include/gssrpc/auth_gss.h

0001 /* include/gssrpc/auth_gss.h */
0002 /*
0003   Copyright (c) 2000 The Regents of the University of Michigan.
0004   All rights reserved.
0005
0006   Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
0007   All rights reserved, all wrongs reversed.
0008
0009   Redistribution and use in source and binary forms, with or without
0010   modification, are permitted provided that the following conditions
0011   are met:
0012
0013   1. Redistributions of source code must retain the above copyright
0014      notice, this list of conditions and the following disclaimer.
0015   2. Redistributions in binary form must reproduce the above copyright
0016      notice, this list of conditions and the following disclaimer in the
0017      documentation and/or other materials provided with the distribution.
0018   3. Neither the name of the University nor the names of its
0019      contributors may be used to endorse or promote products derived
0020      from this software without specific prior written permission.
0021
0022   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
0023   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
0024   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
0025   DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
0026   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
0027   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
0028   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
0029   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
0030   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
0031   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
0032   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0033
0034   Id: auth_gss.h,v 1.13 2002/05/08 16:54:33 andros Exp
0035 */
0036
0037 #ifndef GSSRPC_AUTH_GSS_H
0038 #define GSSRPC_AUTH_GSS_H
0039
0040 #include <gssrpc/rpc.h>
0041 #include <gssrpc/clnt.h>
0042 #ifdef HAVE_HEIMDAL
0043 #include <gssapi.h>
0044 #else
0045 #include <gssapi/gssapi.h>
0046 #endif
0047
0048 GSSRPC__BEGIN_DECLS
0049
0050 /* RPCSEC_GSS control procedures. */
0051 typedef enum {
0052     RPCSEC_GSS_DATA = 0,
0053     RPCSEC_GSS_INIT = 1,
0054     RPCSEC_GSS_CONTINUE_INIT = 2,
0055     RPCSEC_GSS_DESTROY = 3
0056 } rpc_gss_proc_t;
0057
0058 /* RPCSEC_GSS services. */
0059 typedef enum {
0060     RPCSEC_GSS_SVC_NONE = 1,
0061     RPCSEC_GSS_SVC_INTEGRITY = 2,
0062     RPCSEC_GSS_SVC_PRIVACY = 3
0063 } rpc_gss_svc_t;
0064
0065 #define RPCSEC_GSS_VERSION  1
0066
0067 /* RPCSEC_GSS security triple. */
0068 struct rpc_gss_sec {
0069     gss_OID     mech;       /* mechanism */
0070     gss_qop_t   qop;        /* quality of protection */
0071     rpc_gss_svc_t   svc;        /* service */
0072     gss_cred_id_t   cred;       /* cred handle */
0073     uint32_t    req_flags;  /* req flags for init_sec_context */
0074 };
0075
0076 /* Private data required for kernel implementation */
0077 struct authgss_private_data {
0078     gss_ctx_id_t    pd_ctx;     /* Session context handle */
0079     gss_buffer_desc pd_ctx_hndl;    /* Credentials context handle */
0080     uint32_t    pd_seq_win; /* Sequence window */
0081 };
0082
0083 /* Krb 5 default mechanism
0084 #define KRB5OID  "1.2.840.113554.1.2.2"
0085
0086 gss_OID_desc krb5oid = {
0087     20, KRB5OID
0088 };
0089  */
0090
0091 /*
0092 struct rpc_gss_sec krb5mech = {
0093     (gss_OID)&krb5oid,
0094     GSS_QOP_DEFAULT,
0095     RPCSEC_GSS_SVC_NONE
0096 };
0097 */
0098
0099 /* Credentials. */
0100 struct rpc_gss_cred {
0101     u_int       gc_v;       /* version */
0102     rpc_gss_proc_t  gc_proc;    /* control procedure */
0103     uint32_t    gc_seq;     /* sequence number */
0104     rpc_gss_svc_t   gc_svc;     /* service */
0105     gss_buffer_desc gc_ctx;     /* context handle */
0106 };
0107
0108 /* Context creation response. */
0109 struct rpc_gss_init_res {
0110     gss_buffer_desc     gr_ctx;     /* context handle */
0111     uint32_t        gr_major;   /* major status */
0112     uint32_t        gr_minor;   /* minor status */
0113     uint32_t        gr_win;     /* sequence window */
0114     gss_buffer_desc     gr_token;   /* token */
0115 };
0116
0117 /* Maximum sequence number value. */
0118 #define MAXSEQ      0x80000000
0119
0120 /* Prototypes. */
0121 bool_t  xdr_rpc_gss_buf     (XDR *xdrs, gss_buffer_t, u_int maxsize);
0122 bool_t  xdr_rpc_gss_cred    (XDR *xdrs, struct rpc_gss_cred *p);
0123 bool_t  xdr_rpc_gss_init_args   (XDR *xdrs, gss_buffer_desc *p);
0124 bool_t  xdr_rpc_gss_init_res    (XDR *xdrs, struct rpc_gss_init_res *p);
0125 bool_t  xdr_rpc_gss_data    (XDR *xdrs, xdrproc_t xdr_func,
0126                  caddr_t xdr_ptr, gss_ctx_id_t ctx,
0127                  gss_qop_t qop, rpc_gss_svc_t svc,
0128                  uint32_t seq);
0129 bool_t  xdr_rpc_gss_wrap_data   (XDR *xdrs, xdrproc_t xdr_func, caddr_t
0130                  xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop,
0131                  rpc_gss_svc_t svc, uint32_t seq);
0132 bool_t  xdr_rpc_gss_unwrap_data (XDR *xdrs, xdrproc_t xdr_func, caddr_t
0133                  xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop,
0134                  rpc_gss_svc_t svc, uint32_t seq);
0135
0136 AUTH   *authgss_create      (CLIENT *, gss_name_t, struct rpc_gss_sec *);
0137 AUTH   *authgss_create_default  (CLIENT *, char *, struct rpc_gss_sec *);
0138 bool_t authgss_service      (AUTH *auth, int svc);
0139 bool_t authgss_get_private_data (AUTH *auth, struct authgss_private_data *);
0140
0141 #ifdef GSSRPC__IMPL
0142 void    log_debug       (const char *fmt, ...);
0143 void    log_status      (char *m, OM_uint32 major, OM_uint32 minor);
0144 void    log_hexdump     (const u_char *buf, int len, int offset);
0145 #endif
0146
0147 GSSRPC__END_DECLS
0148 #endif /* !defined(GSSRPC_AUTH_GSS_H) */