xref: /freebsd/sys/rpc/rpcsec_gss.h (revision dd7d42a1fae5a4879b62689a165238082421f343) 
1a9148abdSDoug Rabson /*-
24d846d26SWarner Losh  * SPDX-License-Identifier: BSD-2-Clause
3fe267a55SPedro F. Giffuni  *
4a9148abdSDoug Rabson  * Copyright (c) 2008 Doug Rabson
5a9148abdSDoug Rabson  * All rights reserved.
6a9148abdSDoug Rabson  *
7a9148abdSDoug Rabson  * Redistribution and use in source and binary forms, with or without
8a9148abdSDoug Rabson  * modification, are permitted provided that the following conditions
9a9148abdSDoug Rabson  * are met:
10a9148abdSDoug Rabson  * 1. Redistributions of source code must retain the above copyright
11a9148abdSDoug Rabson  *    notice, this list of conditions and the following disclaimer.
12a9148abdSDoug Rabson  * 2. Redistributions in binary form must reproduce the above copyright
13a9148abdSDoug Rabson  *    notice, this list of conditions and the following disclaimer in the
14a9148abdSDoug Rabson  *    documentation and/or other materials provided with the distribution.
15a9148abdSDoug Rabson  *
16a9148abdSDoug Rabson  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17a9148abdSDoug Rabson  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18a9148abdSDoug Rabson  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19a9148abdSDoug Rabson  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20a9148abdSDoug Rabson  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21a9148abdSDoug Rabson  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22a9148abdSDoug Rabson  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23a9148abdSDoug Rabson  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24a9148abdSDoug Rabson  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25a9148abdSDoug Rabson  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26a9148abdSDoug Rabson  * SUCH DAMAGE.
27a9148abdSDoug Rabson  */
28a9148abdSDoug Rabson 
29a9148abdSDoug Rabson #ifndef _RPCSEC_GSS_H
30a9148abdSDoug Rabson #define _RPCSEC_GSS_H
31a9148abdSDoug Rabson 
32a9148abdSDoug Rabson #include <kgssapi/gssapi.h>
33a9148abdSDoug Rabson 
34a9148abdSDoug Rabson #ifndef MAX_GSS_MECH
35a9148abdSDoug Rabson #define MAX_GSS_MECH	64
36a9148abdSDoug Rabson #endif
37a9148abdSDoug Rabson 
38a9148abdSDoug Rabson /*
39a9148abdSDoug Rabson  * Define the types of security service required for rpc_gss_seccreate().
40a9148abdSDoug Rabson  */
41a9148abdSDoug Rabson typedef enum {
42a9148abdSDoug Rabson 	rpc_gss_svc_default	= 0,
43a9148abdSDoug Rabson 	rpc_gss_svc_none	= 1,
44a9148abdSDoug Rabson 	rpc_gss_svc_integrity	= 2,
45a9148abdSDoug Rabson 	rpc_gss_svc_privacy	= 3
46a9148abdSDoug Rabson } rpc_gss_service_t;
47a9148abdSDoug Rabson 
48a9148abdSDoug Rabson /*
49a9148abdSDoug Rabson  * Structure containing options for rpc_gss_seccreate().
50a9148abdSDoug Rabson  */
51a9148abdSDoug Rabson typedef struct {
52a9148abdSDoug Rabson 	int		req_flags;	/* GSS request bits */
53a9148abdSDoug Rabson 	int		time_req;	/* requested credential lifetime */
54a9148abdSDoug Rabson 	gss_cred_id_t	my_cred;	/* GSS credential */
55a9148abdSDoug Rabson 	gss_channel_bindings_t input_channel_bindings;
56a9148abdSDoug Rabson } rpc_gss_options_req_t;
57a9148abdSDoug Rabson 
58a9148abdSDoug Rabson /*
59a9148abdSDoug Rabson  * Structure containing options returned by rpc_gss_seccreate().
60a9148abdSDoug Rabson  */
61a9148abdSDoug Rabson typedef struct {
62a9148abdSDoug Rabson 	int		major_status;
63a9148abdSDoug Rabson 	int		minor_status;
64a9148abdSDoug Rabson 	u_int		rpcsec_version;
65a9148abdSDoug Rabson 	int		ret_flags;
66a9148abdSDoug Rabson 	int		time_req;
67a9148abdSDoug Rabson 	gss_ctx_id_t	gss_context;
68a9148abdSDoug Rabson 	char		actual_mechanism[MAX_GSS_MECH];
69a9148abdSDoug Rabson } rpc_gss_options_ret_t;
70a9148abdSDoug Rabson 
71a9148abdSDoug Rabson /*
72a9148abdSDoug Rabson  * Client principal type. Used as an argument to
73a9148abdSDoug Rabson  * rpc_gss_get_principal_name(). Also referenced by the
74a9148abdSDoug Rabson  * rpc_gss_rawcred_t structure.
