linux/sunrpc/auth_gss.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  * linux/include/linux/sunrpc/auth_gss.h
0004  *
0005  * Declarations for RPCSEC_GSS
0006  *
0007  * Dug Song <dugsong@monkey.org>
0008  * Andy Adamson <andros@umich.edu>
0009  * Bruce Fields <bfields@umich.edu>
0010  * Copyright (c) 2000 The Regents of the University of Michigan
0011  */
0012
0013 #ifndef _LINUX_SUNRPC_AUTH_GSS_H
0014 #define _LINUX_SUNRPC_AUTH_GSS_H
0015
0016 #include <linux/refcount.h>
0017 #include <linux/sunrpc/auth.h>
0018 #include <linux/sunrpc/svc.h>
0019 #include <linux/sunrpc/gss_api.h>
0020
0021 #define RPC_GSS_VERSION     1
0022
0023 #define MAXSEQ 0x80000000 /* maximum legal sequence number, from rfc 2203 */
0024
0025 enum rpc_gss_proc {
0026     RPC_GSS_PROC_DATA = 0,
0027     RPC_GSS_PROC_INIT = 1,
0028     RPC_GSS_PROC_CONTINUE_INIT = 2,
0029     RPC_GSS_PROC_DESTROY = 3
0030 };
0031
0032 enum rpc_gss_svc {
0033     RPC_GSS_SVC_NONE = 1,
0034     RPC_GSS_SVC_INTEGRITY = 2,
0035     RPC_GSS_SVC_PRIVACY = 3
0036 };
0037
0038 /* on-the-wire gss cred: */
0039 struct rpc_gss_wire_cred {
0040     u32         gc_v;       /* version */
0041     u32         gc_proc;    /* control procedure */
0042     u32         gc_seq;     /* sequence number */
0043     u32         gc_svc;     /* service */
0044     struct xdr_netobj   gc_ctx;     /* context handle */
0045 };
0046
0047 /* on-the-wire gss verifier: */
0048 struct rpc_gss_wire_verf {
0049     u32         gv_flavor;
0050     struct xdr_netobj   gv_verf;
0051 };
0052
0053 /* return from gss NULL PROC init sec context */
0054 struct rpc_gss_init_res {
0055     struct xdr_netobj   gr_ctx;     /* context handle */
0056     u32         gr_major;   /* major status */
0057     u32         gr_minor;   /* minor status */
0058     u32         gr_win;     /* sequence window */
0059     struct xdr_netobj   gr_token;   /* token */
0060 };
0061
0062 /* The gss_cl_ctx struct holds all the information the rpcsec_gss client
0063  * code needs to know about a single security context.  In particular,
0064  * gc_gss_ctx is the context handle that is used to do gss-api calls, while
0065  * gc_wire_ctx is the context handle that is used to identify the context on
0066  * the wire when communicating with a server. */
0067
0068 struct gss_cl_ctx {
0069     refcount_t      count;
0070     enum rpc_gss_proc   gc_proc;
0071     u32         gc_seq;
0072     u32         gc_seq_xmit;
0073     spinlock_t      gc_seq_lock;
0074     struct gss_ctx      *gc_gss_ctx;
0075     struct xdr_netobj   gc_wire_ctx;
0076     struct xdr_netobj   gc_acceptor;
0077     u32         gc_win;
0078     unsigned long       gc_expiry;
0079     struct rcu_head     gc_rcu;
0080 };
0081
0082 struct gss_upcall_msg;
0083 struct gss_cred {
0084     struct rpc_cred     gc_base;
0085     enum rpc_gss_svc    gc_service;
0086     struct gss_cl_ctx __rcu *gc_ctx;
0087     struct gss_upcall_msg   *gc_upcall;
0088     const char      *gc_principal;
0089     unsigned long       gc_upcall_timestamp;
0090 };
0091
0092 #endif /* _LINUX_SUNRPC_AUTH_GSS_H */
0093