1/*
2 * Copyright (c) 2010 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1.  Redistributions of source code must retain the above copyright
11 *     notice, this list of conditions and the following disclaimer.
12 * 2.  Redistributions in binary form must reproduce the above copyright
13 *     notice, this list of conditions and the following disclaimer in the
14 *     documentation and/or other materials provided with the distribution.
15 * 3.  Neither the name of Apple Inc. ("Apple") nor the names of its
16 *     contributors may be used to endorse or promote products derived from
17 *     this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
20 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 *
30 * Portions of this software have been released under the following terms:
31 *
32 * (c) Copyright 1989-1993 OPEN SOFTWARE FOUNDATION, INC.
33 * (c) Copyright 1989-1993 HEWLETT-PACKARD COMPANY
34 * (c) Copyright 1989-1993 DIGITAL EQUIPMENT CORPORATION
35 *
36 * To anyone who acknowledges that this file is provided "AS IS"
37 * without any express or implied warranty:
38 * permission to use, copy, modify, and distribute this file for any
39 * purpose is hereby granted without fee, provided that the above
40 * copyright notices and this notice appears in all source code copies,
41 * and that none of the names of Open Software Foundation, Inc., Hewlett-
42 * Packard Company or Digital Equipment Corporation be used
43 * in advertising or publicity pertaining to distribution of the software
44 * without specific, written prior permission.  Neither Open Software
45 * Foundation, Inc., Hewlett-Packard Company nor Digital
46 * Equipment Corporation makes any representations about the suitability
47 * of this software for any purpose.
48 *
49 * Copyright (c) 2007, Novell, Inc. All rights reserved.
50 * Redistribution and use in source and binary forms, with or without
51 * modification, are permitted provided that the following conditions
52 * are met:
53 *
54 * 1.  Redistributions of source code must retain the above copyright
55 *     notice, this list of conditions and the following disclaimer.
56 * 2.  Redistributions in binary form must reproduce the above copyright
57 *     notice, this list of conditions and the following disclaimer in the
58 *     documentation and/or other materials provided with the distribution.
59 * 3.  Neither the name of Novell Inc. nor the names of its contributors
60 *     may be used to endorse or promote products derived from this
61 *     this software without specific prior written permission.
62 *
63 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
64 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
65 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
66 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY
67 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
68 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
69 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
70 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
71 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
72 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
73 *
74 * @APPLE_LICENSE_HEADER_END@
75 */
76
77/*
78**
79**  NAME
80**
81**      cn.h
82**
83**  FACILITY:
84**
85**      Remote Procedure Call (RPC)
86**
87**  ABSTRACT:
88**
89**  Definitions of types/constants external to NCA Connection RPC
90**  Protocol Service for use by other runtime components.
91**
92**
93*/
94
95#ifndef _CN_H
96#define _CN_H	1
97
98#include <cnpkt.h>
99#include <dce/sec_authn.h>
100
101/*
102 * rpc_e_dbg_auth debug switch levels
103 */
104
105#define RPC_C_CN_DBG_AUTH_ROUTINE_TRACE 20
106#define RPC_C_CN_DBG_AUTH_PKT           7
107#define RPC_C_CN_DBG_AUTH_REFRESH       5
108#define RPC_C_CN_DBG_AUTH_BIG_PAC       3
109#define RPC_C_CN_DBG_AUTH_GENERAL       1
110
111/*
112 * rpc_e_dbg_cn_errors debug switch levels
113 *
114 * Switches to set to generate errors and a status code used only
115 * when one of the error debug levels are set.
116 */
117
118#define RPC_S_CN_DBG_AUTH_FAILURE               0xdeadbeefU
119#define RPC_C_CN_DBG_AUTH_CREATE_INFO           64      /* server */
120#define RPC_C_CN_DBG_AUTH_CRED_CHANGED          65      /* client */
121#define RPC_C_CN_DBG_AUTH_FMT_CLIENT_REQ        66      /* client */
122#define RPC_C_CN_DBG_AUTH_FMT_SERVER_RESP       67      /* server */
123#define RPC_C_CN_DBG_AUTH_GET_PROT_INFO         68      /* client & server */
124#define RPC_C_CN_DBG_AUTH_PRE_CALL              69      /* client & server */
125#define RPC_C_CN_DBG_AUTH_PRE_SEND              70      /* client & server */
126#define RPC_C_CN_DBG_AUTH_RECV_CHECK            71      /* client & server */
127#define RPC_C_CN_DBG_AUTH_VFY_CLIENT_REQ        72      /* server */
128#define RPC_C_CN_DBG_AUTH_VFY_SERVER_RESP       73      /* client */
129#define RPC_C_CN_DBG_AUTH_CONTEXT_VALID         74      /* client */
130#define RPC_C_CN_DBG_AUTH_CRED_REFRESH          75      /* client */
131
132/*
133 * NOTE: rpc_c_cn_large_frag_size must always be at least
134 * rpc_c_assoc_must_recv_frag_size as defined in cnassm.h. This is
135 * an architectural requirement which is checked in cnfbuf.h.
