Print this page
3882 remove xmod & friends
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/gssapi/gssd.x
+++ new/usr/src/uts/common/gssapi/gssd.x
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License, Version 1.0 only
6 6 * (the "License"). You may not use this file except in compliance
7 7 * with the License.
8 8 *
9 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 * or http://www.opensolaris.org/os/licensing.
11 11 * See the License for the specific language governing permissions
12 12 * and limitations under the License.
13 13 *
14 14 * When distributing Covered Code, include this CDDL HEADER in each
15 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 * If applicable, add the following below this CDDL HEADER, with the
17 17 * fields enclosed by brackets "[]" replaced with your own identifying
18 18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 19 *
20 20 * CDDL HEADER END
21 21 */
22 22 %/*
23 23 % * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
24 24 % * Use is subject to license terms.
25 25 % */
26 26 %
27 27 %#pragma ident "%Z%%M% %I% %E% SMI"
28 28 %
29 29 %/*
30 30 % * RPC protocol information for gssd, the usermode daemon that
31 31 % * assists the kernel with gssapi. It is gssd that executes all
32 32 % * gssapi calls except for some such as gss_sign(), and
33 33 % * gss_verify(), which are executed in the kernel itself.
34 34 % *
35 35 % * File generated from gssd.x
36 36 % */
37 37 %
38 38 %#define NO 0
39 39 %#define YES 1
40 40 %#define FOREVER 1
41 41 %
42 42 %#include <sys/types.h>
43 43 %#include <sys/time.h>
44 44 %#include <rpc/auth_sys.h>
45 45 %#ifndef _KERNEL
46 46 %#include <locale.h>
47 47 %#endif /* not _KERNEL */
48 48 %
49 49
50 50 %#ifdef _KERNEL
51 51 %extern void killgssd_handle(CLIENT *);
52 52 %extern CLIENT *getgssd_handle(void);
53 53 %#endif /* _KERNEL */
54 54 %
55 55 /*
56 56 * These are the definitions for the interface to GSSD.
57 57 */
58 58
59 59 typedef unsigned int OM_UINT32;
60 60
61 61 typedef opaque GSS_CTX_ID_T<>;
62 62 typedef opaque GSS_CRED_ID_T<>;
63 63 typedef opaque GSS_OID<>;
64 64 typedef opaque GSS_BUFFER_T<>;
65 65 typedef gid_t GSSCRED_GIDS<>;
66 66
67 67 typedef GSS_OID GSS_OID_SET<>;
68 68
69 69 struct GSS_CHANNEL_BINDINGS_STRUCT {
70 70 int present;
71 71 OM_UINT32 initiator_addrtype;
72 72 GSS_BUFFER_T initiator_address;
73 73 OM_UINT32 acceptor_addrtype;
74 74 GSS_BUFFER_T acceptor_address;
75 75 GSS_BUFFER_T application_data;
76 76 };
77 77
78 78 typedef struct GSS_CHANNEL_BINDINGS_STRUCT GSS_CHANNEL_BINDINGS;
79 79
80 80 struct gss_acquire_cred_arg {
81 81 uid_t uid; /* client uid */
82 82 GSS_BUFFER_T desired_name; /* name of cred */
83 83 GSS_OID name_type; /* type of desired name */
84 84 OM_UINT32 time_req; /* context validity interval */
85 85 GSS_OID_SET desired_mechs; /* cred mechanisms */
86 86 int cred_usage; /* init/accept/both */
87 87 };
88 88
89 89 struct gss_acquire_cred_res {
90 90 OM_UINT32 minor_status; /* status from the mechanism */
91 91 GSS_CRED_ID_T output_cred_handle; /* returned credential handle */
92 92 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
93 93 GSS_OID_SET actual_mechs; /* found cred mechanisms */
94 94 OM_UINT32 time_rec; /* actual context validity */
95 95 OM_UINT32 status; /* status of GSSAPI call */
96 96 };
97 97
98 98 struct gss_add_cred_arg {
99 99 uid_t uid; /* client uid */
100 100 GSS_CRED_ID_T input_cred_handle; /* input credential handle */
101 101 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
102 102 GSS_BUFFER_T desired_name; /* name of cred */
103 103 GSS_OID name_type; /* type of desired name */
104 104 GSS_OID desired_mech_type; /* cred mechanisms */
105 105 int cred_usage; /* init/accept/both */
106 106 OM_UINT32 initiator_time_req; /* context validity interval */
107 107 OM_UINT32 acceptor_time_req; /* context validity interval */
108 108 };
109 109 /* Note: For gss_add_cred we always update the underlying credentials of
110 110 * input_cred_handle. We always pass NULL as output_cred_handle when the call
