gss_rpc_xdr.h source code [linux/net/sunrpc/auth_gss/gss_rpc_xdr.h]

1	/ SPDX-License-Identifier: GPL-2.0+ /
2	/*
3	* GSS Proxy upcall module
4	*
5	* Copyright (C) 2012 Simo Sorce <simo@redhat.com>
6	*/
7
8	#ifndef _LINUX_GSS_RPC_XDR_H
9	#define _LINUX_GSS_RPC_XDR_H
10
11	#include <linux/sunrpc/xdr.h>
12	#include <linux/sunrpc/clnt.h>
13	#include <linux/sunrpc/xprtsock.h>
14
15	#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
16	# define RPCDBG_FACILITY RPCDBG_AUTH
17	#endif
18
19	#define LUCID_OPTION "exported_context_type"
20	#define LUCID_VALUE "linux_lucid_v1"
21	#define CREDS_OPTION "exported_creds_type"
22	#define CREDS_VALUE "linux_creds_v1"
23
24	typedef struct xdr_netobj gssx_buffer;
25	typedef struct xdr_netobj utf8string;
26	typedef struct xdr_netobj gssx_OID;
27
28	enum gssx_cred_usage {
29	GSSX_C_INITIATE = `1`,
30	GSSX_C_ACCEPT = `2`,
31	GSSX_C_BOTH = `3`,
32	};
33
34	struct gssx_option {
35	gssx_buffer option;
36	gssx_buffer value;
37	};
38
39	struct gssx_option_array {
40	u32 count;
41	struct gssx_option *data;
42	};
43
44	struct gssx_status {
45	u64 major_status;
46	gssx_OID mech;
47	u64 minor_status;
48	utf8string major_status_string;
49	utf8string minor_status_string;
50	gssx_buffer server_ctx;
51	struct gssx_option_array options;
52	};
53
54	struct gssx_call_ctx {
55	utf8string locale;
56	gssx_buffer server_ctx;
57	struct gssx_option_array options;
58	};
59
60	struct gssx_name_attr {
61	gssx_buffer attr;
62	gssx_buffer value;
63	struct gssx_option_array extensions;
64	};
65
66	struct gssx_name_attr_array {
67	u32 count;
68	struct gssx_name_attr *data;
69	};
70
71	struct gssx_name {
72	gssx_buffer display_name;
73	};
74	typedef struct gssx_name gssx_name;
75
76	struct gssx_cred_element {
77	gssx_name MN;
78	gssx_OID mech;
79	u32 cred_usage;
80	u64 initiator_time_rec;
81	u64 acceptor_time_rec;
82	struct gssx_option_array options;
83	};
84
85	struct gssx_cred_element_array {
86	u32 count;
87	struct gssx_cred_element *data;
88	};
89
90	struct gssx_cred {
91	gssx_name desired_name;
92	struct gssx_cred_element_array elements;
93	gssx_buffer cred_handle_reference;
94	u32 needs_release;
95	};
96
97	struct gssx_ctx {
98	gssx_buffer exported_context_token;
99	gssx_buffer state;
100	u32 need_release;
101	gssx_OID mech;
102	gssx_name src_name;
103	gssx_name targ_name;
104	u64 lifetime;
105	u64 ctx_flags;
106	u32 locally_initiated;
107	u32 open;
108	struct gssx_option_array options;
109	};
110
111	struct gssx_cb {
112	u64 initiator_addrtype;
113	gssx_buffer initiator_address;
114	u64 acceptor_addrtype;
115	gssx_buffer acceptor_address;
116	gssx_buffer application_data;
117	};
118
119
120	/ This structure is not defined in the protocol.*
121	* It is used in the kernel to carry around a big buffer
122	* as a set of pages */
123	struct gssp_in_token {
124	struct page *pages; /* Array of contiguous pages /
125	unsigned int page_base; / Start of page data /
126	unsigned int page_len; / Length of page data /
127	};
128
129	struct gssx_arg_accept_sec_context {
130	struct gssx_call_ctx call_ctx;
131	struct gssx_ctx *context_handle;
132	struct gssx_cred *cred_handle;
133	struct gssp_in_token input_token;
134	struct gssx_cb *input_cb;
135	u32 ret_deleg_cred;
136	struct gssx_option_array options;
137	struct page **pages;
138	unsigned int npages;
139	};
140
141	struct gssx_res_accept_sec_context {
142	struct gssx_status status;
143	struct gssx_ctx *context_handle;
144	gssx_buffer *output_token;
145	/ struct gssx_cred delegated_cred_handle; not used in kernel /*
146	struct gssx_option_array options;
147	};
148
149
150
151	#define gssx_enc_indicate_mechs NULL
152	#define gssx_dec_indicate_mechs NULL
153	#define gssx_enc_get_call_context NULL
154	#define gssx_dec_get_call_context NULL
155	#define gssx_enc_import_and_canon_name NULL
156	#define gssx_dec_import_and_canon_name NULL