75a9148abdSDoug Rabson  */
76a9148abdSDoug Rabson typedef struct {
77a9148abdSDoug Rabson 	int		len;
78a9148abdSDoug Rabson 	char		name[1];
79a9148abdSDoug Rabson } *rpc_gss_principal_t;
80a9148abdSDoug Rabson 
81a9148abdSDoug Rabson /*
82a9148abdSDoug Rabson  * Structure for raw credentials used by rpc_gss_getcred() and
83a9148abdSDoug Rabson  * rpc_gss_set_callback().
84a9148abdSDoug Rabson  */
85a9148abdSDoug Rabson typedef struct {
86a9148abdSDoug Rabson 	u_int		version;	/* RPC version number */
87a9148abdSDoug Rabson 	const char	*mechanism;	/* security mechanism */
88a9148abdSDoug Rabson 	const char	*qop;		/* quality of protection */
89a9148abdSDoug Rabson 	rpc_gss_principal_t client_principal; /* client name */
90a9148abdSDoug Rabson 	const char	*svc_principal;	/* server name */
91a9148abdSDoug Rabson 	rpc_gss_service_t service;	/* service type */
92a9148abdSDoug Rabson } rpc_gss_rawcred_t;
93a9148abdSDoug Rabson 
94a9148abdSDoug Rabson /*
95a9148abdSDoug Rabson  * Unix credentials derived from raw credentials. Returned by
96a9148abdSDoug Rabson  * rpc_gss_getcred().
97a9148abdSDoug Rabson  */
98a9148abdSDoug Rabson typedef struct {
99a9148abdSDoug Rabson 	uid_t		uid;		/* user ID */
100a9148abdSDoug Rabson 	gid_t		gid;		/* group ID */
101a9148abdSDoug Rabson 	short		gidlen;
102a9148abdSDoug Rabson 	gid_t		*gidlist;	/* list of groups */
103a9148abdSDoug Rabson } rpc_gss_ucred_t;
104a9148abdSDoug Rabson 
105a9148abdSDoug Rabson /*
106a9148abdSDoug Rabson  * Structure used to enforce a particular QOP and service.
107a9148abdSDoug Rabson  */
108a9148abdSDoug Rabson typedef struct {
109a9148abdSDoug Rabson 	bool_t		locked;
110a9148abdSDoug Rabson 	rpc_gss_rawcred_t *raw_cred;
111a9148abdSDoug Rabson } rpc_gss_lock_t;
112a9148abdSDoug Rabson 
113a9148abdSDoug Rabson /*
114a9148abdSDoug Rabson  * Callback structure used by rpc_gss_set_callback().
115a9148abdSDoug Rabson  */
116a9148abdSDoug Rabson typedef struct {
117a9148abdSDoug Rabson 	u_int		program;	/* RPC program number */
118a9148abdSDoug Rabson 	u_int		version;	/* RPC version number */
119a9148abdSDoug Rabson 					/* user defined callback */
120a9148abdSDoug Rabson 	bool_t		(*callback)(struct svc_req *req,
121a9148abdSDoug Rabson 				    gss_cred_id_t deleg,
122a9148abdSDoug Rabson 				    gss_ctx_id_t gss_context,
123a9148abdSDoug Rabson 				    rpc_gss_lock_t *lock,
124a9148abdSDoug Rabson 				    void **cookie);
125a9148abdSDoug Rabson } rpc_gss_callback_t;
126a9148abdSDoug Rabson 
127a9148abdSDoug Rabson /*
128a9148abdSDoug Rabson  * Structure used to return error information by rpc_gss_get_error()
129a9148abdSDoug Rabson  */
130a9148abdSDoug Rabson typedef struct {
131a9148abdSDoug Rabson 	int		rpc_gss_error;
132a9148abdSDoug Rabson 	int		system_error;	/* same as errno */
133a9148abdSDoug Rabson } rpc_gss_error_t;
134a9148abdSDoug Rabson 
135a9148abdSDoug Rabson /*
136a9148abdSDoug Rabson  * Values for rpc_gss_error
137a9148abdSDoug Rabson  */
138a9148abdSDoug Rabson #define RPC_GSS_ER_SUCCESS	0	/* no error */
139a9148abdSDoug Rabson #define RPC_GSS_ER_SYSTEMERROR	1	/* system error */
140a9148abdSDoug Rabson 
141a9148abdSDoug Rabson __BEGIN_DECLS
142a9148abdSDoug Rabson 
143a9148abdSDoug Rabson #ifdef _KERNEL
1447e7fd7d1SRick Macklem /*
1457e7fd7d1SRick Macklem  * Set up a structure of entry points for the kgssapi module and inline
1467e7fd7d1SRick Macklem  * functions named rpc_gss_XXX_call() to use them, so that the kgssapi
1477e7fd7d1SRick Macklem  * module doesn't need to be loaded for the NFS modules to work using
1487e7fd7d1SRick Macklem  * AUTH_SYS. The kgssapi modules will be loaded by the gssd(8) daemon
1497e7fd7d1SRick Macklem  * when it is started up and the entry points will then be filled in.
