Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/heimdal/appl/gssmask/protocol.h
34889 views
1
/*

2
 * Copyright (c) 2006 Kungliga Tekniska Högskolan

3
 * (Royal Institute of Technology, Stockholm, Sweden).

4
 * All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 *

13
 * 2. Redistributions in binary form must reproduce the above copyright

14
 *    notice, this list of conditions and the following disclaimer in the

15
 *    documentation and/or other materials provided with the distribution.

16
 *

17
 * 3. Neither the name of KTH nor the names of its contributors may be

18
 *    used to endorse or promote products derived from this software without

19
 *    specific prior written permission.

20
 *

21
 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY

22
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

24
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE

25
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

26
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

27
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

28
 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

29
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

30
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

31
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

32
 */

33


34
/*

35
 * $Id$

36
 */

37


38
/* missing from tests:

39
 * - export context

40
 * - import context

41
 */

42


43
/*

44
 * wire encodings:

45
 *   int16: number, 2 bytes, in network order

46
 *   int32: number, 4 bytes, in network order

47
 *   length-encoded: [int32 length, data of length bytes]

48
 *   string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]

49
 */

50


51
enum gssMaggotErrorCodes {

52
    GSMERR_OK		= 0,

53
    GSMERR_ERROR,

54
    GSMERR_CONTINUE_NEEDED,

55
    GSMERR_INVALID_TOKEN,

56
    GSMERR_AP_MODIFIED,

57
    GSMERR_TEST_ISSUE,

58
    GSMERR_NOT_SUPPORTED

59
};

60


61
/*

62
 * input:

63
 *   int32: message OP (enum gssMaggotProtocol)

64
 *   ...

65
 *

66
 * return:   -- on error

67
 *    int32: not support (GSMERR_NOT_SUPPORTED)

68
 *

69
 * return:   -- on existing message OP

70
 *    int32: support (GSMERR_OK) -- only sent for extensions

71
 *    ...

72
 */

73


74
#define GSSMAGGOTPROTOCOL 14

75


76
enum gssMaggotOp {

77
    eGetVersionInfo	= 0,

78
    /*

79
     * input:

80
     *   none

81
     * return:

82
     *   int32: last version handled

83
     */

84
    eGoodBye,

85
    /*

86
     * input:

87
     *   none

88
     * return:

89
     *   close socket

90
     */

91
    eInitContext,

92
    /*

93
     * input:

94
     *   int32: hContext

95
     *   int32: hCred

96
     *   int32: Flags

97
     *      the lowest 0x7f flags maps directly to GSS-API flags

98
     *      DELEGATE		0x001

99
     *      MUTUAL_AUTH		0x002

100
     *      REPLAY_DETECT	0x004

101
     *      SEQUENCE_DETECT	0x008

102
     *      CONFIDENTIALITY	0x010

103
     *      INTEGRITY		0x020

104
     *      ANONYMOUS		0x040

105
     *

106
     *      FIRST_CALL		0x080

107
     *

108
     *      NTLM		0x100

109
     *      SPNEGO		0x200

110
     *   length-encoded: targetname

111
     *   length-encoded: token

112
     * return:

113
     *   int32: hNewContextId

114
     *   int32: gssapi status val

115
     *   length-encoded: output token

116
     */

117
    eAcceptContext,

118
    /*

119
     * input:

120
     *   int32: hContext

121
     *   int32: Flags		-- unused ?

122
     *      flags are same as flags for eInitContext

123
     *   length-encoded: token

124
     * return:

125
     *   int32: hNewContextId

126
     *   int32: gssapi status val

127
     *   length-encoded: output token

128
     *   int32: delegation cred id

129
     */

130
    eToastResource,

131
    /*

132
     * input:

133
     *   int32: hResource

134
     * return:

135
     *   int32: gsm status val

136
     */

137
    eAcquireCreds,

138
    /*

139
     * input:

140
     *   string: principal name

141
     *   string: password

142
     *   int32: flags

143
     *      FORWARDABLE		0x001

144
     *      DEFAULT_CREDS	0x002

145
     *

146
     *      NTLM		0x100

147
     *      SPNEGO		0x200

148
     * return:

149
     *   int32: gsm status val

150
     *   int32: hCred

151
     */

152
    eEncrypt,

153
    /*

154
     * input:

155
     *   int32: hContext

156
     *   int32: flags

157
     *   int32: seqno		-- unused

158
     *   length-encode: plaintext

159
     * return:

