xref: /openbmc/linux/include/linux/sunrpc/gss_api.h (revision 24c5efe4)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * linux/include/linux/sunrpc/gss_api.h
4  *
5  * Somewhat simplified version of the gss api.
6  *
7  * Dug Song <dugsong@monkey.org>
8  * Andy Adamson <andros@umich.edu>
9  * Bruce Fields <bfields@umich.edu>
10  * Copyright (c) 2000 The Regents of the University of Michigan
11  */
12 
13 #ifndef _LINUX_SUNRPC_GSS_API_H
14 #define _LINUX_SUNRPC_GSS_API_H
15 
16 #include <linux/sunrpc/xdr.h>
17 #include <linux/sunrpc/msg_prot.h>
18 #include <linux/uio.h>
19 
20 /* The mechanism-independent gss-api context: */
21 struct gss_ctx {
22 	struct gss_api_mech	*mech_type;
23 	void			*internal_ctx_id;
24 	unsigned int		slack, align;
25 };
26 
27 #define GSS_C_NO_BUFFER		((struct xdr_netobj) 0)
28 #define GSS_C_NO_CONTEXT	((struct gss_ctx *) 0)
29 #define GSS_C_QOP_DEFAULT	(0)
30 
31 /*XXX  arbitrary length - is this set somewhere? */
32 #define GSS_OID_MAX_LEN 32
33 struct rpcsec_gss_oid {
34 	unsigned int	len;
35 	u8		data[GSS_OID_MAX_LEN];
36 };
37 
38 /* From RFC 3530 */
39 struct rpcsec_gss_info {
40 	struct rpcsec_gss_oid	oid;
41 	u32			qop;
42 	u32			service;
43 };
44 
45 /* gss-api prototypes; note that these are somewhat simplified versions of
46  * the prototypes specified in RFC 2744. */
47 int gss_import_sec_context(
48 		const void*		input_token,
49 		size_t			bufsize,
50 		struct gss_api_mech	*mech,
51 		struct gss_ctx		**ctx_id,
52 		time64_t		*endtime,
53 		gfp_t			gfp_mask);
54 u32 gss_get_mic(
55 		struct gss_ctx		*ctx_id,
56 		struct xdr_buf		*message,
57 		struct xdr_netobj	*mic_token);
58 u32 gss_verify_mic(
59 		struct gss_ctx		*ctx_id,
60 		struct xdr_buf		*message,
61 		struct xdr_netobj	*mic_token);
62 u32 gss_wrap(
63 		struct gss_ctx		*ctx_id,
64 		int			offset,
65 		struct xdr_buf		*outbuf,
66 		struct page		**inpages);
67 u32 gss_unwrap(
68 		struct gss_ctx		*ctx_id,
69 		int			offset,
70 		int			len,
71 		struct xdr_buf		*inbuf);
72 u32 gss_delete_sec_context(
73 		struct gss_ctx		**ctx_id);
74 
75 rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
76 					u32 service);
77 u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
78 bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor);
79 char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
80 
81 struct pf_desc {
82 	u32	pseudoflavor;
83 	u32	qop;
84 	u32	service;
85 	char	*name;
86 	char	*auth_domain_name;
87 	struct auth_domain *domain;
88 	bool	datatouch;
89 };
90 
91 /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
92  * mechanisms may be dynamically registered or unregistered by modules. */
93 
94 /* Each mechanism is described by the following struct: */
95 struct gss_api_mech {
96 	struct list_head	gm_list;
97 	struct module		*gm_owner;
98 	struct rpcsec_gss_oid	gm_oid;
99 	char			*gm_name;
100 	const struct gss_api_ops *gm_ops;
101 	/* pseudoflavors supported by this mechanism: */
102 	int			gm_pf_num;
103 	struct pf_desc *	gm_pfs;
104 	/* Should the following be a callback operation instead? */
105 	const char		*gm_upcall_enctypes;
106 };
107 
108 /* and must provide the following operations: */
109 struct gss_api_ops {
110 	int (*gss_import_sec_context)(
111 			const void		*input_token,
112 			size_t			bufsize,
113 			struct gss_ctx		*ctx_id,
114 			time64_t		*endtime,
115 			gfp_t			gfp_mask);
116 	u32 (*gss_get_mic)(
117 			struct gss_ctx		*ctx_id,
118 			struct xdr_buf		*message,
119 			struct xdr_netobj	*mic_token);
120 	u32 (*gss_verify_mic)(
121 			struct gss_ctx		*ctx_id,
122 			struct xdr_buf		*message,
123 			struct xdr_netobj	*mic_token);
124 	u32 (*gss_wrap)(
125 			struct gss_ctx		*ctx_id,
126 			int			offset,
127 			struct xdr_buf		*outbuf,
128 			struct page		**inpages);
129 	u32 (*gss_unwrap)(
130 			struct gss_ctx		*ctx_id,
131 			int			offset,
132 			int			len,
133 			struct xdr_buf		*buf);
134 	void (*gss_delete_sec_context)(
135 			void			*internal_ctx_id);
136 };
137 
138 int gss_mech_register(struct gss_api_mech *);
139 void gss_mech_unregister(struct gss_api_mech *);
140 
141 /* returns a mechanism descriptor given an OID, and increments the mechanism's
142  * reference count. */
143 struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *);
144 
145 /* Given a GSS security tuple, look up a pseudoflavor */
146 rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
147 
148 /* Given a pseudoflavor, look up a GSS security tuple */
149 int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
150 
151 /* Returns a reference to a mechanism, given a name like "krb5" etc. */
152 struct gss_api_mech *gss_mech_get_by_name(const char *);
153 
154 /* Similar, but get by pseudoflavor. */
155 struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
156 
157 struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
158 
159 /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
160  * corresponding call to gss_mech_put. */
161 void gss_mech_put(struct gss_api_mech *);
162 
163 #endif /* _LINUX_SUNRPC_GSS_API_H */
164 
165