1507e7fd7d1SRick Macklem  */
1517e7fd7d1SRick Macklem typedef AUTH	*rpc_gss_secfind_ftype(CLIENT *clnt, struct ucred *cred,
1527e7fd7d1SRick Macklem 		    const char *principal, gss_OID mech_oid,
1537e7fd7d1SRick Macklem 		    rpc_gss_service_t service);
1547e7fd7d1SRick Macklem typedef void	rpc_gss_secpurge_ftype(CLIENT *clnt);
1557e7fd7d1SRick Macklem typedef AUTH	*rpc_gss_seccreate_ftype(CLIENT *clnt, struct ucred *cred,
15688a2437aSRick Macklem 		    const char *clnt_principal, const char *principal,
15788a2437aSRick Macklem 		    const char *mechanism, rpc_gss_service_t service,
15888a2437aSRick Macklem 		    const char *qop, rpc_gss_options_req_t *options_req,
1597e7fd7d1SRick Macklem 		    rpc_gss_options_ret_t *options_ret);
1607e7fd7d1SRick Macklem typedef bool_t	rpc_gss_set_defaults_ftype(AUTH *auth,
1617e7fd7d1SRick Macklem 		    rpc_gss_service_t service, const char *qop);
1627e7fd7d1SRick Macklem typedef int	rpc_gss_max_data_length_ftype(AUTH *handle,
1637e7fd7d1SRick Macklem 		    int max_tp_unit_len);
1647e7fd7d1SRick Macklem typedef void	rpc_gss_get_error_ftype(rpc_gss_error_t *error);
1657e7fd7d1SRick Macklem typedef bool_t	rpc_gss_mech_to_oid_ftype(const char *mech, gss_OID *oid_ret);
1667e7fd7d1SRick Macklem typedef bool_t	rpc_gss_oid_to_mech_ftype(gss_OID oid, const char **mech_ret);
1677e7fd7d1SRick Macklem typedef bool_t	rpc_gss_qop_to_num_ftype(const char *qop, const char *mech,
1687e7fd7d1SRick Macklem 		    u_int *num_ret);
1697e7fd7d1SRick Macklem typedef const char **rpc_gss_get_mechanisms_ftype(void);
1707e7fd7d1SRick Macklem typedef bool_t	rpc_gss_get_versions_ftype(u_int *vers_hi, u_int *vers_lo);
1717e7fd7d1SRick Macklem typedef bool_t	rpc_gss_is_installed_ftype(const char *mech);
1727e7fd7d1SRick Macklem typedef bool_t	rpc_gss_set_svc_name_ftype(const char *principal,
1737e7fd7d1SRick Macklem 		    const char *mechanism, u_int req_time, u_int program,
1747e7fd7d1SRick Macklem 		    u_int version);
1757e7fd7d1SRick Macklem typedef void	rpc_gss_clear_svc_name_ftype(u_int program, u_int version);
1767e7fd7d1SRick Macklem typedef bool_t	rpc_gss_getcred_ftype(struct svc_req *req,
1777e7fd7d1SRick Macklem 		    rpc_gss_rawcred_t **rcred,
1787e7fd7d1SRick Macklem 		    rpc_gss_ucred_t **ucred, void **cookie);
1797e7fd7d1SRick Macklem typedef bool_t	rpc_gss_set_callback_ftype(rpc_gss_callback_t *cb);
1807e7fd7d1SRick Macklem typedef void	rpc_gss_clear_callback_ftype(rpc_gss_callback_t *cb);
1817e7fd7d1SRick Macklem typedef bool_t	rpc_gss_get_principal_name_ftype(rpc_gss_principal_t *principal,
1827e7fd7d1SRick Macklem 		    const char *mech, const char *name, const char *node,
1837e7fd7d1SRick Macklem 		    const char *domain);
1847e7fd7d1SRick Macklem typedef int	rpc_gss_svc_max_data_length_ftype(struct svc_req *req,
1857e7fd7d1SRick Macklem 		    int max_tp_unit_len);
18688a2437aSRick Macklem typedef void	rpc_gss_refresh_auth_ftype(AUTH *auth);
187*dd7d42a1SRick Macklem typedef bool_t	rpc_gss_ip_to_srv_principal_ftype(char *ip_addr,
188*dd7d42a1SRick Macklem 		    const char *srv_name, char *dns_name);
1897e7fd7d1SRick Macklem 
1907e7fd7d1SRick Macklem struct rpc_gss_entries {
1917e7fd7d1SRick Macklem 	rpc_gss_secfind_ftype		*rpc_gss_secfind;
1927e7fd7d1SRick Macklem 	rpc_gss_secpurge_ftype		*rpc_gss_secpurge;
1937e7fd7d1SRick Macklem 	rpc_gss_seccreate_ftype		*rpc_gss_seccreate;
1947e7fd7d1SRick Macklem 	rpc_gss_set_defaults_ftype	*rpc_gss_set_defaults;
1957e7fd7d1SRick Macklem 	rpc_gss_max_data_length_ftype	*rpc_gss_max_data_length;
1967e7fd7d1SRick Macklem 	rpc_gss_get_error_ftype		*rpc_gss_get_error;
