1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
2 | /* |
3 | * GSS Proxy upcall module |
4 | * |
5 | * Copyright (C) 2012 Simo Sorce <simo@redhat.com> |
6 | */ |
7 | |
8 | #ifndef _LINUX_GSS_RPC_XDR_H |
9 | #define _LINUX_GSS_RPC_XDR_H |
10 | |
11 | #include <linux/sunrpc/xdr.h> |
12 | #include <linux/sunrpc/clnt.h> |
13 | #include <linux/sunrpc/xprtsock.h> |
14 | |
15 | #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) |
16 | # define RPCDBG_FACILITY RPCDBG_AUTH |
17 | #endif |
18 | |
19 | #define LUCID_OPTION "exported_context_type" |
20 | #define LUCID_VALUE "linux_lucid_v1" |
21 | #define CREDS_OPTION "exported_creds_type" |
22 | #define CREDS_VALUE "linux_creds_v1" |
23 | |
24 | typedef struct xdr_netobj gssx_buffer; |
25 | typedef struct xdr_netobj utf8string; |
26 | typedef struct xdr_netobj gssx_OID; |
27 | |
28 | enum gssx_cred_usage { |
29 | GSSX_C_INITIATE = 1, |
30 | GSSX_C_ACCEPT = 2, |
31 | GSSX_C_BOTH = 3, |
32 | }; |
33 | |
34 | struct gssx_option { |
35 | gssx_buffer option; |
36 | gssx_buffer value; |
37 | }; |
38 | |
39 | struct gssx_option_array { |
40 | u32 count; |
41 | struct gssx_option *data; |
42 | }; |
43 | |
44 | struct gssx_status { |
45 | u64 major_status; |
46 | gssx_OID mech; |
47 | u64 minor_status; |
48 | utf8string major_status_string; |
49 | utf8string minor_status_string; |
50 | gssx_buffer server_ctx; |
51 | struct gssx_option_array options; |
52 | }; |
53 | |
54 | struct gssx_call_ctx { |
55 | utf8string locale; |
56 | gssx_buffer server_ctx; |
57 | struct gssx_option_array options; |
58 | }; |
59 | |
60 | struct gssx_name_attr { |
61 | gssx_buffer attr; |
62 | gssx_buffer value; |
63 | struct gssx_option_array extensions; |
64 | }; |
65 | |
66 | struct gssx_name_attr_array { |
67 | u32 count; |
68 | struct gssx_name_attr *data; |
69 | }; |
70 | |
71 | struct gssx_name { |
72 | gssx_buffer display_name; |
73 | }; |
74 | typedef struct gssx_name gssx_name; |
75 | |
76 | struct gssx_cred_element { |
77 | gssx_name MN; |
78 | gssx_OID mech; |
79 | u32 cred_usage; |
80 | u64 initiator_time_rec; |
81 | u64 acceptor_time_rec; |
82 | struct gssx_option_array options; |
83 | }; |
84 | |
85 | struct gssx_cred_element_array { |
86 | u32 count; |
87 | struct gssx_cred_element *data; |
88 | }; |
89 | |
90 | struct gssx_cred { |
91 | gssx_name desired_name; |
92 | struct gssx_cred_element_array elements; |
93 | gssx_buffer cred_handle_reference; |
94 | u32 needs_release; |
95 | }; |
96 | |
97 | struct gssx_ctx { |
98 | gssx_buffer exported_context_token; |
99 | gssx_buffer state; |
100 | u32 need_release; |
101 | gssx_OID mech; |
102 | gssx_name src_name; |
103 | gssx_name targ_name; |
104 | u64 lifetime; |
105 | u64 ctx_flags; |
106 | u32 locally_initiated; |
107 | u32 open; |
108 | struct gssx_option_array options; |
109 | }; |
110 | |
111 | struct gssx_cb { |
112 | u64 initiator_addrtype; |
113 | gssx_buffer initiator_address; |
114 | u64 acceptor_addrtype; |
115 | gssx_buffer acceptor_address; |
116 | gssx_buffer application_data; |
117 | }; |
118 | |
119 | |
120 | /* This structure is not defined in the protocol. |
121 | * It is used in the kernel to carry around a big buffer |
122 | * as a set of pages */ |
123 | struct gssp_in_token { |
124 | struct page **pages; /* Array of contiguous pages */ |
125 | unsigned int page_base; /* Start of page data */ |
126 | unsigned int page_len; /* Length of page data */ |
127 | }; |
128 | |
129 | struct gssx_arg_accept_sec_context { |
130 | struct gssx_call_ctx call_ctx; |
131 | struct gssx_ctx *context_handle; |
132 | struct gssx_cred *cred_handle; |
133 | struct gssp_in_token input_token; |
134 | struct gssx_cb *input_cb; |
135 | u32 ret_deleg_cred; |
136 | struct gssx_option_array options; |
137 | struct page **pages; |
138 | unsigned int npages; |
139 | }; |
140 | |
141 | struct gssx_res_accept_sec_context { |
142 | struct gssx_status status; |
143 | struct gssx_ctx *context_handle; |
144 | gssx_buffer *output_token; |
145 | /* struct gssx_cred *delegated_cred_handle; not used in kernel */ |
146 | struct gssx_option_array options; |
147 | }; |
148 | |
149 | |
150 | |
151 | #define gssx_enc_indicate_mechs NULL |
152 | #define gssx_dec_indicate_mechs NULL |
153 | #define gssx_enc_get_call_context NULL |
154 | #define gssx_dec_get_call_context NULL |
