1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. 28 */ 29 30 /* 31 * rpcsec_gss.h, RPCSEC_GSS security service interface. 32 */ 33 34 #ifndef _RPCSEC_GSS_H 35 #define _RPCSEC_GSS_H 36 37 #ifdef __cplusplus 38 extern "C" { 39 #endif 40 41 #include <rpc/auth.h> 42 #include <rpc/clnt.h> 43 #include <gssapi/gssapi.h> 44 45 /* 46 * Interface definitions. 47 */ 48 #define MAX_NAME_LEN 64 49 #define MAX_GSS_MECH 128 50 #define MAX_GSS_NAME 128 51 52 typedef enum { 53 rpc_gss_svc_default = 0, 54 rpc_gss_svc_none = 1, 55 rpc_gss_svc_integrity = 2, 56 rpc_gss_svc_privacy = 3 57 } rpc_gss_service_t; 58 59 /* 60 * GSS-API based security mechanism type specified as 61 * object identifiers (OIDs). 62 * This type is derived from gss_OID_desc/gss_OID. 63 */ 64 #define rpc_gss_OID_s gss_OID_desc_struct 65 typedef struct rpc_gss_OID_s rpc_gss_OID_desc, *rpc_gss_OID; 66 67 /* 68 * Interface data. 69 * This is already suitable for both LP64 and ILP32. 70 */ 71 typedef struct rpc_gss_principal { 72 int len; 73 char name[1]; 74 } *rpc_gss_principal_t; 75 76 typedef struct { 77 int req_flags; 78 int time_req; 79 gss_cred_id_t my_cred; 80 gss_channel_bindings_t input_channel_bindings; 81 } rpc_gss_options_req_t; 82 83 typedef struct { 84 int major_status; 85 int minor_status; 86 uint_t rpcsec_version; 87 int ret_flags; 88 int time_ret; 89 gss_ctx_id_t gss_context; 90 #ifdef _KERNEL 91 rpc_gss_OID actual_mechanism; 92 #else 93 char actual_mechanism[MAX_GSS_MECH]; 94 #endif 95 } rpc_gss_options_ret_t; 96 97 /* 98 * raw credentials 99 */ 100 typedef struct { 101 uint_t version; 102 #ifdef _KERNEL 103 rpc_gss_OID mechanism; 104 uint_t qop; 105 #else 106 char *mechanism; 107 char *qop; 108 #endif 109 rpc_gss_principal_t client_principal; 110 char *svc_principal; /* service@server, e.g. nfs@caribe */ 111 rpc_gss_service_t service; 112 } rpc_gss_rawcred_t; 113 114 /* 115 * unix credentials 116 */ 117 typedef struct { 118 uid_t uid; 119 gid_t gid; 120 short gidlen; 121 gid_t *gidlist; 122 } rpc_gss_ucred_t; 123 124 /* 125 * for callback routine 126 */ 127 typedef struct { 128 uint_t program; 129 uint_t version; 130 bool_t (*callback)(); 131 } rpc_gss_callback_t; 132 133 /* 134 * lock used for the callback routine 135 */ 136 typedef struct { 137 bool_t locked; 138 rpc_gss_rawcred_t *raw_cred; 139 } rpc_gss_lock_t; 140 141 142 /* 143 * This is for user RPC applications. 144 * Structure used to fetch the error code when one of 145 * the rpc_gss_* routines fails. 146 */ 147 typedef struct { 148 int rpc_gss_error; 149 int system_error; 150 } rpc_gss_error_t; 151 152 #define RPC_GSS_ER_SUCCESS 0 /* no error */ 153 #define RPC_GSS_ER_SYSTEMERROR 1 /* system error */ 154 155 156 #ifdef _SYSCALL32 157 struct gss_clnt_data32 { 158 gss_OID_desc32 mechanism; 159 rpc_gss_service_t service; 160 char uname[MAX_NAME_LEN]; /* server's service name */ 161 char inst[MAX_NAME_LEN]; /* server's instance name */ 162 char realm[MAX_NAME_LEN]; /* server's realm */ 163 uint_t qop; 164 }; 165 #endif 166 167 /* 168 * This is for Kernel RPC applications. 169 * RPCSEC_GSS flavor specific data in sec_data opaque field. 170 */ 171 typedef struct gss_clnt_data { 172 rpc_gss_OID_desc mechanism; 173 rpc_gss_service_t service; 174 char uname[MAX_NAME_LEN]; /* server's service name */ 175 char inst[MAX_NAME_LEN]; /* server's instance name */ 176 char realm[MAX_NAME_LEN]; /* server's realm */ 177 uint_t qop; 178 } gss_clntdata_t; 179 180 181 struct svc_req; 182 /* 183 * KERNEL rpc_gss_* interfaces. 