111 111 * to gss_add_cred is made
112 112 */
113 113 struct gss_add_cred_res {
114 114 OM_UINT32 minor_status; /* status from the mechanism */
115 115 GSS_OID_SET actual_mechs; /* found cred mechanisms */
116 116 OM_UINT32 initiator_time_rec; /* cred validity interval */
117 117 OM_UINT32 acceptor_time_rec; /* cred validity interval */
118 118 OM_UINT32 status; /* status of GSSAPI call */
119 119 };
120 120
121 121 struct gss_release_cred_arg {
122 122 uid_t uid; /* client uid */
123 123 OM_UINT32 gssd_cred_verifier; /* verifier for cred handles */
124 124 GSS_CRED_ID_T cred_handle; /* credential handle */
125 125 };
126 126
127 127 struct gss_release_cred_res {
128 128 OM_UINT32 minor_status; /* status from the mechanism */
129 129 OM_UINT32 status; /* status of GSSAPI call */
130 130 };
131 131
132 132 struct gss_init_sec_context_arg {
133 133 uid_t uid; /* client uid */
134 134 GSS_CTX_ID_T context_handle; /* handle to existing context */
135 135 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
136 136 GSS_CRED_ID_T claimant_cred_handle; /* must = GSS_C_NO_CREDENTIAL */
137 137 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
138 138 GSS_BUFFER_T target_name; /* name of server */
139 139 GSS_OID name_type; /* type of principal name */
140 140 GSS_OID mech_type; /* requested mechanism */
141 141 int req_flags; /* requested context options */
142 142 OM_UINT32 time_req; /* context validity interval */
143 143 GSS_CHANNEL_BINDINGS
144 144 input_chan_bindings; /* requested channel bindings */
145 145 GSS_BUFFER_T input_token; /* token to send to peer */
146 146 };
147 147
148 148 struct gss_init_sec_context_res {
149 149 GSS_CTX_ID_T context_handle; /* handle to created context */
150 150 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
151 151 OM_UINT32 minor_status; /* status from the mechanism */
152 152 GSS_OID actual_mech_type; /* actual mechanism used */
153 153 GSS_BUFFER_T output_token; /* where peer token is put */
154 154 OM_UINT32 ret_flags; /* options of context */
155 155 OM_UINT32 time_rec; /* actual context validity */
156 156 OM_UINT32 status; /* status of GSSAPI call */
157 157 };
158 158
159 159 struct gss_accept_sec_context_arg {
160 160 uid_t uid; /* client uid */
161 161 GSS_CTX_ID_T context_handle; /* handle to existing context */
162 162 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
163 163 GSS_CRED_ID_T verifier_cred_handle; /* must = GSS_C_NO_CREDENTIAL */
164 164 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
165 165 GSS_BUFFER_T input_token_buffer; /* token to send to peer */
166 166 GSS_CHANNEL_BINDINGS
167 167 input_chan_bindings; /* requested channel bindings */
168 168 };
169 169
170 170 struct gss_accept_sec_context_res {
171 171 GSS_CTX_ID_T context_handle; /* handle to created context */
172 172 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
173 173 OM_UINT32 minor_status; /* status from the mechanism */
174 174 GSS_BUFFER_T src_name; /* authenticated name of peer */
175 175 GSS_OID mech_type; /* mechanism used */
176 176 GSS_BUFFER_T output_token; /* where peer token is put */
177 177 OM_UINT32 ret_flags; /* options of context */
178 178 OM_UINT32 time_rec; /* actual context validity */
179 179 GSS_CRED_ID_T delegated_cred_handle; /* always GSS_C_NO_CREDENTIAL */
180 180 OM_UINT32 status; /* status of GSSAPI call */
181 181 };
182 182
183 183 struct gss_process_context_token_arg {
184 184 uid_t uid; /* client uid */
185 185 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
186 186 GSS_CTX_ID_T context_handle; /* handle to existing context */
187 187 GSS_BUFFER_T token_buffer; /* token to process */
188 188 };
189 189
190 190 struct gss_process_context_token_res {
191 191 OM_UINT32 minor_status; /* status from the mechanism */
192 192 OM_UINT32 status; /* status of GSSAPI call */
193 193 };
194 194
195 195 struct gss_delete_sec_context_arg {
196 196 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
197 197 GSS_CTX_ID_T context_handle; /* handle to existing context */
198 198 };
199 199
200 200 struct gss_delete_sec_context_res {
