1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 %/* 23 % * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 % * Use is subject to license terms. 25 % */ 26 % 27 %#pragma ident "%Z%%M% %I% %E% SMI" 28 % 29 %/* 30 % * RPC protocol information for gssd, the usermode daemon that 31 % * assists the kernel with gssapi. It is gssd that executes all 32 % * gssapi calls except for some such as gss_sign(), and 33 % * gss_verify(), which are executed in the kernel itself. 34 % * 35 % * File generated from gssd.x 36 % */ 37 % 38 %#define NO 0 39 %#define YES 1 40 %#define FOREVER 1 41 % 42 %#include <sys/types.h> 43 %#include <sys/time.h> 44 %#include <rpc/auth_sys.h> 45 %#ifndef _KERNEL 46 %#include <locale.h> 47 %#endif /* not _KERNEL */ 48 % 49 50 %#ifdef _KERNEL 51 %extern void killgssd_handle(CLIENT *); 52 %extern CLIENT *getgssd_handle(void); 53 %#endif /* _KERNEL */ 54 % 55 /* 56 * These are the definitions for the interface to GSSD. 57 */ 58 59 typedef unsigned int OM_UINT32; 60 61 typedef opaque GSS_CTX_ID_T<>; 62 typedef opaque GSS_CRED_ID_T<>; 63 typedef opaque GSS_OID<>; 64 typedef opaque GSS_BUFFER_T<>; 65 typedef gid_t GSSCRED_GIDS<>; 66 67 typedef GSS_OID GSS_OID_SET<>; 68 69 struct GSS_CHANNEL_BINDINGS_STRUCT { 70 int present; 71 OM_UINT32 initiator_addrtype; 72 GSS_BUFFER_T initiator_address; 73 OM_UINT32 acceptor_addrtype; 74 GSS_BUFFER_T acceptor_address; 75 GSS_BUFFER_T application_data; 76 }; 77 78 typedef struct GSS_CHANNEL_BINDINGS_STRUCT GSS_CHANNEL_BINDINGS; 79 80 struct gss_acquire_cred_arg { 81 uid_t uid; /* client uid */ 82 GSS_BUFFER_T desired_name; /* name of cred */ 83 GSS_OID name_type; /* type of desired name */ 84 OM_UINT32 time_req; /* context validity interval */ 85 GSS_OID_SET desired_mechs; /* cred mechanisms */ 86 int cred_usage; /* init/accept/both */ 87 }; 88 89 struct gss_acquire_cred_res { 90 OM_UINT32 minor_status; /* status from the mechanism */ 91 GSS_CRED_ID_T output_cred_handle; /* returned credential handle */ 92 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 93 GSS_OID_SET actual_mechs; /* found cred mechanisms */ 94 OM_UINT32 time_rec; /* actual context validity */ 95 OM_UINT32 status; /* status of GSSAPI call */ 96 }; 97 98 struct gss_add_cred_arg { 99 uid_t uid; /* client uid */ 100 GSS_CRED_ID_T input_cred_handle; /* input credential handle */ 101 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 102 GSS_BUFFER_T desired_name; /* name of cred */ 103 GSS_OID name_type; /* type of desired name */ 104 GSS_OID desired_mech_type; /* cred mechanisms */ 105 int cred_usage; /* init/accept/both */ 106 OM_UINT32 initiator_time_req; /* context validity interval */ 107 OM_UINT32 acceptor_time_req; /* context validity interval */ 108 }; 109 /* Note: For gss_add_cred we always update the underlying credentials of 110 * input_cred_handle. We always pass NULL as output_cred_handle when the call 111 * to gss_add_cred is made 112 */ 113 struct gss_add_cred_res { 114 OM_UINT32 minor_status; /* status from the mechanism */ 115 GSS_OID_SET actual_mechs; /* found cred mechanisms */ 116 OM_UINT32 initiator_time_rec; /* cred validity interval */ 117 OM_UINT32 acceptor_time_rec; /* cred validity interval */ 118 OM_UINT32 status; /* status of GSSAPI call */ 119 }; 120 121 struct gss_release_cred_arg { 