1178825Sdfr/*
2233294Sstas * Copyright (c) 2006 Kungliga Tekniska H��gskolan
3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden).
4233294Sstas * All rights reserved.
5178825Sdfr *
6233294Sstas * Redistribution and use in source and binary forms, with or without
7233294Sstas * modification, are permitted provided that the following conditions
8233294Sstas * are met:
9178825Sdfr *
10233294Sstas * 1. Redistributions of source code must retain the above copyright
11233294Sstas *    notice, this list of conditions and the following disclaimer.
12178825Sdfr *
13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright
14233294Sstas *    notice, this list of conditions and the following disclaimer in the
15233294Sstas *    documentation and/or other materials provided with the distribution.
16178825Sdfr *
17178825Sdfr * 3. Neither the name of KTH nor the names of its contributors may be
18178825Sdfr *    used to endorse or promote products derived from this software without
19178825Sdfr *    specific prior written permission.
20178825Sdfr *
21178825Sdfr * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22178825Sdfr * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24178825Sdfr * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25178825Sdfr * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26178825Sdfr * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27178825Sdfr * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28178825Sdfr * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29178825Sdfr * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30178825Sdfr * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31178825Sdfr * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32178825Sdfr */
33178825Sdfr
34178825Sdfr/*
35233294Sstas * $Id$
36178825Sdfr */
37178825Sdfr
38178825Sdfr/* missing from tests:
39178825Sdfr * - export context
40178825Sdfr * - import context
41178825Sdfr */
42178825Sdfr
43178825Sdfr/*
44178825Sdfr * wire encodings:
45178825Sdfr *   int16: number, 2 bytes, in network order
46178825Sdfr *   int32: number, 4 bytes, in network order
47178825Sdfr *   length-encoded: [int32 length, data of length bytes]
48178825Sdfr *   string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]
49178825Sdfr */
50178825Sdfr
51178825Sdfrenum gssMaggotErrorCodes {
52178825Sdfr    GSMERR_OK		= 0,
53178825Sdfr    GSMERR_ERROR,
54178825Sdfr    GSMERR_CONTINUE_NEEDED,
55178825Sdfr    GSMERR_INVALID_TOKEN,
56178825Sdfr    GSMERR_AP_MODIFIED,
57178825Sdfr    GSMERR_TEST_ISSUE,
58178825Sdfr    GSMERR_NOT_SUPPORTED
59178825Sdfr};
60178825Sdfr
61178825Sdfr/*
62178825Sdfr * input:
63178825Sdfr *   int32: message OP (enum gssMaggotProtocol)
64178825Sdfr *   ...
65178825Sdfr *
66233294Sstas * return:   -- on error
67178825Sdfr *    int32: not support (GSMERR_NOT_SUPPORTED)
68233294Sstas *
69178825Sdfr * return:   -- on existing message OP
70178825Sdfr *    int32: support (GSMERR_OK) -- only sent for extensions
71178825Sdfr *    ...
72178825Sdfr */
73178825Sdfr
74178825Sdfr#define GSSMAGGOTPROTOCOL 14
75178825Sdfr
76178825Sdfrenum gssMaggotOp {
77178825Sdfr    eGetVersionInfo	= 0,
78233294Sstas    /*
79178825Sdfr     * input:
80178825Sdfr     *   none
81178825Sdfr     * return:
82233294Sstas     *   int32: last version handled
83178825Sdfr     */
84178825Sdfr    eGoodBye,
85233294Sstas    /*
86178825Sdfr     * input:
87178825Sdfr     *   none
88178825Sdfr     * return:
89178825Sdfr     *   close socket
90178825Sdfr     */
91178825Sdfr    eInitContext,
92233294Sstas    /*
93178825Sdfr     * input:
94178825Sdfr     *   int32: hContext
95178825Sdfr     *   int32: hCred
96178825Sdfr     *   int32: Flags
97178825Sdfr     *      the lowest 0x7f flags maps directly to GSS-API flags
98233294Sstas     *      DELEGATE		0x001
99233294Sstas     *      MUTUAL_AUTH		0x002
100178825Sdfr     *      REPLAY_DETECT	0x004
101178825Sdfr     *      SEQUENCE_DETECT	0x008
102178825Sdfr     *      CONFIDENTIALITY	0x010
103178825Sdfr     *      INTEGRITY		0x020
104178825Sdfr     *      ANONYMOUS		0x040
105178825Sdfr     *
106178825Sdfr     *      FIRST_CALL		0x080
107178825Sdfr     *
108178825Sdfr     *      NTLM		0x100
109178825Sdfr     *      SPNEGO		0x200
110178825Sdfr     *   length-encoded: targetname
111178825Sdfr     *   length-encoded: token
112178825Sdfr     * return:
113178825Sdfr     *   int32: hNewContextId
114178825Sdfr     *   int32: gssapi status val
115178825Sdfr     *   length-encoded: output token
116178825Sdfr     */
117178825Sdfr    eAcceptContext,
118233294Sstas    /*
119178825Sdfr     * input:
120178825Sdfr     *   int32: hContext
121178825Sdfr     *   int32: Flags		-- unused ?
