12573a464SChuck Lever /* SPDX-License-Identifier: GPL-2.0+ */ 21d658336SSimo Sorce /* 31d658336SSimo Sorce * GSS Proxy upcall module 41d658336SSimo Sorce * 51d658336SSimo Sorce * Copyright (C) 2012 Simo Sorce <simo@redhat.com> 61d658336SSimo Sorce */ 71d658336SSimo Sorce 81d658336SSimo Sorce #ifndef _LINUX_GSS_RPC_XDR_H 91d658336SSimo Sorce #define _LINUX_GSS_RPC_XDR_H 101d658336SSimo Sorce 111d658336SSimo Sorce #include <linux/sunrpc/xdr.h> 121d658336SSimo Sorce #include <linux/sunrpc/clnt.h> 131d658336SSimo Sorce #include <linux/sunrpc/xprtsock.h> 141d658336SSimo Sorce 15f895b252SJeff Layton #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) 161d658336SSimo Sorce # define RPCDBG_FACILITY RPCDBG_AUTH 171d658336SSimo Sorce #endif 181d658336SSimo Sorce 191d658336SSimo Sorce #define LUCID_OPTION "exported_context_type" 201d658336SSimo Sorce #define LUCID_VALUE "linux_lucid_v1" 211d658336SSimo Sorce #define CREDS_OPTION "exported_creds_type" 221d658336SSimo Sorce #define CREDS_VALUE "linux_creds_v1" 231d658336SSimo Sorce 241d658336SSimo Sorce typedef struct xdr_netobj gssx_buffer; 251d658336SSimo Sorce typedef struct xdr_netobj utf8string; 261d658336SSimo Sorce typedef struct xdr_netobj gssx_OID; 271d658336SSimo Sorce 281d658336SSimo Sorce enum gssx_cred_usage { 291d658336SSimo Sorce GSSX_C_INITIATE = 1, 301d658336SSimo Sorce GSSX_C_ACCEPT = 2, 311d658336SSimo Sorce GSSX_C_BOTH = 3, 321d658336SSimo Sorce }; 331d658336SSimo Sorce 341d658336SSimo Sorce struct gssx_option { 351d658336SSimo Sorce gssx_buffer option; 361d658336SSimo Sorce gssx_buffer value; 371d658336SSimo Sorce }; 381d658336SSimo Sorce 391d658336SSimo Sorce struct gssx_option_array { 401d658336SSimo Sorce u32 count; 411d658336SSimo Sorce struct gssx_option *data; 421d658336SSimo Sorce }; 431d658336SSimo Sorce 441d658336SSimo Sorce struct gssx_status { 451d658336SSimo Sorce u64 major_status; 461d658336SSimo Sorce gssx_OID mech; 471d658336SSimo Sorce u64 minor_status; 481d658336SSimo Sorce utf8string major_status_string; 491d658336SSimo Sorce utf8string minor_status_string; 501d658336SSimo Sorce gssx_buffer server_ctx; 511d658336SSimo Sorce struct gssx_option_array options; 521d658336SSimo Sorce }; 531d658336SSimo Sorce 541d658336SSimo Sorce struct gssx_call_ctx { 551d658336SSimo Sorce utf8string locale; 561d658336SSimo Sorce gssx_buffer server_ctx; 571d658336SSimo Sorce struct gssx_option_array options; 581d658336SSimo Sorce }; 591d658336SSimo Sorce 601d658336SSimo Sorce struct gssx_name_attr { 611d658336SSimo Sorce gssx_buffer attr; 621d658336SSimo Sorce gssx_buffer value; 631d658336SSimo Sorce struct gssx_option_array extensions; 641d658336SSimo Sorce }; 651d658336SSimo Sorce 661d658336SSimo Sorce struct gssx_name_attr_array { 671d658336SSimo Sorce u32 count; 681d658336SSimo Sorce struct gssx_name_attr *data; 691d658336SSimo Sorce }; 701d658336SSimo Sorce 711d658336SSimo Sorce struct gssx_name { 721d658336SSimo Sorce gssx_buffer display_name; 731d658336SSimo Sorce }; 741d658336SSimo Sorce typedef struct gssx_name gssx_name; 751d658336SSimo Sorce 761d658336SSimo Sorce struct