1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * linux/include/linux/sunrpc/gss_api.h
4 *
5 * Somewhat simplified version of the gss api.
6 *
7 * Dug Song <dugsong@monkey.org>
8 * Andy Adamson <andros@umich.edu>
9 * Bruce Fields <bfields@umich.edu>
10 * Copyright (c) 2000 The Regents of the University of Michigan
11 */
12
13 #ifndef _LINUX_SUNRPC_GSS_API_H
14 #define _LINUX_SUNRPC_GSS_API_H
15
16 #ifdef __KERNEL__
17 #include <linux/sunrpc/xdr.h>
18 #include <linux/sunrpc/msg_prot.h>
19 #include <linux/uio.h>
20
21 /* The mechanism-independent gss-api context: */
22 struct gss_ctx {
23 struct gss_api_mech *mech_type;
24 void *internal_ctx_id;
25 unsigned int slack, align;
26 };
27
28 #define GSS_C_NO_BUFFER ((struct xdr_netobj) 0)
29 #define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0)
30 #define GSS_C_QOP_DEFAULT (0)
31
32 /*XXX arbitrary length - is this set somewhere? */
33 #define GSS_OID_MAX_LEN 32
34 struct rpcsec_gss_oid {
35 unsigned int len;
36 u8 data[GSS_OID_MAX_LEN];
37 };
38
39 /* From RFC 3530 */
40 struct rpcsec_gss_info {
41 struct rpcsec_gss_oid oid;
42 u32 qop;
43 u32 service;
44 };
45
46 /* gss-api prototypes; note that these are somewhat simplified versions of
47 * the prototypes specified in RFC 2744. */
48 int gss_import_sec_context(
49 const void* input_token,
50 size_t bufsize,
51 struct gss_api_mech *mech,
52 struct gss_ctx **ctx_id,
53 time_t *endtime,
54 gfp_t gfp_mask);
55 u32 gss_get_mic(
56 struct gss_ctx *ctx_id,
57 struct xdr_buf *message,
58 struct xdr_netobj *mic_token);
59 u32 gss_verify_mic(
60 struct gss_ctx *ctx_id,
61 struct xdr_buf *message,
62 struct xdr_netobj *mic_token);
63 u32 gss_wrap(
64 struct gss_ctx *ctx_id,
65 int offset,
66 struct xdr_buf *outbuf,
67 struct page **inpages);
68 u32 gss_unwrap(
69 struct gss_ctx *ctx_id,
70 int offset,
71 int len,
72 struct xdr_buf *inbuf);
73 u32 gss_delete_sec_context(
74 struct gss_ctx **ctx_id);
75
76 rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
77 u32 service);
78 u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
79 bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor);
80 char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
81
82 struct pf_desc {
83 u32 pseudoflavor;
84 u32 qop;
85 u32 service;
86 char *name;
87 char *auth_domain_name;
88 bool datatouch;
89 };
90
91 /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
92 * mechanisms may be dynamically registered or unregistered by modules. */
93
94 /* Each mechanism is described by the following struct: */
95 struct gss_api_mech {
96 struct list_head gm_list;
97 struct module *gm_owner;
98 struct rpcsec_gss_oid gm_oid;
99 char *gm_name;
100 const struct gss_api_ops *gm_ops;
101 /* pseudoflavors supported by this mechanism: */
102 int gm_pf_num;
103 struct pf_desc * gm_pfs;
104 /* Should the following be a callback operation instead? */
105 const char *gm_upcall_enctypes;
106 };
107
108 /* and must provide the following operations: */
109 struct gss_api_ops {
110 int (*gss_import_sec_context)(
111 const void *input_token,
112 size_t bufsize,
113 struct gss_ctx *ctx_id,
114 time_t *endtime,
115 gfp_t gfp_mask);
116 u32 (*gss_get_mic)(
117 struct gss_ctx *ctx_id,
118 struct xdr_buf *message,
119 struct xdr_netobj *mic_token);
120 u32 (*gss_verify_mic)(
121 struct gss_ctx *ctx_id,
122 struct xdr_buf *message,
123 struct xdr_netobj *mic_token);
124 u32 (*gss_wrap)(
125 struct gss_ctx *ctx_id,
126 int offset,
127 struct xdr_buf *outbuf,
128 struct page **inpages);
129 u32 (*gss_unwrap)(
130 struct gss_ctx *ctx_id,
131 int offset,
132 int len,
133 struct xdr_buf *buf);
134 void (*gss_delete_sec_context)(
135 void *internal_ctx_id);
136 };
137
138 int gss_mech_register(struct gss_api_mech *);
139 void gss_mech_unregister(struct gss_api_mech *);
140
141 /* returns a mechanism descriptor given an OID, and increments the mechanism's
142 * reference count. */
143 struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *);
144
145 /* Given a GSS security tuple, look up a pseudoflavor */
146 rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
147
148 /* Given a pseudoflavor, look up a GSS security tuple */
149 int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
150
151 /* Returns a reference to a mechanism, given a name like "krb5" etc. */
152 struct gss_api_mech *gss_mech_get_by_name(const char *);
153
154 /* Similar, but get by pseudoflavor. */
155 struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
156
157 /* Fill in an array with a list of supported pseudoflavors */
158 int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int);
159
160 struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
161
162 /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
163 * corresponding call to gss_mech_put. */
164 void gss_mech_put(struct gss_api_mech *);
165
166 #endif /* __KERNEL__ */
167 #endif /* _LINUX_SUNRPC_GSS_API_H */
168