2 files changed, 144 insertions, 0 deletions

diff --git a/tirpc/rpc/rpcsec_gss.h b/tirpc/rpc/rpcsec_gss.h
new file mode 100644
index 0000000..217fc0d
--- /dev/null
+++ b/tirpc/rpc/rpcsec_gss.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2013, Oracle America, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * - Neither the name of "Oracle America, Inc." nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _TIRPC_RPCSEC_GSS_H
+#define _TIRPC_RPCSEC_GSS_H
+
+#include <sys/cdefs.h>
+#include <sys/types.h>
+
+#include <rpc/auth.h>
+#include <rpc/clnt.h>
+
+#include <gssapi/gssapi.h>
+
+typedef enum {
+	rpcsec_gss_svc_default	= 0,
+	rpcsec_gss_svc_none	= 1,
+	rpcsec_gss_svc_integrity = 2,
+	rpcsec_gss_svc_privacy	= 3
+} rpc_gss_service_t;
+
+typedef struct {
+	int			len;
+	char			name[1];
+} *rpc_gss_principal_t;
+
+typedef struct {
+	int			req_flags;
+	int			time_req;
+	gss_cred_id_t		my_cred;
+	gss_channel_bindings_t	input_channel_bindings;
+} rpc_gss_options_req_t;
+
+#define MAX_GSS_MECH		128
+typedef struct {
+	int			major_status;
+	int			minor_status;
+	u_int			rpcsec_version;
+	int			ret_flags;
+	int			time_ret;
+	gss_ctx_id_t		gss_context;
+	char			actual_mechanism[MAX_GSS_MECH];
+} rpc_gss_options_ret_t;
+
+typedef struct {
+	u_int			version;
+	char			*mechanism;
+	char			*qop;
+	rpc_gss_principal_t	client_principal;
+	char			*svc_principal;
+	rpc_gss_service_t	service;
+} rpc_gss_rawcred_t;
+
+typedef struct {
+	uid_t			uid;
+	gid_t			gid;
+	short			gidlen;
+	gid_t			*gidlist;
+} rpc_gss_ucred_t;
+
+typedef struct {
+	bool_t			locked;
+	rpc_gss_rawcred_t	*raw_cred;
+} rpc_gss_lock_t;
+
+typedef struct {
+	u_int			program;
+	u_int			version;
+	bool_t			(*callback)(struct svc_req *,
+					gss_cred_id_t, gss_ctx_id_t,
+					rpc_gss_lock_t *, void **);
+} rpc_gss_callback_t;
+
+typedef struct {
+	int			rpc_gss_error;
+	int			system_error;
+} rpc_gss_error_t;
+#define RPC_GSS_ER_SUCCESS	0
+#define RPC_GSS_ER_SYSTEMERROR	1
+
+typedef gss_OID_desc rpc_gss_OID_desc;
+typedef rpc_gss_OID_desc *rpc_gss_OID;
+
+
+__BEGIN_DECLS
+AUTH	*rpc_gss_seccreate(CLIENT *, char *, char *, rpc_gss_service_t,
+				char *, rpc_gss_options_req_t *,
+				rpc_gss_options_ret_t *);
+bool_t	rpc_gss_set_defaults(AUTH *, rpc_gss_service_t, char *);
+int	rpc_gss_max_data_length(AUTH *, int);
+int	rpc_gss_svc_max_data_length(struct svc_req *, int);
+bool_t	rpc_gss_set_svc_name(char *, char *, u_int, u_int, u_int);
+bool_t	rpc_gss_getcred(struct svc_req *, rpc_gss_rawcred_t **,
+				rpc_gss_ucred_t **, void **);
+bool_t	rpc_gss_set_callback(rpc_gss_callback_t *);
+bool_t	rpc_gss_get_principal_name(rpc_gss_principal_t *, char *,
+				char *, char *, char *);
+void	rpc_gss_get_error(rpc_gss_error_t *);
+char	**rpc_gss_get_mechanisms(void);
+char	**rpc_gss_get_mech_info(char *, rpc_gss_service_t *);
+bool_t	rpc_gss_get_versions(u_int *, u_int *);
+bool_t	rpc_gss_is_installed(char *);
+bool_t	rpc_gss_mech_to_oid(char *, rpc_gss_OID *);
+bool_t	rpc_gss_qop_to_num(char *, char *, u_int *);
+__END_DECLS
+
+#endif	/* !_TIRPC_RPCSEC_GSS_H */
diff --git a/tirpc/rpc/svc_auth.h b/tirpc/rpc/svc_auth.h
index 67608d0..44b38bf 100644
--- a/tirpc/rpc/svc_auth.h
+++ b/tirpc/rpc/svc_auth.h
@@ -41,6 +41,16 @@
 #ifndef _RPC_SVC_AUTH_H
 #define _RPC_SVC_AUTH_H
 
+#include <rpc/rpcsec_gss.h>
+
+typedef struct {
+	bool_t			established;
+	rpc_gss_service_t	service;
+	u_int			qop_rcvd;
+	void			*context;
+	u_int			seq_num;
+} svc_rpc_gss_parms_t;
+
 /*
  * Interface to server-side authentication flavors.
  */
@@ -53,6 +63,8 @@ typedef struct SVCAUTH {
 		int     (*svc_ah_destroy)(struct SVCAUTH *);
 		} *svc_ah_ops;
 	caddr_t svc_ah_private;
+	svc_rpc_gss_parms_t svc_gss_params;
+	rpc_gss_rawcred_t raw_cred;
 } SVCAUTH;
 
 #define SVCAUTH_WRAP(auth, xdrs, xfunc, xwhere) \