201 201 OM_UINT32 minor_status; /* status from the mechanism */
202 202 GSS_CTX_ID_T context_handle; /* handle to deleted context */
203 203 GSS_BUFFER_T output_token; /* output token for peer */
204 204 OM_UINT32 status; /* status of GSSAPI call */
205 205 };
206 206
207 207 struct gss_export_sec_context_arg {
208 208 GSS_CTX_ID_T context_handle; /* handle to existing context */
209 209 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
210 210 };
211 211
212 212 struct gss_export_sec_context_res {
213 213 OM_UINT32 minor_status; /* status from the mechanism */
214 214 GSS_CTX_ID_T context_handle; /* handle to existing context */
215 215 GSS_BUFFER_T output_token; /* input token for import_sec_context */
216 216 OM_UINT32 status; /* status of GSSAPI call */
217 217 };
218 218
219 219 struct gss_import_sec_context_arg {
220 220 GSS_BUFFER_T input_token; /* input token for import_sec_context */
221 221 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
222 222 };
223 223
224 224 struct gss_import_sec_context_res {
225 225 OM_UINT32 minor_status; /* status from the mechanism */
226 226 GSS_CTX_ID_T context_handle; /* handle to created context */
227 227 OM_UINT32 status; /* status of GSSAPI call */
228 228 };
229 229
230 230 struct gss_context_time_arg {
231 231 uid_t uid; /* client uid */
232 232 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
233 233 GSS_CTX_ID_T context_handle; /* handle to existing context */
234 234 };
235 235
236 236 struct gss_context_time_res {
237 237 OM_UINT32 minor_status; /* status from the mechanism */
238 238 OM_UINT32 time_rec; /* actual context validity */
239 239 OM_UINT32 status; /* status of GSSAPI call */
240 240 };
241 241
242 242 struct gss_sign_arg {
243 243 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
244 244 GSS_CTX_ID_T context_handle; /* handle to existing context */
245 245 int qop_req; /* quality of protection */
246 246 GSS_BUFFER_T message_buffer; /* message to sign */
247 247 };
248 248
249 249 struct gss_sign_res {
250 250 OM_UINT32 minor_status; /* status from the mechanism */
251 251 GSS_BUFFER_T msg_token; /* msg_token */
252 252 OM_UINT32 status; /* status of GSSAPI call */
253 253 };
254 254
255 255 struct gss_verify_arg {
256 256 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
257 257 GSS_CTX_ID_T context_handle; /* handle to existing context */
↓ open down ↓ |
257 lines elided |
↑ open up ↑ |
258 258 GSS_BUFFER_T message_buffer; /* message to verify */
259 259 GSS_BUFFER_T token_buffer; /* buffer containg token */
260 260 };
261 261
262 262 struct gss_verify_res {
263 263 OM_UINT32 minor_status; /* status from the mechanism */
264 264 int qop_state; /* quality of protection */
265 265 OM_UINT32 status; /* status of GSSAPI call */
266 266 };
267 267
268 -%/* EXPORT DELETE START */
269 268 struct gss_seal_arg {
270 269 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
271 270 GSS_CTX_ID_T context_handle; /* handle to existing context */
272 271 int conf_req_flag; /* type of conf requested */
273 272 int qop_req; /* quality of prot. requested */
274 273 GSS_BUFFER_T input_message_buffer; /* message to protect */
275 274 };
276 275
277 276 struct gss_seal_res {
278 277 OM_UINT32 minor_status; /* status from the mechanism */
279 278 int conf_state; /* type of conf. applied */
280 279 GSS_BUFFER_T output_message_buffer; /* protected message */
281 280 OM_UINT32 status; /* status of GSSAPI call */
282 281 };
283 282
284 283 struct gss_unseal_arg {
285 284 OM_UINT32 gssd_context_verifier; /* verifier for context handles */
286 285 GSS_CTX_ID_T context_handle; /* handle to existing context */
287 286 GSS_BUFFER_T input_message_buffer; /* message to protect */
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
288 287 };
289 288
290 289 struct gss_unseal_res {
291 290 OM_UINT32 minor_status; /* status from the mechanism */
292 291 GSS_BUFFER_T output_message_buffer; /* protected message */
293 292 int conf_state; /* type of conf. provided */
294 293 int qop_state; /* quality of prot. provided */
