sec_context_arg) = 6;
446 * Called to get remaining time security context has to live.
449 GSS_CONTEXT_TIME(gss_context_time_arg) = 7;
452 * Called to sign a message.
454 gss_sign_res GSS_SIGN(gss_sign_arg) = 8;
457 * Called to verify a signed message.
459 gss_verify_res GSS_VERIFY(gss_verify_arg) = 9;
462 * Called to translate minor status into a string.
464 gss_display_status_res
465 GSS_DISPLAY_STATUS(gss_display_status_arg) = 10;
468 * Called to indicate which underlying mechanisms are supported
470 gss_indicate_mechs_res
471 GSS_INDICATE_MECHS(void) = 11;
474 * Called by the client to inquire about a credential.
477 GSS_INQUIRE_CRED(gss_inquire_cred_arg) = 12;
481 * Called to seal a message.
483 gss_seal_res GSS_SEAL(gss_seal_arg) = 13;
486 * Called to unseal a message.
488 gss_unseal_res GSS_UNSEAL(gss_unseal_arg) = 14;
491 * gsscred interface functions to obtain principal uid and gids
493 gsscred_expname_to_unix_cred_res
494 GSSCRED_EXPNAME_TO_UNIX_CRED(
495 gsscred_expname_to_unix_cred_arg) = 15;
497 gsscred_name_to_unix_cred_res
498 GSSCRED_NAME_TO_UNIX_CRED(
499 gsscred_name_to_unix_cred_arg) = 16;
501 gss_get_group_info_res
502 GSS_GET_GROUP_INFO(gss_get_group_info_arg) = 17;
505 GSS_GET_KMOD(gss_get_kmod_arg) = 18;
507 gss_export_sec_context_res
508 GSS_EXPORT_SEC_CONTEXT(gss_export_sec_context_arg) = 19;
510 gss_import_sec_context_res
511 GSS_IMPORT_SEC_CONTEXT(gss_import_sec_context_arg) = 20;
513 * Called by the client to add to a credential.
516 GSS_ADD_CRED(gss_add_cred_arg) = 21;
517 gss_inquire_cred_by_mech_res
518 GSS_INQUIRE_CRED_BY_MECH(gss_inquire_cred_by_mech_arg)