2 * Copyright (c) 2008 Doug Rabson
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <kgssapi/gssapi.h>
35 #define MAX_GSS_MECH 64
39 * Define the types of security service required for rpc_gss_seccreate().
42 rpc_gss_svc_default = 0,
44 rpc_gss_svc_integrity = 2,
45 rpc_gss_svc_privacy = 3
49 * Structure containing options for rpc_gss_seccreate().
52 int req_flags; /* GSS request bits */
53 int time_req; /* requested credential lifetime */
54 gss_cred_id_t my_cred; /* GSS credential */
55 gss_channel_bindings_t input_channel_bindings;
56 } rpc_gss_options_req_t;
59 * Structure containing options returned by rpc_gss_seccreate().
67 gss_ctx_id_t gss_context;
68 char actual_mechanism[MAX_GSS_MECH];
69 } rpc_gss_options_ret_t;
72 * Client principal type. Used as an argument to
73 * rpc_gss_get_principal_name(). Also referenced by the
74 * rpc_gss_rawcred_t structure.
79 } *rpc_gss_principal_t;
82 * Structure for raw credentials used by rpc_gss_getcred() and
83 * rpc_gss_set_callback().
86 u_int version; /* RPC version number */
87 const char *mechanism; /* security mechanism */
88 const char *qop; /* quality of protection */
89 rpc_gss_principal_t client_principal; /* client name */
90 const char *svc_principal; /* server name */
91 rpc_gss_service_t service; /* service type */
95 * Unix credentials derived from raw credentials. Returned by
99 uid_t uid; /* user ID */
100 gid_t gid; /* group ID */
102 gid_t *gidlist; /* list of groups */
106 * Structure used to enforce a particular QOP and service.
110 rpc_gss_rawcred_t *raw_cred;
114 * Callback structure used by rpc_gss_set_callback().
117 u_int program; /* RPC program number */
118 u_int version; /* RPC version number */
119 /* user defined callback */
120 bool_t (*callback)(struct svc_req *req,
122 gss_ctx_id_t gss_context,
123 rpc_gss_lock_t *lock,
125 } rpc_gss_callback_t;
128 * Structure used to return error information by rpc_gss_get_error()
132 int system_error; /* same as errno */
136 * Values for rpc_gss_error
138 #define RPC_GSS_ER_SUCCESS 0 /* no error */
139 #define RPC_GSS_ER_SYSTEMERROR 1 /* system error */
144 AUTH *rpc_gss_secfind(CLIENT *clnt, struct ucred *cred,
145 const char *principal, gss_OID mech_oid, rpc_gss_service_t service);
146 void rpc_gss_secpurge(CLIENT *clnt);
148 AUTH *rpc_gss_seccreate(CLIENT *clnt, struct ucred *cred,
149 const char *principal, const char *mechanism, rpc_gss_service_t service,
150 const char *qop, rpc_gss_options_req_t *options_req,
151 rpc_gss_options_ret_t *options_ret);
152 bool_t rpc_gss_set_defaults(AUTH *auth, rpc_gss_service_t service,
154 int rpc_gss_max_data_length(AUTH *handle, int max_tp_unit_len);
155 void rpc_gss_get_error(rpc_gss_error_t *error);
157 bool_t rpc_gss_mech_to_oid(const char *mech, gss_OID *oid_ret);
158 bool_t rpc_gss_oid_to_mech(gss_OID oid, const char **mech_ret);
159 bool_t rpc_gss_qop_to_num(const char *qop, const char *mech, u_int *num_ret);
160 const char **rpc_gss_get_mechanisms(void);
161 const char **rpc_gss_get_mech_info(const char *mech, rpc_gss_service_t *service);
162 bool_t rpc_gss_get_versions(u_int *vers_hi, u_int *vers_lo);
163 bool_t rpc_gss_is_installed(const char *mech);
165 bool_t rpc_gss_set_svc_name(const char *principal, const char *mechanism,
166 u_int req_time, u_int program, u_int version);
167 void rpc_gss_clear_svc_name(u_int program, u_int version);
168 bool_t rpc_gss_getcred(struct svc_req *req, rpc_gss_rawcred_t **rcred,
169 rpc_gss_ucred_t **ucred, void **cookie);
170 bool_t rpc_gss_set_callback(rpc_gss_callback_t *cb);
171 void rpc_gss_clear_callback(rpc_gss_callback_t *cb);
172 bool_t rpc_gss_get_principal_name(rpc_gss_principal_t *principal,
173 const char *mech, const char *name, const char *node, const char *domain);
174 int rpc_gss_svc_max_data_length(struct svc_req *req, int max_tp_unit_len);
177 * Internal interface from the RPC implementation.
180 bool_t __rpc_gss_wrap(AUTH *auth, void *header, size_t headerlen,
181 XDR* xdrs, xdrproc_t xdr_args, void *args_ptr);
182 bool_t __rpc_gss_unwrap(AUTH *auth, XDR* xdrs, xdrproc_t xdr_args,
185 bool_t __rpc_gss_set_error(int rpc_gss_error, int system_error);
189 #endif /* !_RPCSEC_GSS_H */