1c19cba61SRick Macklem /*- 24d846d26SWarner Losh * SPDX-License-Identifier: BSD-2-Clause 3c19cba61SRick Macklem * 4c19cba61SRick Macklem * Copyright (c) 2020 Rick Macklem 5c19cba61SRick Macklem * 6c19cba61SRick Macklem * Redistribution and use in source and binary forms, with or without 7c19cba61SRick Macklem * modification, are permitted provided that the following conditions 8c19cba61SRick Macklem * are met: 9c19cba61SRick Macklem * 1. Redistributions of source code must retain the above copyright 10c19cba61SRick Macklem * notice, this list of conditions and the following disclaimer. 11c19cba61SRick Macklem * 2. Redistributions in binary form must reproduce the above copyright 12c19cba61SRick Macklem * notice, this list of conditions and the following disclaimer in the 13c19cba61SRick Macklem * documentation and/or other materials provided with the distribution. 14c19cba61SRick Macklem * 15c19cba61SRick Macklem * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16c19cba61SRick Macklem * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17c19cba61SRick Macklem * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18c19cba61SRick Macklem * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19c19cba61SRick Macklem * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20c19cba61SRick Macklem * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21c19cba61SRick Macklem * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22c19cba61SRick Macklem * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23c19cba61SRick Macklem * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24c19cba61SRick Macklem * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25c19cba61SRick Macklem * SUCH DAMAGE. 26c19cba61SRick Macklem */ 27c19cba61SRick Macklem 28c19cba61SRick Macklem #ifndef _RPC_RPCSEC_TLS_H_ 29c19cba61SRick Macklem #define _RPC_RPCSEC_TLS_H_ 30c19cba61SRick Macklem 31c19cba61SRick Macklem /* Operation values for rpctls syscall. */ 32c19cba61SRick Macklem #define RPCTLS_SYSC_CLSETPATH 1 33c19cba61SRick Macklem #define RPCTLS_SYSC_CLSOCKET 2 34c19cba61SRick Macklem #define RPCTLS_SYSC_CLSHUTDOWN 3 35c19cba61SRick Macklem #define RPCTLS_SYSC_SRVSETPATH 4 36c19cba61SRick Macklem #define RPCTLS_SYSC_SRVSOCKET 5 37c19cba61SRick Macklem #define RPCTLS_SYSC_SRVSHUTDOWN 6 38564ed8e8SRick Macklem #define RPCTLS_SYSC_SRVSTARTUP 7 39564ed8e8SRick Macklem 40564ed8e8SRick Macklem /* Max nprocs for SRV startup */ 41564ed8e8SRick Macklem #define RPCTLS_SRV_MAXNPROCS 16 42c19cba61SRick Macklem 43c19cba61SRick Macklem /* System call used by the rpctlscd, rpctlssd daemons. */ 44c19cba61SRick Macklem int rpctls_syscall(int, const char *); 45c19cba61SRick Macklem 46c19cba61SRick Macklem /* Flag bits to indicate certificate results. */ 47c19cba61SRick Macklem #define RPCTLS_FLAGS_HANDSHAKE 0x01 48c19cba61SRick Macklem #define RPCTLS_FLAGS_GOTCERT 0x02 49c19cba61SRick Macklem #define RPCTLS_FLAGS_SELFSIGNED 0x04 50c19cba61SRick Macklem #define RPCTLS_FLAGS_VERIFIED 0x08 51c19cba61SRick Macklem #define RPCTLS_FLAGS_DISABLED 0x10 52c19cba61SRick