1*c19cba61SRick Macklem /*- 2*c19cba61SRick Macklem * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3*c19cba61SRick Macklem * 4*c19cba61SRick Macklem * Copyright (c) 2020 Rick Macklem 5*c19cba61SRick Macklem * 6*c19cba61SRick Macklem * Redistribution and use in source and binary forms, with or without 7*c19cba61SRick Macklem * modification, are permitted provided that the following conditions 8*c19cba61SRick Macklem * are met: 9*c19cba61SRick Macklem * 1. Redistributions of source code must retain the above copyright 10*c19cba61SRick Macklem * notice, this list of conditions and the following disclaimer. 11*c19cba61SRick Macklem * 2. Redistributions in binary form must reproduce the above copyright 12*c19cba61SRick Macklem * notice, this list of conditions and the following disclaimer in the 13*c19cba61SRick Macklem * documentation and/or other materials provided with the distribution. 14*c19cba61SRick Macklem * 15*c19cba61SRick Macklem * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16*c19cba61SRick Macklem * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17*c19cba61SRick Macklem * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18*c19cba61SRick Macklem * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19*c19cba61SRick Macklem * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20*c19cba61SRick Macklem * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21*c19cba61SRick Macklem * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22*c19cba61SRick Macklem * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23*c19cba61SRick Macklem * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24*c19cba61SRick Macklem * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25*c19cba61SRick Macklem * SUCH DAMAGE. 26*c19cba61SRick Macklem * 27*c19cba61SRick Macklem * $FreeBSD$ 28*c19cba61SRick Macklem */ 29*c19cba61SRick Macklem 30*c19cba61SRick Macklem #ifndef _RPC_RPCSEC_TLS_H_ 31*c19cba61SRick Macklem #define _RPC_RPCSEC_TLS_H_ 32*c19cba61SRick Macklem 33*c19cba61SRick Macklem /* Operation values for rpctls syscall. */ 34*c19cba61SRick Macklem #define RPCTLS_SYSC_CLSETPATH 1 35*c19cba61SRick Macklem #define RPCTLS_SYSC_CLSOCKET 2 36*c19cba61SRick Macklem #define RPCTLS_SYSC_CLSHUTDOWN 3 37*c19cba61SRick Macklem #define RPCTLS_SYSC_SRVSETPATH 4 38*c19cba61SRick Macklem #define RPCTLS_SYSC_SRVSOCKET 5 39*c19cba61SRick Macklem #define RPCTLS_SYSC_SRVSHUTDOWN 6 40*c19cba61SRick Macklem 41*c19cba61SRick Macklem /* System call used by the rpctlscd, rpctlssd daemons. */ 42*c19cba61SRick Macklem int rpctls_syscall(int, const char *); 43*c19cba61SRick Macklem 44*c19cba61SRick Macklem /* Flag bits to indicate certificate results. */ 45*c19cba61SRick Macklem #define RPCTLS_FLAGS_HANDSHAKE 0x01 46*c19cba61SRick Macklem #define RPCTLS_FLAGS_GOTCERT 0x02 47*c19cba61SRick Macklem #define RPCTLS_FLAGS_SELFSIGNED 0x04 48*c19cba61SRick Macklem #define RPCTLS_FLAGS_VERIFIED 0x08 49*c19cba61SRick Macklem #define RPCTLS_FLAGS_DISABLED 0x10 50*c19cba61SRick Macklem #define RPCTLS_FLAGS_CERTUSER 0x20 51*c19cba61SRick Macklem 52*c19cba61SRick Macklem /* Error return values for upcall rpcs. */ 53*c19cba61SRick Macklem #define RPCTLSERR_OK 0 54*c19cba61SRick Macklem #define RPCTLSERR_NOCLOSE 1 55*c19cba61SRick Macklem #define RPCTLSERR_NOSSL 2 56*c19cba61SRick Macklem #define RPCTLSERR_NOSOCKET 3 57*c19cba61SRick Macklem 58*c19cba61SRick Macklem #ifdef _KERNEL 59*c19cba61SRick Macklem /* Functions that perform upcalls to the rpctlsd daemon. */ 60*c19cba61SRick Macklem enum clnt_stat rpctls_connect(CLIENT *newclient, struct socket *so, 61*c19cba61SRick Macklem uint64_t *sslp, uint32_t *reterr); 62*c19cba61SRick Macklem enum clnt_stat rpctls_cl_handlerecord(uint64_t sec, uint64_t usec, 63*c19cba61SRick Macklem uint64_t ssl, uint32_t *reterr); 64*c19cba61SRick Macklem enum clnt_stat rpctls_srv_handlerecord(uint64_t sec, uint64_t usec, 65*c19cba61SRick Macklem uint64_t ssl, uint32_t *reterr); 66*c19cba61SRick Macklem enum clnt_stat rpctls_cl_disconnect(uint64_t sec, uint64_t usec, 67*c19cba61SRick Macklem uint64_t ssl, uint32_t *reterr); 68*c19cba61SRick Macklem enum clnt_stat rpctls_srv_disconnect(uint64_t sec, uint64_t usec, 69*c19cba61SRick Macklem uint64_t ssl, uint32_t *reterr); 70*c19cba61SRick Macklem 71*c19cba61SRick Macklem /* Initialization function for rpcsec_tls. */ 72*c19cba61SRick Macklem int rpctls_init(void); 73*c19cba61SRick Macklem 74*c19cba61SRick Macklem /* Get TLS information function. */ 75*c19cba61SRick Macklem bool rpctls_getinfo(u_int *maxlen); 76*c19cba61SRick Macklem 77*c19cba61SRick Macklem /* String for AUTH_TLS reply verifier. */ 78*c19cba61SRick Macklem #define RPCTLS_START_STRING "STARTTLS" 79*c19cba61SRick Macklem 80*c19cba61SRick Macklem #endif /* _KERNEL */ 81*c19cba61SRick Macklem 82*c19cba61SRick Macklem #endif /* _RPC_RPCSEC_TLS_H_ */ 83