1/* 2 * Copyright (c) 2010 Apple Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of Apple Inc. ("Apple") nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY 20 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 26 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 * 30 * Portions of this software have been released under the following terms: 31 * 32 * (c) Copyright 1989-1993 OPEN SOFTWARE FOUNDATION, INC. 33 * (c) Copyright 1989-1993 HEWLETT-PACKARD COMPANY 34 * (c) Copyright 1989-1993 DIGITAL EQUIPMENT CORPORATION 35 * 36 * To anyone who acknowledges that this file is provided "AS IS" 37 * without any express or implied warranty: 38 * permission to use, copy, modify, and distribute this file for any 39 * purpose is hereby granted without fee, provided that the above 40 * copyright notices and this notice appears in all source code copies, 41 * and that none of the names of Open Software Foundation, Inc., Hewlett- 42 * Packard Company or Digital Equipment Corporation be used 43 * in advertising or publicity pertaining to distribution of the software 44 * without specific, written prior permission. Neither Open Software 45 * Foundation, Inc., Hewlett-Packard Company nor Digital 46 * Equipment Corporation makes any representations about the suitability 47 * of this software for any purpose. 48 * 49 * Copyright (c) 2007, Novell, Inc. All rights reserved. 50 * Redistribution and use in source and binary forms, with or without 51 * modification, are permitted provided that the following conditions 52 * are met: 53 * 54 * 1. Redistributions of source code must retain the above copyright 55 * notice, this list of conditions and the following disclaimer. 56 * 2. Redistributions in binary form must reproduce the above copyright 57 * notice, this list of conditions and the following disclaimer in the 58 * documentation and/or other materials provided with the distribution. 59 * 3. Neither the name of Novell Inc. nor the names of its contributors 60 * may be used to endorse or promote products derived from this 61 * this software without specific prior written permission. 62 * 63 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 64 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 65 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 66 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY 67 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 68 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 69 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 70 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 71 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 72 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 73 * 74 * @APPLE_LICENSE_HEADER_END@ 75 */ 76 77/* 78** 79** NAME 80** 81** cn.h 82** 83** FACILITY: 84** 85** Remote Procedure Call (RPC) 86** 87** ABSTRACT: 88** 89** Definitions of types/constants external to NCA Connection RPC 90** Protocol Service for use by other runtime components. 91** 92** 93*/ 94 95#ifndef _CN_H 96#define _CN_H 1 97 98#include <cnpkt.h> 99#include <dce/sec_authn.h> 100 101/* 102 * rpc_e_dbg_auth debug switch levels 103 */ 104 105#define RPC_C_CN_DBG_AUTH_ROUTINE_TRACE 20 106#define RPC_C_CN_DBG_AUTH_PKT 7 107#define RPC_C_CN_DBG_AUTH_REFRESH 5 108#define RPC_C_CN_DBG_AUTH_BIG_PAC 3 109#define RPC_C_CN_DBG_AUTH_GENERAL 1 110 111/* 112 * rpc_e_dbg_cn_errors debug switch levels 113 * 114 * Switches to set to generate errors and a status code used only 115 * when one of the error debug levels are set. 116 */ 117 118#define RPC_S_CN_DBG_AUTH_FAILURE 0xdeadbeefU 119#define RPC_C_CN_DBG_AUTH_CREATE_INFO 64 /* server */ 120#define