122178825Sdfr     *      flags are same as flags for eInitContext
123178825Sdfr     *   length-encoded: token
124178825Sdfr     * return:
125178825Sdfr     *   int32: hNewContextId
126178825Sdfr     *   int32: gssapi status val
127178825Sdfr     *   length-encoded: output token
128178825Sdfr     *   int32: delegation cred id
129178825Sdfr     */
130178825Sdfr    eToastResource,
131178825Sdfr    /*
132178825Sdfr     * input:
133178825Sdfr     *   int32: hResource
134178825Sdfr     * return:
135178825Sdfr     *   int32: gsm status val
136178825Sdfr     */
137178825Sdfr    eAcquireCreds,
138178825Sdfr    /*
139178825Sdfr     * input:
140178825Sdfr     *   string: principal name
141178825Sdfr     *   string: password
142178825Sdfr     *   int32: flags
143178825Sdfr     *      FORWARDABLE		0x001
144178825Sdfr     *      DEFAULT_CREDS	0x002
145178825Sdfr     *
146178825Sdfr     *      NTLM		0x100
147178825Sdfr     *      SPNEGO		0x200
148178825Sdfr     * return:
149178825Sdfr     *   int32: gsm status val
150178825Sdfr     *   int32: hCred
151178825Sdfr     */
152178825Sdfr    eEncrypt,
153178825Sdfr    /*
154178825Sdfr     * input:
155178825Sdfr     *   int32: hContext
156233294Sstas     *   int32: flags
157178825Sdfr     *   int32: seqno		-- unused
158178825Sdfr     *   length-encode: plaintext
159178825Sdfr     * return:
160178825Sdfr     *   int32: gsm status val
161178825Sdfr     *   length-encode: ciphertext
162178825Sdfr     */
163178825Sdfr    eDecrypt,
164178825Sdfr    /*
165178825Sdfr     * input:
166178825Sdfr     *   int32: hContext
167233294Sstas     *   int32: flags
168178825Sdfr     *   int32: seqno		-- unused
169178825Sdfr     *   length-encode: ciphertext
170178825Sdfr     * return:
171178825Sdfr     *   int32: gsm status val
172178825Sdfr     *   length-encode: plaintext
173178825Sdfr     */
174178825Sdfr    eSign,
175178825Sdfr    /* message same as eEncrypt */
176178825Sdfr    eVerify,
177178825Sdfr    /*
178178825Sdfr     * input:
179178825Sdfr     *   int32: hContext
180233294Sstas     *   int32: flags
181178825Sdfr     *   int32: seqno		-- unused
182178825Sdfr     *   length-encode: message
183178825Sdfr     *   length-encode: signature
184178825Sdfr     * return:
185178825Sdfr     *   int32: gsm status val
186178825Sdfr     */
187178825Sdfr    eGetVersionAndCapabilities,
188178825Sdfr    /*
189178825Sdfr     * return:
190178825Sdfr     *   int32: protocol version
191178825Sdfr     *   int32: capability flags */
192178825Sdfr#define      ISSERVER		0x01
193178825Sdfr#define      ISKDC		0x02
194178825Sdfr#define      MS_KERBEROS	0x04
195178825Sdfr#define      LOGSERVER		0x08
196178825Sdfr#define      HAS_MONIKER	0x10
197178825Sdfr    /*   string: version string
198178825Sdfr     */
199178825Sdfr    eGetTargetName,
200178825Sdfr    /*
201178825Sdfr     * return:
202178825Sdfr     *   string: target principal name
203178825Sdfr     */
204178825Sdfr    eSetLoggingSocket,
205178825Sdfr    /*
206178825Sdfr     * input:
207178825Sdfr     *   int32: hostPort
208178825Sdfr     * return to the port on the host:
209178825Sdfr     *   int32: opcode - for example eLogSetMoniker
210178825Sdfr     */
211178825Sdfr    eChangePassword,
212178825Sdfr    /* here ended version 7 of the protocol */
213178825Sdfr    /*
214178825Sdfr     * input:
215178825Sdfr     *   string: principal name
216178825Sdfr     *   string: old password
217178825Sdfr     *   string: new password
