1 /* 2 * Copyright (c) 2006 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of KTH nor the names of its contributors may be 18 * used to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 /* 35 * $Id$ 36 */ 37 38 /* missing from tests: 39 * - export context 40 * - import context 41 */ 42 43 /* 44 * wire encodings: 45 * int16: number, 2 bytes, in network order 46 * int32: number, 4 bytes, in network order 47 * length-encoded: [int32 length, data of length bytes] 48 * string: [int32 length, string of length + 1 bytes, includes trailing '\0' ] 49 */ 50 51 enum gssMaggotErrorCodes { 52 GSMERR_OK = 0, 53 GSMERR_ERROR, 54 GSMERR_CONTINUE_NEEDED, 55 GSMERR_INVALID_TOKEN, 56 GSMERR_AP_MODIFIED, 57 GSMERR_TEST_ISSUE, 58 GSMERR_NOT_SUPPORTED 59 }; 60 61 /* 62 * input: 63 * int32: message OP (enum gssMaggotProtocol) 64 * ... 65 * 66 * return: -- on error 67 * int32: not support (GSMERR_NOT_SUPPORTED) 68 * 69 * return: -- on existing message OP 70 * int32: support (GSMERR_OK) -- only sent for extensions 71 * ... 72 */ 73 74 #define GSSMAGGOTPROTOCOL 14 75 76 enum gssMaggotOp { 77 eGetVersionInfo = 0, 78 /* 79 * input: 80 * none 81 * return: 82 * int32: last version handled 83 */ 84 eGoodBye, 85 /* 86 * input: 87 * none 88 * return: 89 * close socket 90 */ 91 eInitContext, 92 /* 93 * input: 94 * int32: hContext 95 * int32: hCred 96 * int32: Flags 97 * the lowest 0x7f flags maps directly to GSS-API flags 98 * DELEGATE 0x001 99 * MUTUAL_AUTH 0x002 100 * REPLAY_DETECT 0x004 101 * SEQUENCE_DETECT 0x008 102 * CONFIDENTIALITY 0x010 103 * INTEGRITY 0x020 104 * ANONYMOUS 0x040 105 * 106 * FIRST_CALL 0x080 107 * 108 * NTLM 0x100 109 * SPNEGO 0x200 110 * length-encoded: targetname 111 * length-encoded: token 112 * return: 113 * int32: hNewContextId 114 * int32: gssapi status val 115 * length-encoded: output token 116 */ 117 eAcceptContext, 118 /* 119 * input: 120 * int32: hContext 121 * int32: Flags -- unused ? 122 * flags are same as flags for eInitContext 123 * length-encoded: token 124 * return: 125 * int32: hNewContextId 126 * int32: gssapi status val 127 * length-encoded: output token 128 * int32: delegation cred id 129 */ 130 eToastResource, 131 /* 132 * input: 133 * int32: hResource 134 * return: 135 * int32: gsm status val 136 */ 137 eAcquireCreds, 138 /* 139 * input: 140 * string: principal name 141 * string: password 142 * int32: flags 143 * FORWARDABLE 0x001 144 * DEFAULT_CREDS 0x002 145 * 146 * NTLM 0x100 147 * SPNEGO 0x200 148 * return: 149 * int32: gsm status val 150 * int32: hCred 151 */ 152 eEncrypt, 153 /* 154 * input: 155 * int32: hContext 156 * int32: flags 157 * int32: seqno -- unused 158 * length-encode: plaintext 159 * return: 160 * int32: gsm status val 161 * length-encode: ciphertext 162 */ 163 eDecrypt, 164 /* 165 * input: 166 * int32: hContext 167 * int32: flags 168 * int32: seqno -- unused 169 * length-encode: ciphertext 170 * return: 171 * int32: gsm status val 172 * length-encode: plaintext 173 */ 174 eSign, 175 /* message same as eEncrypt */ 176 eVerify, 177 /* 178 * input: 179 * int32: hContext 180 * int32: flags 181 * int32: seqno -- unused 182 * length-encode: message 183 * length-encode: signature 184 * return: 185 * int32: gsm status val 186 */ 187 eGetVersionAndCapabilities, 188 /* 189 * return: 190 * int32: protocol version 191 * int32: capability flags */ 192 #define ISSERVER 0x01 193 #define ISKDC 0x02 194 #define MS_KERBEROS 0x04 195 #define LOGSERVER 0x08 196 #define HAS_MONIKER 0x10 197 /* string: version string 198 */ 199 eGetTargetName, 200 /* 201 * return: 202 * string: target principal name 203 */ 204 eSetLoggingSocket, 205 /* 206 * input: 207 * int32: hostPort 208 * return to the port on the host: 209 * int32: opcode - for example eLogSetMoniker 210 */ 211 eChangePassword, 212 /* here ended version 7 of the protocol */ 213 /* 214 * input: 215 * string: principal name 216 * string: old password 217 * string: new password 218 * return: 219 * int32: gsm status val 220 */ 221 eSetPasswordSelf, 222 /* same as eChangePassword */ 223 eWrap, 224 /* message same as eEncrypt */ 225 eUnwrap, 226 /* message same as eDecrypt */ 227 eConnectLoggingService2, 228 /* 229 * return1: 230 * int16: log port number 231 * int32: master log prototocol version (0) 232 * 233 * wait for master to connect on the master log socket 234 * 235 * return2: 236 * int32: gsm connection status 237 * int32: maggot log prototocol version (2) 238 */ 239 eGetMoniker, 240 /* 241 * return: 242 * string: moniker (Nickname the master can refer to maggot) 243 */ 244 eCallExtension, 245 /* 246 * input: 247 * string: extension name 248 * int32: message id 249 * return: 250 * int32: gsm status val 251 */ 252 eAcquirePKInitCreds, 253 /* 254 * input: 255 * int32: flags 256 * length-encode: certificate (pkcs12 data) 257 * return: 258 * int32: hResource 259 * int32: gsm status val (GSMERR_NOT_SUPPORTED) 260 */ 261 /* here ended version 7 of the protocol */ 262 eWrapExt, 263 /* 264 * input: 265 * int32: hContext 266 * int32: flags 267 * int32: bflags 268 * length-encode: protocol header 269 * length-encode: plaintext 270 * length-encode: protocol trailer 271 * return: 272 * int32: gsm status val 273 * length-encode: ciphertext 274 */ 275 eUnwrapExt, 276 /* 277 * input: 278 * int32: hContext 279 * int32: flags 280 * int32: bflags 281 * length-encode: protocol header 282 * length-encode: ciphertext 283 * length-encode: protocol trailer 284 * return: 285 * int32: gsm status val 286 * length-encode: plaintext 287 */ 288 /* here ended version 8 of the protocol */ 289 290 eLastProtocolMessage 291 }; 292 293 /* bflags */ 294 #define WRAP_EXP_ONLY_HEADER 1 295 296 enum gssMaggotLogOp{ 297 eLogInfo = 0, 298 /* 299 string: File 300 int32: Line 301 string: message 302 reply: 303 int32: ackid 304 */ 305 eLogFailure, 306 /* 307 string: File 308 int32: Line 309 string: message 310 reply: 311 int32: ackid 312 */ 313 eLogSetMoniker 314 /* 315 string: moniker 316 */ 317 }; 318