1178825Sdfr/* 2233294Sstas * Copyright (c) 2006 Kungliga Tekniska H��gskolan 3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4233294Sstas * All rights reserved. 5178825Sdfr * 6233294Sstas * Redistribution and use in source and binary forms, with or without 7233294Sstas * modification, are permitted provided that the following conditions 8233294Sstas * are met: 9178825Sdfr * 10233294Sstas * 1. Redistributions of source code must retain the above copyright 11233294Sstas * notice, this list of conditions and the following disclaimer. 12178825Sdfr * 13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright 14233294Sstas * notice, this list of conditions and the following disclaimer in the 15233294Sstas * documentation and/or other materials provided with the distribution. 16178825Sdfr * 17178825Sdfr * 3. Neither the name of KTH nor the names of its contributors may be 18178825Sdfr * used to endorse or promote products derived from this software without 19178825Sdfr * specific prior written permission. 20178825Sdfr * 21178825Sdfr * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22178825Sdfr * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24178825Sdfr * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25178825Sdfr * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26178825Sdfr * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27178825Sdfr * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28178825Sdfr * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29178825Sdfr * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30178825Sdfr * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31178825Sdfr * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32178825Sdfr */ 33178825Sdfr 34178825Sdfr/* 35233294Sstas * $Id$ 36178825Sdfr */ 37178825Sdfr 38178825Sdfr/* missing from tests: 39178825Sdfr * - export context 40178825Sdfr * - import context 41178825Sdfr */ 42178825Sdfr 43178825Sdfr/* 44178825Sdfr * wire encodings: 45178825Sdfr * int16: number, 2 bytes, in network order 46178825Sdfr * int32: number, 4 bytes, in network order 47178825Sdfr * length-encoded: [int32 length, data of length bytes] 48178825Sdfr * string: [int32 length, string of length + 1 bytes, includes trailing '\0' ] 49178825Sdfr */ 50178825Sdfr 51178825Sdfrenum gssMaggotErrorCodes { 52178825Sdfr GSMERR_OK = 0, 53178825Sdfr GSMERR_ERROR, 54178825Sdfr GSMERR_CONTINUE_NEEDED, 55178825Sdfr GSMERR_INVALID_TOKEN, 56178825Sdfr GSMERR_AP_MODIFIED, 57178825Sdfr GSMERR_TEST_ISSUE, 58178825Sdfr GSMERR_NOT_SUPPORTED 59178825Sdfr}; 60178825Sdfr 61178825Sdfr/* 62178825Sdfr * input: 63178825Sdfr * int32: message OP (enum gssMaggotProtocol) 64178825Sdfr * ... 65178825Sdfr * 66233294Sstas * return: -- on error 67178825Sdfr * int32: not support (GSMERR_NOT_SUPPORTED) 68233294Sstas * 69178825Sdfr * return: -- on existing message OP 70178825Sdfr * int32: support (GSMERR_OK) -- only sent for extensions 71178825Sdfr * ... 