218178825Sdfr     * return:
219178825Sdfr     *   int32: gsm status val
220178825Sdfr     */
221178825Sdfr    eSetPasswordSelf,
222178825Sdfr    /* same as eChangePassword */
223178825Sdfr    eWrap,
224178825Sdfr    /* message same as eEncrypt */
225178825Sdfr    eUnwrap,
226178825Sdfr    /* message same as eDecrypt */
227178825Sdfr    eConnectLoggingService2,
228178825Sdfr    /*
229178825Sdfr     * return1:
230178825Sdfr     *   int16: log port number
231178825Sdfr     *   int32: master log prototocol version (0)
232233294Sstas     *
233178825Sdfr     * wait for master to connect on the master log socket
234178825Sdfr     *
235178825Sdfr     * return2:
236178825Sdfr     *   int32: gsm connection status
237178825Sdfr     *   int32: maggot log prototocol version (2)
238178825Sdfr     */
239178825Sdfr    eGetMoniker,
240178825Sdfr    /*
241178825Sdfr     * return:
242178825Sdfr     *   string: moniker (Nickname the master can refer to maggot)
243178825Sdfr     */
244178825Sdfr    eCallExtension,
245178825Sdfr    /*
246178825Sdfr     * input:
247178825Sdfr     *   string: extension name
248178825Sdfr     *   int32: message id
249178825Sdfr     * return:
250178825Sdfr     *   int32: gsm status val
251178825Sdfr     */
252178825Sdfr    eAcquirePKInitCreds,
253178825Sdfr    /*
254178825Sdfr     * input:
255178825Sdfr     *   int32: flags
256178825Sdfr     *   length-encode: certificate (pkcs12 data)
257178825Sdfr     * return:
258178825Sdfr     *   int32: hResource
259178825Sdfr     *   int32: gsm status val (GSMERR_NOT_SUPPORTED)
260178825Sdfr     */
261178825Sdfr    /* here ended version 7 of the protocol */
262233294Sstas    eWrapExt,
263233294Sstas    /*
264233294Sstas     * input:
265233294Sstas     *   int32: hContext
266233294Sstas     *   int32: flags
267233294Sstas     *   int32: bflags
268233294Sstas     *   length-encode: protocol header
269233294Sstas     *   length-encode: plaintext
270233294Sstas     *   length-encode: protocol trailer
271233294Sstas     * return:
272233294Sstas     *   int32: gsm status val
273233294Sstas     *   length-encode: ciphertext
274233294Sstas     */
275233294Sstas    eUnwrapExt,
276233294Sstas    /*
277233294Sstas     * input:
278233294Sstas     *   int32: hContext
279233294Sstas     *   int32: flags
280233294Sstas     *   int32: bflags
281233294Sstas     *   length-encode: protocol header
282233294Sstas     *   length-encode: ciphertext
283233294Sstas     *   length-encode: protocol trailer
284233294Sstas     * return:
285233294Sstas     *   int32: gsm status val
286233294Sstas     *   length-encode: plaintext
287233294Sstas     */
288233294Sstas    /* here ended version 8 of the protocol */
289233294Sstas
290178825Sdfr    eLastProtocolMessage
291178825Sdfr};
292178825Sdfr
293233294Sstas/* bflags */
294233294Sstas#define WRAP_EXP_ONLY_HEADER 1
295233294Sstas
296178825Sdfrenum gssMaggotLogOp{
297178825Sdfr  eLogInfo = 0,
298178825Sdfr	/*
299178825Sdfr	string: File
300178825Sdfr	int32: Line
301178825Sdfr	string: message
302178825Sdfr     reply:
303178825Sdfr  	int32: ackid
304178825Sdfr	*/
305178825Sdfr  eLogFailure,
306178825Sdfr	/*
307178825Sdfr	string: File
308178825Sdfr	int32: Line
309178825Sdfr	string: message
310178825Sdfr     reply:
311178825Sdfr  	int32: ackid
312178825Sdfr	*/
313178825Sdfr  eLogSetMoniker
314178825Sdfr	/*
315178825Sdfr	string: moniker
316178825Sdfr	*/
317178825Sdfr};
318