appl/gssmask/protocol.h

   1 /*
   2  * Copyright (c) 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of KTH nor the names of its contributors may be
  18  *    used to endorse or promote products derived from this software without
  19  *    specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
  22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
  25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  32  */
  33
  34 /*
  35  * $Id$
  36  */
  37
  38 /* missing from tests:
  39  * - export context
  40  * - import context
  41  */
  42
  43 /*
  44  * wire encodings:
  45  *   int16: number, 2 bytes, in network order
  46  *   int32: number, 4 bytes, in network order
  47  *   length-encoded: [int32 length, data of length bytes]
  48  *   string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]
  49  */
  50
  51 enum gssMaggotErrorCodes {
  52     GSMERR_OK           = 0,
  53     GSMERR_ERROR,
  54     GSMERR_CONTINUE_NEEDED,
  55     GSMERR_INVALID_TOKEN,
  56     GSMERR_AP_MODIFIED,
  57     GSMERR_TEST_ISSUE,
  58     GSMERR_NOT_SUPPORTED
  59 };
  60
  61 /*
  62  * input:
  63  *   int32: message OP (enum gssMaggotProtocol)
  64  *   ...
  65  *
  66  * return:   -- on error
  67  *    int32: not support (GSMERR_NOT_SUPPORTED)
  68  *
  69  * return:   -- on existing message OP
  70  *    int32: support (GSMERR_OK) -- only sent for extensions
  71  *    ...
  72  */
  73
  74 #define GSSMAGGOTPROTOCOL 14
  75
  76 enum gssMaggotOp {
  77     eGetVersionInfo     = 0,
  78     /*
  79      * input:
  80      *   none
  81      * return:
  82      *   int32: last version handled
  83      */
  84     eGoodBye,
  85     /*
  86      * input:
  87      *   none
  88      * return:
  89      *   close socket
  90      */
  91     eInitContext,
  92     /*
  93      * input:
  94      *   int32: hContext
  95      *   int32: hCred
  96      *   int32: Flags
  97      *      the lowest 0x7f flags maps directly to GSS-API flags
  98      *      DELEGATE            0x001
  99      *      MUTUAL_AUTH         0x002
 100      *      REPLAY_DETECT       0x004
 101      *      SEQUENCE_DETECT     0x008
 102      *      CONFIDENTIALITY     0x010
 103      *      INTEGRITY           0x020
 104      *      ANONYMOUS           0x040
 105      *
 106      *      FIRST_CALL          0x080
 107      *
 108      *      NTLM                0x100
 109      *      SPNEGO              0x200
 110      *   length-encoded: targetname
 111      *   length-encoded: token
 112      * return:
 113      *   int32: hNewContextId
 114      *   int32: gssapi status val
 115      *   length-encoded: output token
 116      */
 117     eAcceptContext,
 118     /*
 119      * input:
 120      *   int32: hContext
 121      *   int32: Flags           -- unused ?
 122      *      flags are same as flags for eInitContext
 123      *   length-encoded: token
 124      * return:
 125      *   int32: hNewContextId
 126      *   int32: gssapi status val
 127      *   length-encoded: output token
 128      *   int32: delegation cred id
 129      */
 130     eToastResource,
 131     /*
 132      * input:
 133      *   int32: hResource
 134      * return:
 135      *   int32: gsm status val
 136      */
 137     eAcquireCreds,
 138     /*
 139      * input:
 140      *   string: principal name
 141      *   string: password
 142      *   int32: flags
 143      *      FORWARDABLE         0x001
 144      *      DEFAULT_CREDS       0x002
 145      *
 146      *      NTLM                0x100
 147      *      SPNEGO              0x200
 148      * return:
 149      *   int32: gsm status val
 150      *   int32: hCred
 151      */
 152     eEncrypt,
 153     /*
 154      * input:
 155      *   int32: hContext
 156      *   int32: flags
 157      *   int32: seqno           -- unused
 158      *   length-encode: plaintext
 159      * return:
 160      *   int32: gsm status val
 161      *   length-encode: ciphertext
 162      */
 163     eDecrypt,
 164     /*
 165      * input:
 166      *   int32: hContext
 167      *   int32: flags
 168      *   int32: seqno           -- unused