72178825Sdfr */ 73178825Sdfr 74178825Sdfr#define GSSMAGGOTPROTOCOL 14 75178825Sdfr 76178825Sdfrenum gssMaggotOp { 77178825Sdfr eGetVersionInfo = 0, 78233294Sstas /* 79178825Sdfr * input: 80178825Sdfr * none 81178825Sdfr * return: 82233294Sstas * int32: last version handled 83178825Sdfr */ 84178825Sdfr eGoodBye, 85233294Sstas /* 86178825Sdfr * input: 87178825Sdfr * none 88178825Sdfr * return: 89178825Sdfr * close socket 90178825Sdfr */ 91178825Sdfr eInitContext, 92233294Sstas /* 93178825Sdfr * input: 94178825Sdfr * int32: hContext 95178825Sdfr * int32: hCred 96178825Sdfr * int32: Flags 97178825Sdfr * the lowest 0x7f flags maps directly to GSS-API flags 98233294Sstas * DELEGATE 0x001 99233294Sstas * MUTUAL_AUTH 0x002 100178825Sdfr * REPLAY_DETECT 0x004 101178825Sdfr * SEQUENCE_DETECT 0x008 102178825Sdfr * CONFIDENTIALITY 0x010 103178825Sdfr * INTEGRITY 0x020 104178825Sdfr * ANONYMOUS 0x040 105178825Sdfr * 106178825Sdfr * FIRST_CALL 0x080 107178825Sdfr * 108178825Sdfr * NTLM 0x100 109178825Sdfr * SPNEGO 0x200 110178825Sdfr * length-encoded: targetname 111178825Sdfr * length-encoded: token 112178825Sdfr * return: 113178825Sdfr * int32: hNewContextId 114178825Sdfr * int32: gssapi status val 115178825Sdfr * length-encoded: output token 116178825Sdfr */ 117178825Sdfr eAcceptContext, 118233294Sstas /* 119178825Sdfr * input: 120178825Sdfr * int32: hContext 121178825Sdfr * int32: Flags -- unused ? 122178825Sdfr * flags are same as flags for eInitContext 123178825Sdfr * length-encoded: token 124178825Sdfr * return: 125178825Sdfr * int32: hNewContextId 126178825Sdfr * int32: gssapi status val 127178825Sdfr * length-encoded: output token 128178825Sdfr * int32: delegation cred id 129178825Sdfr */ 130178825Sdfr eToastResource, 131178825Sdfr /* 132178825Sdfr * input: 133178825Sdfr * int32: hResource 134178825Sdfr * return: 135178825Sdfr * int32: gsm status val 136178825Sdfr */ 137178825Sdfr eAcquireCreds, 138178825Sdfr /* 139178825Sdfr * input: 140178825Sdfr * string: principal name 141178825Sdfr * string: password 142178825Sdfr * int32: flags 143178825Sdfr * FORWARDABLE 0x001 144178825Sdfr * DEFAULT_CREDS 0x002 145178825Sdfr * 146178825Sdfr * NTLM 0x100 147178825Sdfr * SPNEGO 0x200 148178825Sdfr * return: 149178825Sdfr * int32: gsm status val 150178825Sdfr * int32: hCred 151178825Sdfr */ 152178825Sdfr eEncrypt, 153178825Sdfr /* 154178825Sdfr * input: 155178825Sdfr * int32: hContext 156233294Sstas * int32: flags 157178825Sdfr * int32: seqno -- unused 158178825Sdfr * length-encode: plaintext 159178825Sdfr * return: 160178825Sdfr * int32: gsm status val 161178825Sdfr * length-encode: ciphertext 162178825Sdfr */ 163178825Sdfr eDecrypt, 164178825Sdfr /* 165178825Sdfr * input: 166178825Sdfr * int32: hContext 167233294Sstas * int32: flags 168178825Sdfr * int32: seqno -- unused 169178825Sdfr * length-encode: ciphertext 170178825Sdfr * return: 171178825Sdfr * int32: gsm status val 172178825Sdfr * length-encode: plaintext 173178825Sdfr */ 174178825Sdfr eSign, 175178825Sdfr /* message same as eEncrypt */ 176178825Sdfr eVerify, 177178825Sdfr /* 178178825Sdfr * input: 179178825Sdfr * int32: hContext 180233294Sstas * int32: flags 181178825Sdfr * int32: seqno -- unused 182178825Sdfr * length-encode: message 183178825Sdfr * length-encode: signature 184178825Sdfr * return: 185178825Sdfr * int32: gsm status val 186178825Sdfr */ 187178825Sdfr eGetVersionAndCapabilities, 188178825Sdfr /* 189178825Sdfr * return: 190178825Sdfr * int32: protocol version 191178825Sdfr * int32: capability flags */ 192178825Sdfr#define ISSERVER 0x01 193178825Sdfr#define ISKDC 0x02 194178825Sdfr#define MS_KERBEROS 0x04 195178825Sdfr#define LOGSERVER 0x08 196178825Sdfr#define HAS_MONIKER 0x10 197178825Sdfr /* string: version string 198178825Sdfr */ 199178825Sdfr eGetTargetName, 200178825Sdfr /* 201178825Sdfr * return: 202178825Sdfr * string: target principal name 203178825Sdfr */ 204178825Sdfr eSetLoggingSocket, 205178825Sdfr /* 206178825Sdfr * input: 