RPC_C_CN_DBG_AUTH_CRED_CHANGED 65 /* client */ 121#define RPC_C_CN_DBG_AUTH_FMT_CLIENT_REQ 66 /* client */ 122#define RPC_C_CN_DBG_AUTH_FMT_SERVER_RESP 67 /* server */ 123#define RPC_C_CN_DBG_AUTH_GET_PROT_INFO 68 /* client & server */ 124#define RPC_C_CN_DBG_AUTH_PRE_CALL 69 /* client & server */ 125#define RPC_C_CN_DBG_AUTH_PRE_SEND 70 /* client & server */ 126#define RPC_C_CN_DBG_AUTH_RECV_CHECK 71 /* client & server */ 127#define RPC_C_CN_DBG_AUTH_VFY_CLIENT_REQ 72 /* server */ 128#define RPC_C_CN_DBG_AUTH_VFY_SERVER_RESP 73 /* client */ 129#define RPC_C_CN_DBG_AUTH_CONTEXT_VALID 74 /* client */ 130#define RPC_C_CN_DBG_AUTH_CRED_REFRESH 75 /* client */ 131 132/* 133 * NOTE: rpc_c_cn_large_frag_size must always be at least 134 * rpc_c_assoc_must_recv_frag_size as defined in cnassm.h. This is 135 * an architectural requirement which is checked in cnfbuf.h. 136 */ 137 138#define RPC_C_CN_LARGE_FRAG_SIZE UINT16_MAX /* BIND max xmit/recv field is UInt16 */ 139#define RPC_C_CN_SMALL_FRAG_SIZE 256 140 141/* 142 * R P C _ C N _ A U T H _ I N F O _ T 143 */ 144 145typedef struct rpc_cn_auth_info_s_t 146{ 147 struct rpc_cn_auth_epv_s_t *cn_epv; 148} rpc_cn_auth_info_t, *rpc_cn_auth_info_p_t; 149 150/* 151 * R P C _ C N _ S E C _ C O N T E X T _ T 152 */ 153 154typedef enum { 155 RPC_C_SEC_STATE_INVALID = 0, 156 RPC_C_SEC_STATE_INCOMPLETE = 1, 157 RPC_C_SEC_STATE_COMPLETE = 2 158} rpc_cn_sec_state_t; 159 160typedef struct rpc_cn_sec_context_s_t 161{ 162 rpc_list_t link; /* MUST BE 1ST */ 163 rpc_cn_sec_state_t sec_state; 164 unsigned32 sec_status; 165 unsigned32 sec_key_id; 166 unsigned32 sec_last_call_id; 167 rpc_auth_info_t *sec_info; 168 rpc_cn_auth_info_t *sec_cn_info; 169} rpc_cn_sec_context_t, *rpc_cn_sec_context_p_t; 170 171/* 172 * R P C _ C N _ S E C _ A U T H _ B U F F E R _ I N F O _ T 173 * 174 * Used to piece together auth info from rpc_bind and alter_context PDU's 175 */ 176typedef struct rpc_cn_sec_auth_buffer_info_s_t 177{ 178 unsigned32 auth_buffer_len; /* number of bytes */ 179 unsigned32 auth_buffer_max; /* actual memory used */ 180 unsigned8 *auth_buffer; /* reconstruction buffer */ 181} rpc_cn_sec_auth_buffer_info_t, rpc_cn_sec_auth_buffer_info_p_t; 182 183/* 184 * R P C _ C N _ A S S O C _ S E C _ C O N T E X T _ T 185 */ 186 187typedef struct rpc_cn_assoc_sec_context_s_t 188{ 189 unsigned assoc_have_uuid_crc : 1; /* server only */ 190 unsigned32 assoc_uuid_crc; 191 unsigned32 assoc_next_snd_seq; 192 unsigned32 assoc_next_rcv_seq; 193 rpc_cn_sec_context_t *assoc_current_sec_context; /* server only */ 194 sec_krb_message krb_message; /* for rpc__krb_cn_fmt_client_req */ 195 rpc_cn_sec_auth_buffer_info_t auth_buffer_info; 196 rpc_list_t context_list; /* rpc_cn_sec_context_t */ 197} rpc_cn_assoc_sec_context_t, *rpc_cn_assoc_sec_context_p_t; 198 199/* 200 * The CN specific authentication protocol EPV. 201 */ 202typedef boolean32 (*rpc_cn_auth_context_valid_fn_t) ( 203 rpc_cn_sec_context_p_t /* sec */, 204 unsigned32 * /* st */ 205 ); 206 207typedef void (*rpc_cn_auth_create_info_fn_t) ( 208 rpc_authn_level_t /* authn_level */, 209 rpc_auth_info_p_t * /* auth_info */, 210 unsigned32 * /* st*/ 211 ); 212 213typedef boolean32 (*rpc_cn_auth_cred_changed_fn_t) ( 214 rpc_cn_sec_context_p_t /* sec */, 215 unsigned32 * /* st */ 216 ); 217 218/* 219 * This routine is not CN specific and could be moved into the 220 * protocol-independent auth interface. 