1b9cbc85dSRick Macklem /*- 2*4d846d26SWarner Losh * SPDX-License-Identifier: BSD-2-Clause 3b9cbc85dSRick Macklem * 4b9cbc85dSRick Macklem * Copyright (c) 2021 Rick Macklem 5b9cbc85dSRick Macklem * 6b9cbc85dSRick Macklem * Redistribution and use in source and binary forms, with or without 7b9cbc85dSRick Macklem * modification, are permitted provided that the following conditions 8b9cbc85dSRick Macklem * are met: 9b9cbc85dSRick Macklem * 1. Redistributions of source code must retain the above copyright 10b9cbc85dSRick Macklem * notice, this list of conditions and the following disclaimer. 11b9cbc85dSRick Macklem * 2. Redistributions in binary form must reproduce the above copyright 12b9cbc85dSRick Macklem * notice, this list of conditions and the following disclaimer in the 13b9cbc85dSRick Macklem * documentation and/or other materials provided with the distribution. 14b9cbc85dSRick Macklem * 15b9cbc85dSRick Macklem * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16b9cbc85dSRick Macklem * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17b9cbc85dSRick Macklem * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18b9cbc85dSRick Macklem * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19b9cbc85dSRick Macklem * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20b9cbc85dSRick Macklem * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21b9cbc85dSRick Macklem * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22b9cbc85dSRick Macklem * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23b9cbc85dSRick Macklem * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24b9cbc85dSRick Macklem * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25b9cbc85dSRick Macklem * SUCH DAMAGE. 26b9cbc85dSRick Macklem */ 27b9cbc85dSRick Macklem 28b9cbc85dSRick Macklem /* 29b9cbc85dSRick Macklem * Functions in rpc.tlscommon.c used by both rpc.tlsservd.c and rpc.tlsclntd.c. 30b9cbc85dSRick Macklem */ 31b9cbc85dSRick Macklem int rpctls_gethost(int s, struct sockaddr *sad, 32b9cbc85dSRick Macklem char *hostip, size_t hostlen); 33b9cbc85dSRick Macklem int rpctls_checkhost(struct sockaddr *sad, X509 *cert, 34b9cbc85dSRick Macklem unsigned int wildcard); 35b9cbc85dSRick Macklem int rpctls_loadcrlfile(SSL_CTX *ctx); 36b9cbc85dSRick Macklem void rpctls_checkcrl(void); 37b9cbc85dSRick Macklem void rpctls_verbose_out(const char *fmt, ...); 38b9cbc85dSRick Macklem void rpctls_svc_run(void); 39b9cbc85dSRick Macklem 40b9cbc85dSRick Macklem /* 41b9cbc85dSRick Macklem * A linked list of all current "SSL *"s and socket "fd"s 42b9cbc85dSRick Macklem * for kernel RPC TLS connections is maintained. 43b9cbc85dSRick Macklem * The "refno" field is a unique 64bit value used to 44b9cbc85dSRick Macklem * identify which entry a kernel RPC upcall refers to. 45b9cbc85dSRick Macklem */ 46b9cbc85dSRick Macklem LIST_HEAD(ssl_list, ssl_entry); 47b9cbc85dSRick Macklem struct ssl_entry { 48b9cbc85dSRick Macklem LIST_ENTRY(ssl_entry) next; 49b9cbc85dSRick Macklem uint64_t refno; 50b9cbc85dSRick Macklem int s; 51b9cbc85dSRick Macklem bool shutoff; 52b9cbc85dSRick Macklem SSL *ssl; 53b9cbc85dSRick Macklem X509 *cert; 54b9cbc85dSRick Macklem }; 55b9cbc85dSRick Macklem 56b9cbc85dSRick Macklem /* Global variables shared between rpc.tlscommon.c and the daemons. */ 57b9cbc85dSRick Macklem extern int rpctls_debug_level; 58b9cbc85dSRick Macklem extern bool rpctls_verbose; 59b9cbc85dSRick Macklem extern SSL_CTX *rpctls_ctx; 60b9cbc85dSRick Macklem extern const char *rpctls_verify_cafile; 61b9cbc85dSRick Macklem extern const char *rpctls_verify_capath; 62b9cbc85dSRick Macklem extern char *rpctls_crlfile; 63b9cbc85dSRick Macklem extern bool rpctls_cert; 64b9cbc85dSRick Macklem extern bool rpctls_gothup; 65b9cbc85dSRick Macklem extern struct ssl_list rpctls_ssllist; 66b9cbc85dSRick Macklem 67