184 */ 185 #ifdef _KERNEL 186 int rpc_gss_secget(CLIENT *, char *, rpc_gss_OID, 187 rpc_gss_service_t, uint_t, rpc_gss_options_req_t *, 188 rpc_gss_options_ret_t *, void *, cred_t *, AUTH **); 189 190 void rpc_gss_secfree(AUTH *); 191 192 int rpc_gss_seccreate(CLIENT *, char *, rpc_gss_OID, 193 rpc_gss_service_t, uint_t, rpc_gss_options_req_t *, 194 rpc_gss_options_ret_t *, cred_t *, AUTH **); 195 196 int rpc_gss_revauth(uid_t, rpc_gss_OID); 197 void rpc_gss_secpurge(void *); 198 enum auth_stat __svcrpcsec_gss(struct svc_req *, 199 struct rpc_msg *, bool_t *); 200 bool_t rpc_gss_set_defaults(AUTH *, rpc_gss_service_t, uint_t); 201 rpc_gss_service_t rpc_gss_get_service_type(AUTH *); 202 203 204 #else 205 /* 206 * USER rpc_gss_* public interfaces 207 */ 208 AUTH * 209 rpc_gss_seccreate( 210 CLIENT *clnt, /* associated client handle */ 211 char *principal, /* server service principal */ 212 char *mechanism, /* security mechanism */ 213 rpc_gss_service_t service_type, /* security service */ 214 char *qop, /* requested QOP */ 215 rpc_gss_options_req_t *options_req, /* requested options */ 216 rpc_gss_options_ret_t *options_ret /* returned options */ 217 ); 218 219 bool_t 220 rpc_gss_get_principal_name( 221 rpc_gss_principal_t *principal, 222 char *mechanism, 223 char *user_name, 224 char *node, 225 char *secdomain 226 ); 227 228 char **rpc_gss_get_mechanisms(); 229 230 char **rpc_gss_get_mech_info( 231 char *mechanism, 232 rpc_gss_service_t *service 233 ); 234 235 bool_t 236 rpc_gss_is_installed( 237 char *mechanism 238 ); 239 240 bool_t 241 rpc_gss_mech_to_oid( 242 char *mech, 243 rpc_gss_OID *oid 244 ); 245 246 bool_t 247 rpc_gss_qop_to_num( 248 char *qop, 249 char *mech, 250 uint_t *num 251 ); 252 253 bool_t 254 rpc_gss_set_svc_name( 255 char *principal, 256 char *mechanism, 257 uint_t req_time, 258 uint_t program, 259 uint_t version 260 ); 261 262 bool_t 263 rpc_gss_set_defaults( 264 AUTH *auth, 265 rpc_gss_service_t service, 266 char *qop 267 ); 268 269 void 270 rpc_gss_get_error( 271 rpc_gss_error_t *error 272 ); 273 274 /* 275 * User level private interfaces 276 */ 277 enum auth_stat __svcrpcsec_gss(); 278 bool_t __rpc_gss_wrap(); 279 bool_t __rpc_gss_unwrap(); 280 281 #endif 282 283 /* 284 * USER and KERNEL rpc_gss_* interfaces. 285 */ 286 bool_t 287 rpc_gss_set_callback( 288 rpc_gss_callback_t *cb 289 ); 290 291 bool_t 292 rpc_gss_getcred( 293 struct svc_req *req, 294 rpc_gss_rawcred_t **rcred, 295 rpc_gss_ucred_t **ucred, 296 void **cookie 297 ); 298 299 int 300 rpc_gss_max_data_length( 301 AUTH *rpcgss_handle, 302 int max_tp_unit_len 303 ); 304 305 int 306 rpc_gss_svc_max_data_length( 307 struct svc_req *req, 308 int max_tp_unit_len 309 ); 310 311 bool_t 312 rpc_gss_get_versions( 313 uint_t *vers_hi, 314 uint_t *vers_lo 315 ); 316 317 #define RPCSEC_GSS_REFRESH_ATTEMPTS 20 318 319 /* 320 * Protocol data. 321 * 322 * The reason to put these definition in this header file 323 * is for 2.6 snoop to handle the RPCSEC_GSS protocol 324 * interpretation. 325 */ 326 #define RPCSEC_GSS_DATA 0 327 #define RPCSEC_GSS_INIT 1 328 #define RPCSEC_GSS_CONTINUE_INIT 2 329 #define RPCSEC_GSS_DESTROY 3 330 331 #define RPCSEC_GSS_VERSION 1 332 333 #ifdef __cplusplus 334 } 335 #endif 336 337 #endif /* !_RPCSEC_GSS_H */ 338