1977e7fd7d1SRick Macklem 	rpc_gss_mech_to_oid_ftype	*rpc_gss_mech_to_oid;
1987e7fd7d1SRick Macklem 	rpc_gss_oid_to_mech_ftype	*rpc_gss_oid_to_mech;
1997e7fd7d1SRick Macklem 	rpc_gss_qop_to_num_ftype	*rpc_gss_qop_to_num;
2007e7fd7d1SRick Macklem 	rpc_gss_get_mechanisms_ftype	*rpc_gss_get_mechanisms;
2017e7fd7d1SRick Macklem 	rpc_gss_get_versions_ftype	*rpc_gss_get_versions;
2027e7fd7d1SRick Macklem 	rpc_gss_is_installed_ftype	*rpc_gss_is_installed;
2037e7fd7d1SRick Macklem 	rpc_gss_set_svc_name_ftype	*rpc_gss_set_svc_name;
2047e7fd7d1SRick Macklem 	rpc_gss_clear_svc_name_ftype	*rpc_gss_clear_svc_name;
2057e7fd7d1SRick Macklem 	rpc_gss_getcred_ftype		*rpc_gss_getcred;
2067e7fd7d1SRick Macklem 	rpc_gss_set_callback_ftype	*rpc_gss_set_callback;
2077e7fd7d1SRick Macklem 	rpc_gss_clear_callback_ftype	*rpc_gss_clear_callback;
2087e7fd7d1SRick Macklem 	rpc_gss_get_principal_name_ftype *rpc_gss_get_principal_name;
2097e7fd7d1SRick Macklem 	rpc_gss_svc_max_data_length_ftype *rpc_gss_svc_max_data_length;
21088a2437aSRick Macklem 	rpc_gss_refresh_auth_ftype	*rpc_gss_refresh_auth;
211*dd7d42a1SRick Macklem 	rpc_gss_ip_to_srv_principal_ftype *rpc_gss_ip_to_srv_principal;
2127e7fd7d1SRick Macklem };
2137e7fd7d1SRick Macklem extern struct rpc_gss_entries	rpc_gss_entries;
2147e7fd7d1SRick Macklem 
2157e7fd7d1SRick Macklem /* Functions to access the entry points. */
2167e7fd7d1SRick Macklem static __inline AUTH *
rpc_gss_secfind_call(CLIENT * clnt,struct ucred * cred,const char * principal,gss_OID mech_oid,rpc_gss_service_t service)2177e7fd7d1SRick Macklem rpc_gss_secfind_call(CLIENT *clnt, struct ucred *cred, const char *principal,
2187e7fd7d1SRick Macklem     gss_OID mech_oid, rpc_gss_service_t service)
2197e7fd7d1SRick Macklem {
2207e7fd7d1SRick Macklem 	AUTH *ret = NULL;
2217e7fd7d1SRick Macklem 
2227e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_secfind != NULL)
2237e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_secfind)(clnt, cred, principal,
2247e7fd7d1SRick Macklem 		    mech_oid, service);
2257e7fd7d1SRick Macklem 	return (ret);
2267e7fd7d1SRick Macklem }
2277e7fd7d1SRick Macklem 
2287e7fd7d1SRick Macklem static __inline void
rpc_gss_secpurge_call(CLIENT * clnt)2297e7fd7d1SRick Macklem rpc_gss_secpurge_call(CLIENT *clnt)
2307e7fd7d1SRick Macklem {
2317e7fd7d1SRick Macklem 
2327e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_secpurge != NULL)
2337e7fd7d1SRick Macklem 		(*rpc_gss_entries.rpc_gss_secpurge)(clnt);
2347e7fd7d1SRick Macklem }
2357e7fd7d1SRick Macklem 
2367e7fd7d1SRick Macklem static __inline AUTH *
rpc_gss_seccreate_call(CLIENT * clnt,struct ucred * cred,const char * clnt_principal,const char * principal,const char * mechanism,rpc_gss_service_t service,const char * qop,rpc_gss_options_req_t * options_req,rpc_gss_options_ret_t * options_ret)23788a2437aSRick Macklem rpc_gss_seccreate_call(CLIENT *clnt, struct ucred *cred,
23888a2437aSRick Macklem     const char *clnt_principal, const char *principal, const char *mechanism,
23988a2437aSRick Macklem     rpc_gss_service_t service, const char *qop,
2407e7fd7d1SRick Macklem     rpc_gss_options_req_t *options_req, rpc_gss_options_ret_t *options_ret)
2417e7fd7d1SRick Macklem {
2427e7fd7d1SRick Macklem 	AUTH *ret = NULL;
2437e7fd7d1SRick Macklem 
2447e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_seccreate != NULL)
2457e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_seccreate)(clnt, cred,
24688a2437aSRick Macklem 		    clnt_principal, principal, mechanism, service, qop,
24788a2437aSRick Macklem 		    options_req, options_ret);