122 uid_t uid; /* client uid */ 123 OM_UINT32 gssd_cred_verifier; /* verifier for cred handles */ 124 GSS_CRED_ID_T cred_handle; /* credential handle */ 125 }; 126 127 struct gss_release_cred_res { 128 OM_UINT32 minor_status; /* status from the mechanism */ 129 OM_UINT32 status; /* status of GSSAPI call */ 130 }; 131 132 struct gss_init_sec_context_arg { 133 uid_t uid; /* client uid */ 134 GSS_CTX_ID_T context_handle; /* handle to existing context */ 135 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 136 GSS_CRED_ID_T claimant_cred_handle; /* must = GSS_C_NO_CREDENTIAL */ 137 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 138 GSS_BUFFER_T target_name; /* name of server */ 139 GSS_OID name_type; /* type of principal name */ 140 GSS_OID mech_type; /* requested mechanism */ 141 int req_flags; /* requested context options */ 142 OM_UINT32 time_req; /* context validity interval */ 143 GSS_CHANNEL_BINDINGS 144 input_chan_bindings; /* requested channel bindings */ 145 GSS_BUFFER_T input_token; /* token to send to peer */ 146 }; 147 148 struct gss_init_sec_context_res { 149 GSS_CTX_ID_T context_handle; /* handle to created context */ 150 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 151 OM_UINT32 minor_status; /* status from the mechanism */ 152 GSS_OID actual_mech_type; /* actual mechanism used */ 153 GSS_BUFFER_T output_token; /* where peer token is put */ 154 OM_UINT32 ret_flags; /* options of context */ 155 OM_UINT32 time_rec; /* actual context validity */ 156 OM_UINT32 status; /* status of GSSAPI call */ 157 }; 158 159 struct gss_accept_sec_context_arg { 160 uid_t uid; /* client uid */ 161 GSS_CTX_ID_T context_handle; /* handle to existing context */ 162 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 163 GSS_CRED_ID_T verifier_cred_handle; /* must = GSS_C_NO_CREDENTIAL */ 164 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 165 GSS_BUFFER_T input_token_buffer; /* token to send to peer */ 166 GSS_CHANNEL_BINDINGS 167 input_chan_bindings; /* requested channel bindings */ 168 }; 169 170 struct gss_accept_sec_context_res { 171 GSS_CTX_ID_T context_handle; /* handle to created context */ 172 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 173 OM_UINT32 minor_status; /* status from the mechanism */ 174 GSS_BUFFER_T src_name; /* authenticated name of peer */ 175 GSS_OID mech_type; /* mechanism used */ 176 GSS_BUFFER_T output_token; /* where peer token is put */ 177 OM_UINT32 ret_flags; /* options of context */ 178 OM_UINT32 time_rec; /* actual context validity */ 179 GSS_CRED_ID_T delegated_cred_handle; /* always GSS_C_NO_CREDENTIAL */ 180 OM_UINT32 status; /* status of GSSAPI call */ 181 }; 182 183 struct gss_process_context_token_arg { 184 uid_t uid; /* client uid */ 185 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 186 GSS_CTX_ID_T context_handle; /* handle to existing context */ 187 GSS_BUFFER_T token_buffer; /* token to process */ 188 }; 189 190 struct gss_process_context_token_res { 191 OM_UINT32 minor_status; /* status from the mechanism */ 192 OM_UINT32 status; /* status of GSSAPI call */ 193 }; 194 195 struct gss_delete_sec_context_arg { 196 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 197 GSS_CTX_ID_T context_handle; /* handle to existing context */ 198 }; 199 200 struct gss_delete_sec_context_res { 201 OM_UINT32 minor_status; /* status from the mechanism */ 202 GSS_CTX_ID_T context_handle; /* handle to deleted context */ 203 GSS_BUFFER_T output_token; /* output token for peer */ 204 OM_UINT32 status; /* status of GSSAPI call */ 205 }; 206 207 struct gss_export_sec_context_arg { 208 GSS_CTX_ID_T context_handle; /* handle to existing context */ 209 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 210 }; 211 212 struct gss_export_sec_context_res { 213 OM_UINT32 minor_status; /* status from the mechanism */ 214 GSS_CTX_ID_T context_handle; /* handle to existing context */ 215 GSS_BUFFER_T output_token; /* input token for import_sec_context */ 216 OM_UINT32 status; /* status of GSSAPI call */ 217 }; 218 219 struct gss_import_sec_context_arg { 220 GSS_BUFFER_T input_token; /* input token for import_sec_context */ 221 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 222 }; 223 224 struct gss_import_sec_context_res { 225 OM_UINT32 minor_status; /* status from the mechanism */ 226 GSS_CTX_ID_T context_handle; /* handle to created context */ 227 OM_UINT32 status; /* status of GSSAPI call */ 228 }; 229 230 struct gss_context_time_arg { 231 uid_t uid; /* client uid */ 232 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 233 GSS_CTX_ID_T context_handle; /* handle to existing context */ 234 }; 235 236 struct gss_context_time_res { 237 OM_UINT32 minor_status; /* status from the mechanism */ 238 OM_UINT32 time_rec; /* actual context validity */ 239 OM_UINT32 status; /* status of GSSAPI call */ 240 }; 241 242 struct gss_sign_arg { 243 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 244 GSS_CTX_ID_T context_handle; /* handle to existing context */ 245 int qop_req; /* quality of protection */ 246 GSS_BUFFER_T message_buffer; /* message to sign */ 247 }; 248 249 struct gss_sign_res { 250 OM_UINT32 minor_status; /* status from the mechanism */ 251 GSS_BUFFER_T msg_token; /* msg_token */ 252 OM_UINT32 status; /* status of GSSAPI call */ 253 }; 254 255 struct gss_verify_arg { 256 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 257 GSS_CTX_ID_T context_handle; /* handle to existing context */ 258 GSS_BUFFER_T message_buffer; /* message to verify */ 259 GSS_BUFFER_T token_buffer; /* buffer containg token */ 260 }; 261 262 struct gss_verify_res { 263 OM_UINT32 minor_status; /* status from the mechanism */ 264 int qop_state; /* quality of protection */ 265 OM_UINT32 status; /* status of GSSAPI call */ 266 }; 267 268 struct gss_seal_arg { 269 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 270 GSS_CTX_ID_T context_handle; /* handle to existing context */ 271 int conf_req_flag; /* type of conf requested */ 272 int qop_req; /* quality of prot. requested */ 273 GSS_BUFFER_T input_message_buffer; /* message to protect */ 274 }; 275 276 struct gss_seal_res { 277 OM_UINT32 minor_status; /* status from the mechanism */ 278 int conf_state; /* type of conf. applied */ 279 GSS_BUFFER_T output_message_buffer; /* protected message */ 280 OM_UINT32 status; /* status of GSSAPI call */ 281 }; 282 283 struct gss_unseal_arg { 284 OM_UINT32 gssd_context_verifier; /* verifier for context handles */ 285 GSS_CTX_ID_T context_handle; /* handle to existing context */ 286 GSS_BUFFER_T input_message_buffer; /* message to protect */ 287 }; 