search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / uts / common / rpc / rpcsec_gss.h
blob4b73b61cc696ae6e4428b4dc83d34a06ec83dcb7
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
28 */
29
30 /*
31 * rpcsec_gss.h, RPCSEC_GSS security service interface.
32 */
33
34 #ifndef _RPCSEC_GSS_H
35 #define _RPCSEC_GSS_H
36
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40
41 #include <rpc/auth.h>
42 #include <rpc/clnt.h>
43 #include <gssapi/gssapi.h>
44
45 /*
46 * Interface definitions.
47 */
48 #define MAX_NAME_LEN 64
49 #define MAX_GSS_MECH 128
50 #define MAX_GSS_NAME 128
51
52 typedef enum {
53 rpc_gss_svc_default = 0,
54 rpc_gss_svc_none = 1,
55 rpc_gss_svc_integrity = 2,
56 rpc_gss_svc_privacy = 3
57 } rpc_gss_service_t;
58
59 /*
60 * GSS-API based security mechanism type specified as
61 * object identifiers (OIDs).
62 * This type is derived from gss_OID_desc/gss_OID.
63 */
64 #define rpc_gss_OID_s gss_OID_desc_struct
65 typedef struct rpc_gss_OID_s rpc_gss_OID_desc, *rpc_gss_OID;
66
67 /*
68 * Interface data.
69 * This is already suitable for both LP64 and ILP32.
70 */
71 typedef struct rpc_gss_principal {
72 int len;
73 char name[1];
74 } *rpc_gss_principal_t;
75
76 typedef struct {
77 int req_flags;
78 int time_req;
79 gss_cred_id_t my_cred;
80 gss_channel_bindings_t input_channel_bindings;
81 } rpc_gss_options_req_t;
82
83 typedef struct {
84 int major_status;
85 int minor_status;
86 uint_t rpcsec_version;
87 int ret_flags;
88 int time_ret;
89 gss_ctx_id_t gss_context;
90 #ifdef _KERNEL
91 rpc_gss_OID actual_mechanism;
92 #else
93 char actual_mechanism[MAX_GSS_MECH];
94 #endif
95 } rpc_gss_options_ret_t;
96
97 /*
98 * raw credentials
99 */
100 typedef struct {
101 uint_t version;
102 #ifdef _KERNEL
103 rpc_gss_OID mechanism;
104 uint_t qop;
105 #else
106 char *mechanism;
107 char *qop;
108 #endif
109 rpc_gss_principal_t client_principal;
110 char *svc_principal; /* service@server, e.g. nfs@caribe */
111 rpc_gss_service_t service;
112 } rpc_gss_rawcred_t;
113
114 /*
115 * unix credentials
116 */
117 typedef struct {
118 uid_t uid;
119 gid_t gid;
120 short gidlen;
121 gid_t *gidlist;
122 } rpc_gss_ucred_t;
123
124 /*
125 * for callback routine
126 */
127 typedef struct {
128 uint_t program;
129 uint_t version;
130 bool_t (*callback)();
131 } rpc_gss_callback_t;
132
133 /*
134 * lock used for the callback routine
135 */
136 typedef struct {
137 bool_t locked;
138 rpc_gss_rawcred_t *raw_cred;
139 } rpc_gss_lock_t;
140
141
142 /*
143 * This is for user RPC applications.
144 * Structure used to fetch the error code when one of
145 * the rpc_gss_* routines fails.
146 */
147 typedef struct {
148 int rpc_gss_error;
149 int system_error;
150 } rpc_gss_error_t;
151
152 #define RPC_GSS_ER_SUCCESS 0 /* no error */
153 #define RPC_GSS_ER_SYSTEMERROR 1 /* system error */
154
155
156 #ifdef _SYSCALL32
157 struct gss_clnt_data32 {
158 gss_OID_desc32 mechanism;
159 rpc_gss_service_t service;
160 char uname[MAX_NAME_LEN]; /* server's service name */
161 char inst[MAX_NAME_LEN]; /* server's instance name */
162 char realm[MAX_NAME_LEN]; /* server's realm */
163 uint_t qop;
164 };
165 #endif
166
167 /*
168 * This is for Kernel RPC applications.
169 * RPCSEC_GSS flavor specific data in sec_data opaque field.
170 */
171 typedef struct gss_clnt_data {
172 rpc_gss_OID_desc mechanism;
173 rpc_gss_service_t service;
174 char uname[MAX_NAME_LEN]; /* server's service name */
175 char inst[MAX_NAME_LEN]; /* server's instance name */
176 char realm[MAX_NAME_LEN]; /* server's realm */
177 uint_t qop;
178 } gss_clntdata_t;
179
180
181 struct svc_req;
182 /*
183 * KERNEL rpc_gss_* interfaces.