2487e7fd7d1SRick Macklem 	return (ret);
2497e7fd7d1SRick Macklem }
2507e7fd7d1SRick Macklem 
2517e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_set_defaults_call(AUTH * auth,rpc_gss_service_t service,const char * qop)2527e7fd7d1SRick Macklem rpc_gss_set_defaults_call(AUTH *auth, rpc_gss_service_t service,
2537e7fd7d1SRick Macklem     const char *qop)
2547e7fd7d1SRick Macklem {
2557e7fd7d1SRick Macklem 	bool_t ret = 1;
2567e7fd7d1SRick Macklem 
2577e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_set_defaults != NULL)
2587e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_set_defaults)(auth, service,
2597e7fd7d1SRick Macklem 		    qop);
2607e7fd7d1SRick Macklem 	return (ret);
2617e7fd7d1SRick Macklem }
2627e7fd7d1SRick Macklem 
2637e7fd7d1SRick Macklem static __inline int
rpc_gss_max_data_length_call(AUTH * handle,int max_tp_unit_len)2647e7fd7d1SRick Macklem rpc_gss_max_data_length_call(AUTH *handle, int max_tp_unit_len)
2657e7fd7d1SRick Macklem {
2667e7fd7d1SRick Macklem 	int ret = 0;
2677e7fd7d1SRick Macklem 
2687e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_max_data_length != NULL)
2697e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_max_data_length)(handle,
2707e7fd7d1SRick Macklem 		    max_tp_unit_len);
2717e7fd7d1SRick Macklem 	return (ret);
2727e7fd7d1SRick Macklem }
2737e7fd7d1SRick Macklem 
2747e7fd7d1SRick Macklem static __inline void
rpc_gss_get_error_call(rpc_gss_error_t * error)2757e7fd7d1SRick Macklem rpc_gss_get_error_call(rpc_gss_error_t *error)
2767e7fd7d1SRick Macklem {
2777e7fd7d1SRick Macklem 
2787e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_get_error != NULL)
2797e7fd7d1SRick Macklem 		(*rpc_gss_entries.rpc_gss_get_error)(error);
2807e7fd7d1SRick Macklem }
2817e7fd7d1SRick Macklem 
2827e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_mech_to_oid_call(const char * mech,gss_OID * oid_ret)2837e7fd7d1SRick Macklem rpc_gss_mech_to_oid_call(const char *mech, gss_OID *oid_ret)
2847e7fd7d1SRick Macklem {
2857e7fd7d1SRick Macklem 	bool_t ret = 1;
2867e7fd7d1SRick Macklem 
2877e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_mech_to_oid != NULL)
2887e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_mech_to_oid)(mech, oid_ret);
2897e7fd7d1SRick Macklem 	return (ret);
2907e7fd7d1SRick Macklem }
2917e7fd7d1SRick Macklem 
2927e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_oid_to_mech_call(gss_OID oid,const char ** mech_ret)2937e7fd7d1SRick Macklem rpc_gss_oid_to_mech_call(gss_OID oid, const char **mech_ret)
2947e7fd7d1SRick Macklem {
2957e7fd7d1SRick Macklem 	bool_t ret = 1;
2967e7fd7d1SRick Macklem 
2977e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_oid_to_mech != NULL)
2987e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_oid_to_mech)(oid, mech_ret);
2997e7fd7d1SRick Macklem 	return (ret);
3007e7fd7d1SRick Macklem }
3017e7fd7d1SRick Macklem 
3027e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_qop_to_num_call(const char * qop,const char * mech,u_int * num_ret)3037e7fd7d1SRick Macklem rpc_gss_qop_to_num_call(const char *qop, const char *mech, u_int *num_ret)
3047e7fd7d1SRick Macklem {
3057e7fd7d1SRick Macklem 	bool_t ret = 1;
3067e7fd7d1SRick Macklem 
3077e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_qop_to_num != NULL)
3087e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_qop_to_num)(qop, mech, num_ret);
3097e7fd7d1SRick Macklem 	return (ret);
3107e7fd7d1SRick Macklem }
3117e7fd7d1SRick Macklem 
3127e7fd7d1SRick Macklem static __inline const char **
rpc_gss_get_mechanisms_call(void)3137e7fd7d1SRick Macklem rpc_gss_get_mechanisms_call(void)