288 289 struct gss_unseal_res { 290 OM_UINT32 minor_status; /* status from the mechanism */ 291 GSS_BUFFER_T output_message_buffer; /* protected message */ 292 int conf_state; /* type of conf. provided */ 293 int qop_state; /* quality of prot. provided */ 294 OM_UINT32 status; /* status of GSSAPI call */ 295 }; 296 297 struct gss_display_status_arg { 298 uid_t uid; /* client uid */ 299 int status_value; /* status to be converted */ 300 int status_type; /* GSS or mech status */ 301 GSS_OID mech_type; /* mechanism */ 302 OM_UINT32 message_context; /* recursion flag */ 303 }; 304 305 struct gss_display_status_res { 306 OM_UINT32 minor_status; /* status from the mechanism */ 307 int message_context; /* recursion flag */ 308 GSS_BUFFER_T status_string; /* text equiv of status */ 309 OM_UINT32 status; /* status of GSSAPI call */ 310 }; 311 312 %/* gss_indicate_mechs_arg is void. This appears in the rpc call def */ 313 314 struct gss_indicate_mechs_res { 315 OM_UINT32 minor_status; /* status from the mechanism */ 316 GSS_OID_SET mech_set; /* mechanism set supported */ 317 OM_UINT32 status; /* status of GSSAPI call */ 318 }; 319 320 struct gss_inquire_cred_arg { 321 uid_t uid; /* client uid */ 322 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 323 GSS_CRED_ID_T cred_handle; /* credential handle */ 324 }; 325 326 struct gss_inquire_cred_res { 327 OM_UINT32 minor_status; /* status from the mechanism */ 328 GSS_BUFFER_T name; /* name associated with cred */ 329 GSS_OID name_type; /* type of name */ 330 OM_UINT32 lifetime; /* remaining validiy period */ 331 int cred_usage; /* how creds may be used */ 332 GSS_OID_SET mechanisms; /* mechs associated with cred */ 333 OM_UINT32 status; /* status of GSSAPI call */ 334 }; 335 336 struct gss_inquire_cred_by_mech_arg { 337 uid_t uid; /* client uid */ 338 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */ 339 GSS_CRED_ID_T cred_handle; /* credential handle */ 340 GSS_OID mech_type; /* cred mechanism */ 341 }; 342 343 struct gss_inquire_cred_by_mech_res { 344 OM_UINT32 minor_status; /* status from the mechanism */ 345 OM_UINT32 status; /* status of GSSAPI call */ 346 }; 347 348 struct gsscred_name_to_unix_cred_arg { 349 uid_t uid; /* client uid */ 350 GSS_BUFFER_T pname; /* principal name */ 351 GSS_OID name_type; /* oid of principal name */ 352 GSS_OID mech_type; /* for which mechanism to use */ 353 }; 354 355 struct gsscred_name_to_unix_cred_res { 356 uid_t uid; /* principal's uid */ 357 gid_t gid; /* principal's gid */ 358 GSSCRED_GIDS gids; /* array of principal's gids */ 359 OM_UINT32 major; /* status of the GSSAPI call */ 360 }; 361 362 363 struct 364 gsscred_expname_to_unix_cred_arg { 365 uid_t uid; /* client uid */ 366 GSS_BUFFER_T expname; /* principal in export format */ 367 }; 368 369 struct 370 gsscred_expname_to_unix_cred_res { 371 uid_t uid; /* principal's uid */ 372 gid_t gid; /* principal's gid */ 373 GSSCRED_GIDS gids; /* array of principal's gids */ 374 OM_UINT32 major; /* major status code */ 375 }; 376 377 378 struct gss_get_group_info_arg { 379 uid_t uid; /* client uid */ 380 uid_t puid; /* principal's uid */ 381 }; 382 383 struct gss_get_group_info_res { 384 gid_t gid; /* principal's gid */ 385 GSSCRED_GIDS gids; /* array of principal's gids */ 386 OM_UINT32 major; /* major status code */ 387 }; 388 389 390 struct gss_get_kmod_arg { 391 GSS_OID mech_oid; 392 393 }; 394 395 union gss_get_kmod_res switch (bool module_follow) { 396 case TRUE: 397 string modname<>; 398 case FALSE: 399 void; 400 }; 401 402 403 /* 404 * The server accepts requests only from the loopback address. 