221 */ 222typedef void (*rpc_cn_auth_cred_refresh_fn_t) ( 223 rpc_auth_info_p_t /* auth_info */, 224 unsigned32 * /* st */ 225 ); 226 227typedef void (*rpc_cn_auth_fmt_client_req_fn_t) ( 228 rpc_cn_assoc_sec_context_p_t /* assoc_sec */, 229 rpc_cn_sec_context_p_t /* sec */, 230 dce_pointer_t /* auth_value */, 231 unsigned32 * /* auth_value_len */, 232 dce_pointer_t * /* last_auth_pos */, 233 unsigned32 * /* auth_len_remain */, 234 unsigned32 /* old_server */, 235 unsigned32 * /* st */ 236 ); 237 238typedef void (*rpc_cn_auth_fmt_srvr_resp_fn_t) ( 239 unsigned32 /* verify_st */, 240 rpc_cn_assoc_sec_context_p_t /* assoc_sec */, 241 rpc_cn_sec_context_p_t /* sec */, 242 dce_pointer_t /* req_auth_value */, 243 unsigned32 /* req_auth_value_len */, 244 dce_pointer_t /* auth_value */, 245 unsigned32 * /* auth_value_len */ 246 ); 247 248typedef void (*rpc_cn_auth_free_prot_info_fn_t) ( 249 rpc_auth_info_p_t /* info */, 250 rpc_cn_auth_info_p_t * /* cn_info */ 251 ); 252 253typedef void (*rpc_cn_auth_get_prot_info_fn_t) ( 254 rpc_auth_info_p_t /* info */, 255 rpc_cn_auth_info_p_t * /* cn_info */, 256 unsigned32 * /* st */ 257 ); 258 259typedef void (*rpc_cn_auth_pre_call_fn_t) ( 260 rpc_cn_assoc_sec_context_p_t /* assoc_sec */, 261 rpc_cn_sec_context_p_t /* sec */, 262 dce_pointer_t /* auth_value */, 263 unsigned32 * /* auth_value_len */, 264 unsigned32 * /* st */ 265 ); 266 267typedef void (*rpc_cn_auth_pre_send_fn_t) ( 268 rpc_cn_assoc_sec_context_p_t /* assoc_sec */, 269 rpc_cn_sec_context_p_t /* sec */, 270 rpc_socket_iovec_p_t /* iov */, 271 unsigned32 /* iovlen */, 272 rpc_socket_iovec_p_t /* out_iov */, 273 unsigned32 *st 274 ); 275 276typedef void (*rpc_cn_auth_recv_check_fn_t) ( 277 rpc_cn_assoc_sec_context_p_t /* assoc_sec */, 278 rpc_cn_sec_context_p_t /* sec */, 279 rpc_cn_common_hdr_p_t /* pdu */, 280 unsigned32 /* pdu_len */, 281 unsigned32 /* cred_len */, 282 rpc_cn_auth_tlr_p_t /* auth_tlr */, 283 boolean32 /* unpack_ints */, 284 unsigned32 * /* st */ 285 ); 286 287typedef void (*rpc_cn_auth_tlr_uuid_crc_fn_t) ( 288 dce_pointer_t /* auth_value */, 289 unsigned32 /* auth_value_len */, 290 unsigned32 * /* uuid_crc */ 291 ); 292 293typedef void (*rpc_cn_auth_tlr_unpack_fn_t) ( 294 rpc_cn_packet_p_t /* pkt_p */, 295 unsigned32 /* auth_value_len */, 296 unsigned8 * /* packed_drep */ 297 ); 298 299typedef boolean32 (*rpc_cn_auth_three_way_fn_t) (void); 300 301typedef void (*rpc_cn_auth_vfy_client_req_fn_t) ( 302 rpc_cn_assoc_sec_context_p_t /* assoc_sec */, 303 rpc_cn_sec_context_p_t /* sec */, 304 dce_pointer_t /* auth_value */, 305 unsigned32 /* auth_value_len */, 306 unsigned32 /* old_client */, 307 unsigned32 * /* st */ 308 ); 309 310typedef void (*rpc_cn_auth_vfy_srvr_resp_fn_t) ( 311 rpc_cn_assoc_sec_context_p_t /* assoc_sec */, 312 rpc_cn_sec_context_p_t /* sec */, 313 dce_pointer_t /* auth_value */, 314 unsigned32 /* auth_value_len */, 315 unsigned32 * /* st */ 316 ); 317 318typedef struct rpc_cn_auth_epv_s_t 319{ 320 rpc_cn_auth_three_way_fn_t three_way; 321 rpc_cn_auth_context_valid_fn_t context_valid; 322 rpc_cn_auth_create_info_fn_t create_info; 323 rpc_cn_auth_cred_changed_fn_t cred_changed; 324 rpc_cn_auth_cred_refresh_fn_t cred_refresh; 325 rpc_cn_auth_fmt_client_req_fn_t fmt_client_req; 326 rpc_cn_auth_fmt_srvr_resp_fn_t fmt_srvr_resp; 327 rpc_cn_auth_free_prot_info_fn_t free_prot_info; 328 rpc_cn_auth_get_prot_info_fn_t get_prot_info; 329 rpc_cn_auth_pre_call_fn_t pre_call; 330 rpc_cn_auth_pre_send_fn_t pre_send; 331 rpc_cn_auth_recv_check_fn_t recv_check; 332 rpc_cn_auth_tlr_uuid_crc_fn_t tlr_uuid_crc; 333 rpc_cn_auth_tlr_unpack_fn_t tlr_unpack; 334 rpc_cn_auth_vfy_client_req_fn_t vfy_client_req; 335 rpc_cn_auth_vfy_srvr_resp_fn_t vfy_srvr_resp; 336} rpc_cn_auth_epv_t , *rpc_cn_auth_epv_p_t; 337 338PRIVATE unsigned32 rpc__cn_crc_compute ( 339 unsigned8 * /* block */, 340 unsigned32 /* block_len */ 341 ); 342#endif /* _CN_H */ 343