3147e7fd7d1SRick Macklem {
3157e7fd7d1SRick Macklem 	const char **ret = NULL;
3167e7fd7d1SRick Macklem 
3177e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_get_mechanisms != NULL)
3187e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_get_mechanisms)();
3197e7fd7d1SRick Macklem 	return (ret);
3207e7fd7d1SRick Macklem }
3217e7fd7d1SRick Macklem 
3227e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_get_versions_call(u_int * vers_hi,u_int * vers_lo)3237e7fd7d1SRick Macklem rpc_gss_get_versions_call(u_int *vers_hi, u_int *vers_lo)
3247e7fd7d1SRick Macklem {
3257e7fd7d1SRick Macklem 	bool_t ret = 1;
3267e7fd7d1SRick Macklem 
3277e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_get_versions != NULL)
3287e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_get_versions)(vers_hi, vers_lo);
3297e7fd7d1SRick Macklem 	return (ret);
3307e7fd7d1SRick Macklem }
3317e7fd7d1SRick Macklem 
3327e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_is_installed_call(const char * mech)3337e7fd7d1SRick Macklem rpc_gss_is_installed_call(const char *mech)
3347e7fd7d1SRick Macklem {
3357e7fd7d1SRick Macklem 	bool_t ret = 1;
3367e7fd7d1SRick Macklem 
3377e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_is_installed != NULL)
3387e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_is_installed)(mech);
3397e7fd7d1SRick Macklem 	return (ret);
3407e7fd7d1SRick Macklem }
3417e7fd7d1SRick Macklem 
3427e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_set_svc_name_call(const char * principal,const char * mechanism,u_int req_time,u_int program,u_int version)3437e7fd7d1SRick Macklem rpc_gss_set_svc_name_call(const char *principal, const char *mechanism,
3447e7fd7d1SRick Macklem     u_int req_time, u_int program, u_int version)
3457e7fd7d1SRick Macklem {
3467e7fd7d1SRick Macklem 	bool_t ret = 1;
3477e7fd7d1SRick Macklem 
3487e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_set_svc_name != NULL)
3497e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_set_svc_name)(principal,
3507e7fd7d1SRick Macklem 		    mechanism, req_time, program, version);
3517e7fd7d1SRick Macklem 	return (ret);
3527e7fd7d1SRick Macklem }
3537e7fd7d1SRick Macklem 
3547e7fd7d1SRick Macklem static __inline void
rpc_gss_clear_svc_name_call(u_int program,u_int version)3557e7fd7d1SRick Macklem rpc_gss_clear_svc_name_call(u_int program, u_int version)
3567e7fd7d1SRick Macklem {
3577e7fd7d1SRick Macklem 
3587e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_clear_svc_name != NULL)
3597e7fd7d1SRick Macklem 		(*rpc_gss_entries.rpc_gss_clear_svc_name)(program, version);
3607e7fd7d1SRick Macklem }
3617e7fd7d1SRick Macklem 
3627e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_getcred_call(struct svc_req * req,rpc_gss_rawcred_t ** rcred,rpc_gss_ucred_t ** ucred,void ** cookie)3637e7fd7d1SRick Macklem rpc_gss_getcred_call(struct svc_req *req, rpc_gss_rawcred_t **rcred,
3647e7fd7d1SRick Macklem     rpc_gss_ucred_t **ucred, void **cookie)
3657e7fd7d1SRick Macklem {
3667e7fd7d1SRick Macklem 	bool_t ret = 1;
3677e7fd7d1SRick Macklem 
3687e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_getcred != NULL)
3697e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_getcred)(req, rcred, ucred,
3707e7fd7d1SRick Macklem 		    cookie);
3717e7fd7d1SRick Macklem 	return (ret);
3727e7fd7d1SRick Macklem }
3737e7fd7d1SRick Macklem 
3747e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_set_callback_call(rpc_gss_callback_t * cb)3757e7fd7d1SRick Macklem rpc_gss_set_callback_call(rpc_gss_callback_t *cb)
