rozhuk.im
/
freebsd


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
							/*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) 2020 Rick Macklem
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * $FreeBSD$
 */

#ifndef	_RPC_RPCSEC_TLS_H_
#define	_RPC_RPCSEC_TLS_H_

/* Operation values for rpctls syscall. */
#define	RPCTLS_SYSC_CLSETPATH	1
#define	RPCTLS_SYSC_CLSOCKET	2
#define	RPCTLS_SYSC_CLSHUTDOWN	3
#define	RPCTLS_SYSC_SRVSETPATH	4
#define	RPCTLS_SYSC_SRVSOCKET	5
#define	RPCTLS_SYSC_SRVSHUTDOWN	6

/* System call used by the rpctlscd, rpctlssd daemons. */
int	rpctls_syscall(int, const char *);

/* Flag bits to indicate certificate results. */
#define	RPCTLS_FLAGS_HANDSHAKE	0x01
#define	RPCTLS_FLAGS_GOTCERT	0x02
#define	RPCTLS_FLAGS_SELFSIGNED	0x04
#define	RPCTLS_FLAGS_VERIFIED	0x08
#define	RPCTLS_FLAGS_DISABLED	0x10
#define	RPCTLS_FLAGS_CERTUSER	0x20
#define	RPCTLS_FLAGS_HANDSHFAIL	0x40

/* Error return values for upcall rpcs. */
#define	RPCTLSERR_OK		0
#define	RPCTLSERR_NOCLOSE	1
#define	RPCTLSERR_NOSSL		2
#define	RPCTLSERR_NOSOCKET	3

#ifdef _KERNEL
/* Functions that perform upcalls to the rpctlsd daemon. */
enum clnt_stat	rpctls_connect(CLIENT *newclient, char *certname,
		    struct socket *so, uint64_t *sslp, uint32_t *reterr);
enum clnt_stat	rpctls_cl_handlerecord(uint64_t sec, uint64_t usec,
		    uint64_t ssl, uint32_t *reterr);
enum clnt_stat	rpctls_srv_handlerecord(uint64_t sec, uint64_t usec,
		    uint64_t ssl, uint32_t *reterr);
enum clnt_stat	rpctls_cl_disconnect(uint64_t sec, uint64_t usec,
		    uint64_t ssl, uint32_t *reterr);
enum clnt_stat	rpctls_srv_disconnect(uint64_t sec, uint64_t usec,
		    uint64_t ssl, uint32_t *reterr);

/* Initialization function for rpcsec_tls. */
int		rpctls_init(void);

/* Get TLS information function. */
bool		rpctls_getinfo(u_int *maxlen, bool rpctlscd_run,
		    bool rpctlssd_run);

/* String for AUTH_TLS reply verifier. */
#define	RPCTLS_START_STRING	"STARTTLS"

/* ssl refno value to indicate TLS handshake being done. */
#define	RPCTLS_REFNO_HANDSHAKE	0xFFFFFFFFFFFFFFFFULL

#endif	/* _KERNEL */

#endif	/* _RPC_RPCSEC_TLS_H_ */