295 294 OM_UINT32 status; /* status of GSSAPI call */
296 295 };
297 296
298 -%/* EXPORT DELETE END */
299 -
300 297 struct gss_display_status_arg {
301 298 uid_t uid; /* client uid */
302 299 int status_value; /* status to be converted */
303 300 int status_type; /* GSS or mech status */
304 301 GSS_OID mech_type; /* mechanism */
305 302 OM_UINT32 message_context; /* recursion flag */
306 303 };
307 304
308 305 struct gss_display_status_res {
309 306 OM_UINT32 minor_status; /* status from the mechanism */
310 307 int message_context; /* recursion flag */
311 308 GSS_BUFFER_T status_string; /* text equiv of status */
312 309 OM_UINT32 status; /* status of GSSAPI call */
313 310 };
314 311
315 312 %/* gss_indicate_mechs_arg is void. This appears in the rpc call def */
316 313
317 314 struct gss_indicate_mechs_res {
318 315 OM_UINT32 minor_status; /* status from the mechanism */
319 316 GSS_OID_SET mech_set; /* mechanism set supported */
320 317 OM_UINT32 status; /* status of GSSAPI call */
321 318 };
322 319
323 320 struct gss_inquire_cred_arg {
324 321 uid_t uid; /* client uid */
325 322 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
326 323 GSS_CRED_ID_T cred_handle; /* credential handle */
327 324 };
328 325
329 326 struct gss_inquire_cred_res {
330 327 OM_UINT32 minor_status; /* status from the mechanism */
331 328 GSS_BUFFER_T name; /* name associated with cred */
332 329 GSS_OID name_type; /* type of name */
333 330 OM_UINT32 lifetime; /* remaining validiy period */
334 331 int cred_usage; /* how creds may be used */
335 332 GSS_OID_SET mechanisms; /* mechs associated with cred */
336 333 OM_UINT32 status; /* status of GSSAPI call */
337 334 };
338 335
339 336 struct gss_inquire_cred_by_mech_arg {
340 337 uid_t uid; /* client uid */
341 338 OM_UINT32 gssd_cred_verifier; /* verifier for cred handle */
342 339 GSS_CRED_ID_T cred_handle; /* credential handle */
343 340 GSS_OID mech_type; /* cred mechanism */
344 341 };
345 342
346 343 struct gss_inquire_cred_by_mech_res {
347 344 OM_UINT32 minor_status; /* status from the mechanism */
348 345 OM_UINT32 status; /* status of GSSAPI call */
349 346 };
350 347
351 348 struct gsscred_name_to_unix_cred_arg {
352 349 uid_t uid; /* client uid */
353 350 GSS_BUFFER_T pname; /* principal name */
354 351 GSS_OID name_type; /* oid of principal name */
355 352 GSS_OID mech_type; /* for which mechanism to use */
356 353 };
357 354
358 355 struct gsscred_name_to_unix_cred_res {
359 356 uid_t uid; /* principal's uid */
360 357 gid_t gid; /* principal's gid */
361 358 GSSCRED_GIDS gids; /* array of principal's gids */
362 359 OM_UINT32 major; /* status of the GSSAPI call */
363 360 };
364 361
365 362
366 363 struct
367 364 gsscred_expname_to_unix_cred_arg {
368 365 uid_t uid; /* client uid */
369 366 GSS_BUFFER_T expname; /* principal in export format */
370 367 };
371 368
372 369 struct
373 370 gsscred_expname_to_unix_cred_res {
374 371 uid_t uid; /* principal's uid */
375 372 gid_t gid; /* principal's gid */
376 373 GSSCRED_GIDS gids; /* array of principal's gids */
377 374 OM_UINT32 major; /* major status code */
378 375 };
379 376
380 377
381 378 struct gss_get_group_info_arg {
382 379 uid_t uid; /* client uid */
383 380 uid_t puid; /* principal's uid */
384 381 };
385 382
386 383 struct gss_get_group_info_res {
387 384 gid_t gid; /* principal's gid */
388 385 GSSCRED_GIDS gids; /* array of principal's gids */
389 386 OM_UINT32 major; /* major status code */
390 387 };
391 388
392 389
393 390 struct gss_get_kmod_arg {
394 391 GSS_OID mech_oid;
395 392
396 393 };
397 394
398 395 union gss_get_kmod_res switch (bool module_follow) {
399 396 case TRUE:
400 397 string modname<>;
401 398 case FALSE:
402 399 void;
403 400 };
404 401
405 402
406 403 /*
407 404 * The server accepts requests only from the loopback address.
408 405 * Unix authentication is used, and the port must be in the reserved range.
409 406 */
410 407
411 408 program GSSPROG {
412 409 version GSSVERS {
413 410
414 411 /*
415 412 * Called by the client to acquire a credential.
