1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * linux/include/linux/sunrpc/gss_api.h 4 * 5 * Somewhat simplified version of the gss api. 6 * 7 * Dug Song <dugsong@monkey.org> 8 * Andy Adamson <andros@umich.edu> 9 * Bruce Fields <bfields@umich.edu> 10 * Copyright (c) 2000 The Regents of the University of Michigan 11 */ 12 13 #ifndef _LINUX_SUNRPC_GSS_API_H 14 #define _LINUX_SUNRPC_GSS_API_H 15 16 #include <linux/sunrpc/xdr.h> 17 #include <linux/sunrpc/msg_prot.h> 18 #include <linux/uio.h> 19 20 /* The mechanism-independent gss-api context: */ 21 struct gss_ctx { 22 struct gss_api_mech *mech_type; 23 void *internal_ctx_id; 24 unsigned int slack, align; 25 }; 26 27 #define GSS_C_NO_BUFFER ((struct xdr_netobj) 0) 28 #define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0) 29 #define GSS_C_QOP_DEFAULT (0) 30 31 /*XXX arbitrary length - is this set somewhere? */ 32 #define GSS_OID_MAX_LEN 32 33 struct rpcsec_gss_oid { 34 unsigned int len; 35 u8 data[GSS_OID_MAX_LEN]; 36 }; 37 38 /* From RFC 3530 */ 39 struct rpcsec_gss_info { 40 struct rpcsec_gss_oid oid; 41 u32 qop; 42 u32 service; 43 }; 44 45 /* gss-api prototypes; note that these are somewhat simplified versions of 46 * the prototypes specified in RFC 2744. */ 47 int gss_import_sec_context( 48 const void* input_token, 49 size_t bufsize, 50 struct gss_api_mech *mech, 51 struct gss_ctx **ctx_id, 52 time64_t *endtime, 53 gfp_t gfp_mask); 54 u32 gss_get_mic( 55 struct gss_ctx *ctx_id, 56 struct xdr_buf *message, 57 struct xdr_netobj *mic_token); 58 u32 gss_verify_mic( 59 struct gss_ctx *ctx_id, 60 struct xdr_buf *message, 61 struct xdr_netobj *mic_token); 62 u32 gss_wrap( 63 struct gss_ctx *ctx_id, 64 int offset, 65 struct xdr_buf *outbuf, 66 struct page **inpages); 67 u32 gss_unwrap( 68 struct gss_ctx *ctx_id, 69 int offset, 70 int len, 71 struct xdr_buf *inbuf); 72 u32 gss_delete_sec_context( 73 struct gss_ctx **ctx_id); 74 75 rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop, 76 u32 service); 77 u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor); 78 bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor); 79 char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service); 80 81 struct pf_desc { 82 u32 pseudoflavor; 83 u32 qop; 84 u32 service; 85 char *name; 86 char *auth_domain_name; 87 struct auth_domain *domain; 88 bool datatouch; 89 }; 90 91 /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and 92 * mechanisms may be dynamically registered or unregistered by modules. */ 93 94 /* Each mechanism is described by the following struct: */ 95 struct gss_api_mech { 96 struct list_head gm_list; 97 struct module *gm_owner; 98 struct rpcsec_gss_oid gm_oid; 99 char *gm_name; 100 const struct gss_api_ops *gm_ops; 101 /* pseudoflavors supported by this mechanism: */ 102 int gm_pf_num; 103 struct pf_desc * gm_pfs; 104 /* Should the following be a callback operation instead? */ 105 const char *gm_upcall_enctypes; 106 }; 107 108 /* and must provide the following operations: */ 109 struct gss_api_ops { 110 int (*gss_import_sec_context)( 111 const void *input_token, 112 size_t bufsize, 113 struct gss_ctx *ctx_id, 114 time64_t *endtime, 115 gfp_t gfp_mask); 116 u32 (*gss_get_mic)( 117 struct gss_ctx *ctx_id, 118 struct xdr_buf *message, 119 struct xdr_netobj *mic_token); 120 u32 (*gss_verify_mic)( 121 struct gss_ctx *ctx_id, 122 struct xdr_buf *message, 123 struct xdr_netobj *mic_token); 124 u32 (*gss_wrap)( 125 struct gss_ctx *ctx_id, 126 int offset, 127 struct xdr_buf *outbuf, 128 struct page **inpages); 129 u32 (*gss_unwrap)( 130 struct gss_ctx *ctx_id, 131 int offset, 132 int len, 133 struct xdr_buf *buf); 134 void (*gss_delete_sec_context)( 135 void *internal_ctx_id); 136 }; 137 138 int gss_mech_register(struct gss_api_mech *); 139 void gss_mech_unregister(struct gss_api_mech *); 140 141 /* returns a mechanism descriptor given an OID, and increments the mechanism's 142 * reference count. */ 143 struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *); 144 145 /* Given a GSS security tuple, look up a pseudoflavor */ 146 rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *); 147 148 /* Given a pseudoflavor, look up a GSS security tuple */ 149 int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *); 150 151 /* Returns a reference to a mechanism, given a name like "krb5" etc. */ 152 struct gss_api_mech *gss_mech_get_by_name(const char *); 153 154 /* Similar, but get by pseudoflavor. */ 155 struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32); 156 157 struct gss_api_mech * gss_mech_get(struct gss_api_mech *); 158 159 /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a 160 * corresponding call to gss_mech_put. */ 161 void gss_mech_put(struct gss_api_mech *); 162 163 #endif /* _LINUX_SUNRPC_GSS_API_H */ 164 165