1c19cba61SRick Macklem /*- 24d846d26SWarner Losh * SPDX-License-Identifier: BSD-2-Clause 3c19cba61SRick Macklem * 4c19cba61SRick Macklem * Copyright (c) 2020 Rick Macklem 5c19cba61SRick Macklem * 6c19cba61SRick Macklem * Redistribution and use in source and binary forms, with or without 7c19cba61SRick Macklem * modification, are permitted provided that the following conditions 8c19cba61SRick Macklem * are met: 9c19cba61SRick Macklem * 1. Redistributions of source code must retain the above copyright 10c19cba61SRick Macklem * notice, this list of conditions and the following disclaimer. 11c19cba61SRick Macklem * 2. Redistributions in binary form must reproduce the above copyright 12c19cba61SRick Macklem * notice, this list of conditions and the following disclaimer in the 13c19cba61SRick Macklem * documentation and/or other materials provided with the distribution. 14c19cba61SRick Macklem * 15c19cba61SRick Macklem * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16c19cba61SRick Macklem * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17c19cba61SRick Macklem * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18c19cba61SRick Macklem * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19c19cba61SRick Macklem * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20c19cba61SRick Macklem * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21c19cba61SRick Macklem * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22c19cba61SRick Macklem * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23c19cba61SRick Macklem * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24c19cba61SRick Macklem * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25c19cba61SRick Macklem * SUCH DAMAGE. 26c19cba61SRick Macklem */ 27c19cba61SRick Macklem 28c19cba61SRick Macklem #ifndef _RPC_RPCSEC_TLS_H_ 29c19cba61SRick Macklem #define _RPC_RPCSEC_TLS_H_ 30c19cba61SRick Macklem 31*765ad4f0SGleb Smirnoff /* System call used by the rpc.tlsclntd(8), rpc.tlsservd(8) daemons. */ 32*765ad4f0SGleb Smirnoff int rpctls_syscall(uint64_t); 33c19cba61SRick Macklem 34c19cba61SRick Macklem /* Flag bits to indicate certificate results. */ 35c19cba61SRick Macklem #define RPCTLS_FLAGS_HANDSHAKE 0x01 36c19cba61SRick Macklem #define RPCTLS_FLAGS_GOTCERT 0x02 37c19cba61SRick Macklem #define RPCTLS_FLAGS_SELFSIGNED 0x04 38c19cba61SRick Macklem #define RPCTLS_FLAGS_VERIFIED 0x08 39c19cba61SRick Macklem #define RPCTLS_FLAGS_DISABLED 0x10 40c19cba61SRick Macklem #define RPCTLS_FLAGS_CERTUSER 0x20 41ab0c29afSRick Macklem #define RPCTLS_FLAGS_HANDSHFAIL 0x40 42c19cba61SRick Macklem 43c19cba61SRick Macklem /* Error return values for upcall rpcs. */ 44c19cba61SRick Macklem #define RPCTLSERR_OK 0 45c19cba61SRick Macklem #define RPCTLSERR_NOCLOSE 1 46c19cba61SRick Macklem #define RPCTLSERR_NOSSL 2 47c19cba61SRick Macklem #define RPCTLSERR_NOSOCKET 3 48c19cba61SRick Macklem 49c19cba61SRick Macklem #ifdef _KERNEL 50c19cba61SRick Macklem /* Functions that perform upcalls to the rpctlsd daemon. */ 51665b1365SRick Macklem enum clnt_stat rpctls_connect(CLIENT *newclient, char *certname, 5256a96c51SGleb Smirnoff struct socket *so, uint32_t *reterr); 5356a96c51SGleb Smirnoff enum clnt_stat rpctls_cl_handlerecord(void *socookie, uint32_t *reterr); 54af805255SGleb Smirnoff enum clnt_stat rpctls_srv_handlerecord(void *socookie, uint32_t *reterr); 5556a96c51SGleb Smirnoff enum clnt_stat rpctls_cl_disconnect(void *socookie, uint32_t *reterr); 56af805255SGleb Smirnoff enum clnt_stat rpctls_srv_disconnect(void *socookie, uint32_t *reterr); 57c19cba61SRick Macklem 58c19cba61SRick Macklem /* Initialization function for rpcsec_tls. */ 59c19cba61SRick Macklem int rpctls_init(void); 60c19cba61SRick Macklem 61c19cba61SRick Macklem /* Get TLS information function. */ 62ab0c29afSRick Macklem bool rpctls_getinfo(u_int *maxlen, bool rpctlscd_run, 63ab0c29afSRick Macklem bool rpctlssd_run); 64c19cba61SRick Macklem 65c19cba61SRick Macklem /* String for AUTH_TLS reply verifier. */ 66c19cba61SRick Macklem #define RPCTLS_START_STRING "STARTTLS" 67c19cba61SRick Macklem 686444662aSRick Macklem /* Macros for VIMAGE. */ 69ed03776cSRick Macklem /* Just define the KRPC_VNETxxx() macros as VNETxxx() macros. */ 701a878807SRick Macklem #define KRPC_VNET_NAME(n) VNET_NAME(n) 711a878807SRick Macklem #define KRPC_VNET_DECLARE(t, n) VNET_DECLARE(t, n) 72ed03776cSRick Macklem #define KRPC_VNET_DEFINE(t, n) VNET_DEFINE(t, n) 73ed03776cSRick Macklem #define KRPC_VNET_DEFINE_STATIC(t, n) VNET_DEFINE_STATIC(t, n) 74ed03776cSRick Macklem #define KRPC_VNET(n) VNET(n) 756444662aSRick Macklem 761a878807SRick Macklem #define CTLFLAG_KRPC_VNET CTLFLAG_VNET 771a878807SRick Macklem 78ed03776cSRick Macklem #define KRPC_CURVNET_SET(n) CURVNET_SET(n) 79ed03776cSRick Macklem #define KRPC_CURVNET_SET_QUIET(n) CURVNET_SET_QUIET(n) 80ed03776cSRick Macklem #define KRPC_CURVNET_RESTORE() CURVNET_RESTORE() 81ed03776cSRick Macklem #define KRPC_TD_TO_VNET(n) TD_TO_VNET(n) 826444662aSRick Macklem 83c19cba61SRick Macklem #endif /* _KERNEL */ 84c19cba61SRick Macklem 85c19cba61SRick Macklem #endif /* _RPC_RPCSEC_TLS_H_ */ 86