projects / mirror_ubuntu-eoan-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
| 1da177e4 | 2 | /* |
| f30c2269 | 3 | * linux/include/linux/sunrpc/gss_api.h |
| 1da177e4 LT |
4 | * |
| 5 | * Somewhat simplified version of the gss api. | |
| 6 | * | |
| 7 | * Dug Song <dugsong@monkey.org> | |
| 8 | * Andy Adamson <andros@umich.edu> | |
| 9 | * Bruce Fields <bfields@umich.edu> | |
| 10 | * Copyright (c) 2000 The Regents of the University of Michigan | |
| 1da177e4 LT |
11 | */ |
| 12 | ||
| 13 | #ifndef _LINUX_SUNRPC_GSS_API_H | |
| 14 | #define _LINUX_SUNRPC_GSS_API_H | |
| 15 | ||
| 16 | #ifdef __KERNEL__ | |
| 17 | #include <linux/sunrpc/xdr.h> | |
| 6a1a1e34 | 18 | #include <linux/sunrpc/msg_prot.h> |
| 1da177e4 LT |
19 | #include <linux/uio.h> |
| 20 | ||
| 21 | /* The mechanism-independent gss-api context: */ | |
| 22 | struct gss_ctx { | |
| 23 | struct gss_api_mech *mech_type; | |
| 24 | void *internal_ctx_id; | |
| 25 | }; | |
| 26 | ||
| 27 | #define GSS_C_NO_BUFFER ((struct xdr_netobj) 0) | |
| 28 | #define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0) | |
| 83523d08 | 29 | #define GSS_C_QOP_DEFAULT (0) |
| 1da177e4 LT |
30 | |
| 31 | /*XXX arbitrary length - is this set somewhere? */ | |
| 32 | #define GSS_OID_MAX_LEN 32 | |
| fb15b26f CL |
33 | struct rpcsec_gss_oid { |
| 34 | unsigned int len; | |
| 35 | u8 data[GSS_OID_MAX_LEN]; | |
| 36 | }; | |
| 37 | ||
| 38 | /* From RFC 3530 */ | |
| 39 | struct rpcsec_gss_info { | |
| 40 | struct rpcsec_gss_oid oid; | |
| 41 | u32 qop; | |
| 42 | u32 service; | |
| 43 | }; | |
| 1da177e4 LT |
44 | |
| 45 | /* gss-api prototypes; note that these are somewhat simplified versions of | |
| 46 | * the prototypes specified in RFC 2744. */ | |
| 47 | int gss_import_sec_context( | |
| 48 | const void* input_token, | |
| 49 | size_t bufsize, | |
| 50 | struct gss_api_mech *mech, | |
| 1f4c86c0 | 51 | struct gss_ctx **ctx_id, |
| 400f26b5 | 52 | time_t *endtime, |
| 1f4c86c0 | 53 | gfp_t gfp_mask); |
| 1da177e4 LT |
54 | u32 gss_get_mic( |
| 55 | struct gss_ctx *ctx_id, | |
| 1da177e4 LT |
56 | struct xdr_buf *message, |
| 57 | struct xdr_netobj *mic_token); | |
| 58 | u32 gss_verify_mic( | |
| 59 | struct gss_ctx *ctx_id, | |
| 60 | struct xdr_buf *message, | |
| 00fd6e14 | 61 | struct xdr_netobj *mic_token); |
| 293f1eb5 BF |
62 | u32 gss_wrap( |
| 63 | struct gss_ctx *ctx_id, | |
| 293f1eb5 BF |
64 | int offset, |
| 65 | struct xdr_buf *outbuf, | |
| 66 | struct page **inpages); | |
| 67 | u32 gss_unwrap( | |
| 68 | struct gss_ctx *ctx_id, | |
| 293f1eb5 BF |
69 | int offset, |
| 70 | struct xdr_buf *inbuf); | |
| 1da177e4 LT |
71 | u32 gss_delete_sec_context( |
| 72 | struct gss_ctx **ctx_id); | |
| 73 | ||
| 83523d08 CL |
74 | rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop, |
| 75 | u32 service); | |
| 1da177e4 | 76 | u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor); |
| 65b80179 | 77 | bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor); |
| 1da177e4 LT |
78 | char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service); |
| 79 | ||
| 80 | struct pf_desc { | |
| 81 | u32 pseudoflavor; | |
| 83523d08 | 82 | u32 qop; |
| 1da177e4 LT |
83 | u32 service; |
| 84 | char *name; | |
| 85 | char *auth_domain_name; | |
| 65b80179 | 86 | bool datatouch; |
| 1da177e4 LT |
87 | }; |
| 88 | ||
| 89 | /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and | |
