net/sunrpc/auth_gss/gss_rpc

/* [<][>][^][v][top][bottom][index][help] */
   1 /* SPDX-License-Identifier: GPL-2.0+ */
   2 /*
   3  * GSS Proxy upcall module
   4  *
   5  *  Copyright (C) 2012 Simo Sorce <simo@redhat.com>
   6  */
   7 
   8 #ifndef _LINUX_GSS_RPC_XDR_H
   9 #define _LINUX_GSS_RPC_XDR_H
  10 
  11 #include <linux/sunrpc/xdr.h>
  12 #include <linux/sunrpc/clnt.h>
  13 #include <linux/sunrpc/xprtsock.h>
  14 
  15 #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
  16 # define RPCDBG_FACILITY        RPCDBG_AUTH
  17 #endif
  18 
  19 #define LUCID_OPTION "exported_context_type"
  20 #define LUCID_VALUE  "linux_lucid_v1"
  21 #define CREDS_OPTION "exported_creds_type"
  22 #define CREDS_VALUE  "linux_creds_v1"
  23 
  24 typedef struct xdr_netobj gssx_buffer;
  25 typedef struct xdr_netobj utf8string;
  26 typedef struct xdr_netobj gssx_OID;
  27 
  28 enum gssx_cred_usage {
  29         GSSX_C_INITIATE = 1,
  30         GSSX_C_ACCEPT = 2,
  31         GSSX_C_BOTH = 3,
  32 };
  33 
  34 struct gssx_option {
  35         gssx_buffer option;
  36         gssx_buffer value;
  37 };
  38 
  39 struct gssx_option_array {
  40         u32 count;
  41         struct gssx_option *data;
  42 };
  43 
  44 struct gssx_status {
  45         u64 major_status;
  46         gssx_OID mech;
  47         u64 minor_status;
  48         utf8string major_status_string;
  49         utf8string minor_status_string;
  50         gssx_buffer server_ctx;
  51         struct gssx_option_array options;
  52 };
  53 
  54 struct gssx_call_ctx {
  55         utf8string locale;
  56         gssx_buffer server_ctx;
  57         struct gssx_option_array options;
  58 };
  59 
  60 struct gssx_name_attr {
  61         gssx_buffer attr;
  62         gssx_buffer value;
  63         struct gssx_option_array extensions;
  64 };
  65 
  66 struct gssx_name_attr_array {
  67         u32 count;
  68         struct gssx_name_attr *data;
  69 };
  70 
  71 struct gssx_name {
  72         gssx_buffer display_name;
  73 };
  74 typedef struct gssx_name gssx_name;
  75 
  76 struct gssx_cred_element {
  77         gssx_name MN;
  78         gssx_OID mech;
  79         u32 cred_usage;
  80         u64 initiator_time_rec;
  81         u64 acceptor_time_rec;
  82         struct gssx_option_array options;
  83 };
  84 
  85 struct gssx_cred_element_array {
  86         u32 count;
  87         struct gssx_cred_element *data;
  88 };
  89 
  90 struct gssx_cred {
  91         gssx_name desired_name;
  92         struct gssx_cred_element_array elements;
  93         gssx_buffer cred_handle_reference;
  94         u32 needs_release;
  95 };
  96 
  97 struct gssx_ctx {
  98         gssx_buffer exported_context_token;
  99         gssx_buffer state;
 100         u32 need_release;
 101         gssx_OID mech;
 102         gssx_name src_name;
 103         gssx_name targ_name;
 104         u64 lifetime;
 105         u64 ctx_flags;
 106         u32 locally_initiated;
 107         u32 open;
 108         struct gssx_option_array options;
 109 };
 110 
 111 struct gssx_cb {
 112         u64 initiator_addrtype;
 113         gssx_buffer initiator_address;
 114         u64 acceptor_addrtype;
 115         gssx_buffer acceptor_address;
 116         gssx_buffer application_data;
 117 };
 118 
 119 
 120 /* This structure is not defined in the protocol.
