Add header definitions for rpc_gss_*() APIs

This patch describes the API defined in Solaris and FreeBSD to
provide RPCSEC GSS support for user space TI-RPC consumers.

The header file is based on the API provided in Solaris, but was
written from scratch. The man page was written by Doug Rabson
for the FreeBSD implementation of this API, and updated by me
where needed.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

2 files changed, 144 insertions, 0 deletions

diff --git a/tirpc/rpc/rpcsec_gss.h b/tirpc/rpc/rpcsec_gss.h
new file mode 100644
index 0000000..217fc0d
--- /dev/null
+++ b/tirpc/rpc/rpcsec_gss.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2013, Oracle America, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * - Neither the name of "Oracle America, Inc." nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _TIRPC_RPCSEC_GSS_H
+#define _TIRPC_RPCSEC_GSS_H
+
+#include <sys/cdefs.h>
+#include <sys/types.h>
+
+#include <rpc/auth.h>
+#include <rpc/clnt.h>
+
+#include <gssapi/gssapi.h>
+
+typedef enum {
+	rpcsec_gss_svc_default	= 0,
+	rpcsec_gss_svc_none	= 1,
+	rpcsec_gss_svc_integrity = 2,
+	rpcsec_gss_svc_privacy	= 3
+} rpc_gss_service_t;
+
+typedef struct {
+	int			len;
+	char			name[1];
+} *rpc_gss_principal_t;
+
+typedef struct {
+	int			req_flags;
+	int			time_req;
+	gss_cred_id_t		my_cred;
+	gss_channel_bindings_t	input_channel_bindings;
+} rpc_gss_options_req_t;
+
+#define MAX_GSS_MECH		128
+typedef struct {
+	int			major_status;
+	int			minor_status;
+	u_int			rpcsec_version;
+	int			ret_flags;
+	int			time_ret;
+	gss_ctx_id_t		gss_context;
+	char			actual_mechanism[MAX_GSS_MECH];
+} rpc_gss_options_ret_t;
+
+typedef struct {
+	u_int			version;
+	char			*mechanism;
+	char			*qop;
+	rpc_gss_principal_t	client_principal;
+	char			*svc_principal;
+	rpc_gss_service_t	service;
+} rpc_gss_rawcred_t;
+
+typedef struct {
+	uid_t			uid;
+	gid_t			gid;
+	short			gidlen;
+	gid_t			*gidlist;
+} rpc_gss_ucred_t;
+
+typedef struct {
+	bool_t			locked;
+	rpc_gss_rawcred_t	*raw_cred;
+} rpc_gss_lock_t;
+
+typedef struct {
+	u_int			program;
+	u_int			version;
+	bool_t			(*callback)(struct svc_req *,
+					gss_cred_id_t, gss_ctx_id_t,
+					rpc_gss_lock_t *, void **);
+} rpc_gss_callback_t;
+
+typedef struct {
+	int			rpc_gss_error;
+	int			system_error;
+} rpc_gss_error_t;
+#define RPC_GSS_ER_SUCCESS	0
+#define RPC_GSS_ER_SYSTEMERROR	1
+
+typedef gss_OID_desc rpc_gss_OID_desc;
+typedef rpc_gss_OID_desc *rpc_gss_OID;
+
+
+__BEGIN_DECLS
+AUTH	*rpc_gss_seccreate(CLIENT *, char *, char *, rpc_gss_service_t,
+				char *, rpc_gss_options_req_t *,
+				rpc_gss_options_ret_t *);
+bool_t	rpc_gss_set_defaults(AUTH *, rpc_gss_service_t, char *);
+int	rpc_gss_max_data_length(AUTH *, int);
+int	rpc_gss_svc_max_data_length(struct svc_req *, int);
+bool_t	rpc_gss_set_svc_name(char *, char *, u_int, u_int, u_int);
+bool_t	rpc_gss_getcred(struct svc_req *, rpc_gss_rawcred_t **,
+				rpc_gss_ucred_t **, void **);
+bool_t	rpc_gss_set_callback(rpc_gss_callback_t *);
+bool_t	rpc_gss_get_principal_name(rpc_gss_principal_t *, char *,
+				char *, char *, char *);
+void	rpc_gss_get_error(rpc_gss_error_t *);
+char	**rpc_gss_get_mechanisms(void);
+char	**rpc_gss_get_mech_info(char *, rpc_gss_service_t *);
+bool_t	rpc_gss_get_versions(u_int *, u_int *);
+bool_t	rpc_gss_is_installed(char *);
+bool_t	rpc_gss_mech_to_oid(char *, rpc_gss_OID *);
+bool_t	rpc_gss_qop_to_num(char *, char *, u_int *);
+__END_DECLS
+
+#endif	/* !_TIRPC_RPCSEC_GSS_H */
diff --git a/tirpc/rpc/svc_auth.h b/tirpc/rpc/svc_auth.h
index 67608d0..44b38bf 100644
--- a/tirpc/rpc/svc_auth.h
+++ b/tirpc/rpc/svc_auth.h
@@ -41,6 +41,16 @@
 #ifndef _RPC_SVC_AUTH_H
 #define _RPC_SVC_AUTH_H
 
+#include <rpc/rpcsec_gss.h>
+
+typedef struct {
+	bool_t			established;
+	rpc_gss_service_t	service;
+	u_int			qop_rcvd;
+	void			*context;
+	u_int			seq_num;
+} svc_rpc_gss_parms_t;
+
 /*
  * Interface to server-side authentication flavors.
  */
@@ -53,6 +63,8 @@ typedef struct SVCAUTH {
 		int     (*svc_ah_destroy)(struct SVCAUTH *);
 		} *svc_ah_ops;
 	caddr_t svc_ah_private;
+	svc_rpc_gss_parms_t svc_gss_params;
+	rpc_gss_rawcred_t raw_cred;
 } SVCAUTH;
 
 #define SVCAUTH_WRAP(auth, xdrs, xfunc, xwhere) \