1 /* 2 * GSS Proxy upcall module 3 * 4 * Copyright (C) 2012 Simo Sorce <simo@redhat.com> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 */ 20 21 #ifndef _LINUX_GSS_RPC_XDR_H 22 #define _LINUX_GSS_RPC_XDR_H 23 24 #include <linux/sunrpc/xdr.h> 25 #include <linux/sunrpc/clnt.h> 26 #include <linux/sunrpc/xprtsock.h> 27 28 #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) 29 # define RPCDBG_FACILITY RPCDBG_AUTH 30 #endif 31 32 #define LUCID_OPTION "exported_context_type" 33 #define LUCID_VALUE "linux_lucid_v1" 34 #define CREDS_OPTION "exported_creds_type" 35 #define CREDS_VALUE "linux_creds_v1" 36 37 typedef struct xdr_netobj gssx_buffer; 38 typedef struct xdr_netobj utf8string; 39 typedef struct xdr_netobj gssx_OID; 40 41 enum gssx_cred_usage { 42 GSSX_C_INITIATE = 1, 43 GSSX_C_ACCEPT = 2, 44 GSSX_C_BOTH = 3, 45 }; 46 47 struct gssx_option { 48 gssx_buffer option; 49 gssx_buffer value; 50 }; 51 52 struct gssx_option_array { 53 u32 count; 54 struct gssx_option *data; 55 }; 56 57 struct gssx_status { 58 u64 major_status; 59 gssx_OID mech; 60 u64 minor_status; 61 utf8string major_status_string; 62 utf8string minor_status_string; 63 gssx_buffer server_ctx; 64 struct gssx_option_array options; 65 }; 66 67 struct gssx_call_ctx { 68 utf8string locale; 69 gssx_buffer server_ctx; 70 struct gssx_option_array options; 71 }; 72 73 struct gssx_name_attr { 74 gssx_buffer attr; 75 gssx_buffer value; 76 struct gssx_option_array extensions; 77 }; 78 79 struct gssx_name_attr_array { 80 u32 count; 81 struct gssx_name_attr *data; 82 }; 83 84 struct gssx_name { 85 gssx_buffer display_name; 86 }; 87 typedef struct gssx_name gssx_name; 88 89 struct gssx_cred_element { 90 gssx_name MN; 91 gssx_OID mech; 92 u32 cred_usage; 93 u64 initiator_time_rec; 94 u64 acceptor_time_rec; 95 struct gssx_option_array options; 96 }; 97 98 struct gssx_cred_element_array { 99 u32 count; 100 struct gssx_cred_element *data; 101 }; 102 103 struct gssx_cred { 104 gssx_name desired_name; 105 struct gssx_cred_element_array elements; 106 gssx_buffer cred_handle_reference; 107 u32 needs_release; 108 }; 109 110 struct gssx_ctx { 111 gssx_buffer exported_context_token; 112 gssx_buffer state; 113 u32 need_release; 114 gssx_OID mech; 115 gssx_name src_name; 116 gssx_name targ_name; 117 u64 lifetime; 118 u64 ctx_flags; 119 u32 locally_initiated; 120 u32 open; 121 struct gssx_option_array options; 122 }; 123 124 struct gssx_cb { 125 u64 initiator_addrtype; 126 gssx_buffer initiator_address; 127 u64 acceptor_addrtype; 128 gssx_buffer acceptor_address; 129 gssx_buffer application_data; 130 }; 131 132 133 /* This structure is not defined in the protocol. 134 * It is used in the kernel to carry around a big buffer 135 * as a set of pages */ 136 struct gssp_in_token { 137 struct page **pages; /* Array of contiguous pages */ 138 unsigned int page_base; /* Start of page data */ 139 unsigned int page_len; /* Length of page data */ 140 }; 141 142 struct gssx_arg_accept_sec_context { 143 struct gssx_call_ctx call_ctx; 144 struct gssx_ctx *context_handle; 145 struct gssx_cred *cred_handle; 146 struct gssp_in_token input_token; 147 struct gssx_cb *input_cb; 148 u32 ret_deleg_cred; 149 struct gssx_option_array options; 150 struct page **pages; 151 unsigned int npages; 152 }; 153 154 struct gssx_res_accept_sec_context { 155 struct gssx_status status; 156 struct gssx_ctx *context_handle; 157 gssx_buffer *output_token; 158 /* struct gssx_cred *delegated_cred_handle; not used in kernel */ 159 struct gssx_option_array options; 160 }; 161 162 163 164 #define gssx_enc_indicate_mechs NULL 165 #define gssx_dec_indicate_mechs NULL 166 #define gssx_enc_get_call_context NULL 167 #define gssx_dec_get_call_context NULL 168 #define gssx_enc_import_and_canon_name NULL 169 #define gssx_dec_import_and_canon_name NULL 