1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 %/* 23 % * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 % * Use is subject to license terms. 25 % */ 26 % 27 %/* 28 % * RPC protocol information for gssd, the usermode daemon that 29 % * assists the kernel with gssapi. It is gssd that executes all 30 % * gssapi calls except for some such as gss_sign(), and 31 % * gss_verify(), which are executed in the kernel itself. 32 % * 33 % * File generated from gssd.x 34 % */ 35 % 36 %#define NO 0 37 %#define YES 1 38 %#define FOREVER 1 39 % 40 %#include <sys/types.h> 41 %#include <sys/time.h> 42 %#include <rpc/auth_sys.h> 43 %#ifndef _KERNEL 44 %#include <locale.h> 45 %#endif /* not _KERNEL */ 46 % 47 48 %#ifdef _KERNEL 49 %extern void killgssd_handle(CLIENT *); 50 %extern CLIENT *getgssd_handle(void); 51 %#endif /* _KERNEL */ 52 % 53 /* 54 * These are the definitions for the interface to GSSD. 55 */ 56 57 typedef unsigned int OM_UINT32; 58 59 typedef opaque GSS_CTX_ID_T<>; 60 typedef opaque GSS_CRED_ID_T<>; 61 typedef opaque GSS_OID<>; 62 typedef opaque GSS_BUFFER_T<>; 63 typedef gid_t GSSCRED_GIDS<>; 64 65 typedef GSS_OID GSS_OID_SET<>; 66 67 struct GSS_CHANNEL_BINDINGS_STRUCT { 68 int present; 69 OM_UINT32 initiator_addrtype; 70 GSS_BUFFER_T initiator_address; 71 OM_UINT32 acceptor_addrtype; 72 GSS_BUFFER_T acceptor_address; 73 GSS_BUFFER_T application_data; 74 }; 75 76 typedef struct GSS_CHANNEL_BINDINGS_STRUCT GSS_CHANNEL_BINDINGS; 77 78 struct gss_acquire_cred_arg { 79 uid_t uid; /* client uid */ 80 GSS_BUFFER_T desired_name; /* name of cred */ 81 GSS_OID name_type; /* type of desired name */ 82 OM_UINT32 time_req; /* context validity interval */ 83 GSS_OID_SET desired_mechs; /* cred mechanisms */ 84 int cred_usage; /* init/accept/both */ 85 }; 86 87 struct gss_acquire_cred_res { 88 OM_UINT32 minor_status; /* status from the mechanism */ 89 GSS_CRED_ID_T output_cred_handle; /* returned credential handle */ 90 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 91 GSS_OID_SET actual_mechs; /* found cred mechanisms */ 92 OM_UINT32 time_rec; /* actual context validity */ 93 OM_UINT32 status; /* status of GSSAPI call */ 94 }; 95 96 struct gss_add_cred_arg { 97 uid_t uid; /* client uid */ 98 GSS_CRED_ID_T input_cred_handle; /* input credential handle */ 99 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 100 GSS_BUFFER_T desired_name; /* name of cred */ 101 GSS_OID name_type; /* type of desired name */ 102 GSS_OID desired_mech_type; /* cred mechanisms */ 103 int cred_usage; /* init/accept/both */ 104 OM_UINT32 initiator_time_req; /* context validity interval */ 105 OM_UINT32 acceptor_time_req; /* context validity interval */ 106 }; 107 /* Note: For gss_add_cred we always update the underlying credentials of 108 * input_cred_handle. We always pass NULL as output_cred_handle when the call 109 * to gss_add_cred is made 110 */ 111 struct gss_add_cred_res { 112 OM_UINT32 minor_status; /* status from the mechanism */ 113 GSS_OID_SET actual_mechs; /* found cred mechanisms */ 114 OM_UINT32 initiator_time_rec; /* cred validity interval */ 115 OM_UINT32 acceptor_time_rec; /* cred validity interval */ 116 OM_UINT32 status; /* status of GSSAPI call */ 117 }; 118 119 struct gss_release_cred_arg { 120 uid_t uid; /* client uid */ 121 OM_UINT32 gssd_cred_verifier; /* verifier for cred handles */ 122 GSS_CRED_ID_T cred_handle; /* credential handle */ 123 }; 124 125 struct gss_release_cred_res { 126 OM_UINT32 minor_status; /* status from the mechanism */ 127 OM_UINT32 status; /* status of GSSAPI call */ 128 }; 129 130 struct gss_init_sec_context_arg { 131 uid_t uid; /* client uid */ 132 GSS_CTX_ID_T context_handle; /* handle to existing context */ 133 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 134 GSS_CRED_ID_T claimant_cred_handle; /* must = GSS_C_NO_CREDENTIAL */ 135 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 136 GSS_BUFFER_T target_name; /* name of server */ 137 GSS_OID name_type; /* type of principal name */ 138 GSS_OID mech_type; /* requested mechanism */ 139 int req_flags; /* requested context options */ 140 OM_UINT32 time_req; /* context validity interval */ 141 GSS_CHANNEL_BINDINGS 142 input_chan_bindings; /* requested channel bindings */ 143 GSS_BUFFER_T input_token; /* token to send to peer */ 144 }; 145 146 struct gss_init_sec_context_res { 147 GSS_CTX_ID_T context_handle; /* handle to created context */ 148 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 149 OM_UINT32 minor_status; /* status from the mechanism */ 150 GSS_OID actual_mech_type; /* actual mechanism used */ 151 GSS_BUFFER_T output_token; /* where peer token is put */ 152 OM_UINT32 ret_flags; /* options of context */ 153 OM_UINT32 time_rec; /* actual context validity */ 154 OM_UINT32 status; /* status of GSSAPI call */ 155 }; 156 157 struct gss_accept_sec_context_arg { 158 uid_t uid; /* client uid */ 159 GSS_CTX_ID_T context_handle; /* handle to existing context */ 160 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 161 GSS_CRED_ID_T verifier_cred_handle; /* must = GSS_C_NO_CREDENTIAL */ 162 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 163 GSS_BUFFER_T input_token_buffer; /* token to send to peer */ 164 GSS_CHANNEL_BINDINGS 165 input_chan_bindings; /* requested channel bindings */ 166 }; 167 168 struct gss_accept_sec_context_res { 169 GSS_CTX_ID_T context_handle; /* handle to created context */ 170 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 171 OM_UINT32 minor_status; /* status from the mechanism */ 172 GSS_BUFFER_T src_name; /* authenticated name of peer */ 173 GSS_OID mech_type; /* mechanism used */ 174 GSS_BUFFER_T output_token; /* where peer token is put */ 175 OM_UINT32 ret_flags; /* options of context */ 176 OM_UINT32 time_rec; /* actual context validity */ 177 GSS_CRED_ID_T delegated_cred_handle; /* always GSS_C_NO_CREDENTIAL */ 178 OM_UINT32 status; /* status of GSSAPI call */ 179 }; 180 181 struct gss_process_context_token_arg { 182 uid_t uid; /* client uid */ 183 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 184 GSS_CTX_ID_T context_handle; /* handle to existing context */ 185 GSS_BUFFER_T token_buffer; /* token to process */ 186 }; 187 188 struct gss_process_context_token_res { 189 OM_UINT32 minor_status; /* status from the mechanism */ 190 OM_UINT32 status; /* status of GSSAPI call */ 191 }; 192 193 struct gss_delete_sec_context_arg { 194 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 195 GSS_CTX_ID_T context_handle; /* handle to existing context */ 196 }; 197 198 struct gss_delete_sec_context_res { 199 