xref: /freebsd/crypto/heimdal/appl/gssmask/protocol.h (revision b9f654b163bce26de79705e77b872427c9f2afa1)
1 /*
2  * Copyright (c) 2006 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of KTH nor the names of its contributors may be
18  *    used to endorse or promote products derived from this software without
19  *    specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  */
33 
34 /*
35  * $Id$
36  */
37 
38 /* missing from tests:
39  * - export context
40  * - import context
41  */
42 
43 /*
44  * wire encodings:
45  *   int16: number, 2 bytes, in network order
46  *   int32: number, 4 bytes, in network order
47  *   length-encoded: [int32 length, data of length bytes]
48  *   string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]
49  */
50 
51 enum gssMaggotErrorCodes {
52     GSMERR_OK		= 0,
53     GSMERR_ERROR,
54     GSMERR_CONTINUE_NEEDED,
55     GSMERR_INVALID_TOKEN,
56     GSMERR_AP_MODIFIED,
57     GSMERR_TEST_ISSUE,
58     GSMERR_NOT_SUPPORTED
59 };
60 
61 /*
62  * input:
63  *   int32: message OP (enum gssMaggotProtocol)
64  *   ...
65  *
66  * return:   -- on error
67  *    int32: not support (GSMERR_NOT_SUPPORTED)
68  *
69  * return:   -- on existing message OP
70  *    int32: support (GSMERR_OK) -- only sent for extensions
71  *    ...
72  */
73 
74 #define GSSMAGGOTPROTOCOL 14
75 
76 enum gssMaggotOp {
77     eGetVersionInfo	= 0,
78     /*
79      * input:
80      *   none
81      * return:
82      *   int32: last version handled
83      */
84     eGoodBye,
85     /*
86      * input:
87      *   none
88      * return:
89      *   close socket
90      */
91     eInitContext,
92     /*
93      * input:
94      *   int32: hContext
95      *   int32: hCred
96      *   int32: Flags
97      *      the lowest 0x7f flags maps directly to GSS-API flags
98      *      DELEGATE		0x001
99      *      MUTUAL_AUTH		0x002
100      *      REPLAY_DETECT	0x004
101      *      SEQUENCE_DETECT	0x008
102      *      CONFIDENTIALITY	0x010
103      *      INTEGRITY		0x020
104      *      ANONYMOUS		0x040
105      *
106      *      FIRST_CALL		0x080
107      *
108      *      NTLM		0x100
109      *      SPNEGO		0x200
110      *   length-encoded: targetname
111      *   length-encoded: token
112      * return:
113      *   int32: hNewContextId
114      *   int32: gssapi status val
115      *   length-encoded: output token
116      */
117     eAcceptContext,
118     /*
119      * input:
120      *   int32: hContext
121      *   int32: Flags		-- unused ?
