linux/sunrpc/gss_api.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  * linux/include/linux/sunrpc/gss_api.h
0004  *
0005  * Somewhat simplified version of the gss api.
0006  *
0007  * Dug Song <dugsong@monkey.org>
0008  * Andy Adamson <andros@umich.edu>
0009  * Bruce Fields <bfields@umich.edu>
0010  * Copyright (c) 2000 The Regents of the University of Michigan
0011  */
0012
0013 #ifndef _LINUX_SUNRPC_GSS_API_H
0014 #define _LINUX_SUNRPC_GSS_API_H
0015
0016 #include <linux/sunrpc/xdr.h>
0017 #include <linux/sunrpc/msg_prot.h>
0018 #include <linux/uio.h>
0019
0020 /* The mechanism-independent gss-api context: */
0021 struct gss_ctx {
0022     struct gss_api_mech *mech_type;
0023     void            *internal_ctx_id;
0024     unsigned int        slack, align;
0025 };
0026
0027 #define GSS_C_NO_BUFFER     ((struct xdr_netobj) 0)
0028 #define GSS_C_NO_CONTEXT    ((struct gss_ctx *) 0)
0029 #define GSS_C_QOP_DEFAULT   (0)
0030
0031 /*XXX  arbitrary length - is this set somewhere? */
0032 #define GSS_OID_MAX_LEN 32
0033 struct rpcsec_gss_oid {
0034     unsigned int    len;
0035     u8      data[GSS_OID_MAX_LEN];
0036 };
0037
0038 /* From RFC 3530 */
0039 struct rpcsec_gss_info {
0040     struct rpcsec_gss_oid   oid;
0041     u32         qop;
0042     u32         service;
0043 };
0044
0045 /* gss-api prototypes; note that these are somewhat simplified versions of
0046  * the prototypes specified in RFC 2744. */
0047 int gss_import_sec_context(
0048         const void*     input_token,
0049         size_t          bufsize,
0050         struct gss_api_mech *mech,
0051         struct gss_ctx      **ctx_id,
0052         time64_t        *endtime,
0053         gfp_t           gfp_mask);
0054 u32 gss_get_mic(
0055         struct gss_ctx      *ctx_id,
0056         struct xdr_buf      *message,
0057         struct xdr_netobj   *mic_token);
0058 u32 gss_verify_mic(
0059         struct gss_ctx      *ctx_id,
0060         struct xdr_buf      *message,
0061         struct xdr_netobj   *mic_token);
0062 u32 gss_wrap(
0063         struct gss_ctx      *ctx_id,
0064         int         offset,
0065         struct xdr_buf      *outbuf,
0066         struct page     **inpages);
0067 u32 gss_unwrap(
0068         struct gss_ctx      *ctx_id,
0069         int         offset,
0070         int         len,
0071         struct xdr_buf      *inbuf);
0072 u32 gss_delete_sec_context(
0073         struct gss_ctx      **ctx_id);
0074
0075 rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
0076                     u32 service);
0077 u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
0078 bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor);
0079 char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
0080
0081 struct pf_desc {
0082     u32 pseudoflavor;
0083     u32 qop;
0084     u32 service;
0085     char    *name;
0086     char    *auth_domain_name;
0087     struct auth_domain *domain;
0088     bool    datatouch;
0089 };
0090
0091 /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
0092  * mechanisms may be dynamically registered or unregistered by modules. */
0093
0094 /* Each mechanism is described by the following struct: */
0095 struct gss_api_mech {
0096     struct list_head    gm_list;
0097     struct module       *gm_owner;
0098     struct rpcsec_gss_oid   gm_oid;
0099     char            *gm_name;
0100     const struct gss_api_ops *gm_ops;
0101     /* pseudoflavors supported by this mechanism: */
0102     int         gm_pf_num;
0103     struct pf_desc *    gm_pfs;
0104     /* Should the following be a callback operation instead? */
0105     const char      *gm_upcall_enctypes;
0106 };
0107
0108 /* and must provide the following operations: */
0109 struct gss_api_ops {
0110     int (*gss_import_sec_context)(
0111             const void      *input_token,
0112             size_t          bufsize,
0113             struct gss_ctx      *ctx_id,
0114             time64_t        *endtime,
0115             gfp_t           gfp_mask);
0116     u32 (*gss_get_mic)(
0117             struct gss_ctx      *ctx_id,
0118             struct xdr_buf      *message,
0119             struct xdr_netobj   *mic_token);
0120     u32 (*gss_verify_mic)(
0121             struct gss_ctx      *ctx_id,
0122             struct xdr_buf      *message,
0123             struct xdr_netobj   *mic_token);
0124     u32 (*gss_wrap)(
0125             struct gss_ctx      *ctx_id,
0126             int         offset,
0127             struct xdr_buf      *outbuf,
0128             struct page     **inpages);
0129     u32 (*gss_unwrap)(
0130             struct gss_ctx      *ctx_id,
0131             int         offset,
0132             int         len,
0133             struct xdr_buf      *buf);
0134     void (*gss_delete_sec_context)(
0135             void            *internal_ctx_id);
0136 };
0137
0138 int gss_mech_register(struct gss_api_mech *);
0139 void gss_mech_unregister(struct gss_api_mech *);
0140
0141 /* returns a mechanism descriptor given an OID, and increments the mechanism's
0142  * reference count. */
0143 struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *);
0144
0145 /* Given a GSS security tuple, look up a pseudoflavor */
0146 rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
0147
0148 /* Given a pseudoflavor, look up a GSS security tuple */
0149 int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
0150
0151 /* Returns a reference to a mechanism, given a name like "krb5" etc. */
0152 struct gss_api_mech *gss_mech_get_by_name(const char *);
0153
0154 /* Similar, but get by pseudoflavor. */
0155 struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
0156
0157 struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
0158
0159 /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
0160  * corresponding call to gss_mech_put. */
0161 void gss_mech_put(struct gss_api_mech *);
0162
0163 #endif /* _LINUX_SUNRPC_GSS_API_H */
0164