1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * linux/include/linux/sunrpc/gss_api.h
4 *
5 * Somewhat simplified version of the gss api.
6 *
7 * Dug Song <dugsong@monkey.org>
8 * Andy Adamson <andros@umich.edu>
9 * Bruce Fields <bfields@umich.edu>
10 * Copyright (c) 2000 The Regents of the University of Michigan
11 */
12
13#ifndef _LINUX_SUNRPC_GSS_API_H
14#define _LINUX_SUNRPC_GSS_API_H
15
16#include <linux/sunrpc/xdr.h>
17#include <linux/sunrpc/msg_prot.h>
18#include <linux/uio.h>
19
20/* The mechanism-independent gss-api context: */
21struct gss_ctx {
22 struct gss_api_mech *mech_type;
23 void *internal_ctx_id;
24 unsigned int slack, align;
25};
26
27#define GSS_C_NO_BUFFER ((struct xdr_netobj) 0)
28#define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0)
29#define GSS_C_QOP_DEFAULT (0)
30
31/*XXX arbitrary length - is this set somewhere? */
32#define GSS_OID_MAX_LEN 32
33struct rpcsec_gss_oid {
34 unsigned int len;
35 u8 data[GSS_OID_MAX_LEN];
36};
37
38/* From RFC 3530 */
39struct rpcsec_gss_info {
40 struct rpcsec_gss_oid oid;
41 u32 qop;
42 u32 service;
43};
44
45/* gss-api prototypes; note that these are somewhat simplified versions of
46 * the prototypes specified in RFC 2744. */
47int gss_import_sec_context(
48 const void* input_token,
49 size_t bufsize,
50 struct gss_api_mech *mech,
51 struct gss_ctx **ctx_id,
52 time64_t *endtime,
53 gfp_t gfp_mask);
54u32 gss_get_mic(
55 struct gss_ctx *ctx_id,
56 struct xdr_buf *message,
57 struct xdr_netobj *mic_token);
58u32 gss_verify_mic(
59 struct gss_ctx *ctx_id,
60 struct xdr_buf *message,
61 struct xdr_netobj *mic_token);
62u32 gss_wrap(
63 struct gss_ctx *ctx_id,
64 int offset,
65 struct xdr_buf *outbuf,
66 struct page **inpages);
67u32 gss_unwrap(
68 struct gss_ctx *ctx_id,
69 int offset,
70 int len,
71 struct xdr_buf *inbuf);
72u32 gss_delete_sec_context(
73 struct gss_ctx **ctx_id);
74
75rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
76 u32 service);
77u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
78bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor);
79char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
80
81struct pf_desc {
82 u32 pseudoflavor;
83 u32 qop;
84 u32 service;
85 char *name;
86 char *auth_domain_name;
87 struct auth_domain *domain;
88 bool datatouch;
89};
90
91/* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
92 * mechanisms may be dynamically registered or unregistered by modules. */
93
94/* Each mechanism is described by the following struct: */
95struct gss_api_mech {
96 struct list_head gm_list;
97 struct module *gm_owner;
98 struct rpcsec_gss_oid gm_oid;
99 char *gm_name;
100 const struct gss_api_ops *gm_ops;
101 /* pseudoflavors supported by this mechanism: */
102 int gm_pf_num;
103 struct pf_desc * gm_pfs;
104 /* Should the following be a callback operation instead? */
105 const char *gm_upcall_enctypes;
106};
107
108/* and must provide the following operations: */
109struct gss_api_ops {
110 int (*gss_import_sec_context)(
111 const void *input_token,
112 size_t bufsize,
113 struct gss_ctx *ctx_id,
114 time64_t *endtime,
115 gfp_t gfp_mask);
116 u32 (*gss_get_mic)(
117 struct gss_ctx *ctx_id,
118 struct xdr_buf *message,
119 struct xdr_netobj *mic_token);
120 u32 (*gss_verify_mic)(
121 struct gss_ctx *ctx_id,
122 struct xdr_buf *message,
123 struct xdr_netobj *mic_token);
124 u32 (*gss_wrap)(
125 struct gss_ctx *ctx_id,
126 int offset,
127 struct xdr_buf *outbuf,
128 struct page **inpages);
129 u32 (*gss_unwrap)(
130 struct gss_ctx *ctx_id,
131 int offset,
132 int len,
133 struct xdr_buf *buf);
134 void (*gss_delete_sec_context)(
135 void *internal_ctx_id);
136};
137
138int gss_mech_register(struct gss_api_mech *);
139void gss_mech_unregister(struct gss_api_mech *);
140
141/* returns a mechanism descriptor given an OID, and increments the mechanism's
142 * reference count. */
143struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *);
144
145/* Given a GSS security tuple, look up a pseudoflavor */
146rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
147
148/* Given a pseudoflavor, look up a GSS security tuple */
149int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
150
151/* Returns a reference to a mechanism, given a name like "krb5" etc. */
152struct gss_api_mech *gss_mech_get_by_name(const char *);
153
154/* Similar, but get by pseudoflavor. */
155struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
156
157struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
158
159/* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
160 * corresponding call to gss_mech_put. */
161void gss_mech_put(struct gss_api_mech *);
162
163#endif /* _LINUX_SUNRPC_GSS_API_H */
164
165

source code of linux/include/linux/sunrpc/gss_api.h