136 */
137
138#define RPC_C_CN_LARGE_FRAG_SIZE        UINT16_MAX   /* BIND max xmit/recv field is UInt16 */
139#define RPC_C_CN_SMALL_FRAG_SIZE        256
140
141/*
142 * R P C _ C N _ A U T H _ I N F O _ T
143 */
144
145typedef struct rpc_cn_auth_info_s_t
146{
147    struct rpc_cn_auth_epv_s_t  *cn_epv;
148} rpc_cn_auth_info_t, *rpc_cn_auth_info_p_t;
149
150/*
151 * R P C _ C N _ S E C _ C O N T E X T _ T
152 */
153
154typedef enum {
155    RPC_C_SEC_STATE_INVALID     = 0,
156    RPC_C_SEC_STATE_INCOMPLETE  = 1,
157    RPC_C_SEC_STATE_COMPLETE    = 2
158} rpc_cn_sec_state_t;
159
160typedef struct rpc_cn_sec_context_s_t
161{
162    rpc_list_t           link;         /* MUST BE 1ST                    */
163    rpc_cn_sec_state_t   sec_state;
164    unsigned32           sec_status;
165    unsigned32           sec_key_id;
166    unsigned32           sec_last_call_id;
167    rpc_auth_info_t      *sec_info;
168    rpc_cn_auth_info_t   *sec_cn_info;
169} rpc_cn_sec_context_t, *rpc_cn_sec_context_p_t;
170
171/*
172 * R P C _ C N _ S E C _ A U T H _ B U F F E R _ I N F O _ T
173 *
174 * Used to piece together auth info from rpc_bind and alter_context PDU's
175 */
176typedef struct rpc_cn_sec_auth_buffer_info_s_t
177{
178    unsigned32           auth_buffer_len;   /* number of bytes       */
179    unsigned32           auth_buffer_max;   /* actual memory used    */
180    unsigned8            *auth_buffer;      /* reconstruction buffer */
181} rpc_cn_sec_auth_buffer_info_t, rpc_cn_sec_auth_buffer_info_p_t;
182
183/*
184 * R P C _ C N _ A S S O C _ S E C _ C O N T E X T _ T
185 */
186
187typedef struct rpc_cn_assoc_sec_context_s_t
188{
189    unsigned                            assoc_have_uuid_crc : 1;    /* server only */
190    unsigned32                          assoc_uuid_crc;
191    unsigned32                          assoc_next_snd_seq;
192    unsigned32                          assoc_next_rcv_seq;
193    rpc_cn_sec_context_t                *assoc_current_sec_context; /* server only */
194    sec_krb_message			krb_message;	/* for rpc__krb_cn_fmt_client_req */
195    rpc_cn_sec_auth_buffer_info_t       auth_buffer_info;
196    rpc_list_t                          context_list;   /* rpc_cn_sec_context_t */
197} rpc_cn_assoc_sec_context_t, *rpc_cn_assoc_sec_context_p_t;
198
199/*
200 * The CN specific authentication protocol EPV.
201 */
202typedef boolean32 (*rpc_cn_auth_context_valid_fn_t) (
203        rpc_cn_sec_context_p_t         /*  sec */,
204        unsigned32                   * /* st */
205    );
206
207typedef void (*rpc_cn_auth_create_info_fn_t) (
208       rpc_authn_level_t                /* authn_level */,
209       rpc_auth_info_p_t                * /* auth_info */,
210       unsigned32                       * /* st*/
211    );
212
213typedef boolean32 (*rpc_cn_auth_cred_changed_fn_t) (
214        rpc_cn_sec_context_p_t         /*  sec */,
215        unsigned32                     * /* st */
216    );
217
218/*
219 * This routine is not CN specific and could be moved into the
220 * protocol-independent auth interface.
