OpenSolaris_b135/uts/common/rpc/rpcsec_gss.h
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
*/
/*
* rpcsec_gss.h, RPCSEC_GSS security service interface.
*/
#ifndef _RPCSEC_GSS_H
#define _RPCSEC_GSS_H
#ifdef __cplusplus
extern "C" {
#endif
#include <rpc/auth.h>
#include <rpc/clnt.h>
#include <gssapi/gssapi.h>
/*
* Interface definitions.
*/
#define MAX_NAME_LEN 64
#define MAX_GSS_MECH 128
#define MAX_GSS_NAME 128
typedef enum {
rpc_gss_svc_default = 0,
rpc_gss_svc_none = 1,
rpc_gss_svc_integrity = 2,
rpc_gss_svc_privacy = 3
} rpc_gss_service_t;
/*
* GSS-API based security mechanism type specified as
* object identifiers (OIDs).
* This type is derived from gss_OID_desc/gss_OID.
*/
#define rpc_gss_OID_s gss_OID_desc_struct
typedef struct rpc_gss_OID_s rpc_gss_OID_desc, *rpc_gss_OID;
/*
* Interface data.
* This is already suitable for both LP64 and ILP32.
*/
typedef struct rpc_gss_principal {
int len;
char name[1];
} *rpc_gss_principal_t;
typedef struct {
int req_flags;
int time_req;
gss_cred_id_t my_cred;
gss_channel_bindings_t input_channel_bindings;
} rpc_gss_options_req_t;
typedef struct {
int major_status;
int minor_status;
uint_t rpcsec_version;
int ret_flags;
int time_ret;
gss_ctx_id_t gss_context;
#ifdef _KERNEL
rpc_gss_OID actual_mechanism;
#else
char actual_mechanism[MAX_GSS_MECH];
#endif
} rpc_gss_options_ret_t;
/*
* raw credentials
*/
typedef struct {
uint_t version;
#ifdef _KERNEL
rpc_gss_OID mechanism;
uint_t qop;
#else
char *mechanism;
char *qop;
#endif
rpc_gss_principal_t client_principal;
char *svc_principal; /* service@server, e.g. nfs@caribe */
rpc_gss_service_t service;
} rpc_gss_rawcred_t;
/*
* unix credentials
*/
typedef struct {
uid_t uid;
gid_t gid;
short gidlen;
gid_t *gidlist;
} rpc_gss_ucred_t;
/*
* for callback routine
*/
typedef struct {
uint_t program;
uint_t version;
bool_t (*callback)();
} rpc_gss_callback_t;
/*
* lock used for the callback routine
*/
typedef struct {
bool_t locked;
rpc_gss_rawcred_t *raw_cred;
} rpc_gss_lock_t;
/*
* This is for user RPC applications.
* Structure used to fetch the error code when one of
* the rpc_gss_* routines fails.
*/
typedef struct {
int rpc_gss_error;
int system_error;
} rpc_gss_error_t;
#define RPC_GSS_ER_SUCCESS 0 /* no error */
#define RPC_GSS_ER_SYSTEMERROR 1 /* system error */
#ifdef _SYSCALL32
struct gss_clnt_data32 {
gss_OID_desc32 mechanism;
rpc_gss_service_t service;
char uname[MAX_NAME_LEN]; /* server's service name */
char inst[MAX_NAME_LEN]; /* server's instance name */
char realm[MAX_NAME_LEN]; /* server's realm */
uint_t qop;
};
#endif
/*
* This is for Kernel RPC applications.
* RPCSEC_GSS flavor specific data in sec_data opaque field.
*/
typedef struct gss_clnt_data {
rpc_gss_OID_desc mechanism;
rpc_gss_service_t service;
char uname[MAX_NAME_LEN]; /* server's service name */
char inst[MAX_NAME_LEN]; /* server's instance name */
char realm[MAX_NAME_LEN]; /* server's realm */
uint_t qop;
} gss_clntdata_t;
struct svc_req;
/*
* KERNEL rpc_gss_* interfaces.
