1 /* SPDX-License-Identifier: GPL-2.0+ */ 2 /* 3 * GSS Proxy upcall module 4 * 5 * Copyright (C) 2012 Simo Sorce <simo@redhat.com> 6 */ 7 8 #ifndef _LINUX_GSS_RPC_XDR_H 9 #define _LINUX_GSS_RPC_XDR_H 10 11 #include <linux/sunrpc/xdr.h> 12 #include <linux/sunrpc/clnt.h> 13 #include <linux/sunrpc/xprtsock.h> 14 15 #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) 16 # define RPCDBG_FACILITY RPCDBG_AUTH 17 #endif 18 19 #define LUCID_OPTION "exported_context_type" 20 #define LUCID_VALUE "linux_lucid_v1" 21 #define CREDS_OPTION "exported_creds_type" 22 #define CREDS_VALUE "linux_creds_v1" 23 24 typedef struct xdr_netobj gssx_buffer; 25 typedef struct xdr_netobj utf8string; 26 typedef struct xdr_netobj gssx_OID; 27 28 enum gssx_cred_usage { 29 GSSX_C_INITIATE = 1, 30 GSSX_C_ACCEPT = 2, 31 GSSX_C_BOTH = 3, 32 }; 33 34 struct gssx_option { 35 gssx_buffer option; 36 gssx_buffer value; 37 }; 38 39 struct gssx_option_array { 40 u32 count; 41 struct gssx_option *data; 42 }; 43 44 struct gssx_status { 45 u64 major_status; 46 gssx_OID mech; 47 u64 minor_status; 48 utf8string major_status_string; 49 utf8string minor_status_string; 50 gssx_buffer server_ctx; 51 struct gssx_option_array options; 52 }; 53 54 struct gssx_call_ctx { 55 utf8string locale; 56 gssx_buffer server_ctx; 57 struct gssx_option_array options; 58 }; 59 60 struct gssx_name_attr { 61 gssx_buffer attr; 62 gssx_buffer value; 63 struct gssx_option_array extensions; 64 }; 65 66 struct gssx_name_attr_array { 67 u32 count; 68 struct gssx_name_attr *data; 69 }; 70 71 struct gssx_name { 72 gssx_buffer display_name; 73 }; 74 typedef struct gssx_name gssx_name; 75 76 struct gssx_cred_element { 77 gssx_name MN; 78 gssx_OID mech; 79 u32 cred_usage; 80 u64 initiator_time_rec; 81 u64 acceptor_time_rec; 82 struct gssx_option_array options; 83 }; 84 85 struct gssx_cred_element_array { 86 u32 count; 87 struct gssx_cred_element *data; 88 }; 89 90 struct gssx_cred { 91 gssx_name desired_name; 92 struct gssx_cred_element_array elements; 93 gssx_buffer cred_handle_reference; 94 u32 needs_release; 95 }; 96 97 struct gssx_ctx { 98 gssx_buffer exported_context_token; 99 gssx_buffer state; 100 u32 need_release; 101 gssx_OID mech; 102 gssx_name src_name; 103 gssx_name targ_name; 104 u64 lifetime; 105 u64 ctx_flags; 106 u32 locally_initiated; 107 u32 open; 108 struct gssx_option_array options; 109 }; 110 111 struct gssx_cb { 112 u64 initiator_addrtype; 113 gssx_buffer initiator_address; 114 u64 acceptor_addrtype; 115 gssx_buffer acceptor_address; 116 gssx_buffer application_data; 117 }; 118 119 120 /* This structure is not defined in the protocol. 121 * It is used in the kernel to carry around a big buffer 122 * as a set of pages */ 123 struct gssp_in_token { 124 struct page **pages; /* Array of contiguous pages */ 125 unsigned int page_base; /* Start of page data */ 126 unsigned int page_len; /* Length of page data */ 127 }; 128 129 struct gssx_arg_accept_sec_context { 130 struct gssx_call_ctx call_ctx; 131 struct gssx_ctx *context_handle; 132 struct gssx_cred *cred_handle; 133 struct gssp_in_token input_token; 134 struct gssx_cb *input_cb; 135 u32 ret_deleg_cred; 136 struct gssx_option_array options; 137 struct page **pages; 138 unsigned int npages; 139 }; 140 141 struct gssx_res_accept_sec_context { 142 struct gssx_status status; 143 struct gssx_ctx *context_handle; 144 gssx_buffer *output_token; 145 /* struct gssx_cred *delegated_cred_handle; not used in kernel */ 146 struct gssx_option_array options; 147 }; 148 149 150 151 #define gssx_enc_indicate_mechs NULL 152 #define gssx_dec_indicate_mechs NULL 153 #define gssx_enc_get_call_context NULL 154 #define gssx_dec_get_call_context NULL 155 #define gssx_enc_import_and_canon_name NULL 156 #define gssx_dec_import_and_canon_name NULL 157 #define