/*
 * Copyright (c) 2006 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * 3. Neither the name of KTH nor the names of its contributors may be
 *    used to endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * $Id$
 */

/* missing from tests:
 * - export context
 * - import context
 */

/*
 * wire encodings:
 *   int16: number, 2 bytes, in network order
 *   int32: number, 4 bytes, in network order
 *   length-encoded: [int32 length, data of length bytes]
 *   string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]
 */

enum gssMaggotErrorCodes {
    GSMERR_OK		= 0,
    GSMERR_ERROR,
    GSMERR_CONTINUE_NEEDED,
    GSMERR_INVALID_TOKEN,
    GSMERR_AP_MODIFIED,
    GSMERR_TEST_ISSUE,
    GSMERR_NOT_SUPPORTED
};

/*
 * input:
 *   int32: message OP (enum gssMaggotProtocol)
 *   ...
 *
 * return:   -- on error
 *    int32: not support (GSMERR_NOT_SUPPORTED)
 *
 * return:   -- on existing message OP
 *    int32: support (GSMERR_OK) -- only sent for extensions
 *    ...
 */

#define GSSMAGGOTPROTOCOL 14

enum gssMaggotOp {
    eGetVersionInfo	= 0,
    /*
     * input:
     *   none
     * return:
     *   int32: last version handled
     */
    eGoodBye,
    /*
     * input:
     *   none
     * return:
     *   close socket
     */
    eInitContext,
    /*
     * input:
     *   int32: hContext
     *   int32: hCred
     *   int32: Flags
     *      the lowest 0x7f flags maps directly to GSS-API flags
     *      DELEGATE		0x001
     *      MUTUAL_AUTH		0x002
     *      REPLAY_DETECT	0x004
     *      SEQUENCE_DETECT	0x008
     *      CONFIDENTIALITY	0x010
     *      INTEGRITY		0x020
     *      ANONYMOUS		0x040
     *
     *      FIRST_CALL		0x080
     *
     *      NTLM		0x100
     *      SPNEGO		0x200
     *   length-encoded: targetname
     *   length-encoded: token
     * return:
     *   int32: hNewContextId
     *   int32: gssapi status val
     *   length-encoded: output token
     */
    eAcceptContext,
    /*
     * input:
     *   int32: hContext
     *   int32: Flags		-- unused ?
     *      flags are same as flags for eInitContext
     *   length-encoded: token
     * return:
     *   int32: hNewContextId
     *   int32: gssapi status val
     *   length-encoded: output token
     *   int32: delegation cred id
     */
    eToastResource,
    /*
     * input:
     *   int32: hResource
     * return:
     *   int32: gsm status val
     */
    eAcquireCreds,
    /*
     * input:
     *   string: principal name
     *   string: password
     *   int32: flags
     *      FORWARDABLE		0x001
     *      DEFAULT_CREDS	0x002
     *
     *      NTLM		0x100
     *      SPNEGO		0x200
     * return:
     *   int32: gsm status val
     *   int32: hCred
     */
    eEncrypt,
    /*
     * input:
     *   int32: hContext
     *   int32: flags
     *   int32: seqno		-- unused
     *   length-encode: plaintext
     * return:
     *   int32: gsm status val
     *   length-encode: ciphertext
     */
    eDecrypt,
    /*
     * input:
     *   int32: hContext
     *   int32: flags
     *   int32: seqno		-- unused
     *   length-encode: ciphertext
     * return:
     *   int32: gsm status val
     *   length-encode: plaintext
     */
    eSign,
    /* message same as eEncrypt */
    eVerify,
    /*
     * input:
     *   int32: hContext
     *   int32: flags
     *   int32: seqno		-- unused
     *   length-encode: message
     *   length-encode: signature
     * return:
     *   int32: gsm status val
     */
    eGetVersionAndCapabilities,
    /*
     * return:
     *   int32: protocol version
     *   int32: capability flags */
#define      ISSERVER		0x01
#define      ISKDC		0x02
#define      MS_KERBEROS	0x04
#define      LOGSERVER		0x08
#define      HAS_MONIKER	0x10
    /*   string: version string
     */
    eGetTargetName,
    /*
     * return:
     *   string: target principal name
     */
    eSetLoggingSocket,
    /*
     * input:
     *   int32: hostPort
     * return to the port on the host:
     *   int32: opcode - for example eLogSetMoniker
     */
    eChangePassword,
    /* here ended version 7 of the protocol */
    /*
     * input:
     *   string: principal name
     *   string: old password
     *   string: new password
     * return:
     *   int32: gsm status val
     */
    eSetPasswordSelf,
    /* same as eChangePassword */
    eWrap,
    /* message same as eEncrypt */
    eUnwrap,
    /* message same as eDecrypt */
    eConnectLoggingService2,
    /*
     * return1:
     *   int16: log port number
     *   int32: master log prototocol version (0)
     *
     * wait for master to connect on the master log socket
     *
     * return2:
     *   int32: gsm connection status
     *   int32: maggot log prototocol version (2)
     */
    eGetMoniker,
    /*
     * return:
     *   string: moniker (Nickname the master can refer to maggot)
     */
    eCallExtension,
    /*
     * input:
     *   string: extension name
     *   int32: message id
     * return:
     *   int32: gsm status val
     */
    eAcquirePKInitCreds,
    /*
     * input:
     *   int32: flags
     *   length-encode: certificate (pkcs12 data)
     * return:
     *   int32: hResource
     *   int32: gsm status val (GSMERR_NOT_SUPPORTED)
     */
    /* here ended version 7 of the protocol */
    eWrapExt,
    /*
     * input:
     *   int32: hContext
     *   int32: flags
     *   int32: bflags
     *   length-encode: protocol header
     *   length-encode: plaintext
     *   length-encode: protocol trailer
     * return:
     *   int32: gsm status val
     *   length-encode: ciphertext
     */
    eUnwrapExt,
    /*
     * input:
     *   int32: hContext
     *   int32: flags
     *   int32: bflags
     *   length-encode: protocol header
     *   length-encode: ciphertext
     *   length-encode: protocol trailer
     * return:
     *   int32: gsm status val
     *   length-encode: plaintext
     */
    /* here ended version 8 of the protocol */

    eLastProtocolMessage
};

/* bflags */
#define WRAP_EXP_ONLY_HEADER 1

enum gssMaggotLogOp{
  eLogInfo = 0,
	/*
	string: File
	int32: Line
	string: message
     reply:
  	int32: ackid
	*/
  eLogFailure,
	/*
	string: File
	int32: Line
	string: message
     reply:
  	int32: ackid
	*/
  eLogSetMoniker
	/*
	string: moniker
	*/
};