160
     *   int32: gsm status val

161
     *   length-encode: ciphertext

162
     */

163
    eDecrypt,

164
    /*

165
     * input:

166
     *   int32: hContext

167
     *   int32: flags

168
     *   int32: seqno		-- unused

169
     *   length-encode: ciphertext

170
     * return:

171
     *   int32: gsm status val

172
     *   length-encode: plaintext

173
     */

174
    eSign,

175
    /* message same as eEncrypt */

176
    eVerify,

177
    /*

178
     * input:

179
     *   int32: hContext

180
     *   int32: flags

181
     *   int32: seqno		-- unused

182
     *   length-encode: message

183
     *   length-encode: signature

184
     * return:

185
     *   int32: gsm status val

186
     */

187
    eGetVersionAndCapabilities,

188
    /*

189
     * return:

190
     *   int32: protocol version

191
     *   int32: capability flags */

192
#define      ISSERVER		0x01

193
#define      ISKDC		0x02

194
#define      MS_KERBEROS	0x04

195
#define      LOGSERVER		0x08

196
#define      HAS_MONIKER	0x10

197
    /*   string: version string

198
     */

199
    eGetTargetName,

200
    /*

201
     * return:

202
     *   string: target principal name

203
     */

204
    eSetLoggingSocket,

205
    /*

206
     * input:

207
     *   int32: hostPort

208
     * return to the port on the host:

209
     *   int32: opcode - for example eLogSetMoniker

210
     */

211
    eChangePassword,

212
    /* here ended version 7 of the protocol */

213
    /*

214
     * input:

215
     *   string: principal name

216
     *   string: old password

217
     *   string: new password

218
     * return:

219
     *   int32: gsm status val

220
     */

221
    eSetPasswordSelf,

222
    /* same as eChangePassword */

223
    eWrap,

224
    /* message same as eEncrypt */

225
    eUnwrap,

226
    /* message same as eDecrypt */

227
    eConnectLoggingService2,

228
    /*

229
     * return1:

230
     *   int16: log port number

231
     *   int32: master log prototocol version (0)

232
     *

233
     * wait for master to connect on the master log socket

234
     *

235
     * return2:

236
     *   int32: gsm connection status

237
     *   int32: maggot log prototocol version (2)

238
     */

239
    eGetMoniker,

240
    /*

241
     * return:

242
     *   string: moniker (Nickname the master can refer to maggot)

243
     */

244
    eCallExtension,

245
    /*

246
     * input:

247
     *   string: extension name

248
     *   int32: message id

249
     * return:

250
     *   int32: gsm status val

251
     */

252
    eAcquirePKInitCreds,

253
    /*

254
     * input:

255
     *   int32: flags

256
     *   length-encode: certificate (pkcs12 data)

257
     * return:

258
     *   int32: hResource

259
     *   int32: gsm status val (GSMERR_NOT_SUPPORTED)

260
     */

261
    /* here ended version 7 of the protocol */

262
    eWrapExt,

263
    /*

264
     * input:

265
     *   int32: hContext

266
     *   int32: flags

267
     *   int32: bflags

268
     *   length-encode: protocol header

269
     *   length-encode: plaintext

270
     *   length-encode: protocol trailer

271
     * return:

272
     *   int32: gsm status val

273
     *   length-encode: ciphertext

274
     */

275
    eUnwrapExt,

276
    /*

277
     * input:

278
     *   int32: hContext

279
     *   int32: flags

280
     *   int32: bflags

281
     *   length-encode: protocol header

282
     *   length-encode: ciphertext

283
     *   length-encode: protocol trailer

284
     * return:

285
     *   int32: gsm status val

286
     *   length-encode: plaintext

287
     */

288
    /* here ended version 8 of the protocol */

289


290
    eLastProtocolMessage

291
};

292


293
/* bflags */

294
#define WRAP_EXP_ONLY_HEADER 1

295


296
enum gssMaggotLogOp{

297
  eLogInfo = 0,

298
	/*

299
	string: File

300
	int32: Line

301
	string: message

302
     reply:

303
  	int32: ackid

304
	*/

305
  eLogFailure,

306
	/*

307
	string: File

308
	int32: Line

309
	string: message

310
     reply:

311
  	int32: ackid

312
	*/

313
  eLogSetMoniker

314
	/*

315
	string: moniker

316
	*/

317
};

318


319