gssx_cred_element { 771d658336SSimo Sorce gssx_name MN; 781d658336SSimo Sorce gssx_OID mech; 791d658336SSimo Sorce u32 cred_usage; 801d658336SSimo Sorce u64 initiator_time_rec; 811d658336SSimo Sorce u64 acceptor_time_rec; 821d658336SSimo Sorce struct gssx_option_array options; 831d658336SSimo Sorce }; 841d658336SSimo Sorce 851d658336SSimo Sorce struct gssx_cred_element_array { 861d658336SSimo Sorce u32 count; 871d658336SSimo Sorce struct gssx_cred_element *data; 881d658336SSimo Sorce }; 891d658336SSimo Sorce 901d658336SSimo Sorce struct gssx_cred { 911d658336SSimo Sorce gssx_name desired_name; 921d658336SSimo Sorce struct gssx_cred_element_array elements; 931d658336SSimo Sorce gssx_buffer cred_handle_reference; 941d658336SSimo Sorce u32 needs_release; 951d658336SSimo Sorce }; 961d658336SSimo Sorce 971d658336SSimo Sorce struct gssx_ctx { 981d658336SSimo Sorce gssx_buffer exported_context_token; 991d658336SSimo Sorce gssx_buffer state; 1001d658336SSimo Sorce u32 need_release; 1011d658336SSimo Sorce gssx_OID mech; 1021d658336SSimo Sorce gssx_name src_name; 1031d658336SSimo Sorce gssx_name targ_name; 1041d658336SSimo Sorce u64 lifetime; 1051d658336SSimo Sorce u64 ctx_flags; 1061d658336SSimo Sorce u32 locally_initiated; 1071d658336SSimo Sorce u32 open; 1081d658336SSimo Sorce struct gssx_option_array options; 1091d658336SSimo Sorce }; 1101d658336SSimo Sorce 1111d658336SSimo Sorce struct gssx_cb { 1121d658336SSimo Sorce u64 initiator_addrtype; 1131d658336SSimo Sorce gssx_buffer initiator_address; 1141d658336SSimo Sorce u64 acceptor_addrtype; 1151d658336SSimo Sorce gssx_buffer acceptor_address; 1161d658336SSimo Sorce gssx_buffer application_data; 1171d658336SSimo Sorce }; 1181d658336SSimo Sorce 1191d658336SSimo Sorce 1201d658336SSimo Sorce /* This structure is not defined in the protocol. 1211d658336SSimo Sorce * It is used in the kernel to carry around a big buffer 1221d658336SSimo Sorce * as a set of pages */ 1231d658336SSimo Sorce struct gssp_in_token { 1241d658336SSimo Sorce struct page **pages; /* Array of contiguous pages */ 1251d658336SSimo Sorce unsigned int page_base; /* Start of page data */ 1261d658336SSimo Sorce unsigned int page_len; /* Length of page data */ 1271d658336SSimo Sorce }; 1281d658336SSimo Sorce 1291d658336SSimo Sorce struct gssx_arg_accept_sec_context { 1301d658336SSimo Sorce struct gssx_call_ctx call_ctx; 1311d658336SSimo Sorce struct gssx_ctx *context_handle; 1321d658336SSimo Sorce struct gssx_cred *cred_handle; 1331d658336SSimo Sorce struct gssp_in_token input_token; 1341d658336SSimo Sorce struct gssx_cb *input_cb; 1351d658336SSimo Sorce u32 ret_deleg_cred; 1361d658336SSimo Sorce struct gssx_option_array options; 1379dfd87daSJ. Bruce Fields struct page **pages; 1389dfd87daSJ. Bruce Fields unsigned int npages; 1391d658336SSimo Sorce }; 1401d658336SSimo Sorce 1411d658336SSimo Sorce struct gssx_res_accept_sec_context { 1421d658336SSimo Sorce struct gssx_status status; 1431d658336SSimo Sorce struct gssx_ctx *context_handle; 1441d658336SSimo Sorce gssx_buffer *output_token; 1451d658336SSimo Sorce /* struct gssx_cred *delegated_cred_handle; not