Merge remote-tracking branch 'origin/master'
[unleashed/lotheac.git] / usr / src / uts / common / gssapi / gssd.x
blob439b739608a766686230a72eb3c654c5ab39ae28
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 %/*
23 % * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24 % * Use is subject to license terms.
25 % */
27 %/*
28 % *  RPC protocol information for gssd, the usermode daemon that
29 % *  assists the kernel with gssapi. It is gssd that executes all
30 % *  gssapi calls except for some such as gss_sign(), and
31 % *  gss_verify(), which are executed in the kernel itself.
32 % *
33 % *  File generated from gssd.x
34 % */
36 %#define        NO 0
37 %#define        YES 1
38 %#define        FOREVER 1
40 %#include <sys/types.h>
41 %#include <sys/time.h>
42 %#include <rpc/auth_sys.h>
43 %#ifndef _KERNEL
44 %#include <locale.h>
45 %#endif /* not _KERNEL */
48 %#ifdef _KERNEL
49 %extern void killgssd_handle(CLIENT *);
50 %extern CLIENT *getgssd_handle(void);
51 %#endif /* _KERNEL */
54  * These are the definitions for the interface to GSSD.
55  */
57 typedef unsigned int                            OM_UINT32;
59 typedef opaque                                  GSS_CTX_ID_T<>;
60 typedef opaque                                  GSS_CRED_ID_T<>;
61 typedef opaque                                  GSS_OID<>;
62 typedef opaque                                  GSS_BUFFER_T<>;
63 typedef gid_t                                   GSSCRED_GIDS<>;
65 typedef GSS_OID                                 GSS_OID_SET<>;
67 struct GSS_CHANNEL_BINDINGS_STRUCT {
68         int             present;
69         OM_UINT32       initiator_addrtype;
70         GSS_BUFFER_T    initiator_address;
71         OM_UINT32       acceptor_addrtype;
72         GSS_BUFFER_T    acceptor_address;
73         GSS_BUFFER_T    application_data;
76 typedef struct GSS_CHANNEL_BINDINGS_STRUCT      GSS_CHANNEL_BINDINGS;
78 struct gss_acquire_cred_arg {
79         uid_t           uid;                    /* client uid */
80         GSS_BUFFER_T    desired_name;           /* name of cred */
81         GSS_OID         name_type;              /* type of desired name */
82         OM_UINT32       time_req;               /* context validity interval */
83         GSS_OID_SET     desired_mechs;          /* cred mechanisms */
84         int             cred_usage;             /* init/accept/both */
87 struct gss_acquire_cred_res {
88         OM_UINT32       minor_status;           /* status from the mechanism */
89         GSS_CRED_ID_T   output_cred_handle;     /* returned credential handle */
90         OM_UINT32       gssd_cred_verifier;     /* verifier for cred handle */
91         GSS_OID_SET     actual_mechs;           /* found cred mechanisms */
92         OM_UINT32       time_rec;               /* actual context validity */
93         OM_UINT32       status;                 /* status of GSSAPI call */
96 struct gss_add_cred_arg {
97         uid_t           uid;                    /* client uid */
98         GSS_CRED_ID_T   input_cred_handle;      /* input credential handle */
99         OM_UINT32       gssd_cred_verifier;     /* verifier for cred handle */
100         GSS_BUFFER_T    desired_name;           /* name of cred */
101         GSS_OID         name_type;              /* type of desired name */
102         GSS_OID         desired_mech_type;      /* cred mechanisms */
103         int             cred_usage;             /* init/accept/both */
104         OM_UINT32       initiator_time_req;     /* context validity interval */
105         OM_UINT32       acceptor_time_req;      /* context validity interval */
107 /* Note: For gss_add_cred we always update the underlying credentials of 
108  * input_cred_handle. We always pass NULL as output_cred_handle when the call
109  * to gss_add_cred is made 
111 struct gss_add_cred_res {
112         OM_UINT32       minor_status;           /* status from the mechanism */
113         GSS_OID_SET     actual_mechs;           /* found cred mechanisms */
114         OM_UINT32       initiator_time_rec;     /* cred validity interval */
115         OM_UINT32       acceptor_time_rec;      /* cred validity interval */
116         OM_UINT32       status;                 /* status of GSSAPI call */
119 struct gss_release_cred_arg {
120         uid_t           uid;                    /* client uid */
121         OM_UINT32       gssd_cred_verifier;     /* verifier for cred handles */
122         GSS_CRED_ID_T   cred_handle;            /* credential handle */
125 struct gss_release_cred_res {
126         OM_UINT32       minor_status;           /* status from the mechanism */
127         OM_UINT32       status;                 /* status of GSSAPI call */
130 struct gss_init_sec_context_arg {
131         uid_t           uid;                    /* client uid */
132         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
133         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
134         GSS_CRED_ID_T   claimant_cred_handle;   /* must = GSS_C_NO_CREDENTIAL */
135         OM_UINT32       gssd_cred_verifier;     /* verifier for cred handle */
136         GSS_BUFFER_T    target_name;            /* name of server */
137         GSS_OID         name_type;              /* type of principal name */
138         GSS_OID         mech_type;              /* requested mechanism */
139         int             req_flags;              /* requested context options */
140         OM_UINT32       time_req;               /* context validity interval */
141         GSS_CHANNEL_BINDINGS
142                         input_chan_bindings;    /* requested channel bindings */
143         GSS_BUFFER_T    input_token;            /* token to send to peer */
146 struct gss_init_sec_context_res {
147         GSS_CTX_ID_T    context_handle;         /* handle to created context */
