xref: /freebsd/crypto/krb5/src/include/kcm.h (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* include/kcm.h - Kerberos cache manager protocol declarations */
3 /*
4  * Copyright (C) 2014 by the Massachusetts Institute of Technology.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * * Redistributions of source code must retain the above copyright
12  *   notice, this list of conditions and the following disclaimer.
13  *
14  * * Redistributions in binary form must reproduce the above copyright
15  *   notice, this list of conditions and the following disclaimer in
16  *   the documentation and/or other materials provided with the
17  *   distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30  * OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 #ifndef KCM_H
34 #define KCM_H
35 
36 #define KCM_PROTOCOL_VERSION_MAJOR 2
37 #define KCM_PROTOCOL_VERSION_MINOR 0
38 
39 #define KCM_UUID_LEN 16
40 
41 /* This should ideally be in RUNSTATEDIR, but Heimdal uses a hardcoded
42  * /var/run, and we need to use the same default path. */
43 #define DEFAULT_KCM_SOCKET_PATH "/var/run/.heim_org.h5l.kcm-socket"
44 #define DEFAULT_KCM_MACH_SERVICE "org.h5l.kcm"
45 
46 /*
47  * All requests begin with:
48  *   major version (1 bytes)
49  *   minor version (1 bytes)
50  *   opcode (16-bit big-endian)
51  *
52  * All replies begin with a 32-bit big-endian reply code.
53  *
54  * Parameters are appended to the request or reply with no delimiters.  Flags,
55  * time offsets, and lengths are stored as 32-bit big-endian integers.  Names
56  * are marshalled as zero-terminated strings.  Principals and credentials are
57  * marshalled in the v4 FILE ccache format.  UUIDs are 16 bytes.  UUID lists
58  * are not delimited, so nothing can come after them.
59  *
60  * Flag words must use Heimdal flag values, which are not the same as MIT krb5
61  * values for KRB5_GC and KRB5_TC constants.  The same flag word may contain
62  * both kinds of flags in Heimdal, but not in MIT krb5.  Defines for the
63  * applicable Heimdal flag values are given below using KCM_GC and KCM_TC
64  * prefixes.
65  */
66 
67 #define KCM_GC_CACHED                   (1U << 0)
68 
69 #define KCM_TC_DONT_MATCH_REALM         (1U << 31)
70 #define KCM_TC_MATCH_KEYTYPE            (1U << 30)
71 #define KCM_TC_MATCH_SRV_NAMEONLY       (1U << 29)
72 #define KCM_TC_MATCH_FLAGS_EXACT        (1U << 28)
73 #define KCM_TC_MATCH_FLAGS              (1U << 27)
74 #define KCM_TC_MATCH_TIMES_EXACT        (1U << 26)
75 #define KCM_TC_MATCH_TIMES              (1U << 25)
76 #define KCM_TC_MATCH_AUTHDATA           (1U << 24)
77 #define KCM_TC_MATCH_2ND_TKT            (1U << 23)
78 #define KCM_TC_MATCH_IS_SKEY            (1U << 22)
79 
80 /* Opcodes without comments are currently unused in the MIT client
81  * implementation. */
82 typedef enum kcm_opcode {
83     KCM_OP_NOOP,
84     KCM_OP_GET_NAME,
85     KCM_OP_RESOLVE,
86     KCM_OP_GEN_NEW,             /*                     () -> (name)      */
87     KCM_OP_INITIALIZE,          /*          (name, princ) -> ()          */
88     KCM_OP_DESTROY,             /*                 (name) -> ()          */
89     KCM_OP_STORE,               /*           (name, cred) -> ()          */
90     KCM_OP_RETRIEVE,            /* (name, flags, credtag) -> (cred)      */
91     KCM_OP_GET_PRINCIPAL,       /*                 (name) -> (princ)     */
92     KCM_OP_GET_CRED_UUID_LIST,  /*                 (name) -> (uuid, ...) */
93     KCM_OP_GET_CRED_BY_UUID,    /*           (name, uuid) -> (cred)      */
94     KCM_OP_REMOVE_CRED,         /* (name, flags, credtag) -> ()          */
95     KCM_OP_SET_FLAGS,
96     KCM_OP_CHOWN,
97     KCM_OP_CHMOD,
98     KCM_OP_GET_INITIAL_TICKET,
99     KCM_OP_GET_TICKET,
100     KCM_OP_MOVE_CACHE,
101     KCM_OP_GET_CACHE_UUID_LIST, /*                     () -> (uuid, ...) */
102     KCM_OP_GET_CACHE_BY_UUID,   /*                 (uuid) -> (name)      */
103     KCM_OP_GET_DEFAULT_CACHE,   /*                     () -> (name)      */
104     KCM_OP_SET_DEFAULT_CACHE,   /*                 (name) -> ()          */
105     KCM_OP_GET_KDC_OFFSET,      /*                 (name) -> (offset)    */
106     KCM_OP_SET_KDC_OFFSET,      /*         (name, offset) -> ()          */
107     KCM_OP_ADD_NTLM_CRED,
108     KCM_OP_HAVE_NTLM_CRED,
109     KCM_OP_DEL_NTLM_CRED,
110     KCM_OP_DO_NTLM_AUTH,
111     KCM_OP_GET_NTLM_USER_LIST,
112 
113     /* MIT extensions */
114     KCM_OP_MIT_EXTENSION_BASE = 13000,
115     KCM_OP_GET_CRED_LIST,       /* (name) -> (count, count*{len, cred}) */
116     KCM_OP_REPLACE,             /* (name, offset, princ,
117                                  *  count, count*{len, cred}) -> () */
118 } kcm_opcode;
119 
120 #endif /* KCM_H */
121