221 */
222typedef void (*rpc_cn_auth_cred_refresh_fn_t) (
223        rpc_auth_info_p_t              /*  auth_info */,
224        unsigned32                      * /* st */
225    );
226
227typedef void (*rpc_cn_auth_fmt_client_req_fn_t) (
228        rpc_cn_assoc_sec_context_p_t      /* assoc_sec */,
229        rpc_cn_sec_context_p_t            /* sec */,
230        dce_pointer_t                         /* auth_value */,
231        unsigned32                      * /* auth_value_len */,
232        dce_pointer_t                       * /* last_auth_pos */,
233        unsigned32                      * /* auth_len_remain */,
234        unsigned32                        /* old_server */,
235        unsigned32                      * /* st */
236    );
237
238typedef void (*rpc_cn_auth_fmt_srvr_resp_fn_t) (
239        unsigned32                     /*  verify_st */,
240        rpc_cn_assoc_sec_context_p_t   /*  assoc_sec */,
241        rpc_cn_sec_context_p_t         /*  sec */,
242        dce_pointer_t                      /*  req_auth_value */,
243        unsigned32                     /*  req_auth_value_len */,
244        dce_pointer_t                      /*  auth_value */,
245        unsigned32                      * /* auth_value_len */
246    );
247
248typedef void (*rpc_cn_auth_free_prot_info_fn_t) (
249        rpc_auth_info_p_t              /*  info */,
250        rpc_cn_auth_info_p_t            * /* cn_info */
251    );
252
253typedef void (*rpc_cn_auth_get_prot_info_fn_t) (
254        rpc_auth_info_p_t              /*  info */,
255        rpc_cn_auth_info_p_t           * /* cn_info */,
256        unsigned32                      * /* st */
257    );
258
259typedef void (*rpc_cn_auth_pre_call_fn_t) (
260        rpc_cn_assoc_sec_context_p_t   /*  assoc_sec */,
261        rpc_cn_sec_context_p_t         /*  sec */,
262        dce_pointer_t                      /*  auth_value */,
263        unsigned32                     * /*  auth_value_len */,
264        unsigned32                      * /* st */
265    );
266
267typedef void (*rpc_cn_auth_pre_send_fn_t) (
268        rpc_cn_assoc_sec_context_p_t    /* assoc_sec */,
269        rpc_cn_sec_context_p_t          /* sec */,
270        rpc_socket_iovec_p_t            /* iov */,
271        unsigned32                      /* iovlen */,
272        rpc_socket_iovec_p_t            /* out_iov */,
273        unsigned32                      *st
274    );
275
276typedef void (*rpc_cn_auth_recv_check_fn_t) (
277        rpc_cn_assoc_sec_context_p_t    /* assoc_sec */,
278        rpc_cn_sec_context_p_t          /* sec */,
279        rpc_cn_common_hdr_p_t           /* pdu */,
280        unsigned32                      /* pdu_len */,
281        unsigned32                      /* cred_len */,
282        rpc_cn_auth_tlr_p_t             /* auth_tlr */,
283        boolean32                       /* unpack_ints */,
284        unsigned32                      * /* st */
285    );
286
287typedef void (*rpc_cn_auth_tlr_uuid_crc_fn_t) (
288        dce_pointer_t               /* auth_value */,
289        unsigned32              /* auth_value_len */,
290        unsigned32              * /* uuid_crc */
291    );
292
293typedef void (*rpc_cn_auth_tlr_unpack_fn_t) (
294        rpc_cn_packet_p_t       /* pkt_p */,
295        unsigned32              /* auth_value_len */,
296        unsigned8               * /* packed_drep */
297    );
298
299typedef boolean32 (*rpc_cn_auth_three_way_fn_t) (void);
300
301typedef void (*rpc_cn_auth_vfy_client_req_fn_t) (
302        rpc_cn_assoc_sec_context_p_t    /* assoc_sec */,
303        rpc_cn_sec_context_p_t          /* sec */,
304        dce_pointer_t                       /* auth_value */,
305        unsigned32                      /* auth_value_len */,
306	unsigned32		        /* old_client */,
307        unsigned32                      * /* st */
308    );
309
310typedef void (*rpc_cn_auth_vfy_srvr_resp_fn_t) (
311        rpc_cn_assoc_sec_context_p_t    /* assoc_sec */,
312        rpc_cn_sec_context_p_t          /* sec */,
313        dce_pointer_t                       /* auth_value */,
314        unsigned32                      /* auth_value_len */,
315        unsigned32                      * /* st */
316    );
317
318typedef struct rpc_cn_auth_epv_s_t
319{
320    rpc_cn_auth_three_way_fn_t          three_way;
321    rpc_cn_auth_context_valid_fn_t      context_valid;
322    rpc_cn_auth_create_info_fn_t        create_info;
323    rpc_cn_auth_cred_changed_fn_t       cred_changed;
324    rpc_cn_auth_cred_refresh_fn_t       cred_refresh;
325    rpc_cn_auth_fmt_client_req_fn_t     fmt_client_req;
326    rpc_cn_auth_fmt_srvr_resp_fn_t      fmt_srvr_resp;
327    rpc_cn_auth_free_prot_info_fn_t     free_prot_info;
328    rpc_cn_auth_get_prot_info_fn_t      get_prot_info;
329    rpc_cn_auth_pre_call_fn_t           pre_call;
330    rpc_cn_auth_pre_send_fn_t           pre_send;
331    rpc_cn_auth_recv_check_fn_t         recv_check;
332    rpc_cn_auth_tlr_uuid_crc_fn_t       tlr_uuid_crc;
333    rpc_cn_auth_tlr_unpack_fn_t         tlr_unpack;
334    rpc_cn_auth_vfy_client_req_fn_t     vfy_client_req;
335    rpc_cn_auth_vfy_srvr_resp_fn_t      vfy_srvr_resp;
336} rpc_cn_auth_epv_t , *rpc_cn_auth_epv_p_t;
337
338PRIVATE unsigned32      rpc__cn_crc_compute (
339        unsigned8       * /* block */,
340        unsigned32      /* block_len */
341    );
342#endif /* _CN_H */
343