184 */
185 #ifdef _KERNEL
186 int rpc_gss_secget(CLIENT *, char *, rpc_gss_OID,
187 rpc_gss_service_t, uint_t, rpc_gss_options_req_t *,
188 rpc_gss_options_ret_t *, void *, cred_t *, AUTH **);
189
190 void rpc_gss_secfree(AUTH *);
191
192 int rpc_gss_seccreate(CLIENT *, char *, rpc_gss_OID,
193 rpc_gss_service_t, uint_t, rpc_gss_options_req_t *,
194 rpc_gss_options_ret_t *, cred_t *, AUTH **);
195
196 int rpc_gss_revauth(uid_t, rpc_gss_OID);
197 void rpc_gss_secpurge(void *);
198 enum auth_stat __svcrpcsec_gss(struct svc_req *,
199 struct rpc_msg *, bool_t *);
200 bool_t rpc_gss_set_defaults(AUTH *, rpc_gss_service_t, uint_t);
201 rpc_gss_service_t rpc_gss_get_service_type(AUTH *);
202
203
204 #else
205 /*
206 * USER rpc_gss_* public interfaces
207 */
208 AUTH *
209 rpc_gss_seccreate(
210 CLIENT *clnt, /* associated client handle */
211 char *principal, /* server service principal */
212 char *mechanism, /* security mechanism */
213 rpc_gss_service_t service_type, /* security service */
214 char *qop, /* requested QOP */
215 rpc_gss_options_req_t *options_req, /* requested options */
216 rpc_gss_options_ret_t *options_ret /* returned options */
217 );
218
219 bool_t
220 rpc_gss_get_principal_name(
221 rpc_gss_principal_t *principal,
222 char *mechanism,
223 char *user_name,
224 char *node,
225 char *secdomain
226 );
227
228 char **rpc_gss_get_mechanisms();
229
230 char **rpc_gss_get_mech_info(
231 char *mechanism,
232 rpc_gss_service_t *service
233 );
234
235 bool_t
236 rpc_gss_is_installed(
237 char *mechanism
238 );
239
240 bool_t
241 rpc_gss_mech_to_oid(
242 char *mech,
243 rpc_gss_OID *oid
244 );
245
246 bool_t
247 rpc_gss_qop_to_num(
248 char *qop,
249 char *mech,
250 uint_t *num
251 );
252
253 bool_t
254 rpc_gss_set_svc_name(
255 char *principal,
256 char *mechanism,
257 uint_t req_time,
258 uint_t program,
259 uint_t version
260 );
261
262 bool_t
263 rpc_gss_set_defaults(
264 AUTH *auth,
265 rpc_gss_service_t service,
266 char *qop
267 );
268
269 void
270 rpc_gss_get_error(
271 rpc_gss_error_t *error
272 );
273
274 /*
275 * User level private interfaces
276 */
277 enum auth_stat __svcrpcsec_gss();
278 bool_t __rpc_gss_wrap();
279 bool_t __rpc_gss_unwrap();
280
281 #endif
282
283 /*
284 * USER and KERNEL rpc_gss_* interfaces.
285 */
286 bool_t
287 rpc_gss_set_callback(
288 rpc_gss_callback_t *cb
289 );
290
291 bool_t
292 rpc_gss_getcred(
293 struct svc_req *req,
294 rpc_gss_rawcred_t **rcred,
295 rpc_gss_ucred_t **ucred,
296 void **cookie
297 );
298
299 int
300 rpc_gss_max_data_length(
301 AUTH *rpcgss_handle,
302 int max_tp_unit_len
303 );
304
305 int
306 rpc_gss_svc_max_data_length(
307 struct svc_req *req,
308 int max_tp_unit_len
309 );
310
311 bool_t
312 rpc_gss_get_versions(
313 uint_t *vers_hi,
314 uint_t *vers_lo
315 );
316
317 #define RPCSEC_GSS_REFRESH_ATTEMPTS 20
318
319 /*
320 * Protocol data.
321 *
322 * The reason to put these definition in this header file
323 * is for 2.6 snoop to handle the RPCSEC_GSS protocol
324 * interpretation.
325 */
326 #define RPCSEC_GSS_DATA 0
327 #define RPCSEC_GSS_INIT 1
328 #define RPCSEC_GSS_CONTINUE_INIT 2
329 #define RPCSEC_GSS_DESTROY 3
330
331 #define RPCSEC_GSS_VERSION 1
332
333 #ifdef __cplusplus
334 }
335 #endif
336
337 #endif /* !_RPCSEC_GSS_H */
unleashed repo fork