148         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
149         OM_UINT32       minor_status;           /* status from the mechanism */
150         GSS_OID         actual_mech_type;       /* actual mechanism used */
151         GSS_BUFFER_T    output_token;           /* where peer token is put */
152         OM_UINT32       ret_flags;              /* options of context */
153         OM_UINT32       time_rec;               /* actual context validity */
154         OM_UINT32       status;                 /* status of GSSAPI call */
157 struct gss_accept_sec_context_arg {
158         uid_t           uid;                    /* client uid */
159         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
160         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
161         GSS_CRED_ID_T   verifier_cred_handle;   /* must = GSS_C_NO_CREDENTIAL */
162         OM_UINT32       gssd_cred_verifier;     /* verifier for cred handle */
163         GSS_BUFFER_T    input_token_buffer;     /* token to send to peer */
164         GSS_CHANNEL_BINDINGS
165                         input_chan_bindings;    /* requested channel bindings */
168 struct gss_accept_sec_context_res {
169         GSS_CTX_ID_T    context_handle;         /* handle to created context */
170         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
171         OM_UINT32       minor_status;           /* status from the mechanism */
172         GSS_BUFFER_T    src_name;               /* authenticated name of peer */
173         GSS_OID         mech_type;              /* mechanism used */
174         GSS_BUFFER_T    output_token;           /* where peer token is put */
175         OM_UINT32       ret_flags;              /* options of context */
176         OM_UINT32       time_rec;               /* actual context validity */
177         GSS_CRED_ID_T   delegated_cred_handle;  /* always GSS_C_NO_CREDENTIAL */
178         OM_UINT32       status;                 /* status of GSSAPI call */
181 struct gss_process_context_token_arg {
182         uid_t           uid;                    /* client uid */
183         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
184         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
185         GSS_BUFFER_T    token_buffer;           /* token to process */
188 struct gss_process_context_token_res {
189         OM_UINT32       minor_status;           /* status from the mechanism */
190         OM_UINT32       status;                 /* status of GSSAPI call */
193 struct gss_delete_sec_context_arg {
194         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
195         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
198 struct gss_delete_sec_context_res {
199         OM_UINT32       minor_status;           /* status from the mechanism */
200         GSS_CTX_ID_T    context_handle;         /* handle to deleted context */
201         GSS_BUFFER_T    output_token;           /* output token for peer */
202         OM_UINT32       status;                 /* status of GSSAPI call */
205 struct gss_export_sec_context_arg {
206         GSS_CTX_ID_T context_handle;            /* handle to existing context */
207         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
210 struct gss_export_sec_context_res {
211         OM_UINT32       minor_status;           /* status from the mechanism */
212         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
213         GSS_BUFFER_T    output_token;           /* input token for import_sec_context */
214         OM_UINT32       status;                 /* status of GSSAPI call */
217 struct gss_import_sec_context_arg {
218         GSS_BUFFER_T    input_token;            /* input token for import_sec_context */
219         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
222 struct gss_import_sec_context_res {
223         OM_UINT32       minor_status;           /* status from the mechanism */
224         GSS_CTX_ID_T    context_handle;         /* handle to created context */
225         OM_UINT32       status;                 /* status of GSSAPI call */
228 struct gss_context_time_arg {
229         uid_t           uid;                    /* client uid */
230         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
231         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
234 struct gss_context_time_res {
235         OM_UINT32       minor_status;           /* status from the mechanism */
236         OM_UINT32       time_rec;               /* actual context validity */
237         OM_UINT32       status;                 /* status of GSSAPI call */
240 struct gss_sign_arg {
241         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
242         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
243         int             qop_req;                /* quality of protection */
244         GSS_BUFFER_T    message_buffer;         /* message to sign */
247 struct gss_sign_res {
248         OM_UINT32       minor_status;           /* status from the mechanism */
249         GSS_BUFFER_T    msg_token;              /* msg_token */
250         OM_UINT32       status;                 /* status of GSSAPI call */
253 struct gss_verify_arg {
254         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
255         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
256         GSS_BUFFER_T    message_buffer;         /* message to verify */
257         GSS_BUFFER_T    token_buffer;           /* buffer containg token */
260 struct gss_verify_res {
261         OM_UINT32       minor_status;           /* status from the mechanism */
262         int             qop_state;              /* quality of protection */
263         OM_UINT32       status;                 /* status of GSSAPI call */
266 struct gss_seal_arg {
267         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
