1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * linux/include/linux/sunrpc/gss_api.h 4 * 5 * Somewhat simplified version of the gss api. 6 * 7 * Dug Song <dugsong@monkey.org> 8 * Andy Adamson <andros@umich.edu> 9 * Bruce Fields <bfields@umich.edu> 10 * Copyright (c) 2000 The Regents of the University of Michigan 11 */ 12 13 #ifndef _LINUX_SUNRPC_GSS_API_H 14 #define _LINUX_SUNRPC_GSS_API_H 15 16 #ifdef __KERNEL__ 17 #include <linux/sunrpc/xdr.h> 18 #include <linux/sunrpc/msg_prot.h> 19 #include <linux/uio.h> 20 21 /* The mechanism-independent gss-api context: */ 22 struct gss_ctx { 23 struct gss_api_mech *mech_type; 24 void *internal_ctx_id; 25 unsigned int slack, align; 26 }; 27 28 #define GSS_C_NO_BUFFER ((struct xdr_netobj) 0) 29 #define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0) 30 #define GSS_C_QOP_DEFAULT (0) 31 32 /*XXX arbitrary length - is this set somewhere? */ 33 #define GSS_OID_MAX_LEN 32 34 struct rpcsec_gss_oid { 35 unsigned int len; 36 u8 data[GSS_OID_MAX_LEN]; 37 }; 38 39 /* From RFC 3530 */ 40 struct rpcsec_gss_info { 41 struct rpcsec_gss_oid oid; 42 u32 qop; 43 u32 service; 44 }; 45 46 /* gss-api prototypes; note that these are somewhat simplified versions of 47 * the prototypes specified in RFC 2744. */ 48 int gss_import_sec_context( 49 const void* input_token, 50 size_t bufsize, 51 struct gss_api_mech *mech, 52 struct gss_ctx **ctx_id, 53 time_t *endtime, 54 gfp_t gfp_mask); 55 u32 gss_get_mic( 56 struct gss_ctx *ctx_id, 57 struct xdr_buf *message, 58 struct xdr_netobj *mic_token); 59 u32 gss_verify_mic( 60 struct gss_ctx *ctx_id, 61 struct xdr_buf *message, 62 struct xdr_netobj *mic_token); 63 u32 gss_wrap( 64 struct gss_ctx *ctx_id, 65 int offset, 66 struct xdr_buf *outbuf, 67 struct page **inpages); 68 u32 gss_unwrap( 69 struct gss_ctx *ctx_id, 70 int offset, 71 int len, 72 struct xdr_buf *inbuf); 73 u32 gss_delete_sec_context( 74 struct gss_ctx **ctx_id); 75 76 rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop, 77 u32 service); 78 u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor); 79 bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor); 80 char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service); 81 82 struct pf_desc { 83 u32 pseudoflavor; 84 u32 qop; 85 u32 service; 86 char *name; 87 char *auth_domain_name; 88 struct auth_domain *domain; 89 bool datatouch; 90 }; 91 92 /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and 93 * mechanisms may be dynamically registered or unregistered by modules. */ 94 95 /* Each mechanism is described by the following struct: */ 96 struct gss_api_mech { 97 struct list_head gm_list; 98 struct module *gm_owner; 99 struct rpcsec_gss_oid gm_oid; 100 char *gm_name; 101 const struct gss_api_ops *gm_ops; 102 /* pseudoflavors supported by this mechanism: */ 103 int gm_pf_num; 104 struct pf_desc * gm_pfs; 105 /* Should the following be a callback operation instead? */ 106 const char *gm_upcall_enctypes; 107 }; 108 109 /* and must provide the following operations: */ 110 struct gss_api_ops { 111 int (*gss_import_sec_context)( 112 const void *input_token, 113 size_t bufsize, 114 struct gss_ctx *ctx_id, 115 time_t *endtime, 116 gfp_t gfp_mask); 117 u32 (*gss_get_mic)( 118 struct gss_ctx *ctx_id, 119 struct xdr_buf *message, 120 struct xdr_netobj *mic_token); 121 u32 (*gss_verify_mic)( 122 struct gss_ctx *ctx_id, 123 struct xdr_buf *message, 124 struct xdr_netobj *mic_token); 125 u32 (*gss_wrap)( 126 struct gss_ctx *ctx_id, 127 int offset, 128 struct xdr_buf *outbuf, 129 struct page **inpages); 130 u32 (*gss_unwrap)( 131 struct gss_ctx *ctx_id, 132 int offset, 133 int len, 134 struct xdr_buf *buf); 135 void (*gss_delete_sec_context)( 136 void *internal_ctx_id); 137 }; 138 139 int gss_mech_register(struct gss_api_mech *); 140 void gss_mech_unregister(struct gss_api_mech *); 141 142 /* returns a mechanism descriptor given an OID, and increments the mechanism's 143 * reference count. */ 144 struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *); 145 146 /* Given a GSS security tuple, look up a pseudoflavor */ 147 rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *); 148 149 /* Given a pseudoflavor, look up a GSS security tuple */ 150 int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *); 151 152 /* Returns a reference to a mechanism, given a name like "krb5" etc. */ 153 struct gss_api_mech *gss_mech_get_by_name(const char *); 154 155 /* Similar, but get by pseudoflavor. */ 156 struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32); 157 158 /* Fill in an array with a list of supported pseudoflavors */ 159 int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int); 160 161 struct gss_api_mech * gss_mech_get(struct gss_api_mech *); 162 163 /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a 164 * corresponding call to gss_mech_put. */ 165 void gss_mech_put(struct gss_api_mech *); 166 167 #endif /* __KERNEL__ */ 168 #endif /* _LINUX_SUNRPC_GSS_API_H */ 169 170