used in kernel */ 1461d658336SSimo Sorce struct gssx_option_array options; 1471d658336SSimo Sorce }; 1481d658336SSimo Sorce 1491d658336SSimo Sorce 1501d658336SSimo Sorce 1511d658336SSimo Sorce #define gssx_enc_indicate_mechs NULL 1521d658336SSimo Sorce #define gssx_dec_indicate_mechs NULL 1531d658336SSimo Sorce #define gssx_enc_get_call_context NULL 1541d658336SSimo Sorce #define gssx_dec_get_call_context NULL 1551d658336SSimo Sorce #define gssx_enc_import_and_canon_name NULL 1561d658336SSimo Sorce #define gssx_dec_import_and_canon_name NULL 1571d658336SSimo Sorce #define gssx_enc_export_cred NULL 1581d658336SSimo Sorce #define gssx_dec_export_cred NULL 1591d658336SSimo Sorce #define gssx_enc_import_cred NULL 1601d658336SSimo Sorce #define gssx_dec_import_cred NULL 1611d658336SSimo Sorce #define gssx_enc_acquire_cred NULL 1621d658336SSimo Sorce #define gssx_dec_acquire_cred NULL 1631d658336SSimo Sorce #define gssx_enc_store_cred NULL 1641d658336SSimo Sorce #define gssx_dec_store_cred NULL 1651d658336SSimo Sorce #define gssx_enc_init_sec_context NULL 1661d658336SSimo Sorce #define gssx_dec_init_sec_context NULL 1671d658336SSimo Sorce void gssx_enc_accept_sec_context(struct rpc_rqst *req, 1681d658336SSimo Sorce struct xdr_stream *xdr, 16989daf360SChristoph Hellwig const void *data); 1701d658336SSimo Sorce int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, 1711d658336SSimo Sorce struct xdr_stream *xdr, 172305c6241SChristoph Hellwig void *data); 1731d658336SSimo Sorce #define gssx_enc_release_handle NULL 1741d658336SSimo Sorce #define gssx_dec_release_handle NULL 1751d658336SSimo Sorce #define gssx_enc_get_mic NULL 1761d658336SSimo Sorce #define gssx_dec_get_mic NULL 1771d658336SSimo Sorce #define gssx_enc_verify NULL 1781d658336SSimo Sorce #define gssx_dec_verify NULL 1791d658336SSimo Sorce #define gssx_enc_wrap NULL 1801d658336SSimo Sorce #define gssx_dec_wrap NULL 1811d658336SSimo Sorce #define gssx_enc_unwrap NULL 1821d658336SSimo Sorce #define gssx_dec_unwrap NULL 1831d658336SSimo Sorce #define gssx_enc_wrap_size_limit NULL 1841d658336SSimo Sorce #define gssx_dec_wrap_size_limit NULL 1851d658336SSimo Sorce 1861d658336SSimo Sorce /* non implemented calls are set to 0 size */ 1871d658336SSimo Sorce #define GSSX_ARG_indicate_mechs_sz 0 1881d658336SSimo Sorce #define GSSX_RES_indicate_mechs_sz 0 1891d658336SSimo Sorce #define GSSX_ARG_get_call_context_sz 0 1901d658336SSimo Sorce #define GSSX_RES_get_call_context_sz 0 1911d658336SSimo Sorce #define GSSX_ARG_import_and_canon_name_sz 0 1921d658336SSimo Sorce #define GSSX_RES_import_and_canon_name_sz 0 1931d658336SSimo Sorce #define GSSX_ARG_export_cred_sz 0 1941d658336SSimo Sorce #define GSSX_RES_export_cred_sz 0 1951d658336SSimo Sorce #define GSSX_ARG_import_cred_sz 0 1961d658336SSimo Sorce #define GSSX_RES_import_cred_sz 0 1971d658336SSimo Sorce #define GSSX_ARG_acquire_cred_sz 0 1981d658336SSimo Sorce #define GSSX_RES_acquire_cred_sz 0 1991d658336SSimo Sorce #define GSSX_ARG_store_cred_sz 0 2001d658336SSimo Sorce #define GSSX_RES_store_cred_sz 0 2011d658336SSimo Sorce #define