122      *      flags are same as flags for eInitContext
123      *   length-encoded: token
124      * return:
125      *   int32: hNewContextId
126      *   int32: gssapi status val
127      *   length-encoded: output token
128      *   int32: delegation cred id
129      */
130     eToastResource,
131     /*
132      * input:
133      *   int32: hResource
134      * return:
135      *   int32: gsm status val
136      */
137     eAcquireCreds,
138     /*
139      * input:
140      *   string: principal name
141      *   string: password
142      *   int32: flags
143      *      FORWARDABLE		0x001
144      *      DEFAULT_CREDS	0x002
145      *
146      *      NTLM		0x100
147      *      SPNEGO		0x200
148      * return:
149      *   int32: gsm status val
150      *   int32: hCred
151      */
152     eEncrypt,
153     /*
154      * input:
155      *   int32: hContext
156      *   int32: flags
157      *   int32: seqno		-- unused
158      *   length-encode: plaintext
159      * return:
160      *   int32: gsm status val
161      *   length-encode: ciphertext
162      */
163     eDecrypt,
164     /*
165      * input:
166      *   int32: hContext
167      *   int32: flags
168      *   int32: seqno		-- unused
169      *   length-encode: ciphertext
170      * return:
171      *   int32: gsm status val
172      *   length-encode: plaintext
173      */
174     eSign,
175     /* message same as eEncrypt */
176     eVerify,
177     /*
178      * input:
179      *   int32: hContext
180      *   int32: flags
181      *   int32: seqno		-- unused
182      *   length-encode: message
183      *   length-encode: signature
184      * return:
185      *   int32: gsm status val
186      */
187     eGetVersionAndCapabilities,
188     /*
189      * return:
190      *   int32: protocol version
191      *   int32: capability flags */
192 #define      ISSERVER		0x01
193 #define      ISKDC		0x02
194 #define      MS_KERBEROS	0x04
195 #define      LOGSERVER		0x08
196 #define      HAS_MONIKER	0x10
197     /*   string: version string
198      */
199     eGetTargetName,
200     /*
201      * return:
202      *   string: target principal name
203      */
204     eSetLoggingSocket,
205     /*
206      * input:
207      *   int32: hostPort
208      * return to the port on the host:
209      *   int32: opcode - for example eLogSetMoniker
210      */
211     eChangePassword,
212     /* here ended version 7 of the protocol */
213     /*
214      * input:
215      *   string: principal name
216      *   string: old password
217      *   string: new password
218      * return:
219      *   int32: gsm status val
220      */
221     eSetPasswordSelf,
222     /* same as eChangePassword */
223     eWrap,
224     /* message same as eEncrypt */
225     eUnwrap,
226     /* message same as eDecrypt */
227     eConnectLoggingService2,
228     /*
229      * return1:
230      *   int16: log port number
231      *   int32: master log prototocol version (0)
232      *
233      * wait for master to connect on the master log socket
234      *
235      * return2:
236      *   int32: gsm connection status
237      *   int32: maggot log prototocol version (2)
238      */
239     eGetMoniker,
240     /*
241      * return:
242      *   string: moniker (Nickname the master can refer to maggot)
243      */
244     eCallExtension,
245     /*
246      * input:
247      *   string: extension name
248      *   int32: message id
249      * return:
250      *   int32: gsm status val
251      */
252     eAcquirePKInitCreds,
253     /*
254      * input:
255      *   int32: flags
256      *   length-encode: certificate (pkcs12 data)
257      * return:
258      *   int32: hResource
259      *   int32: gsm status val (GSMERR_NOT_SUPPORTED)
260      */
261     /* here ended version 7 of the protocol */
262     eWrapExt,
263     /*
264      * input:
265      *   int32: hContext
266      *   int32: flags
267      *   int32: bflags
268      *   length-encode: protocol header
269      *   length-encode: plaintext
270      *   length-encode: protocol trailer
271      * return:
272      *   int32: gsm status val
273      *   length-encode: ciphertext
274      */
275     eUnwrapExt,
276     /*
277      * input:
278      *   int32: hContext
279      *   int32: flags
280      *   int32: bflags
281      *   length-encode: protocol header
282      *   length-encode: ciphertext
283      *   length-encode: protocol trailer
284      * return:
285      *   int32: gsm status val
286      *   length-encode: plaintext
287      */
288     /* here ended version 8 of the protocol */
289 
290     eLastProtocolMessage
291 };
292 
293 /* bflags */
294 #define WRAP_EXP_ONLY_HEADER 1
295 
296 enum gssMaggotLogOp{
297   eLogInfo = 0,
298 	/*
299 	string: File
300 	int32: Line
301 	string: message
302      reply:
303   	int32: ackid
304 	*/
305   eLogFailure,
306 	/*
307 	string: File
308 	int32: Line
309 	string: message
310      reply:
311   	int32: ackid
312 	*/
313   eLogSetMoniker
314 	/*
315 	string: moniker
316 	*/
317 };
318