207178825Sdfr * int32: hostPort 208178825Sdfr * return to the port on the host: 209178825Sdfr * int32: opcode - for example eLogSetMoniker 210178825Sdfr */ 211178825Sdfr eChangePassword, 212178825Sdfr /* here ended version 7 of the protocol */ 213178825Sdfr /* 214178825Sdfr * input: 215178825Sdfr * string: principal name 216178825Sdfr * string: old password 217178825Sdfr * string: new password 218178825Sdfr * return: 219178825Sdfr * int32: gsm status val 220178825Sdfr */ 221178825Sdfr eSetPasswordSelf, 222178825Sdfr /* same as eChangePassword */ 223178825Sdfr eWrap, 224178825Sdfr /* message same as eEncrypt */ 225178825Sdfr eUnwrap, 226178825Sdfr /* message same as eDecrypt */ 227178825Sdfr eConnectLoggingService2, 228178825Sdfr /* 229178825Sdfr * return1: 230178825Sdfr * int16: log port number 231178825Sdfr * int32: master log prototocol version (0) 232233294Sstas * 233178825Sdfr * wait for master to connect on the master log socket 234178825Sdfr * 235178825Sdfr * return2: 236178825Sdfr * int32: gsm connection status 237178825Sdfr * int32: maggot log prototocol version (2) 238178825Sdfr */ 239178825Sdfr eGetMoniker, 240178825Sdfr /* 241178825Sdfr * return: 242178825Sdfr * string: moniker (Nickname the master can refer to maggot) 243178825Sdfr */ 244178825Sdfr eCallExtension, 245178825Sdfr /* 246178825Sdfr * input: 247178825Sdfr * string: extension name 248178825Sdfr * int32: message id 249178825Sdfr * return: 250178825Sdfr * int32: gsm status val 251178825Sdfr */ 252178825Sdfr eAcquirePKInitCreds, 253178825Sdfr /* 254178825Sdfr * input: 255178825Sdfr * int32: flags 256178825Sdfr * length-encode: certificate (pkcs12 data) 257178825Sdfr * return: 258178825Sdfr * int32: hResource 259178825Sdfr * int32: gsm status val (GSMERR_NOT_SUPPORTED) 260178825Sdfr */ 261178825Sdfr /* here ended version 7 of the protocol */ 262233294Sstas eWrapExt, 263233294Sstas /* 264233294Sstas * input: 265233294Sstas * int32: hContext 266233294Sstas * int32: flags 267233294Sstas * int32: bflags 268233294Sstas * length-encode: protocol header 269233294Sstas * length-encode: plaintext 270233294Sstas * length-encode: protocol trailer 271233294Sstas * return: 272233294Sstas * int32: gsm status val 273233294Sstas * length-encode: ciphertext 274233294Sstas */ 275233294Sstas eUnwrapExt, 276233294Sstas /* 277233294Sstas * input: 278233294Sstas * int32: hContext 279233294Sstas * int32: flags 280233294Sstas * int32: bflags 281233294Sstas * length-encode: protocol header 282233294Sstas * length-encode: ciphertext 283233294Sstas * length-encode: protocol trailer 284233294Sstas * return: 285233294Sstas * int32: gsm status val 286233294Sstas * length-encode: plaintext 287233294Sstas */ 288233294Sstas /* here ended version 8 of the protocol */ 289233294Sstas 290178825Sdfr eLastProtocolMessage 291178825Sdfr}; 292178825Sdfr 293233294Sstas/* bflags */ 294233294Sstas#define WRAP_EXP_ONLY_HEADER 1 295233294Sstas 296178825Sdfrenum gssMaggotLogOp{ 297178825Sdfr eLogInfo = 0, 298178825Sdfr /* 299178825Sdfr string: File 300178825Sdfr int32: Line 301178825Sdfr string: message 302178825Sdfr reply: 303178825Sdfr int32: ackid 304178825Sdfr */ 305178825Sdfr eLogFailure, 306178825Sdfr /* 307178825Sdfr string: File 308178825Sdfr int32: Line 309178825Sdfr string: message 310178825Sdfr reply: 311178825Sdfr int32: ackid 312178825Sdfr */ 313178825Sdfr eLogSetMoniker 314178825Sdfr /* 315178825Sdfr string: moniker 316178825Sdfr */ 317178825Sdfr}; 318