*/
#ifdef _KERNEL
int rpc_gss_secget(CLIENT *, char *, rpc_gss_OID,
rpc_gss_service_t, uint_t, rpc_gss_options_req_t *,
rpc_gss_options_ret_t *, void *, cred_t *, AUTH **);
void rpc_gss_secfree(AUTH *);
int rpc_gss_seccreate(CLIENT *, char *, rpc_gss_OID,
rpc_gss_service_t, uint_t, rpc_gss_options_req_t *,
rpc_gss_options_ret_t *, cred_t *, AUTH **);
int rpc_gss_revauth(uid_t, rpc_gss_OID);
void rpc_gss_secpurge(void *);
enum auth_stat __svcrpcsec_gss(struct svc_req *,
struct rpc_msg *, bool_t *);
bool_t rpc_gss_set_defaults(AUTH *, rpc_gss_service_t, uint_t);
rpc_gss_service_t rpc_gss_get_service_type(AUTH *);
#else
/*
* USER rpc_gss_* public interfaces
*/
AUTH *
rpc_gss_seccreate(
CLIENT *clnt, /* associated client handle */
char *principal, /* server service principal */
char *mechanism, /* security mechanism */
rpc_gss_service_t service_type, /* security service */
char *qop, /* requested QOP */
rpc_gss_options_req_t *options_req, /* requested options */
rpc_gss_options_ret_t *options_ret /* returned options */
);
bool_t
rpc_gss_get_principal_name(
rpc_gss_principal_t *principal,
char *mechanism,
char *user_name,
char *node,
char *secdomain
);
char **rpc_gss_get_mechanisms();
char **rpc_gss_get_mech_info(
char *mechanism,
rpc_gss_service_t *service
);
bool_t
rpc_gss_is_installed(
char *mechanism
);
bool_t
rpc_gss_mech_to_oid(
char *mech,
rpc_gss_OID *oid
);
bool_t
rpc_gss_qop_to_num(
char *qop,
char *mech,
uint_t *num
);
bool_t
rpc_gss_set_svc_name(
char *principal,
char *mechanism,
uint_t req_time,
uint_t program,
uint_t version
);
bool_t
rpc_gss_set_defaults(
AUTH *auth,
rpc_gss_service_t service,
char *qop
);
void
rpc_gss_get_error(
rpc_gss_error_t *error
);
/*
* User level private interfaces
*/
enum auth_stat __svcrpcsec_gss();
bool_t __rpc_gss_wrap();
bool_t __rpc_gss_unwrap();
#endif
/*
* USER and KERNEL rpc_gss_* interfaces.
*/
bool_t
rpc_gss_set_callback(
rpc_gss_callback_t *cb
);
bool_t
rpc_gss_getcred(
struct svc_req *req,
rpc_gss_rawcred_t **rcred,
rpc_gss_ucred_t **ucred,
void **cookie
);
int
rpc_gss_max_data_length(
AUTH *rpcgss_handle,
int max_tp_unit_len
);
int
rpc_gss_svc_max_data_length(
struct svc_req *req,
int max_tp_unit_len
);
bool_t
rpc_gss_get_versions(
uint_t *vers_hi,
uint_t *vers_lo
);
#define RPCSEC_GSS_REFRESH_ATTEMPTS 20
/*
* Protocol data.
*
* The reason to put these definition in this header file
* is for 2.6 snoop to handle the RPCSEC_GSS protocol
* interpretation.
*/
#define RPCSEC_GSS_DATA 0
#define RPCSEC_GSS_INIT 1
#define RPCSEC_GSS_CONTINUE_INIT 2
#define RPCSEC_GSS_DESTROY 3
#define RPCSEC_GSS_VERSION 1
#ifdef __cplusplus
}
#endif
#endif /* !_RPCSEC_GSS_H */