3767e7fd7d1SRick Macklem {
3777e7fd7d1SRick Macklem 	bool_t ret = 1;
3787e7fd7d1SRick Macklem 
3797e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_set_callback != NULL)
3807e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_set_callback)(cb);
3817e7fd7d1SRick Macklem 	return (ret);
3827e7fd7d1SRick Macklem }
3837e7fd7d1SRick Macklem 
3847e7fd7d1SRick Macklem static __inline void
rpc_gss_clear_callback_call(rpc_gss_callback_t * cb)3857e7fd7d1SRick Macklem rpc_gss_clear_callback_call(rpc_gss_callback_t *cb)
3867e7fd7d1SRick Macklem {
3877e7fd7d1SRick Macklem 
3887e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_clear_callback != NULL)
3897e7fd7d1SRick Macklem 		(*rpc_gss_entries.rpc_gss_clear_callback)(cb);
3907e7fd7d1SRick Macklem }
3917e7fd7d1SRick Macklem 
3927e7fd7d1SRick Macklem static __inline bool_t
rpc_gss_get_principal_name_call(rpc_gss_principal_t * principal,const char * mech,const char * name,const char * node,const char * domain)3937e7fd7d1SRick Macklem rpc_gss_get_principal_name_call(rpc_gss_principal_t *principal,
3947e7fd7d1SRick Macklem     const char *mech, const char *name, const char *node, const char *domain)
3957e7fd7d1SRick Macklem {
3967e7fd7d1SRick Macklem 	bool_t ret = 1;
3977e7fd7d1SRick Macklem 
3987e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_get_principal_name != NULL)
3997e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_get_principal_name)(principal,
4007e7fd7d1SRick Macklem 		    mech, name, node, domain);
4017e7fd7d1SRick Macklem 	return (ret);
4027e7fd7d1SRick Macklem }
4037e7fd7d1SRick Macklem 
4047e7fd7d1SRick Macklem static __inline int
rpc_gss_svc_max_data_length_call(struct svc_req * req,int max_tp_unit_len)4057e7fd7d1SRick Macklem rpc_gss_svc_max_data_length_call(struct svc_req *req, int max_tp_unit_len)
4067e7fd7d1SRick Macklem {
4077e7fd7d1SRick Macklem 	int ret = 0;
4087e7fd7d1SRick Macklem 
4097e7fd7d1SRick Macklem 	if (rpc_gss_entries.rpc_gss_svc_max_data_length != NULL)
4107e7fd7d1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_svc_max_data_length)(req,
4117e7fd7d1SRick Macklem 		    max_tp_unit_len);
4127e7fd7d1SRick Macklem 	return (ret);
4137e7fd7d1SRick Macklem }
4147e7fd7d1SRick Macklem 
41588a2437aSRick Macklem static __inline void
rpc_gss_refresh_auth_call(AUTH * auth)41688a2437aSRick Macklem rpc_gss_refresh_auth_call(AUTH *auth)
41788a2437aSRick Macklem {
41888a2437aSRick Macklem 
41988a2437aSRick Macklem 	if (rpc_gss_entries.rpc_gss_refresh_auth != NULL)
42088a2437aSRick Macklem 		(*rpc_gss_entries.rpc_gss_refresh_auth)(auth);
42188a2437aSRick Macklem }
42288a2437aSRick Macklem 
423*dd7d42a1SRick Macklem static __inline bool_t
rpc_gss_ip_to_srv_principal_call(char * ip_addr,const char * srv_name,char * dns_name)424*dd7d42a1SRick Macklem rpc_gss_ip_to_srv_principal_call(char *ip_addr, const char *srv_name,
425*dd7d42a1SRick Macklem     char *dns_name)
426*dd7d42a1SRick Macklem {
427*dd7d42a1SRick Macklem 	bool_t ret = FALSE;
428*dd7d42a1SRick Macklem 
429*dd7d42a1SRick Macklem 	if (rpc_gss_entries.rpc_gss_ip_to_srv_principal != NULL)
430*dd7d42a1SRick Macklem 		ret = (*rpc_gss_entries.rpc_gss_ip_to_srv_principal)(ip_addr,
431*dd7d42a1SRick Macklem 		    srv_name, dns_name);
432*dd7d42a1SRick Macklem 	return (ret);
433*dd7d42a1SRick Macklem }
434*dd7d42a1SRick Macklem 
435a9148abdSDoug Rabson AUTH	*rpc_gss_secfind(CLIENT *clnt, struct ucred *cred,
436a9148abdSDoug Rabson     const char *principal, gss_OID mech_oid, rpc_gss_service_t service);
437a9148abdSDoug Rabson void	rpc_gss_secpurge(CLIENT *clnt);