170 #define gssx_enc_export_cred NULL 171 #define gssx_dec_export_cred NULL 172 #define gssx_enc_import_cred NULL 173 #define gssx_dec_import_cred NULL 174 #define gssx_enc_acquire_cred NULL 175 #define gssx_dec_acquire_cred NULL 176 #define gssx_enc_store_cred NULL 177 #define gssx_dec_store_cred NULL 178 #define gssx_enc_init_sec_context NULL 179 #define gssx_dec_init_sec_context NULL 180 void gssx_enc_accept_sec_context(struct rpc_rqst *req, 181 struct xdr_stream *xdr, 182 const void *data); 183 int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, 184 struct xdr_stream *xdr, 185 void *data); 186 #define gssx_enc_release_handle NULL 187 #define gssx_dec_release_handle NULL 188 #define gssx_enc_get_mic NULL 189 #define gssx_dec_get_mic NULL 190 #define gssx_enc_verify NULL 191 #define gssx_dec_verify NULL 192 #define gssx_enc_wrap NULL 193 #define gssx_dec_wrap NULL 194 #define gssx_enc_unwrap NULL 195 #define gssx_dec_unwrap NULL 196 #define gssx_enc_wrap_size_limit NULL 197 #define gssx_dec_wrap_size_limit NULL 198 199 /* non implemented calls are set to 0 size */ 200 #define GSSX_ARG_indicate_mechs_sz 0 201 #define GSSX_RES_indicate_mechs_sz 0 202 #define GSSX_ARG_get_call_context_sz 0 203 #define GSSX_RES_get_call_context_sz 0 204 #define GSSX_ARG_import_and_canon_name_sz 0 205 #define GSSX_RES_import_and_canon_name_sz 0 206 #define GSSX_ARG_export_cred_sz 0 207 #define GSSX_RES_export_cred_sz 0 208 #define GSSX_ARG_import_cred_sz 0 209 #define GSSX_RES_import_cred_sz 0 210 #define GSSX_ARG_acquire_cred_sz 0 211 #define GSSX_RES_acquire_cred_sz 0 212 #define GSSX_ARG_store_cred_sz 0 213 #define GSSX_RES_store_cred_sz 0 214 #define GSSX_ARG_init_sec_context_sz 0 215 #define GSSX_RES_init_sec_context_sz 0 216 217 #define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \ 218 8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \ 219 8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE)) 220 #define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \ 221 4 + 4 + 4) 222 #define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */ 223 #define GSSX_default_in_token_sz 4 /* does *not* include token data */ 224 #define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */ 225 #define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \ 226 GSSX_default_in_ctx_hndl_sz + \ 227 GSSX_default_in_cred_sz + \ 228 GSSX_default_in_token_sz + \ 229 GSSX_default_in_cb_sz + \ 230 4 /* no deleg creds boolean */ + \ 231 4) /* empty options */ 232 233 /* somewhat arbitrary numbers but large enough (we ignore some of the data 234 * sent down, but it is part of the protocol so we need enough space to take 235 * it in) */ 236 #define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4 237 #define GSSX_max_output_handle_sz 128 238 #define GSSX_max_oid_sz 16 239 #define GSSX_max_princ_sz 256 240 #define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \ 241 16 + 4 + GSSX_max_oid_sz + \ 242 2 * GSSX_max_princ_sz + \ 243 8 + 8 + 4 + 4 + 4) 244 #define GSSX_max_output_token_sz 1024 245 /* grouplist not included; we allocate separate pages for that: */ 246 #define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */) 247 #define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \ 248 GSSX_default_ctx_sz + \ 249 GSSX_max_output_token_sz + \ 250 4 + GSSX_max_creds_sz) 251 252 #define GSSX_ARG_release_handle_sz 0 253 #define GSSX_RES_release_handle_sz 0 254 #define GSSX_ARG_get_mic_sz 0 255 #define GSSX_RES_get_mic_sz 0 256 #define GSSX_ARG_verify_sz 0 257 #define GSSX_RES_verify_sz 0 258 #define GSSX_ARG_wrap_sz 0 259 #define GSSX_RES_wrap_sz 0 260 #define GSSX_ARG_unwrap_sz 0 261 #define GSSX_RES_unwrap_sz 0 262 #define GSSX_ARG_wrap_size_limit_sz 0 263 #define GSSX_RES_wrap_size_limit_sz 0 264 265 266 267 #endif /* _LINUX_GSS_RPC_XDR_H */ 268