157	#define gssx_enc_export_cred NULL
158	#define gssx_dec_export_cred NULL
159	#define gssx_enc_import_cred NULL
160	#define gssx_dec_import_cred NULL
161	#define gssx_enc_acquire_cred NULL
162	#define gssx_dec_acquire_cred NULL
163	#define gssx_enc_store_cred NULL
164	#define gssx_dec_store_cred NULL
165	#define gssx_enc_init_sec_context NULL
166	#define gssx_dec_init_sec_context NULL
167	void gssx_enc_accept_sec_context(struct rpc_rqst *req,
168	struct xdr_stream *xdr,
169	const void *data);
170	int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
171	struct xdr_stream *xdr,
172	void *data);
173	#define gssx_enc_release_handle NULL
174	#define gssx_dec_release_handle NULL
175	#define gssx_enc_get_mic NULL
176	#define gssx_dec_get_mic NULL
177	#define gssx_enc_verify NULL
178	#define gssx_dec_verify NULL
179	#define gssx_enc_wrap NULL
180	#define gssx_dec_wrap NULL
181	#define gssx_enc_unwrap NULL
182	#define gssx_dec_unwrap NULL
183	#define gssx_enc_wrap_size_limit NULL
184	#define gssx_dec_wrap_size_limit NULL
185
186	/ non implemented calls are set to 0 size /
187	#define GSSX_ARG_indicate_mechs_sz 0
188	#define GSSX_RES_indicate_mechs_sz 0
189	#define GSSX_ARG_get_call_context_sz 0
190	#define GSSX_RES_get_call_context_sz 0
191	#define GSSX_ARG_import_and_canon_name_sz 0
192	#define GSSX_RES_import_and_canon_name_sz 0
193	#define GSSX_ARG_export_cred_sz 0
194	#define GSSX_RES_export_cred_sz 0
195	#define GSSX_ARG_import_cred_sz 0
196	#define GSSX_RES_import_cred_sz 0
197	#define GSSX_ARG_acquire_cred_sz 0
198	#define GSSX_RES_acquire_cred_sz 0
199	#define GSSX_ARG_store_cred_sz 0
200	#define GSSX_RES_store_cred_sz 0
201	#define GSSX_ARG_init_sec_context_sz 0
202	#define GSSX_RES_init_sec_context_sz 0
203
204	#define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \
205	8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \
206	8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE))
207	#define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 64 + 64 + 8 + 8 + \
208	4 + 4 + 4)
209	#define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */
210	#define GSSX_default_in_token_sz 4 /* does not include token data */
211	#define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */
212	#define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \
213	GSSX_default_in_ctx_hndl_sz + \
214	GSSX_default_in_cred_sz + \
215	GSSX_default_in_token_sz + \
216	GSSX_default_in_cb_sz + \
217	4 /* no deleg creds boolean */ + \
218	4) /* empty options */
219
220	/ somewhat arbitrary numbers but large enough (we ignore some of the data*
221	* sent down, but it is part of the protocol so we need enough space to take
222	* it in) */
223	#define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4
224	#define GSSX_max_output_handle_sz 128
225	#define GSSX_max_oid_sz 16
226	#define GSSX_max_princ_sz 256
227	#define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \
228	16 + 4 + GSSX_max_oid_sz + \
229	2 * GSSX_max_princ_sz + \
230	8 + 8 + 4 + 4 + 4)
231	#define GSSX_max_output_token_sz 1024
232	/ grouplist not included; we allocate separate pages for that: /
233	#define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX4 /)
234	#define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \
235	GSSX_default_ctx_sz + \
236	GSSX_max_output_token_sz + \
237	4 + GSSX_max_creds_sz)
238
239	#define GSSX_ARG_release_handle_sz 0
240	#define GSSX_RES_release_handle_sz 0
241	#define GSSX_ARG_get_mic_sz 0
242	#define GSSX_RES_get_mic_sz 0
243	#define GSSX_ARG_verify_sz 0
244	#define GSSX_RES_verify_sz 0
245	#define GSSX_ARG_wrap_sz 0
246	#define GSSX_RES_wrap_sz 0
247	#define GSSX_ARG_unwrap_sz 0
248	#define GSSX_RES_unwrap_sz 0
249	#define GSSX_ARG_wrap_size_limit_sz 0
250	#define GSSX_RES_wrap_size_limit_sz 0
251
252	#endif /* _LINUX_GSS_RPC_XDR_H */
253

source code of linux/net/sunrpc/auth_gss/gss_rpc_xdr.h