 169      *   length-encode: ciphertext
 170      * return:
 171      *   int32: gsm status val
 172      *   length-encode: plaintext
 173      */
 174     eSign,
 175     /* message same as eEncrypt */
 176     eVerify,
 177     /*
 178      * input:
 179      *   int32: hContext
 180      *   int32: flags
 181      *   int32: seqno           -- unused
 182      *   length-encode: message
 183      *   length-encode: signature
 184      * return:
 185      *   int32: gsm status val
 186      */
 187     eGetVersionAndCapabilities,
 188     /*
 189      * return:
 190      *   int32: protocol version
 191      *   int32: capability flags */
 192 #define      ISSERVER           0x01
 193 #define      ISKDC              0x02
 194 #define      MS_KERBEROS        0x04
 195 #define      LOGSERVER          0x08
 196 #define      HAS_MONIKER        0x10
 197     /*   string: version string
 198      */
 199     eGetTargetName,
 200     /*
 201      * return:
 202      *   string: target principal name
 203      */
 204     eSetLoggingSocket,
 205     /*
 206      * input:
 207      *   int32: hostPort
 208      * return to the port on the host:
 209      *   int32: opcode - for example eLogSetMoniker
 210      */
 211     eChangePassword,
 212     /* here ended version 7 of the protocol */
 213     /*
 214      * input:
 215      *   string: principal name
 216      *   string: old password
 217      *   string: new password
 218      * return:
 219      *   int32: gsm status val
 220      */
 221     eSetPasswordSelf,
 222     /* same as eChangePassword */
 223     eWrap,
 224     /* message same as eEncrypt */
 225     eUnwrap,
 226     /* message same as eDecrypt */
 227     eConnectLoggingService2,
 228     /*
 229      * return1:
 230      *   int16: log port number
 231      *   int32: master log prototocol version (0)
 232      *
 233      * wait for master to connect on the master log socket
 234      *
 235      * return2:
 236      *   int32: gsm connection status
 237      *   int32: maggot log prototocol version (2)
 238      */
 239     eGetMoniker,
 240     /*
 241      * return:
 242      *   string: moniker (Nickname the master can refer to maggot)
 243      */
 244     eCallExtension,
 245     /*
 246      * input:
 247      *   string: extension name
 248      *   int32: message id
 249      * return:
 250      *   int32: gsm status val
 251      */
 252     eAcquirePKInitCreds,
 253     /*
 254      * input:
 255      *   int32: flags
 256      *   length-encode: certificate (pkcs12 data)
 257      * return:
 258      *   int32: hResource
 259      *   int32: gsm status val (GSMERR_NOT_SUPPORTED)
 260      */
 261     /* here ended version 7 of the protocol */
 262     eWrapExt,
 263     /*
 264      * input:
 265      *   int32: hContext
 266      *   int32: flags
 267      *   int32: bflags
 268      *   length-encode: protocol header
 269      *   length-encode: plaintext
 270      *   length-encode: protocol trailer
 271      * return:
 272      *   int32: gsm status val
 273      *   length-encode: ciphertext
 274      */
 275     eUnwrapExt,
 276     /*
 277      * input:
 278      *   int32: hContext
 279      *   int32: flags
 280      *   int32: bflags
 281      *   length-encode: protocol header
 282      *   length-encode: ciphertext
 283      *   length-encode: protocol trailer
 284      * return:
 285      *   int32: gsm status val
 286      *   length-encode: plaintext
 287      */
 288     /* here ended version 8 of the protocol */
 289
 290     eLastProtocolMessage
 291 };
 292
 293 /* bflags */
 294 #define WRAP_EXP_ONLY_HEADER 1
 295
 296 enum gssMaggotLogOp{
 297   eLogInfo = 0,
 298         /*
 299         string: File
 300         int32: Line
 301         string: message
 302      reply:
 303         int32: ackid
 304         */
 305   eLogFailure,
 306         /*
 307         string: File
 308         int32: Line
 309         string: message
 310      reply:
 311         int32: ackid
 312         */
 313   eLogSetMoniker
 314         /*
 315         string: moniker
 316         */
 317 };