1c19800e8SDoug Rabson /* 2*ae771770SStanislav Sedov * Copyright (c) 2006 Kungliga Tekniska Högskolan 3c19800e8SDoug Rabson * (Royal Institute of Technology, Stockholm, Sweden). 4c19800e8SDoug Rabson * All rights reserved. 5c19800e8SDoug Rabson * 6c19800e8SDoug Rabson * Redistribution and use in source and binary forms, with or without 7c19800e8SDoug Rabson * modification, are permitted provided that the following conditions 8c19800e8SDoug Rabson * are met: 9c19800e8SDoug Rabson * 10c19800e8SDoug Rabson * 1. Redistributions of source code must retain the above copyright 11c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer. 12c19800e8SDoug Rabson * 13c19800e8SDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright 14c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer in the 15c19800e8SDoug Rabson * documentation and/or other materials provided with the distribution. 16c19800e8SDoug Rabson * 17c19800e8SDoug Rabson * 3. Neither the name of KTH nor the names of its contributors may be 18c19800e8SDoug Rabson * used to endorse or promote products derived from this software without 19c19800e8SDoug Rabson * specific prior written permission. 20c19800e8SDoug Rabson * 21c19800e8SDoug Rabson * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22c19800e8SDoug Rabson * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23c19800e8SDoug Rabson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24c19800e8SDoug Rabson * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25c19800e8SDoug Rabson * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26c19800e8SDoug Rabson * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27c19800e8SDoug Rabson * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28c19800e8SDoug Rabson * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29c19800e8SDoug Rabson * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30c19800e8SDoug Rabson * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31c19800e8SDoug Rabson * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32c19800e8SDoug Rabson */ 33c19800e8SDoug Rabson 34c19800e8SDoug Rabson /* 35*ae771770SStanislav Sedov * $Id$ 36c19800e8SDoug Rabson */ 37c19800e8SDoug Rabson 38c19800e8SDoug Rabson /* missing from tests: 39c19800e8SDoug Rabson * - export context 40c19800e8SDoug Rabson * - import context 41c19800e8SDoug Rabson */ 42c19800e8SDoug Rabson 43c19800e8SDoug Rabson /* 44c19800e8SDoug Rabson * wire encodings: 45c19800e8SDoug Rabson * int16: number, 2 bytes, in network order 46c19800e8SDoug Rabson * int32: number, 4 bytes, in network order 47c19800e8SDoug Rabson * length-encoded: [int32 length, data of length bytes] 48c19800e8SDoug Rabson * string: [int32 length, string of length + 1 bytes, includes trailing '\0' ] 49c19800e8SDoug Rabson */ 50c19800e8SDoug Rabson 51c19800e8SDoug Rabson enum gssMaggotErrorCodes { 52c19800e8SDoug Rabson GSMERR_OK = 0, 53c19800e8SDoug Rabson GSMERR_ERROR, 54c19800e8SDoug Rabson GSMERR_CONTINUE_NEEDED, 55c19800e8SDoug Rabson GSMERR_INVALID_TOKEN, 56c19800e8SDoug Rabson GSMERR_AP_MODIFIED, 57c19800e8SDoug Rabson GSMERR_TEST_ISSUE, 58c19800e8SDoug Rabson GSMERR_NOT_SUPPORTED 59c19800e8SDoug Rabson }; 60c19800e8SDoug Rabson 61c19800e8SDoug Rabson /* 62c19800e8SDoug Rabson * input: 63c19800e8SDoug Rabson * int32: message OP (enum gssMaggotProtocol) 64c19800e8SDoug Rabson * ... 