gssx_enc_export_cred NULL 158 #define gssx_dec_export_cred NULL 159 #define gssx_enc_import_cred NULL 160 #define gssx_dec_import_cred NULL 161 #define gssx_enc_acquire_cred NULL 162 #define gssx_dec_acquire_cred NULL 163 #define gssx_enc_store_cred NULL 164 #define gssx_dec_store_cred NULL 165 #define gssx_enc_init_sec_context NULL 166 #define gssx_dec_init_sec_context NULL 167 void gssx_enc_accept_sec_context(struct rpc_rqst *req, 168 struct xdr_stream *xdr, 169 const void *data); 170 int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, 171 struct xdr_stream *xdr, 172 void *data); 173 #define gssx_enc_release_handle NULL 174 #define gssx_dec_release_handle NULL 175 #define gssx_enc_get_mic NULL 176 #define gssx_dec_get_mic NULL 177 #define gssx_enc_verify NULL 178 #define gssx_dec_verify NULL 179 #define gssx_enc_wrap NULL 180 #define gssx_dec_wrap NULL 181 #define gssx_enc_unwrap NULL 182 #define gssx_dec_unwrap NULL 183 #define gssx_enc_wrap_size_limit NULL 184 #define gssx_dec_wrap_size_limit NULL 185 186 /* non implemented calls are set to 0 size */ 187 #define GSSX_ARG_indicate_mechs_sz 0 188 #define GSSX_RES_indicate_mechs_sz 0 189 #define GSSX_ARG_get_call_context_sz 0 190 #define GSSX_RES_get_call_context_sz 0 191 #define GSSX_ARG_import_and_canon_name_sz 0 192 #define GSSX_RES_import_and_canon_name_sz 0 193 #define GSSX_ARG_export_cred_sz 0 194 #define GSSX_RES_export_cred_sz 0 195 #define GSSX_ARG_import_cred_sz 0 196 #define GSSX_RES_import_cred_sz 0 197 #define GSSX_ARG_acquire_cred_sz 0 198 #define GSSX_RES_acquire_cred_sz 0 199 #define GSSX_ARG_store_cred_sz 0 200 #define GSSX_RES_store_cred_sz 0 201 #define GSSX_ARG_init_sec_context_sz 0 202 #define GSSX_RES_init_sec_context_sz 0 203 204 #define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \ 205 8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \ 206 8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE)) 207 #define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \ 208 4 + 4 + 4) 209 #define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */ 210 #define GSSX_default_in_token_sz 4 /* does *not* include token data */ 211 #define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */ 212 #define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \ 213 GSSX_default_in_ctx_hndl_sz + \ 214 GSSX_default_in_cred_sz + \ 215 GSSX_default_in_token_sz + \ 216 GSSX_default_in_cb_sz + \ 217 4 /* no deleg creds boolean */ + \ 218 4) /* empty options */ 219 220 /* somewhat arbitrary numbers but large enough (we ignore some of the data 221 * sent down, but it is part of the protocol so we need enough space to take 222 * it in) */ 223 #define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4 224 #define GSSX_max_output_handle_sz 128 225 #define GSSX_max_oid_sz 16 226 #define GSSX_max_princ_sz 256 227 #define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \ 228 16 + 4 + GSSX_max_oid_sz + \ 229 2 * GSSX_max_princ_sz + \ 230 8 + 8 + 4 + 4 + 4) 231 #define GSSX_max_output_token_sz 1024 232 /* grouplist not included; we allocate separate pages for that: */ 233 #define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */) 234 #define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \ 235 GSSX_default_ctx_sz + \ 236 GSSX_max_output_token_sz + \ 237 4 + GSSX_max_creds_sz) 238 239 #define GSSX_ARG_release_handle_sz 0 240 #define GSSX_RES_release_handle_sz 0 241 #define GSSX_ARG_get_mic_sz 0 242 #define GSSX_RES_get_mic_sz 0 243 #define GSSX_ARG_verify_sz 0 244 #define GSSX_RES_verify_sz 0 245 #define GSSX_ARG_wrap_sz 0 246 #define GSSX_RES_wrap_sz 0 247 #define GSSX_ARG_unwrap_sz 0 248 #define GSSX_RES_unwrap_sz 0 249 #define GSSX_ARG_wrap_size_limit_sz 0 250 #define GSSX_RES_wrap_size_limit_sz 0 251 252 #endif /* _LINUX_GSS_RPC_XDR_H */ 253