Macklem #define RPCTLS_FLAGS_CERTUSER 0x20 53ab0c29afSRick Macklem #define RPCTLS_FLAGS_HANDSHFAIL 0x40 54c19cba61SRick Macklem 55c19cba61SRick Macklem /* Error return values for upcall rpcs. */ 56c19cba61SRick Macklem #define RPCTLSERR_OK 0 57c19cba61SRick Macklem #define RPCTLSERR_NOCLOSE 1 58c19cba61SRick Macklem #define RPCTLSERR_NOSSL 2 59c19cba61SRick Macklem #define RPCTLSERR_NOSOCKET 3 60c19cba61SRick Macklem 61c19cba61SRick Macklem #ifdef _KERNEL 62c19cba61SRick Macklem /* Functions that perform upcalls to the rpctlsd daemon. */ 63665b1365SRick Macklem enum clnt_stat rpctls_connect(CLIENT *newclient, char *certname, 64665b1365SRick Macklem struct socket *so, uint64_t *sslp, uint32_t *reterr); 65c19cba61SRick Macklem enum clnt_stat rpctls_cl_handlerecord(uint64_t sec, uint64_t usec, 66c19cba61SRick Macklem uint64_t ssl, uint32_t *reterr); 67c19cba61SRick Macklem enum clnt_stat rpctls_srv_handlerecord(uint64_t sec, uint64_t usec, 68564ed8e8SRick Macklem uint64_t ssl, int procpos, uint32_t *reterr); 69c19cba61SRick Macklem enum clnt_stat rpctls_cl_disconnect(uint64_t sec, uint64_t usec, 70c19cba61SRick Macklem uint64_t ssl, uint32_t *reterr); 71c19cba61SRick Macklem enum clnt_stat rpctls_srv_disconnect(uint64_t sec, uint64_t usec, 72564ed8e8SRick Macklem uint64_t ssl, int procpos, uint32_t *reterr); 73c19cba61SRick Macklem 74c19cba61SRick Macklem /* Initialization function for rpcsec_tls. */ 75c19cba61SRick Macklem int rpctls_init(void); 76c19cba61SRick Macklem 77c19cba61SRick Macklem /* Get TLS information function. */ 78ab0c29afSRick Macklem bool rpctls_getinfo(u_int *maxlen, bool rpctlscd_run, 79ab0c29afSRick Macklem bool rpctlssd_run); 80c19cba61SRick Macklem 81c19cba61SRick Macklem /* String for AUTH_TLS reply verifier. */ 82c19cba61SRick Macklem #define RPCTLS_START_STRING "STARTTLS" 83c19cba61SRick Macklem 84ab0c29afSRick Macklem /* ssl refno value to indicate TLS handshake being done. */ 85ab0c29afSRick Macklem #define RPCTLS_REFNO_HANDSHAKE 0xFFFFFFFFFFFFFFFFULL 86ab0c29afSRick Macklem 876444662aSRick Macklem /* Macros for VIMAGE. */ 88ed03776cSRick Macklem /* Just define the KRPC_VNETxxx() macros as VNETxxx() macros. */ 89*1a878807SRick Macklem #define KRPC_VNET_NAME(n) VNET_NAME(n) 90*1a878807SRick Macklem #define KRPC_VNET_DECLARE(t, n) VNET_DECLARE(t, n) 91ed03776cSRick Macklem #define KRPC_VNET_DEFINE(t, n) VNET_DEFINE(t, n) 92ed03776cSRick Macklem #define KRPC_VNET_DEFINE_STATIC(t, n) VNET_DEFINE_STATIC(t, n) 93ed03776cSRick Macklem #define KRPC_VNET(n) VNET(n) 946444662aSRick Macklem 95*1a878807SRick Macklem #define CTLFLAG_KRPC_VNET CTLFLAG_VNET 96*1a878807SRick Macklem 97ed03776cSRick Macklem #define KRPC_CURVNET_SET(n) CURVNET_SET(n) 98ed03776cSRick Macklem #define KRPC_CURVNET_SET_QUIET(n) CURVNET_SET_QUIET(n) 99ed03776cSRick Macklem #define KRPC_CURVNET_RESTORE() CURVNET_RESTORE() 100ed03776cSRick Macklem #define KRPC_TD_TO_VNET(n) TD_TO_VNET(n) 1016444662aSRick Macklem 102c19cba61SRick Macklem #endif /* _KERNEL */ 103c19cba61SRick Macklem 104c19cba61SRick Macklem #endif /* _RPC_RPCSEC_TLS_H_ */ 105