65c19800e8SDoug Rabson * 66c19800e8SDoug Rabson * return: -- on error 67c19800e8SDoug Rabson * int32: not support (GSMERR_NOT_SUPPORTED) 68c19800e8SDoug Rabson * 69c19800e8SDoug Rabson * return: -- on existing message OP 70c19800e8SDoug Rabson * int32: support (GSMERR_OK) -- only sent for extensions 71c19800e8SDoug Rabson * ... 72c19800e8SDoug Rabson */ 73c19800e8SDoug Rabson 74c19800e8SDoug Rabson #define GSSMAGGOTPROTOCOL 14 75c19800e8SDoug Rabson 76c19800e8SDoug Rabson enum gssMaggotOp { 77c19800e8SDoug Rabson eGetVersionInfo = 0, 78c19800e8SDoug Rabson /* 79c19800e8SDoug Rabson * input: 80c19800e8SDoug Rabson * none 81c19800e8SDoug Rabson * return: 82c19800e8SDoug Rabson * int32: last version handled 83c19800e8SDoug Rabson */ 84c19800e8SDoug Rabson eGoodBye, 85c19800e8SDoug Rabson /* 86c19800e8SDoug Rabson * input: 87c19800e8SDoug Rabson * none 88c19800e8SDoug Rabson * return: 89c19800e8SDoug Rabson * close socket 90c19800e8SDoug Rabson */ 91c19800e8SDoug Rabson eInitContext, 92c19800e8SDoug Rabson /* 93c19800e8SDoug Rabson * input: 94c19800e8SDoug Rabson * int32: hContext 95c19800e8SDoug Rabson * int32: hCred 96c19800e8SDoug Rabson * int32: Flags 97c19800e8SDoug Rabson * the lowest 0x7f flags maps directly to GSS-API flags 98c19800e8SDoug Rabson * DELEGATE 0x001 99c19800e8SDoug Rabson * MUTUAL_AUTH 0x002 100c19800e8SDoug Rabson * REPLAY_DETECT 0x004 101c19800e8SDoug Rabson * SEQUENCE_DETECT 0x008 102c19800e8SDoug Rabson * CONFIDENTIALITY 0x010 103c19800e8SDoug Rabson * INTEGRITY 0x020 104c19800e8SDoug Rabson * ANONYMOUS 0x040 105c19800e8SDoug Rabson * 106c19800e8SDoug Rabson * FIRST_CALL 0x080 107c19800e8SDoug Rabson * 108c19800e8SDoug Rabson * NTLM 0x100 109c19800e8SDoug Rabson * SPNEGO 0x200 110c19800e8SDoug Rabson * length-encoded: targetname 111c19800e8SDoug Rabson * length-encoded: token 112c19800e8SDoug Rabson * return: 113c19800e8SDoug Rabson * int32: hNewContextId 114c19800e8SDoug Rabson * int32: gssapi status val 115c19800e8SDoug Rabson * length-encoded: output token 116c19800e8SDoug Rabson */ 117c19800e8SDoug Rabson eAcceptContext, 118c19800e8SDoug Rabson /* 119c19800e8SDoug Rabson * input: 120c19800e8SDoug Rabson * int32: hContext 121c19800e8SDoug Rabson * int32: Flags -- unused ? 122c19800e8SDoug Rabson * flags are same as flags for eInitContext 123c19800e8SDoug Rabson * length-encoded: token 124c19800e8SDoug Rabson * return: 125c19800e8SDoug Rabson * int32: hNewContextId 126c19800e8SDoug Rabson * int32: gssapi status val 127c19800e8SDoug Rabson * length-encoded: output token 128c19800e8SDoug Rabson * int32: delegation cred id 129c19800e8SDoug Rabson */ 130c19800e8SDoug Rabson eToastResource, 131c19800e8SDoug Rabson /* 132c19800e8SDoug Rabson * input: 133c19800e8SDoug Rabson * int32: hResource 134c19800e8SDoug Rabson * return: 135c19800e8SDoug Rabson * int32: gsm status val 136c19800e8SDoug Rabson */ 137c19800e8SDoug Rabson eAcquireCreds, 138c19800e8SDoug Rabson /* 139c19800e8SDoug Rabson * input: 140c19800e8SDoug Rabson * string: principal name 141c19800e8SDoug Rabson * string: password 142c19800e8SDoug Rabson * int32: flags 143c19800e8SDoug Rabson * FORWARDABLE 0x001 144c19800e8SDoug Rabson * DEFAULT_CREDS 0x002 145c19800e8SDoug Rabson * 146c19800e8SDoug Rabson * NTLM 0x100 147c19800e8SDoug Rabson * SPNEGO 0x200 148c19800e8SDoug Rabson * return: 149c19800e8SDoug Rabson * int32: gsm status val 150c19800e8SDoug Rabson * int32: hCred 151c19800e8SDoug Rabson */ 152c19800e8SDoug Rabson eEncrypt, 153c19800e8SDoug Rabson /* 154c19800e8SDoug Rabson * input: 155c19800e8SDoug Rabson * int32: hContext 156*ae771770SStanislav Sedov * int32: flags 157c19800e8SDoug Rabson * int32: seqno -- unused 158c19800e8SDoug Rabson * length-encode: plaintext 159c19800e8SDoug Rabson * return: 160c19800e8SDoug Rabson * int32: gsm status val 161c19800e8SDoug Rabson * length-encode: ciphertext 162c19800e8SDoug Rabson */ 163c19800e8SDoug Rabson eDecrypt, 164c19800e8SDoug Rabson /* 165c19800e8SDoug Rabson * input: 166c19800e8SDoug Rabson * int32: hContext 167*ae771770SStanislav Sedov * int32: flags 168c19800e8SDoug Rabson * int32: seqno -- unused 169c19800e8SDoug Rabson * length-encode: ciphertext 170c19800e8SDoug Rabson * return: 171c19800e8SDoug Rabson * int32: gsm status val 172c19800e8SDoug Rabson * length-encode: plaintext 173c19800e8SDoug Rabson */ 174c19800e8SDoug Rabson eSign, 175c19800e8SDoug Rabson /* message same as eEncrypt */ 176c19800e8SDoug Rabson eVerify, 177c19800e8SDoug Rabson /* 178c19800e8SDoug Rabson * input: 179c19800e8SDoug Rabson * int32: hContext 180*ae771770SStanislav Sedov * int32: flags 181c19800e8SDoug Rabson * int32: seqno -- unused 182c19800e8SDoug Rabson * length-encode: message 183c19800e8SDoug Rabson * length-encode: signature 184c19800e8SDoug Rabson * return: 185c19800e8SDoug Rabson * int32: gsm status val 186c19800e8SDoug Rabson */ 187c19800e8SDoug Rabson eGetVersionAndCapabilities, 188c19800e8SDoug Rabson /* 189c19800e8SDoug Rabson * return: 190c19800e8SDoug Rabson * int32: protocol version 191c19800e8SDoug Rabson * int32: capability flags */ 192c19800e8SDoug Rabson #define ISSERVER 0x01 193c19800e8SDoug Rabson #define ISKDC 0x02 194c19800e8SDoug Rabson #define MS_KERBEROS 0x04 195c19800e8SDoug Rabson #define LOGSERVER 0x08 196c19800e8SDoug Rabson #define HAS_MONIKER 0x10 197c19800e8SDoug Rabson /* string: version string 198c19800e8SDoug Rabson */ 199c19800e8SDoug Rabson eGetTargetName, 200c19800e8SDoug Rabson /* 201c19800e8SDoug Rabson * return: 202c19800e8SDoug Rabson * string: target principal name 203c19800e8SDoug Rabson */ 204c19800e8SDoug Rabson eSetLoggingSocket, 205c19800e8SDoug Rabson /* 206c19800e8SDoug Rabson * input: 207c19800e8SDoug Rabson * int32: hostPort 208c19800e8SDoug Rabson * return to the port on the host: 209c19800e8SDoug Rabson * int32: opcode - for example eLogSetMoniker 210c19800e8SDoug Rabson */ 211c19800e8SDoug Rabson eChangePassword, 212c19800e8SDoug Rabson /* here ended version 7 of the protocol */ 213c19800e8SDoug Rabson /* 214c19800e8SDoug Rabson * input: 215c19800e8SDoug Rabson * string: principal name 216c19800e8SDoug Rabson * string: old password 217c19800e8SDoug Rabson * string: new password 218c19800e8SDoug Rabson * return: 219c19800e8SDoug Rabson * int32: gsm status val 220c19800e8SDoug Rabson */ 221c19800e8SDoug Rabson eSetPasswordSelf, 222c19800e8SDoug Rabson /* same as eChangePassword */ 223c19800e8SDoug Rabson eWrap, 224c19800e8SDoug Rabson /* message same as eEncrypt */ 225c19800e8SDoug Rabson eUnwrap, 226c19800e8SDoug Rabson /* message same as eDecrypt */ 227c19800e8SDoug Rabson eConnectLoggingService2, 228c19800e8SDoug Rabson /* 229c19800e8SDoug Rabson * return1: 230c19800e8SDoug Rabson * int16: log port number 231c19800e8SDoug Rabson * int32: master log prototocol version (0) 232c19800e8SDoug Rabson * 233c19800e8SDoug Rabson * wait for master to connect on the master log socket 234c19800e8SDoug Rabson * 235c19800e8SDoug Rabson * return2: 236c19800e8SDoug Rabson * int32: gsm connection status 237c19800e8SDoug Rabson * int32: maggot log prototocol version (2) 238c19800e8SDoug Rabson */ 239c19800e8SDoug Rabson eGetMoniker, 240c19800e8SDoug Rabson /* 241c19800e8SDoug Rabson * return: 242c19800e8SDoug Rabson * string: moniker (Nickname the master can refer to maggot) 243c19800e8SDoug Rabson */ 244c19800e8SDoug Rabson eCallExtension, 245c19800e8SDoug Rabson /* 246c19800e8SDoug Rabson * input: 247c19800e8SDoug Rabson * string: extension name 248c19800e8SDoug Rabson * int32: message id 249c19800e8SDoug Rabson * return: 250c19800e8SDoug Rabson * int32: gsm status val 251c19800e8SDoug Rabson */ 252c19800e8SDoug Rabson eAcquirePKInitCreds, 253c19800e8SDoug Rabson /* 254c19800e8SDoug Rabson * input: 255c19800e8SDoug Rabson * int32: flags 256c19800e8SDoug Rabson * length-encode: certificate (pkcs12 data) 257c19800e8SDoug Rabson * return: 258c19800e8SDoug Rabson * int32: hResource 259c19800e8SDoug Rabson * int32: gsm status val (GSMERR_NOT_SUPPORTED) 260c19800e8SDoug Rabson */ 261c19800e8SDoug Rabson /* here ended version 7 of the protocol */ 262*ae771770SStanislav Sedov eWrapExt, 263*ae771770SStanislav Sedov /* 264*ae771770SStanislav Sedov * input: 265*ae771770SStanislav Sedov * int32: hContext 266*ae771770SStanislav Sedov * int32: flags 267*ae771770SStanislav Sedov * int32: bflags 268*ae771770SStanislav Sedov * length-encode: protocol header 269*ae771770SStanislav Sedov * length-encode: plaintext 270*ae771770SStanislav Sedov * length-encode: protocol trailer 271*ae771770SStanislav Sedov * return: 272*ae771770SStanislav Sedov * int32: gsm status val 273*ae771770SStanislav Sedov * length-encode: ciphertext 274*ae771770SStanislav Sedov */ 275*ae771770SStanislav Sedov eUnwrapExt, 276*ae771770SStanislav Sedov /* 277*ae771770SStanislav Sedov * input: 278*ae771770SStanislav Sedov * int32: hContext 279*ae771770SStanislav Sedov * int32: flags 280*ae771770SStanislav Sedov * int32: bflags 281*ae771770SStanislav Sedov * length-encode: protocol header 282*ae771770SStanislav Sedov * length-encode: ciphertext 283*ae771770SStanislav Sedov * length-encode: protocol trailer 284*ae771770SStanislav Sedov * return: 285*ae771770SStanislav Sedov * int32: gsm status val 286*ae771770SStanislav Sedov * length-encode: plaintext 287*ae771770SStanislav Sedov */ 288*ae771770SStanislav Sedov /* here ended version 8 of the protocol */ 289*ae771770SStanislav Sedov 290c19800e8SDoug Rabson eLastProtocolMessage 291c19800e8SDoug Rabson }; 292c19800e8SDoug Rabson 293*ae771770SStanislav Sedov /* bflags */ 294*ae771770SStanislav Sedov #define WRAP_EXP_ONLY_HEADER 1 295*ae771770SStanislav Sedov 296c19800e8SDoug Rabson enum gssMaggotLogOp{ 297c19800e8SDoug Rabson eLogInfo = 0, 298c19800e8SDoug Rabson /* 299c19800e8SDoug Rabson string: File 300c19800e8SDoug Rabson int32: Line 301c19800e8SDoug Rabson string: message 302c19800e8SDoug Rabson reply: 303c19800e8SDoug Rabson int32: ackid 304c19800e8SDoug Rabson */ 305c19800e8SDoug Rabson eLogFailure, 306c19800e8SDoug Rabson /* 307c19800e8SDoug Rabson string: File 308c19800e8SDoug Rabson int32: Line 309c19800e8SDoug Rabson string: message 310c19800e8SDoug Rabson reply: 311c19800e8SDoug Rabson int32: ackid 312c19800e8SDoug Rabson */ 313c19800e8SDoug Rabson eLogSetMoniker 314c19800e8SDoug Rabson /* 315c19800e8SDoug Rabson string: moniker 316c19800e8SDoug Rabson */ 317c19800e8SDoug Rabson }; 318