43888a2437aSRick Macklem void	rpc_gss_refresh_auth(AUTH *auth);
43988a2437aSRick Macklem AUTH	*rpc_gss_seccreate(CLIENT *clnt, struct ucred *cred,
44088a2437aSRick Macklem     const char *clnt_principal, const char *principal,
44188a2437aSRick Macklem     const char *mechanism, rpc_gss_service_t service,
44288a2437aSRick Macklem     const char *qop, rpc_gss_options_req_t *options_req,
44388a2437aSRick Macklem     rpc_gss_options_ret_t *options_ret);
44488a2437aSRick Macklem #else	/* !_KERNEL */
445a9148abdSDoug Rabson AUTH	*rpc_gss_seccreate(CLIENT *clnt, struct ucred *cred,
446a9148abdSDoug Rabson     const char *principal, const char *mechanism, rpc_gss_service_t service,
447a9148abdSDoug Rabson     const char *qop, rpc_gss_options_req_t *options_req,
448a9148abdSDoug Rabson     rpc_gss_options_ret_t *options_ret);
44988a2437aSRick Macklem #endif	/* _KERNEL */
450a9148abdSDoug Rabson bool_t	rpc_gss_set_defaults(AUTH *auth, rpc_gss_service_t service,
451a9148abdSDoug Rabson     const char *qop);
452a9148abdSDoug Rabson int	rpc_gss_max_data_length(AUTH *handle, int max_tp_unit_len);
453a9148abdSDoug Rabson void	rpc_gss_get_error(rpc_gss_error_t *error);
454a9148abdSDoug Rabson 
455a9148abdSDoug Rabson bool_t	rpc_gss_mech_to_oid(const char *mech, gss_OID *oid_ret);
456a9148abdSDoug Rabson bool_t	rpc_gss_oid_to_mech(gss_OID oid, const char **mech_ret);
457a9148abdSDoug Rabson bool_t	rpc_gss_qop_to_num(const char *qop, const char *mech, u_int *num_ret);
458a9148abdSDoug Rabson const char **rpc_gss_get_mechanisms(void);
459a9148abdSDoug Rabson const char **rpc_gss_get_mech_info(const char *mech, rpc_gss_service_t *service);
460a9148abdSDoug Rabson bool_t	rpc_gss_get_versions(u_int *vers_hi, u_int *vers_lo);
461a9148abdSDoug Rabson bool_t	rpc_gss_is_installed(const char *mech);
462a9148abdSDoug Rabson 
463a9148abdSDoug Rabson bool_t	rpc_gss_set_svc_name(const char *principal, const char *mechanism,
464a9148abdSDoug Rabson     u_int req_time, u_int program, u_int version);
465a9148abdSDoug Rabson void rpc_gss_clear_svc_name(u_int program, u_int version);
466a9148abdSDoug Rabson bool_t	rpc_gss_getcred(struct svc_req *req, rpc_gss_rawcred_t **rcred,
467a9148abdSDoug Rabson     rpc_gss_ucred_t **ucred, void **cookie);
468a9148abdSDoug Rabson bool_t	rpc_gss_set_callback(rpc_gss_callback_t *cb);
469a9148abdSDoug Rabson void rpc_gss_clear_callback(rpc_gss_callback_t *cb);
470a9148abdSDoug Rabson bool_t	rpc_gss_get_principal_name(rpc_gss_principal_t *principal,
471a9148abdSDoug Rabson     const char *mech, const char *name, const char *node, const char *domain);
472a9148abdSDoug Rabson int	rpc_gss_svc_max_data_length(struct svc_req *req, int max_tp_unit_len);
473*dd7d42a1SRick Macklem bool_t	rpc_gss_ip_to_srv_principal(char *ip_addr, const char *srv_name,
474*dd7d42a1SRick Macklem     char *dns_name);
475a9148abdSDoug Rabson 
476a9148abdSDoug Rabson /*
477a9148abdSDoug Rabson  * Internal interface from the RPC implementation.
478a9148abdSDoug Rabson  */
479a9148abdSDoug Rabson #ifndef _KERNEL
480a9148abdSDoug Rabson bool_t	__rpc_gss_wrap(AUTH *auth, void *header, size_t headerlen,
481a9148abdSDoug Rabson     XDR* xdrs, xdrproc_t xdr_args, void *args_ptr);
482a9148abdSDoug Rabson bool_t	__rpc_gss_unwrap(AUTH *auth, XDR* xdrs, xdrproc_t xdr_args,
483a9148abdSDoug Rabson     void *args_ptr);
484a9148abdSDoug Rabson #endif
485a9148abdSDoug Rabson bool_t __rpc_gss_set_error(int rpc_gss_error, int system_error);
486a9148abdSDoug Rabson 
487a9148abdSDoug Rabson __END_DECLS
488a9148abdSDoug Rabson 
489a9148abdSDoug Rabson #endif /* !_RPCSEC_GSS_H */
490