| 90 | * mechanisms may be dynamically registered or unregistered by modules. */ | |
| 91 | ||
| 92 | /* Each mechanism is described by the following struct: */ | |
| 93 | struct gss_api_mech { | |
| 94 | struct list_head gm_list; | |
| 95 | struct module *gm_owner; | |
| fb15b26f | 96 | struct rpcsec_gss_oid gm_oid; |
| 1da177e4 | 97 | char *gm_name; |
| f1c0a861 | 98 | const struct gss_api_ops *gm_ops; |
| 1da177e4 LT |
99 | /* pseudoflavors supported by this mechanism: */ |
| 100 | int gm_pf_num; | |
| 101 | struct pf_desc * gm_pfs; | |
| 683ac665 TM |
102 | /* Should the following be a callback operation instead? */ |
| 103 | const char *gm_upcall_enctypes; | |
| 1da177e4 LT |
104 | }; |
| 105 | ||
| 106 | /* and must provide the following operations: */ | |
| 107 | struct gss_api_ops { | |
| 108 | int (*gss_import_sec_context)( | |
| 109 | const void *input_token, | |
| 110 | size_t bufsize, | |
| 1f4c86c0 | 111 | struct gss_ctx *ctx_id, |
| 400f26b5 | 112 | time_t *endtime, |
| 1f4c86c0 | 113 | gfp_t gfp_mask); |
| 1da177e4 LT |
114 | u32 (*gss_get_mic)( |
| 115 | struct gss_ctx *ctx_id, | |
| 1da177e4 LT |
116 | struct xdr_buf *message, |
| 117 | struct xdr_netobj *mic_token); | |
| 118 | u32 (*gss_verify_mic)( | |
| 119 | struct gss_ctx *ctx_id, | |
| 120 | struct xdr_buf *message, | |
| 00fd6e14 | 121 | struct xdr_netobj *mic_token); |
| 293f1eb5 BF |
122 | u32 (*gss_wrap)( |
| 123 | struct gss_ctx *ctx_id, | |
| 293f1eb5 BF |
124 | int offset, |
| 125 | struct xdr_buf *outbuf, | |
| 126 | struct page **inpages); | |
| 127 | u32 (*gss_unwrap)( | |
| 128 | struct gss_ctx *ctx_id, | |
| 293f1eb5 BF |
129 | int offset, |
| 130 | struct xdr_buf *buf); | |
| 1da177e4 LT |
131 | void (*gss_delete_sec_context)( |
| 132 | void *internal_ctx_id); | |
| 133 | }; | |
| 134 | ||
| 135 | int gss_mech_register(struct gss_api_mech *); | |
| 136 | void gss_mech_unregister(struct gss_api_mech *); | |
| 137 | ||
| 138 | /* returns a mechanism descriptor given an OID, and increments the mechanism's | |
| 139 | * reference count. */ | |
| b1df7637 BF |
140 | struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *); |
| 141 | ||
| 9568c5e9 CL |
142 | /* Given a GSS security tuple, look up a pseudoflavor */ |
| 143 | rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *); | |
| 1da177e4 | 144 | |
| a77c806f CL |
145 | /* Given a pseudoflavor, look up a GSS security tuple */ |
| 146 | int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *); | |
| 1da177e4 LT |
147 | |
| 148 | /* Returns a reference to a mechanism, given a name like "krb5" etc. */ | |
| 149 | struct gss_api_mech *gss_mech_get_by_name(const char *); | |
| 150 | ||
| 151 | /* Similar, but get by pseudoflavor. */ | |
| 152 | struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32); | |
| 153 | ||
| 8f70e95f | 154 | /* Fill in an array with a list of supported pseudoflavors */ |
| 6a1a1e34 | 155 | int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int); |
| 8f70e95f | 156 | |
| 0dc1531a BF |
157 | struct gss_api_mech * gss_mech_get(struct gss_api_mech *); |
| 158 | ||
| d6e05edc | 159 | /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a |
| 1da177e4 LT |
160 | * corresponding call to gss_mech_put. */ |
| 161 | void gss_mech_put(struct gss_api_mech *); | |
| 162 | ||
| 163 | #endif /* __KERNEL__ */ | |
| 164 | #endif /* _LINUX_SUNRPC_GSS_API_H */ | |
| 165 |