268         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
269         int             conf_req_flag;          /* type of conf requested */
270         int             qop_req;                /* quality of prot. requested */
271         GSS_BUFFER_T    input_message_buffer;   /* message to protect */
274 struct gss_seal_res {
275         OM_UINT32       minor_status;           /* status from the mechanism */
276         int             conf_state;             /* type of conf. applied */
277         GSS_BUFFER_T    output_message_buffer;  /* protected message */
278         OM_UINT32       status;                 /* status of GSSAPI call */
281 struct gss_unseal_arg {
282         OM_UINT32       gssd_context_verifier;  /* verifier for context handles */
283         GSS_CTX_ID_T    context_handle;         /* handle to existing context */
284         GSS_BUFFER_T    input_message_buffer;   /* message to protect */
287 struct gss_unseal_res {
288         OM_UINT32       minor_status;           /* status from the mechanism */
289         GSS_BUFFER_T    output_message_buffer;  /* protected message */
290         int             conf_state;             /* type of conf. provided */
291         int             qop_state;              /* quality of prot. provided */
292         OM_UINT32       status;                 /* status of GSSAPI call */
295 struct gss_display_status_arg {
296         uid_t           uid;                    /* client uid */
297         int             status_value;           /* status to be converted */
298         int             status_type;            /* GSS or mech status */
299         GSS_OID         mech_type;              /* mechanism */
300         OM_UINT32       message_context;        /* recursion flag */
303 struct gss_display_status_res {
304         OM_UINT32       minor_status;           /* status from the mechanism */
305         int             message_context;        /* recursion flag */
306         GSS_BUFFER_T    status_string;          /* text equiv of status */
307         OM_UINT32       status;                 /* status of GSSAPI call */
310 %/* gss_indicate_mechs_arg is void. This appears in the rpc call def */
312 struct gss_indicate_mechs_res {
313         OM_UINT32       minor_status;           /* status from the mechanism */
314         GSS_OID_SET     mech_set;               /* mechanism set supported */
315         OM_UINT32       status;                 /* status of GSSAPI call */
318 struct gss_inquire_cred_arg {
319         uid_t           uid;                    /* client uid */
320         OM_UINT32       gssd_cred_verifier;     /* verifier for cred handle */
321         GSS_CRED_ID_T   cred_handle;            /* credential handle */
324 struct gss_inquire_cred_res {
325         OM_UINT32       minor_status;           /* status from the mechanism */
326         GSS_BUFFER_T    name;                   /* name associated with cred */
327         GSS_OID         name_type;              /* type of name */
328         OM_UINT32       lifetime;               /* remaining validiy period */
329         int             cred_usage;             /* how creds may be used */
330         GSS_OID_SET     mechanisms;             /* mechs associated with cred */
331         OM_UINT32       status;                 /* status of GSSAPI call */
334 struct gss_inquire_cred_by_mech_arg {
335         uid_t           uid;                    /* client uid */
336         OM_UINT32       gssd_cred_verifier;     /* verifier for cred handle */
337         GSS_CRED_ID_T   cred_handle;            /* credential handle */
338         GSS_OID         mech_type;              /* cred mechanism */
341 struct gss_inquire_cred_by_mech_res {
342         OM_UINT32       minor_status;           /* status from the mechanism */
343         OM_UINT32       status;                 /* status of GSSAPI call */
346 struct gsscred_name_to_unix_cred_arg {
347         uid_t           uid;                    /* client uid */
348         GSS_BUFFER_T    pname;                  /* principal name */
349         GSS_OID         name_type;              /* oid of principal name */
350         GSS_OID         mech_type;              /* for which mechanism to use */
353 struct gsscred_name_to_unix_cred_res {
354         uid_t           uid;                    /* principal's uid */
355         gid_t           gid;                    /* principal's gid */
356         GSSCRED_GIDS    gids;                   /* array of principal's gids */
357         OM_UINT32       major;                  /* status of the GSSAPI call */
361 struct
362 gsscred_expname_to_unix_cred_arg {
363         uid_t           uid;                    /* client uid */
364         GSS_BUFFER_T    expname;                /* principal in export format */
367 struct
368 gsscred_expname_to_unix_cred_res {
369         uid_t           uid;                    /* principal's uid */
370         gid_t           gid;                    /* principal's gid */
371         GSSCRED_GIDS    gids;                   /* array of principal's gids */
372         OM_UINT32       major;                  /* major status code */
376 struct gss_get_group_info_arg {
377         uid_t           uid;                    /* client uid */
378         uid_t           puid;                   /* principal's uid */
381 struct gss_get_group_info_res {
382         gid_t           gid;                    /* principal's gid */
383         GSSCRED_GIDS    gids;                   /* array of principal's gids */
384         OM_UINT32       major;                  /* major status code */
388 struct gss_get_kmod_arg {
389         GSS_OID mech_oid;
393 union gss_get_kmod_res switch (bool module_follow) {
394         case TRUE:
395                 string modname<>;
396         case FALSE:
397                 void;
402  *  The server accepts requests only from the loopback address.
