root/include/linux/sunrpc/gss_api.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM


   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 /*
   3  * linux/include/linux/sunrpc/gss_api.h
   4  *
   5  * Somewhat simplified version of the gss api.
   6  *
   7  * Dug Song <dugsong@monkey.org>
   8  * Andy Adamson <andros@umich.edu>
   9  * Bruce Fields <bfields@umich.edu>
  10  * Copyright (c) 2000 The Regents of the University of Michigan
  11  */
  12 
  13 #ifndef _LINUX_SUNRPC_GSS_API_H
  14 #define _LINUX_SUNRPC_GSS_API_H
  15 
  16 #ifdef __KERNEL__
  17 #include <linux/sunrpc/xdr.h>
  18 #include <linux/sunrpc/msg_prot.h>
  19 #include <linux/uio.h>
  20 
  21 /* The mechanism-independent gss-api context: */
  22 struct gss_ctx {
  23         struct gss_api_mech     *mech_type;
  24         void                    *internal_ctx_id;
  25         unsigned int            slack, align;
  26 };
  27 
  28 #define GSS_C_NO_BUFFER         ((struct xdr_netobj) 0)
  29 #define GSS_C_NO_CONTEXT        ((struct gss_ctx *) 0)
  30 #define GSS_C_QOP_DEFAULT       (0)
  31 
  32 /*XXX  arbitrary length - is this set somewhere? */
  33 #define GSS_OID_MAX_LEN 32
  34 struct rpcsec_gss_oid {
  35         unsigned int    len;
  36         u8              data[GSS_OID_MAX_LEN];
  37 };
  38 
  39 /* From RFC 3530 */
  40 struct rpcsec_gss_info {
  41         struct rpcsec_gss_oid   oid;
  42         u32                     qop;
  43         u32                     service;
  44 };
  45 
  46 /* gss-api prototypes; note that these are somewhat simplified versions of
  47  * the prototypes specified in RFC 2744. */
  48 int gss_import_sec_context(
  49                 const void*             input_token,
  50                 size_t                  bufsize,
  51                 struct gss_api_mech     *mech,
  52                 struct gss_ctx          **ctx_id,
  53                 time_t                  *endtime,
  54                 gfp_t                   gfp_mask);
  55 u32 gss_get_mic(
  56                 struct gss_ctx          *ctx_id,
  57                 struct xdr_buf          *message,
  58                 struct xdr_netobj       *mic_token);
  59 u32 gss_verify_mic(
  60                 struct gss_ctx          *ctx_id,
  61                 struct xdr_buf          *message,
  62                 struct xdr_netobj       *mic_token);
  63 u32 gss_wrap(
  64                 struct gss_ctx          *ctx_id,
  65                 int                     offset,
  66                 struct xdr_buf          *outbuf,
  67                 struct page             **inpages);
  68 u32 gss_unwrap(
  69                 struct gss_ctx          *ctx_id,
  70                 int                     offset,
  71                 int                     len,
  72                 struct xdr_buf          *inbuf);
  73 u32 gss_delete_sec_context(
  74                 struct gss_ctx          **ctx_id);
  75 
  76 rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
  77                                         u32 service);
  78 u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
  79 bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor);
  80 char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
  81 
  82 struct pf_desc {
  83         u32     pseudoflavor;
  84         u32     qop;
  85         u32     service;
  86         char    *name;
  87         char    *auth_domain_name;
  88         bool    datatouch;
  89 };
  90 
  91 /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
  92  * mechanisms may be dynamically registered or unregistered by modules. */
  93 
  94 /* Each mechanism is described by the following struct: */
  95 struct gss_api_mech {
  96         struct list_head        gm_list;
  97         struct module           *gm_owner;
  98         struct rpcsec_gss_oid   gm_oid;
  99         char                    *gm_name;
 100         const struct gss_api_ops *gm_ops;
 101         /* pseudoflavors supported by this mechanism: */
 102         int                     gm_pf_num;
 103         struct pf_desc *        gm_pfs;
 104         /* Should the following be a callback operation instead? */
 105         const char              *gm_upcall_enctypes;
 106 };
 107 
 108 /* and must provide the following operations: */
 109 struct gss_api_ops {
 110         int (*gss_import_sec_context)(
 111                         const void              *input_token,
 112                         size_t                  bufsize,
 113                         struct gss_ctx          *ctx_id,
 114                         time_t                  *endtime,
 115                         gfp_t                   gfp_mask);
 116         u32 (*gss_get_mic)(
 117                         struct gss_ctx          *ctx_id,
 118                         struct xdr_buf          *message,
 119                         struct xdr_netobj       *mic_token);
 120         u32 (*gss_verify_mic)(
 121                         struct gss_ctx          *ctx_id,
 122                         struct xdr_buf          *message,
 123                         struct xdr_netobj       *mic_token);
 124         u32 (*gss_wrap)(
 125                         struct gss_ctx          *ctx_id,
 126                         int                     offset,
 127                         struct xdr_buf          *outbuf,
 128                         struct page             **inpages);
 129         u32 (*gss_unwrap)(
 130                         struct gss_ctx          *ctx_id,
 131                         int                     offset,
 132                         int                     len,
 133                         struct xdr_buf          *buf);
 134         void (*gss_delete_sec_context)(
 135                         void                    *internal_ctx_id);
 136 };
 137 
 138 int gss_mech_register(struct gss_api_mech *);
 139 void gss_mech_unregister(struct gss_api_mech *);
 140 
 141 /* returns a mechanism descriptor given an OID, and increments the mechanism's
 142  * reference count. */
 143 struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *);
 144 
 145 /* Given a GSS security tuple, look up a pseudoflavor */
 146 rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
 147 
 148 /* Given a pseudoflavor, look up a GSS security tuple */
 149 int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
 150 
 151 /* Returns a reference to a mechanism, given a name like "krb5" etc. */
 152 struct gss_api_mech *gss_mech_get_by_name(const char *);
 153 
 154 /* Similar, but get by pseudoflavor. */
 155 struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
 156 
 157 /* Fill in an array with a list of supported pseudoflavors */
 158 int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int);
 159 
 160 struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
 161 
 162 /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
 163  * corresponding call to gss_mech_put. */
 164 void gss_mech_put(struct gss_api_mech *);
 165 
 166 #endif /* __KERNEL__ */
 167 #endif /* _LINUX_SUNRPC_GSS_API_H */
 168 

/* [<][>][^][v][top][bottom][index][help] */