405 * Unix authentication is used, and the port must be in the reserved range. 406 */ 407 408 program GSSPROG { 409 version GSSVERS { 410 411 /* 412 * Called by the client to acquire a credential. 413 */ 414 gss_acquire_cred_res 415 GSS_ACQUIRE_CRED(gss_acquire_cred_arg) = 1; 416 417 /* 418 * Called by the client to release a credential. 419 */ 420 gss_release_cred_res 421 GSS_RELEASE_CRED(gss_release_cred_arg) = 2; 422 423 /* 424 * Called by the client to initialize a security context. 425 */ 426 gss_init_sec_context_res 427 GSS_INIT_SEC_CONTEXT(gss_init_sec_context_arg) = 3; 428 429 /* 430 * Called by the server to initialize a security context. 431 */ 432 gss_accept_sec_context_res 433 GSS_ACCEPT_SEC_CONTEXT(gss_accept_sec_context_arg) = 4; 434 435 /* 436 * Called to pass token to underlying mechanism. 437 */ 438 gss_process_context_token_res 439 GSS_PROCESS_CONTEXT_TOKEN(gss_process_context_token_arg) = 5; 440 441 /* 442 * Called to delete a security context. 443 */ 444 gss_delete_sec_context_res 445 GSS_DELETE_SEC_CONTEXT(gss_delete_sec_context_arg) = 6; 446 447 /* 448 * Called to get remaining time security context has to live. 449 */ 450 gss_context_time_res 451 GSS_CONTEXT_TIME(gss_context_time_arg) = 7; 452 453 /* 454 * Called to sign a message. 455 */ 456 gss_sign_res GSS_SIGN(gss_sign_arg) = 8; 457 458 /* 459 * Called to verify a signed message. 460 */ 461 gss_verify_res GSS_VERIFY(gss_verify_arg) = 9; 462 463 /* 464 * Called to translate minor status into a string. 465 */ 466 gss_display_status_res 467 GSS_DISPLAY_STATUS(gss_display_status_arg) = 10; 468 469 /* 470 * Called to indicate which underlying mechanisms are supported 471 */ 472 gss_indicate_mechs_res 473 GSS_INDICATE_MECHS(void) = 11; 474 475 /* 476 * Called by the client to inquire about a credential. 477 */ 478 gss_inquire_cred_res 479 GSS_INQUIRE_CRED(gss_inquire_cred_arg) = 12; 480 481 482 /* 483 * Called to seal a message. 484 */ 485 gss_seal_res GSS_SEAL(gss_seal_arg) = 13; 486 487 /* 488 * Called to unseal a message. 489 */ 490 gss_unseal_res GSS_UNSEAL(gss_unseal_arg) = 14; 491 492 /* 493 * gsscred interface functions to obtain principal uid and gids 494 */ 495 gsscred_expname_to_unix_cred_res 496 GSSCRED_EXPNAME_TO_UNIX_CRED( 497 gsscred_expname_to_unix_cred_arg) = 15; 498 499 gsscred_name_to_unix_cred_res 500 GSSCRED_NAME_TO_UNIX_CRED( 501 gsscred_name_to_unix_cred_arg) = 16; 502 503 gss_get_group_info_res 504 GSS_GET_GROUP_INFO(gss_get_group_info_arg) = 17; 505 506 gss_get_kmod_res 507 GSS_GET_KMOD(gss_get_kmod_arg) = 18; 508 509 gss_export_sec_context_res 510 GSS_EXPORT_SEC_CONTEXT(gss_export_sec_context_arg) = 19; 511 512 gss_import_sec_context_res 513 GSS_IMPORT_SEC_CONTEXT(gss_import_sec_context_arg) = 20; 514 /* 515 * Called by the client to add to a credential. 516 */ 517 gss_add_cred_res 518 GSS_ADD_CRED(gss_add_cred_arg) = 21; 519 gss_inquire_cred_by_mech_res 520 GSS_INQUIRE_CRED_BY_MECH(gss_inquire_cred_by_mech_arg) 521 = 22; 522 523 } = 1; 524 } = 100234;