tirpc/rpc/auth_gss.h

0001 /*
0002   auth_gss.h
0003
0004   Copyright (c) 2000 The Regents of the University of Michigan.
0005   All rights reserved.
0006
0007   Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
0008   All rights reserved, all wrongs reversed.
0009
0010   Redistribution and use in source and binary forms, with or without
0011   modification, are permitted provided that the following conditions
0012   are met:
0013
0014   1. Redistributions of source code must retain the above copyright
0015      notice, this list of conditions and the following disclaimer.
0016   2. Redistributions in binary form must reproduce the above copyright
0017      notice, this list of conditions and the following disclaimer in the
0018      documentation and/or other materials provided with the distribution.
0019   3. Neither the name of the University nor the names of its
0020      contributors may be used to endorse or promote products derived
0021      from this software without specific prior written permission.
0022
0023   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
0024   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
0025   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
0026   DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
0027   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
0028   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
0029   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
0030   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
0031   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
0032   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
0033   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0034
0035 */
0036
0037 #ifndef _TIRPC_AUTH_GSS_H
0038 #define _TIRPC_AUTH_GSS_H
0039
0040 #include <rpc/clnt.h>
0041 #include <gssapi/gssapi.h>
0042
0043 /* RPCSEC_GSS control procedures. */
0044 typedef enum {
0045     RPCSEC_GSS_DATA = 0,
0046     RPCSEC_GSS_INIT = 1,
0047     RPCSEC_GSS_CONTINUE_INIT = 2,
0048     RPCSEC_GSS_DESTROY = 3
0049 } rpc_gss_proc_t;
0050
0051 /* RPCSEC_GSS services. */
0052 typedef enum {
0053     RPCSEC_GSS_SVC_NONE = 1,
0054     RPCSEC_GSS_SVC_INTEGRITY = 2,
0055     RPCSEC_GSS_SVC_PRIVACY = 3
0056 } rpc_gss_svc_t;
0057
0058 #define RPCSEC_GSS_VERSION  1
0059
0060 /* RPCSEC_GSS security triple. */
0061 struct rpc_gss_sec {
0062     gss_OID     mech;       /* mechanism */
0063     gss_qop_t   qop;        /* quality of protection */
0064     rpc_gss_svc_t   svc;        /* service */
0065     gss_cred_id_t   cred;       /* cred handle */
0066     u_int       req_flags;  /* req flags for init_sec_context */
0067 };
0068
0069 /* Private data required for kernel implementation */
0070 struct authgss_private_data {
0071     gss_ctx_id_t    pd_ctx;     /* Session context handle */
0072     gss_buffer_desc pd_ctx_hndl;    /* Credentials context handle */
0073     u_int       pd_seq_win; /* Sequence window */
0074 };
0075
0076 /* from kerberos source, gssapi_krb5.c */
0077 extern gss_OID_desc krb5oid;
0078 extern gss_OID_desc spkm3oid;
0079
0080 /* Credentials. */
0081 struct rpc_gss_cred {
0082     u_int       gc_v;       /* version */
0083     rpc_gss_proc_t  gc_proc;    /* control procedure */
0084     u_int       gc_seq;     /* sequence number */
0085     rpc_gss_svc_t   gc_svc;     /* service */
0086     gss_buffer_desc gc_ctx;     /* context handle */
0087 };
0088
0089 /* Context creation response. */
0090 struct rpc_gss_init_res {
0091     gss_buffer_desc     gr_ctx;     /* context handle */
0092     u_int           gr_major;   /* major status */
0093     u_int           gr_minor;   /* minor status */
0094     u_int           gr_win;     /* sequence window */
0095     gss_buffer_desc     gr_token;   /* token */
0096 };
0097
0098 /* Maximum sequence number value. */
0099 #define MAXSEQ      0x80000000
0100
0101 /* Prototypes. */
0102 #ifdef __cplusplus
0103 extern "C" {
0104 #endif
0105 bool_t  xdr_rpc_gss_cred    (XDR *xdrs, struct rpc_gss_cred *p);
0106 bool_t  xdr_rpc_gss_init_args   (XDR *xdrs, gss_buffer_desc *p);
0107 bool_t  xdr_rpc_gss_init_res    (XDR *xdrs, struct rpc_gss_init_res *p);
0108 bool_t  xdr_rpc_gss_data    (XDR *xdrs, xdrproc_t xdr_func,
0109                  caddr_t xdr_ptr, gss_ctx_id_t ctx,
0110                  gss_qop_t qop, rpc_gss_svc_t svc,
0111                  u_int seq);
0112
0113 AUTH   *authgss_create      (CLIENT *, gss_name_t, struct rpc_gss_sec *);
0114 AUTH   *authgss_create_default  (CLIENT *, char *, struct rpc_gss_sec *);
0115 bool_t authgss_service      (AUTH *auth, int svc);
0116 bool_t authgss_get_private_data (AUTH *auth, struct authgss_private_data *);
0117 bool_t authgss_free_private_data (struct authgss_private_data *);
0118
0119 void    gss_log_debug       (const char *fmt, ...);
0120 void    gss_log_status      (char *m, OM_uint32 major, OM_uint32 minor);
0121 void    gss_log_hexdump     (const u_char *buf, int len, int offset);
0122
0123 bool_t  is_authgss_client   (CLIENT *);
0124
0125 #ifdef __cplusplus
0126 }
0127 #endif
0128
0129 #endif /* !_TIRPC_AUTH_GSS_H */