1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* |
3 | * linux/include/linux/sunrpc/gss_api.h |
4 | * |
5 | * Somewhat simplified version of the gss api. |
6 | * |
7 | * Dug Song <dugsong@monkey.org> |
8 | * Andy Adamson <andros@umich.edu> |
9 | * Bruce Fields <bfields@umich.edu> |
10 | * Copyright (c) 2000 The Regents of the University of Michigan |
11 | */ |
12 | |
13 | #ifndef _LINUX_SUNRPC_GSS_API_H |
14 | #define _LINUX_SUNRPC_GSS_API_H |
15 | |
16 | #include <linux/sunrpc/xdr.h> |
17 | #include <linux/sunrpc/msg_prot.h> |
18 | #include <linux/uio.h> |
19 | |
20 | /* The mechanism-independent gss-api context: */ |
21 | struct gss_ctx { |
22 | struct gss_api_mech *mech_type; |
23 | void *internal_ctx_id; |
24 | unsigned int slack, align; |
25 | }; |
26 | |
27 | #define GSS_C_NO_BUFFER ((struct xdr_netobj) 0) |
28 | #define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0) |
29 | #define GSS_C_QOP_DEFAULT (0) |
30 | |
31 | /*XXX arbitrary length - is this set somewhere? */ |
32 | #define GSS_OID_MAX_LEN 32 |
33 | struct rpcsec_gss_oid { |
34 | unsigned int len; |
35 | u8 data[GSS_OID_MAX_LEN]; |
36 | }; |
37 | |
38 | /* From RFC 3530 */ |
39 | struct rpcsec_gss_info { |
40 | struct rpcsec_gss_oid oid; |
41 | u32 qop; |
42 | u32 service; |
43 | }; |
44 | |
45 | /* gss-api prototypes; note that these are somewhat simplified versions of |
46 | * the prototypes specified in RFC 2744. */ |
47 | int gss_import_sec_context( |
48 | const void* input_token, |
49 | size_t bufsize, |
50 | struct gss_api_mech *mech, |
51 | struct gss_ctx **ctx_id, |
52 | time64_t *endtime, |
53 | gfp_t gfp_mask); |
54 | u32 gss_get_mic( |
55 | struct gss_ctx *ctx_id, |
56 | struct xdr_buf *message, |
57 | struct xdr_netobj *mic_token); |
58 | u32 gss_verify_mic( |
59 | struct gss_ctx *ctx_id, |
60 | struct xdr_buf *message, |
61 | struct xdr_netobj *mic_token); |
62 | u32 gss_wrap( |
63 | struct gss_ctx *ctx_id, |
64 | int offset, |
65 | struct xdr_buf *outbuf, |
66 | struct page **inpages); |
67 | u32 gss_unwrap( |
68 | struct gss_ctx *ctx_id, |
69 | int offset, |
70 | int len, |
71 | struct xdr_buf *inbuf); |
72 | u32 gss_delete_sec_context( |
73 | struct gss_ctx **ctx_id); |
74 | |
75 | rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop, |
76 | u32 service); |
77 | u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor); |
78 | bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor); |
79 | char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service); |
80 | |
81 | struct pf_desc { |
82 | u32 pseudoflavor; |
83 | u32 qop; |
84 | u32 service; |
85 | char *name; |
86 | char *auth_domain_name; |
87 | struct auth_domain *domain; |
88 | bool datatouch; |
89 | }; |
90 | |
91 | /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and |
92 | * mechanisms may be dynamically registered or unregistered by modules. */ |
93 | |
94 | /* Each mechanism is described by the following struct: */ |
95 | struct gss_api_mech { |
96 | struct list_head gm_list; |
97 | struct module *gm_owner; |
98 | struct rpcsec_gss_oid gm_oid; |
99 | char *gm_name; |
100 | const struct gss_api_ops *gm_ops; |
101 | /* pseudoflavors supported by this mechanism: */ |
102 | int gm_pf_num; |
103 | struct pf_desc * gm_pfs; |
104 | /* Should the following be a callback operation instead? */ |
105 | const char *gm_upcall_enctypes; |
106 | }; |
107 | |
108 | /* and must provide the following operations: */ |
109 | struct gss_api_ops { |
110 | int (*gss_import_sec_context)( |
111 | const void *input_token, |
112 | size_t bufsize, |
113 | struct gss_ctx *ctx_id, |
114 | time64_t *endtime, |
115 | gfp_t gfp_mask); |
116 | u32 (*gss_get_mic)( |
117 | struct gss_ctx *ctx_id, |
118 | struct xdr_buf *message, |
119 | struct xdr_netobj *mic_token); |
120 | u32 (*gss_verify_mic)( |
121 | struct gss_ctx *ctx_id, |
122 | struct xdr_buf *message, |
123 | struct xdr_netobj *mic_token); |
124 | u32 (*gss_wrap)( |
125 | struct gss_ctx *ctx_id, |
126 | int offset, |
127 | struct xdr_buf *outbuf, |
128 | struct page **inpages); |
129 | u32 (*gss_unwrap)( |
130 | struct gss_ctx *ctx_id, |
131 | int offset, |
132 | int len, |
133 | struct xdr_buf *buf); |
134 | void (*gss_delete_sec_context)( |
135 | void *internal_ctx_id); |
136 | }; |
137 | |
138 | int gss_mech_register(struct gss_api_mech *); |
139 | void gss_mech_unregister(struct gss_api_mech *); |
140 | |
141 | /* returns a mechanism descriptor given an OID, and increments the mechanism's |
142 | * reference count. */ |
143 | struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *); |
144 | |
145 | /* Given a GSS security tuple, look up a pseudoflavor */ |
146 | rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *); |
147 | |
148 | /* Given a pseudoflavor, look up a GSS security tuple */ |
149 | int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *); |
150 | |
151 | /* Returns a reference to a mechanism, given a name like "krb5" etc. */ |
152 | struct gss_api_mech *gss_mech_get_by_name(const char *); |
153 | |
154 | /* Similar, but get by pseudoflavor. */ |
155 | struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32); |
156 | |
157 | struct gss_api_mech * gss_mech_get(struct gss_api_mech *); |
158 | |
159 | /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a |
160 | * corresponding call to gss_mech_put. */ |
161 | void gss_mech_put(struct gss_api_mech *); |
162 | |
163 | #endif /* _LINUX_SUNRPC_GSS_API_H */ |
164 | |
165 | |