416 413 */
417 414 gss_acquire_cred_res
418 415 GSS_ACQUIRE_CRED(gss_acquire_cred_arg) = 1;
419 416
420 417 /*
421 418 * Called by the client to release a credential.
422 419 */
423 420 gss_release_cred_res
424 421 GSS_RELEASE_CRED(gss_release_cred_arg) = 2;
425 422
426 423 /*
427 424 * Called by the client to initialize a security context.
428 425 */
429 426 gss_init_sec_context_res
430 427 GSS_INIT_SEC_CONTEXT(gss_init_sec_context_arg) = 3;
431 428
432 429 /*
433 430 * Called by the server to initialize a security context.
434 431 */
435 432 gss_accept_sec_context_res
436 433 GSS_ACCEPT_SEC_CONTEXT(gss_accept_sec_context_arg) = 4;
437 434
438 435 /*
439 436 * Called to pass token to underlying mechanism.
440 437 */
441 438 gss_process_context_token_res
442 439 GSS_PROCESS_CONTEXT_TOKEN(gss_process_context_token_arg) = 5;
443 440
444 441 /*
445 442 * Called to delete a security context.
446 443 */
447 444 gss_delete_sec_context_res
448 445 GSS_DELETE_SEC_CONTEXT(gss_delete_sec_context_arg) = 6;
449 446
450 447 /*
451 448 * Called to get remaining time security context has to live.
452 449 */
453 450 gss_context_time_res
454 451 GSS_CONTEXT_TIME(gss_context_time_arg) = 7;
455 452
456 453 /*
457 454 * Called to sign a message.
458 455 */
459 456 gss_sign_res GSS_SIGN(gss_sign_arg) = 8;
460 457
461 458 /*
462 459 * Called to verify a signed message.
463 460 */
464 461 gss_verify_res GSS_VERIFY(gss_verify_arg) = 9;
465 462
466 463 /*
467 464 * Called to translate minor status into a string.
468 465 */
469 466 gss_display_status_res
470 467 GSS_DISPLAY_STATUS(gss_display_status_arg) = 10;
471 468
472 469 /*
473 470 * Called to indicate which underlying mechanisms are supported
474 471 */
↓ open down ↓ |
165 lines elided |
↑ open up ↑ |
475 472 gss_indicate_mechs_res
476 473 GSS_INDICATE_MECHS(void) = 11;
477 474
478 475 /*
479 476 * Called by the client to inquire about a credential.
480 477 */
481 478 gss_inquire_cred_res
482 479 GSS_INQUIRE_CRED(gss_inquire_cred_arg) = 12;
483 480
484 481
485 -/* EXPORT DELETE START */
486 -
487 482 /*
488 483 * Called to seal a message.
489 484 */
490 485 gss_seal_res GSS_SEAL(gss_seal_arg) = 13;
491 486
492 487 /*
493 488 * Called to unseal a message.
494 489 */
495 490 gss_unseal_res GSS_UNSEAL(gss_unseal_arg) = 14;
496 491
497 -/* EXPORT DELETE END */
498 -
499 492 /*
500 493 * gsscred interface functions to obtain principal uid and gids
501 494 */
502 495 gsscred_expname_to_unix_cred_res
503 496 GSSCRED_EXPNAME_TO_UNIX_CRED(
504 497 gsscred_expname_to_unix_cred_arg) = 15;
505 498
506 499 gsscred_name_to_unix_cred_res
507 500 GSSCRED_NAME_TO_UNIX_CRED(
508 501 gsscred_name_to_unix_cred_arg) = 16;
509 502
510 503 gss_get_group_info_res
511 504 GSS_GET_GROUP_INFO(gss_get_group_info_arg) = 17;
512 505
513 506 gss_get_kmod_res
514 507 GSS_GET_KMOD(gss_get_kmod_arg) = 18;
515 508
516 509 gss_export_sec_context_res
517 510 GSS_EXPORT_SEC_CONTEXT(gss_export_sec_context_arg) = 19;
518 511
519 512 gss_import_sec_context_res
520 513 GSS_IMPORT_SEC_CONTEXT(gss_import_sec_context_arg) = 20;
521 514 /*
522 515 * Called by the client to add to a credential.
523 516 */
524 517 gss_add_cred_res
525 518 GSS_ADD_CRED(gss_add_cred_arg) = 21;
526 519 gss_inquire_cred_by_mech_res
527 520 GSS_INQUIRE_CRED_BY_MECH(gss_inquire_cred_by_mech_arg)
528 521 = 22;
529 522
530 523 } = 1;
531 524 } = 100234;
↓ open down ↓ |
23 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX