Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/rpc.tlsservd/rpc.tlscommon.h
| /*- | |||||
| * SPDX-License-Identifier: BSD-2-Clause-FreeBSD | |||||
| * | |||||
| * Copyright (c) 2021 Rick Macklem | |||||
| * | |||||
| * Redistribution and use in source and binary forms, with or without | |||||
| * modification, are permitted provided that the following conditions | |||||
| * are met: | |||||
| * 1. Redistributions of source code must retain the above copyright | |||||
| * notice, this list of conditions and the following disclaimer. | |||||
| * 2. Redistributions in binary form must reproduce the above copyright | |||||
| * notice, this list of conditions and the following disclaimer in the | |||||
| * documentation and/or other materials provided with the distribution. | |||||
| * | |||||
| * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||||
| * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||||
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||||
| * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |||||
| * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||||
| * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||||
| * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
| * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||
| * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||
| * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||
| * SUCH DAMAGE. | |||||
| * | |||||
| * $FreeBSD$ | |||||
| */ | |||||
| /* | |||||
| * Functions in rpc.tlscommon.c used by both rpc.tlsservd.c and rpc.tlsclntd.c. | |||||
| */ | |||||
| int rpctls_gethost(int s, struct sockaddr *sad, | |||||
| char *hostip, size_t hostlen); | |||||
| int rpctls_checkhost(struct sockaddr *sad, X509 *cert, | |||||
| unsigned int wildcard); | |||||
| int rpctls_loadcrlfile(SSL_CTX *ctx); | |||||
| void rpctls_checkcrl(void); | |||||
| void rpctls_verbose_out(const char *fmt, ...); | |||||
| void rpctls_svc_run(void); | |||||
| /* | |||||
| * A linked list of all current "SSL *"s and socket "fd"s | |||||
| * for kernel RPC TLS connections is maintained. | |||||
| * The "refno" field is a unique 64bit value used to | |||||
| * identify which entry a kernel RPC upcall refers to. | |||||
| */ | |||||
| LIST_HEAD(ssl_list, ssl_entry); | |||||
| struct ssl_entry { | |||||
| LIST_ENTRY(ssl_entry) next; | |||||
| uint64_t refno; | |||||
| int s; | |||||
| bool shutoff; | |||||
| SSL *ssl; | |||||
| X509 *cert; | |||||
| }; | |||||
| /* Global variables shared between rpc.tlscommon.c and the daemons. */ | |||||
| extern int rpctls_debug_level; | |||||
| extern bool rpctls_verbose; | |||||
| extern SSL_CTX *rpctls_ctx; | |||||
| extern const char *rpctls_verify_cafile; | |||||
| extern const char *rpctls_verify_capath; | |||||
| extern char *rpctls_crlfile; | |||||
| extern bool rpctls_cert; | |||||
| extern bool rpctls_gothup; | |||||
| extern struct ssl_list rpctls_ssllist; | |||||