155 | #define gssx_enc_import_and_canon_name NULL |
156 | #define gssx_dec_import_and_canon_name NULL |
157 | #define gssx_enc_export_cred NULL |
158 | #define gssx_dec_export_cred NULL |
159 | #define gssx_enc_import_cred NULL |
160 | #define gssx_dec_import_cred NULL |
161 | #define gssx_enc_acquire_cred NULL |
162 | #define gssx_dec_acquire_cred NULL |
163 | #define gssx_enc_store_cred NULL |
164 | #define gssx_dec_store_cred NULL |
165 | #define gssx_enc_init_sec_context NULL |
166 | #define gssx_dec_init_sec_context NULL |
167 | void gssx_enc_accept_sec_context(struct rpc_rqst *req, |
168 | struct xdr_stream *xdr, |
169 | const void *data); |
170 | int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, |
171 | struct xdr_stream *xdr, |
172 | void *data); |
173 | #define gssx_enc_release_handle NULL |
174 | #define gssx_dec_release_handle NULL |
175 | #define gssx_enc_get_mic NULL |
176 | #define gssx_dec_get_mic NULL |
177 | #define gssx_enc_verify NULL |
178 | #define gssx_dec_verify NULL |
179 | #define gssx_enc_wrap NULL |
180 | #define gssx_dec_wrap NULL |
181 | #define gssx_enc_unwrap NULL |
182 | #define gssx_dec_unwrap NULL |
183 | #define gssx_enc_wrap_size_limit NULL |
184 | #define gssx_dec_wrap_size_limit NULL |
185 | |
186 | /* non implemented calls are set to 0 size */ |
187 | #define GSSX_ARG_indicate_mechs_sz 0 |
188 | #define GSSX_RES_indicate_mechs_sz 0 |
189 | #define GSSX_ARG_get_call_context_sz 0 |
190 | #define GSSX_RES_get_call_context_sz 0 |
191 | #define GSSX_ARG_import_and_canon_name_sz 0 |
192 | #define GSSX_RES_import_and_canon_name_sz 0 |
193 | #define GSSX_ARG_export_cred_sz 0 |
194 | #define GSSX_RES_export_cred_sz 0 |
195 | #define GSSX_ARG_import_cred_sz 0 |
196 | #define GSSX_RES_import_cred_sz 0 |
197 | #define GSSX_ARG_acquire_cred_sz 0 |
198 | #define GSSX_RES_acquire_cred_sz 0 |
199 | #define GSSX_ARG_store_cred_sz 0 |
200 | #define GSSX_RES_store_cred_sz 0 |
201 | #define GSSX_ARG_init_sec_context_sz 0 |
202 | #define GSSX_RES_init_sec_context_sz 0 |
203 | |
204 | #define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \ |
205 | 8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \ |
206 | 8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE)) |
207 | #define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \ |
208 | 4 + 4 + 4) |
209 | #define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */ |
210 | #define GSSX_default_in_token_sz 4 /* does *not* include token data */ |
211 | #define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */ |
212 | #define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \ |
213 | GSSX_default_in_ctx_hndl_sz + \ |
214 | GSSX_default_in_cred_sz + \ |
215 | GSSX_default_in_token_sz + \ |
216 | GSSX_default_in_cb_sz + \ |
217 | 4 /* no deleg creds boolean */ + \ |
218 | 4) /* empty options */ |
219 | |
220 | /* somewhat arbitrary numbers but large enough (we ignore some of the data |
221 | * sent down, but it is part of the protocol so we need enough space to take |
222 | * it in) */ |
223 | #define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4 |
224 | #define GSSX_max_output_handle_sz 128 |
225 | #define GSSX_max_oid_sz 16 |
226 | #define GSSX_max_princ_sz 256 |
227 | #define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \ |
228 | 16 + 4 + GSSX_max_oid_sz + \ |
229 | 2 * GSSX_max_princ_sz + \ |
230 | 8 + 8 + 4 + 4 + 4) |
231 | #define GSSX_max_output_token_sz 1024 |
232 | /* grouplist not included; we allocate separate pages for that: */ |
233 | #define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */) |
234 | #define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \ |
235 | GSSX_default_ctx_sz + \ |
236 | GSSX_max_output_token_sz + \ |
237 | 4 + GSSX_max_creds_sz) |
238 | |
239 | #define GSSX_ARG_release_handle_sz 0 |
240 | #define GSSX_RES_release_handle_sz 0 |
241 | #define GSSX_ARG_get_mic_sz 0 |
242 | #define GSSX_RES_get_mic_sz 0 |
243 | #define GSSX_ARG_verify_sz 0 |
244 | #define GSSX_RES_verify_sz 0 |
245 | #define GSSX_ARG_wrap_sz 0 |
246 | #define GSSX_RES_wrap_sz 0 |
247 | #define GSSX_ARG_unwrap_sz 0 |
248 | #define GSSX_RES_unwrap_sz 0 |
249 | #define GSSX_ARG_wrap_size_limit_sz 0 |
250 | #define GSSX_RES_wrap_size_limit_sz 0 |
251 | |
252 | #endif /* _LINUX_GSS_RPC_XDR_H */ |
253 | |