 121  * It is used in the kernel to carry around a big buffer
 122  * as a set of pages */
 123 struct gssp_in_token {
 124         struct page **pages;    /* Array of contiguous pages */
 125         unsigned int page_base; /* Start of page data */
 126         unsigned int page_len;  /* Length of page data */
 127 };
 128 
 129 struct gssx_arg_accept_sec_context {
 130         struct gssx_call_ctx call_ctx;
 131         struct gssx_ctx *context_handle;
 132         struct gssx_cred *cred_handle;
 133         struct gssp_in_token input_token;
 134         struct gssx_cb *input_cb;
 135         u32 ret_deleg_cred;
 136         struct gssx_option_array options;
 137         struct page **pages;
 138         unsigned int npages;
 139 };
 140 
 141 struct gssx_res_accept_sec_context {
 142         struct gssx_status status;
 143         struct gssx_ctx *context_handle;
 144         gssx_buffer *output_token;
 145         /* struct gssx_cred *delegated_cred_handle; not used in kernel */
 146         struct gssx_option_array options;
 147 };
 148 
 149 
 150 
 151 #define gssx_enc_indicate_mechs NULL
 152 #define gssx_dec_indicate_mechs NULL
 153 #define gssx_enc_get_call_context NULL
 154 #define gssx_dec_get_call_context NULL
 155 #define gssx_enc_import_and_canon_name NULL
 156 #define gssx_dec_import_and_canon_name NULL
 157 #define gssx_enc_export_cred NULL
 158 #define gssx_dec_export_cred NULL
 159 #define gssx_enc_import_cred NULL
 160 #define gssx_dec_import_cred NULL
 161 #define gssx_enc_acquire_cred NULL
 162 #define gssx_dec_acquire_cred NULL
 163 #define gssx_enc_store_cred NULL
 164 #define gssx_dec_store_cred NULL
 165 #define gssx_enc_init_sec_context NULL
 166 #define gssx_dec_init_sec_context NULL
 167 void gssx_enc_accept_sec_context(struct rpc_rqst *req,
 168                                  struct xdr_stream *xdr,
 169                                  const void *data);
 170 int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
 171                                 struct xdr_stream *xdr,
 172                                 void *data);
 173 #define gssx_enc_release_handle NULL
 174 #define gssx_dec_release_handle NULL
 175 #define gssx_enc_get_mic NULL
 176 #define gssx_dec_get_mic NULL
 177 #define gssx_enc_verify NULL
 178 #define gssx_dec_verify NULL
 179 #define gssx_enc_wrap NULL
 180 #define gssx_dec_wrap NULL
 181 #define gssx_enc_unwrap NULL
 182 #define gssx_dec_unwrap NULL
 183 #define gssx_enc_wrap_size_limit NULL
 184 #define gssx_dec_wrap_size_limit NULL
 185 
 186 /* non implemented calls are set to 0 size */
 187 #define GSSX_ARG_indicate_mechs_sz 0
 188 #define GSSX_RES_indicate_mechs_sz 0
 189 #define GSSX_ARG_get_call_context_sz 0
 190 #define GSSX_RES_get_call_context_sz 0
 191 #define GSSX_ARG_import_and_canon_name_sz 0
 192 #define GSSX_RES_import_and_canon_name_sz 0
 193 #define GSSX_ARG_export_cred_sz 0
 194 #define GSSX_RES_export_cred_sz 0
 195 #define GSSX_ARG_import_cred_sz 0
 196 #define GSSX_RES_import_cred_sz 0
 197 #define GSSX_ARG_acquire_cred_sz 0
 198 #define GSSX_RES_acquire_cred_sz 0
 199 #define GSSX_ARG_store_cred_sz 0
 200 #define GSSX_RES_store_cred_sz 0
 201 #define GSSX_ARG_init_sec_context_sz 0
 202 #define GSSX_RES_init_sec_context_sz 0
 203 
 204 #define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \
 205                         8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \
 206                         8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE))
 207 #define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \
 208                                         4 + 4 + 4)
 209 #define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */
 210 #define GSSX_default_in_token_sz 4 /* does *not* include token data */
 211 #define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */
 212 #define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \
 213                                         GSSX_default_in_ctx_hndl_sz + \
 214                                         GSSX_default_in_cred_sz + \
 215                                         GSSX_default_in_token_sz + \
 216                                         GSSX_default_in_cb_sz + \
 217                                         4 /* no deleg creds boolean */ + \
 218                                         4) /* empty options */
 219 
 220 /* somewhat arbitrary numbers but large enough (we ignore some of the data
 221  * sent down, but it is part of the protocol so we need enough space to take
 222  * it in) */
 223 #define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4
 224 #define GSSX_max_output_handle_sz 128
 225 #define GSSX_max_oid_sz 16
 226 #define GSSX_max_princ_sz 256
 227 #define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \
 228                              16 + 4 + GSSX_max_oid_sz + \
 229                              2 * GSSX_max_princ_sz + \
 230                              8 + 8 + 4 + 4 + 4)
 231 #define GSSX_max_output_token_sz 1024
 232 /* grouplist not included; we allocate separate pages for that: */
 233 #define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */)
 234 #define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \
 235                                         GSSX_default_ctx_sz + \
 236                                         GSSX_max_output_token_sz + \
 237                                         4 + GSSX_max_creds_sz)
 238 
 239 #define GSSX_ARG_release_handle_sz 0
 240 #define GSSX_RES_release_handle_sz 0
 241 #define GSSX_ARG_get_mic_sz 0
 242 #define GSSX_RES_get_mic_sz 0
 243 #define GSSX_ARG_verify_sz 0
 244 #define GSSX_RES_verify_sz 0
 245 #define GSSX_ARG_wrap_sz 0
 246 #define GSSX_RES_wrap_sz 0
 247 #define GSSX_ARG_unwrap_sz 0
 248 #define GSSX_RES_unwrap_sz 0
 249 #define GSSX_ARG_wrap_size_limit_sz 0
 250 #define GSSX_RES_wrap_size_limit_sz 0
 251 
 252 #endif /* _LINUX_GSS_RPC_XDR_H */
/* [<][>][^][v][top][bottom][index][help] */
root/net/sunrpc/auth_gss/gss_rpc_xdr.h

INCLUDED FROM