OM_UINT32 minor_status; /* status from the mechanism */ 200 GSS_CTX_ID_T context_handle; /* handle to deleted context */ 201 GSS_BUFFER_T output_token; /* output token for peer */ 202 OM_UINT32 status; /* status of GSSAPI call */ 203 }; 204 205 struct gss_export_sec_context_arg { 206 GSS_CTX_ID_T context_handle; /* handle to existing context */ 207 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 208 }; 209 210 struct gss_export_sec_context_res { 211 OM_UINT32 minor_status; /* status from the mechanism */ 212 GSS_CTX_ID_T context_handle; /* handle to existing context */ 213 GSS_BUFFER_T output_token; /* input token for import_sec_context */ 214 OM_UINT32 status; /* status of GSSAPI call */ 215 }; 216 217 struct gss_import_sec_context_arg { 218 GSS_BUFFER_T input_token; /* input token for import_sec_context */ 219 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 220 }; 221 222 struct gss_import_sec_context_res { 223 OM_UINT32 minor_status; /* status from the mechanism */ 224 GSS_CTX_ID_T context_handle; /* handle to created context */ 225 OM_UINT32 status; /* status of GSSAPI call */ 226 }; 227 228 struct gss_context_time_arg { 229 uid_t uid; /* client uid */ 230 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 231 GSS_CTX_ID_T context_handle; /* handle to existing context */ 232 }; 233 234 struct gss_context_time_res { 235 OM_UINT32 minor_status; /* status from the mechanism */ 236 OM_UINT32 time_rec; /* actual context validity */ 237 OM_UINT32 status; /* status of GSSAPI call */ 238 }; 239 240 struct gss_sign_arg { 241 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 242 GSS_CTX_ID_T context_handle; /* handle to existing context */ 243 int qop_req; /* quality of protection */ 244 GSS_BUFFER_T message_buffer; /* message to sign */ 245 }; 246 247 struct gss_sign_res { 248 OM_UINT32 minor_status; /* status from the mechanism */ 249 GSS_BUFFER_T msg_token; /* msg_token */ 250 OM_UINT32 status; /* status of GSSAPI call */ 251 }; 252 253 struct gss_verify_arg { 254 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 255 GSS_CTX_ID_T context_handle; /* handle to existing context */ 256 GSS_BUFFER_T message_buffer; /* message to verify */ 257 GSS_BUFFER_T token_buffer; /* buffer containg token */ 258 }; 259 260 struct gss_verify_res { 261 OM_UINT32 minor_status; /* status from the mechanism */ 262 int qop_state; /* quality of protection */ 263 OM_UINT32 status; /* status of GSSAPI call */ 264 }; 265 266 struct gss_seal_arg { 267 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 268 GSS_CTX_ID_T context_handle; /* handle to existing context */ 269 int conf_req_flag; /* type of conf requested */ 270 int qop_req; /* quality of prot. requested */ 271 GSS_BUFFER_T input_message_buffer; /* message to protect */ 272 }; 273 274 struct gss_seal_res { 275 OM_UINT32 minor_status; /* status from the mechanism */ 276 int conf_state; /* type of conf. applied */ 277 GSS_BUFFER_T output_message_buffer; /* protected message */ 278 OM_UINT32 status; /* status of GSSAPI call */ 279 }; 280 281 struct gss_unseal_arg { 282 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 283 GSS_CTX_ID_T context_handle; /* handle to existing context */ 284 GSS_BUFFER_T input_message_buffer; /* message to protect */ 285 }; 286 287 struct gss_unseal_res { 288 OM_UINT32 minor_status; /* status from the mechanism */ 289 GSS_BUFFER_T output_message_buffer; /* protected message */ 290 int conf_state; /* type of conf. provided */ 291 int qop_state; /* quality of prot. provided */ 292 OM_UINT32 status; /* status of GSSAPI call */ 293 }; 294 295 struct gss_display_status_arg { 296 uid_t uid; /* client uid */ 297 int status_value; /* status to be converted */ 298 int status_type; /* GSS or mech status */ 299 GSS_OID mech_type; /* mechanism */ 300 OM_UINT32 message_context; /* recursion flag */ 301 }; 302 303 struct gss_display_status_res { 304 OM_UINT32 minor_status; /* status from the mechanism */ 305 int message_context; /* recursion flag */ 306 GSS_BUFFER_T status_string; /* text equiv of status */ 307 OM_UINT32 status; /* status of GSSAPI call */ 308 }; 309 310 %/* gss_indicate_mechs_arg is void. This appears in the rpc call def */ 311 312 struct gss_indicate_mechs_res { 313 OM_UINT32 minor_status; /* status from the mechanism */ 314 GSS_OID_SET mech_set; /* mechanism set supported */ 315 OM_UINT32 status; /* status of GSSAPI call */ 316 }; 317 318 struct gss_inquire_cred_arg { 319 uid_t uid; /* client uid */ 320 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 321 GSS_CRED_ID_T cred_handle; /* credential handle */ 322 }; 323 324 struct gss_inquire_cred_res { 325 OM_UINT32 minor_status; /* status from the mechanism */ 326 GSS_BUFFER_T name; /* name associated with cred */ 327 GSS_OID name_type; /* type of name */ 328 OM_UINT32 lifetime; /* remaining validiy period */ 329 int cred_usage; /* how creds may be used */ 330 GSS_OID_SET mechanisms; /* mechs associated with cred */ 331 OM_UINT32 status; /* status of GSSAPI call */ 332 }; 333 334 struct gss_inquire_cred_by_mech_arg { 335 uid_t uid; /* client uid */ 336 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 337 GSS_CRED_ID_T cred_handle; /* credential handle */ 338 GSS_OID mech_type; /* cred mechanism */ 339 }; 340 341 struct gss_inquire_cred_by_mech_res { 342 OM_UINT32 minor_status; /* status from the mechanism */ 343 OM_UINT32 status; /* status of GSSAPI call */ 344 }; 345 346 struct gsscred_name_to_unix_cred_arg { 347 uid_t uid; /* client uid */ 348 GSS_BUFFER_T pname; /* principal name */ 349 GSS_OID name_type; /* oid of principal name */ 350 GSS_OID mech_type; /* for which mechanism to use */ 351 }; 352 353 struct gsscred_name_to_unix_cred_res { 354 uid_t uid; /* principal's uid */ 355 gid_t gid; /* principal's gid */ 356 GSSCRED_GIDS gids; /* array of principal's gids */ 357 OM_UINT32 major; /* status of the GSSAPI call */ 358 }; 359 360 361 struct 362 gsscred_expname_to_unix_cred_arg { 363 uid_t uid; /* client uid */ 364 GSS_BUFFER_T expname; /* principal in export format */ 365 }; 366 367 struct 368 gsscred_expname_to_unix_cred_res { 369 uid_t uid; /* principal's uid */ 370 gid_t gid; /* principal's gid */ 371 GSSCRED_GIDS gids; /* array of principal's gids */ 372 OM_UINT32 major; /* major status code */ 373 }; 374 375 376 struct gss_get_group_info_arg { 377 uid_t uid; /* client uid */ 378 uid_t puid; /* principal's uid */ 379 }; 380 381 struct gss_get_group_info_res { 382 gid_t gid; /* principal's gid */ 383 GSSCRED_GIDS gids; /* array of principal's gids */ 384 OM_UINT32 major; /* major status code */ 385 }; 386 387 388 struct gss_get_kmod_arg { 389 GSS_OID mech_oid; 390 391 }; 392 393 union gss_get_kmod_res switch (bool module_follow) { 394 case TRUE: 395 string modname<>; 396 case FALSE: 397 void; 398 }; 399 400 401 /* 402 * The server accepts requests only from the loopback address. 