403  *  Unix authentication is used, and the port must be in the reserved range.
404  */
406 program GSSPROG {
407     version GSSVERS {
409         /*
410          *  Called by the client to acquire a credential.
411          */
412         gss_acquire_cred_res
413                 GSS_ACQUIRE_CRED(gss_acquire_cred_arg)                  = 1;
415         /*
416          *  Called by the client to release a credential.
417          */
418         gss_release_cred_res
419                 GSS_RELEASE_CRED(gss_release_cred_arg)                  = 2;
421         /*
422          *  Called by the client to initialize a security context.
423          */
424         gss_init_sec_context_res
425                 GSS_INIT_SEC_CONTEXT(gss_init_sec_context_arg)          = 3;
427         /*
428          *  Called by the server to initialize a security context.
429          */
430         gss_accept_sec_context_res
431                 GSS_ACCEPT_SEC_CONTEXT(gss_accept_sec_context_arg)      = 4;
433         /*
434          *  Called to pass token to underlying mechanism.
435          */
436         gss_process_context_token_res
437                 GSS_PROCESS_CONTEXT_TOKEN(gss_process_context_token_arg) = 5;
439         /*
440          *  Called to delete a security context.
441          */
442         gss_delete_sec_context_res
443                 GSS_DELETE_SEC_CONTEXT(gss_delete_sec_context_arg)      = 6;
445         /*
446          *  Called to get remaining time security context has to live.
447          */
448         gss_context_time_res
449                 GSS_CONTEXT_TIME(gss_context_time_arg)                  = 7;
451         /*
452          *  Called to sign a message.
453          */
454         gss_sign_res    GSS_SIGN(gss_sign_arg)                          = 8;
456         /*
457          *  Called to verify a signed message.
458          */
459         gss_verify_res  GSS_VERIFY(gss_verify_arg)                      = 9;
461         /*
462          *  Called to translate minor status into a string.
463          */
464         gss_display_status_res
465                         GSS_DISPLAY_STATUS(gss_display_status_arg)      = 10;
467         /*
468          *  Called to indicate which underlying mechanisms are supported
469          */
470         gss_indicate_mechs_res
471                         GSS_INDICATE_MECHS(void)                        = 11;
473         /*
474          *  Called by the client to inquire about a credential.
475          */
476         gss_inquire_cred_res
477                 GSS_INQUIRE_CRED(gss_inquire_cred_arg)                  = 12;
480         /*
481          *  Called to seal a message.
482          */
483         gss_seal_res    GSS_SEAL(gss_seal_arg)                          = 13;
485         /*
486          *  Called to unseal a message.
487          */
488         gss_unseal_res  GSS_UNSEAL(gss_unseal_arg)                      = 14;
490         /*
491          * gsscred interface functions to obtain principal uid and gids
492          */
493         gsscred_expname_to_unix_cred_res
494                         GSSCRED_EXPNAME_TO_UNIX_CRED(
495                                 gsscred_expname_to_unix_cred_arg)       = 15;
497         gsscred_name_to_unix_cred_res
498                         GSSCRED_NAME_TO_UNIX_CRED(
499                                 gsscred_name_to_unix_cred_arg)          = 16;
501         gss_get_group_info_res
502                         GSS_GET_GROUP_INFO(gss_get_group_info_arg)      = 17;
504         gss_get_kmod_res
505                         GSS_GET_KMOD(gss_get_kmod_arg)                  = 18;
507         gss_export_sec_context_res
508                         GSS_EXPORT_SEC_CONTEXT(gss_export_sec_context_arg) = 19;
509         
510         gss_import_sec_context_res
511                         GSS_IMPORT_SEC_CONTEXT(gss_import_sec_context_arg) = 20;
512         /*
513          *  Called by the client to add to a credential.
514          */
515         gss_add_cred_res
516                 GSS_ADD_CRED(gss_add_cred_arg)                          = 21;
517         gss_inquire_cred_by_mech_res
518                 GSS_INQUIRE_CRED_BY_MECH(gss_inquire_cred_by_mech_arg)
519                                                                         = 22;
521     } = 1;
522 } = 100234;