GSSX_ARG_init_sec_context_sz 0 2021d658336SSimo Sorce #define GSSX_RES_init_sec_context_sz 0 2031d658336SSimo Sorce 2041d658336SSimo Sorce #define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \ 2051d658336SSimo Sorce 8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \ 2061d658336SSimo Sorce 8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE)) 2071d658336SSimo Sorce #define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \ 2081d658336SSimo Sorce 4 + 4 + 4) 2091d658336SSimo Sorce #define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */ 2101d658336SSimo Sorce #define GSSX_default_in_token_sz 4 /* does *not* include token data */ 2111d658336SSimo Sorce #define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */ 2121d658336SSimo Sorce #define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \ 2131d658336SSimo Sorce GSSX_default_in_ctx_hndl_sz + \ 2141d658336SSimo Sorce GSSX_default_in_cred_sz + \ 2151d658336SSimo Sorce GSSX_default_in_token_sz + \ 2161d658336SSimo Sorce GSSX_default_in_cb_sz + \ 2171d658336SSimo Sorce 4 /* no deleg creds boolean */ + \ 2181d658336SSimo Sorce 4) /* empty options */ 2191d658336SSimo Sorce 2201d658336SSimo Sorce /* somewhat arbitrary numbers but large enough (we ignore some of the data 2211d658336SSimo Sorce * sent down, but it is part of the protocol so we need enough space to take 2221d658336SSimo Sorce * it in) */ 2231d658336SSimo Sorce #define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4 2241d658336SSimo Sorce #define GSSX_max_output_handle_sz 128 2251d658336SSimo Sorce #define GSSX_max_oid_sz 16 2261d658336SSimo Sorce #define GSSX_max_princ_sz 256 2271d658336SSimo Sorce #define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \ 2281d658336SSimo Sorce 16 + 4 + GSSX_max_oid_sz + \ 2291d658336SSimo Sorce 2 * GSSX_max_princ_sz + \ 2301d658336SSimo Sorce 8 + 8 + 4 + 4 + 4) 2311d658336SSimo Sorce #define GSSX_max_output_token_sz 1024 2329dfd87daSJ. Bruce Fields /* grouplist not included; we allocate separate pages for that: */ 2339dfd87daSJ. Bruce Fields #define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */) 2341d658336SSimo Sorce #define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \ 2351d658336SSimo Sorce GSSX_default_ctx_sz + \ 2361d658336SSimo Sorce GSSX_max_output_token_sz + \ 2371d658336SSimo Sorce 4 + GSSX_max_creds_sz) 2381d658336SSimo Sorce 2391d658336SSimo Sorce #define GSSX_ARG_release_handle_sz 0 2401d658336SSimo Sorce #define GSSX_RES_release_handle_sz 0 2411d658336SSimo Sorce #define GSSX_ARG_get_mic_sz 0 2421d658336SSimo Sorce #define GSSX_RES_get_mic_sz 0 2431d658336SSimo Sorce #define GSSX_ARG_verify_sz 0 2441d658336SSimo Sorce #define GSSX_RES_verify_sz 0 2451d658336SSimo Sorce #define GSSX_ARG_wrap_sz 0 2461d658336SSimo Sorce #define GSSX_RES_wrap_sz 0 2471d658336SSimo Sorce #define GSSX_ARG_unwrap_sz 0 2481d658336SSimo Sorce #define GSSX_RES_unwrap_sz 0 2491d658336SSimo Sorce #define GSSX_ARG_wrap_size_limit_sz 0 2501d658336SSimo Sorce #define GSSX_RES_wrap_size_limit_sz 0 2511d658336SSimo Sorce 2521d658336SSimo Sorce #endif /* _LINUX_GSS_RPC_XDR_H */ 253