403 * Unix authentication is used, and the port must be in the reserved range. 404 */ 405 406 program GSSPROG { 407 version GSSVERS { 408 409 /* 410 * Called by the client to acquire a credential. 411 */ 412 gss_acquire_cred_res 413 GSS_ACQUIRE_CRED(gss_acquire_cred_arg) = 1; 414 415 /* 416 * Called by the client to release a credential. 417 */ 418 gss_release_cred_res 419 GSS_RELEASE_CRED(gss_release_cred_arg) = 2; 420 421 /* 422 * Called by the client to initialize a security context. 423 */ 424 gss_init_sec_context_res 425 GSS_INIT_SEC_CONTEXT(gss_init_sec_context_arg) = 3; 426 427 /* 428 * Called by the server to initialize a security context. 429 */ 430 gss_accept_sec_context_res 431 GSS_ACCEPT_SEC_CONTEXT(gss_accept_sec_context_arg) = 4; 432 433 /* 434 * Called to pass token to underlying mechanism. 435 */ 436 gss_process_context_token_res 437 GSS_PROCESS_CONTEXT_TOKEN(gss_process_context_token_arg) = 5; 438 439 /* 440 * Called to delete a security context. 441 */ 442 gss_delete_sec_context_res 443 GSS_DELETE_SEC_CONTEXT(gss_delete_sec_context_arg) = 6; 444 445 /* 446 * Called to get remaining time security context has to live. 447 */ 448 gss_context_time_res 449 GSS_CONTEXT_TIME(gss_context_time_arg) = 7; 450 451 /* 452 * Called to sign a message. 453 */ 454 gss_sign_res GSS_SIGN(gss_sign_arg) = 8; 455 456 /* 457 * Called to verify a signed message. 458 */ 459 gss_verify_res GSS_VERIFY(gss_verify_arg) = 9; 460 461 /* 462 * Called to translate minor status into a string. 463 */ 464 gss_display_status_res 465 GSS_DISPLAY_STATUS(gss_display_status_arg) = 10; 466 467 /* 468 * Called to indicate which underlying mechanisms are supported 469 */ 470 gss_indicate_mechs_res 471 GSS_INDICATE_MECHS(void) = 11; 472 473 /* 474 * Called by the client to inquire about a credential. 475 */ 476 gss_inquire_cred_res 477 GSS_INQUIRE_CRED(gss_inquire_cred_arg) = 12; 478 479 480 /* 481 * Called to seal a message. 482 */ 483 gss_seal_res GSS_SEAL(gss_seal_arg) = 13; 484 485 /* 486 * Called to unseal a message. 487 */ 488 gss_unseal_res GSS_UNSEAL(gss_unseal_arg) = 14; 489 490 /* 491 * gsscred interface functions to obtain principal uid and gids 492 */ 493 gsscred_expname_to_unix_cred_res 494 GSSCRED_EXPNAME_TO_UNIX_CRED( 495 gsscred_expname_to_unix_cred_arg) = 15; 496 497 gsscred_name_to_unix_cred_res 498 GSSCRED_NAME_TO_UNIX_CRED( 499 gsscred_name_to_unix_cred_arg) = 16; 500 501 gss_get_group_info_res 502 GSS_GET_GROUP_INFO(gss_get_group_info_arg) = 17; 503 504 gss_get_kmod_res 505 GSS_GET_KMOD(gss_get_kmod_arg) = 18; 506 507 gss_export_sec_context_res 508 GSS_EXPORT_SEC_CONTEXT(gss_export_sec_context_arg) = 19; 509 510 gss_import_sec_context_res 511 GSS_IMPORT_SEC_CONTEXT(gss_import_sec_context_arg) = 20; 512 /* 513 * Called by the client to add to a credential. 514 */ 515 gss_add_cred_res 516 GSS_ADD_CRED(gss_add_cred_arg) = 21; 517 gss_inquire_cred_by_mech_res 518 GSS_INQUIRE_CRED_BY_MECH(gss_inquire_cred_by_mech_arg) 519 = 22; 520 521 } = 1; 522 } = 100234; 523