xref: /OK3568_Linux_fs/kernel/include/linux/sunrpc/gss_api.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun  * linux/include/linux/sunrpc/gss_api.h
4*4882a593Smuzhiyun  *
5*4882a593Smuzhiyun  * Somewhat simplified version of the gss api.
6*4882a593Smuzhiyun  *
7*4882a593Smuzhiyun  * Dug Song <dugsong@monkey.org>
8*4882a593Smuzhiyun  * Andy Adamson <andros@umich.edu>
9*4882a593Smuzhiyun  * Bruce Fields <bfields@umich.edu>
10*4882a593Smuzhiyun  * Copyright (c) 2000 The Regents of the University of Michigan
11*4882a593Smuzhiyun  */
12*4882a593Smuzhiyun 
13*4882a593Smuzhiyun #ifndef _LINUX_SUNRPC_GSS_API_H
14*4882a593Smuzhiyun #define _LINUX_SUNRPC_GSS_API_H
15*4882a593Smuzhiyun 
16*4882a593Smuzhiyun #include <linux/sunrpc/xdr.h>
17*4882a593Smuzhiyun #include <linux/sunrpc/msg_prot.h>
18*4882a593Smuzhiyun #include <linux/uio.h>
19*4882a593Smuzhiyun 
20*4882a593Smuzhiyun /* The mechanism-independent gss-api context: */
21*4882a593Smuzhiyun struct gss_ctx {
22*4882a593Smuzhiyun 	struct gss_api_mech	*mech_type;
23*4882a593Smuzhiyun 	void			*internal_ctx_id;
24*4882a593Smuzhiyun 	unsigned int		slack, align;
25*4882a593Smuzhiyun };
26*4882a593Smuzhiyun 
27*4882a593Smuzhiyun #define GSS_C_NO_BUFFER		((struct xdr_netobj) 0)
28*4882a593Smuzhiyun #define GSS_C_NO_CONTEXT	((struct gss_ctx *) 0)
29*4882a593Smuzhiyun #define GSS_C_QOP_DEFAULT	(0)
30*4882a593Smuzhiyun 
31*4882a593Smuzhiyun /*XXX  arbitrary length - is this set somewhere? */
32*4882a593Smuzhiyun #define GSS_OID_MAX_LEN 32
33*4882a593Smuzhiyun struct rpcsec_gss_oid {
34*4882a593Smuzhiyun 	unsigned int	len;
35*4882a593Smuzhiyun 	u8		data[GSS_OID_MAX_LEN];
36*4882a593Smuzhiyun };
37*4882a593Smuzhiyun 
38*4882a593Smuzhiyun /* From RFC 3530 */
39*4882a593Smuzhiyun struct rpcsec_gss_info {
40*4882a593Smuzhiyun 	struct rpcsec_gss_oid	oid;
41*4882a593Smuzhiyun 	u32			qop;
42*4882a593Smuzhiyun 	u32			service;
43*4882a593Smuzhiyun };
44*4882a593Smuzhiyun 
45*4882a593Smuzhiyun /* gss-api prototypes; note that these are somewhat simplified versions of
46*4882a593Smuzhiyun  * the prototypes specified in RFC 2744. */
47*4882a593Smuzhiyun int gss_import_sec_context(
48*4882a593Smuzhiyun 		const void*		input_token,
49*4882a593Smuzhiyun 		size_t			bufsize,
50*4882a593Smuzhiyun 		struct gss_api_mech	*mech,
51*4882a593Smuzhiyun 		struct gss_ctx		**ctx_id,
52*4882a593Smuzhiyun 		time64_t		*endtime,
53*4882a593Smuzhiyun 		gfp_t			gfp_mask);
54*4882a593Smuzhiyun u32 gss_get_mic(
55*4882a593Smuzhiyun 		struct gss_ctx		*ctx_id,
56*4882a593Smuzhiyun 		struct xdr_buf		*message,
57*4882a593Smuzhiyun 		struct xdr_netobj	*mic_token);
58*4882a593Smuzhiyun u32 gss_verify_mic(
59*4882a593Smuzhiyun 		struct gss_ctx		*ctx_id,
60*4882a593Smuzhiyun 		struct xdr_buf		*message,
61*4882a593Smuzhiyun 		struct xdr_netobj	*mic_token);
62*4882a593Smuzhiyun u32 gss_wrap(
63*4882a593Smuzhiyun 		struct gss_ctx		*ctx_id,
64*4882a593Smuzhiyun 		int			offset,
65*4882a593Smuzhiyun 		struct xdr_buf		*outbuf,
66*4882a593Smuzhiyun 		struct page		**inpages);
67*4882a593Smuzhiyun u32 gss_unwrap(
68*4882a593Smuzhiyun 		struct gss_ctx		*ctx_id,
69*4882a593Smuzhiyun 		int			offset,
70*4882a593Smuzhiyun 		int			len,
71*4882a593Smuzhiyun 		struct xdr_buf		*inbuf);
72*4882a593Smuzhiyun u32 gss_delete_sec_context(
73*4882a593Smuzhiyun 		struct gss_ctx		**ctx_id);
74*4882a593Smuzhiyun 
75*4882a593Smuzhiyun rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
76*4882a593Smuzhiyun 					u32 service);
77*4882a593Smuzhiyun u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
78*4882a593Smuzhiyun bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor);
79*4882a593Smuzhiyun char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
80*4882a593Smuzhiyun 
81*4882a593Smuzhiyun struct pf_desc {
82*4882a593Smuzhiyun 	u32	pseudoflavor;
83*4882a593Smuzhiyun 	u32	qop;
84*4882a593Smuzhiyun 	u32	service;
85*4882a593Smuzhiyun 	char	*name;
86*4882a593Smuzhiyun 	char	*auth_domain_name;
87*4882a593Smuzhiyun 	struct auth_domain *domain;
88*4882a593Smuzhiyun 	bool	datatouch;
89*4882a593Smuzhiyun };
90*4882a593Smuzhiyun 
91*4882a593Smuzhiyun /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
92*4882a593Smuzhiyun  * mechanisms may be dynamically registered or unregistered by modules. */
93*4882a593Smuzhiyun 
94*4882a593Smuzhiyun /* Each mechanism is described by the following struct: */
95*4882a593Smuzhiyun struct gss_api_mech {
96*4882a593Smuzhiyun 	struct list_head	gm_list;
97*4882a593Smuzhiyun 	struct module		*gm_owner;
98*4882a593Smuzhiyun 	struct rpcsec_gss_oid	gm_oid;
99*4882a593Smuzhiyun 	char			*gm_name;
100*4882a593Smuzhiyun 	const struct gss_api_ops *gm_ops;
101*4882a593Smuzhiyun 	/* pseudoflavors supported by this mechanism: */
102*4882a593Smuzhiyun 	int			gm_pf_num;
103*4882a593Smuzhiyun 	struct pf_desc *	gm_pfs;
104*4882a593Smuzhiyun 	/* Should the following be a callback operation instead? */
105*4882a593Smuzhiyun 	const char		*gm_upcall_enctypes;
106*4882a593Smuzhiyun };
107*4882a593Smuzhiyun 
108*4882a593Smuzhiyun /* and must provide the following operations: */
109*4882a593Smuzhiyun struct gss_api_ops {
110*4882a593Smuzhiyun 	int (*gss_import_sec_context)(
111*4882a593Smuzhiyun 			const void		*input_token,
112*4882a593Smuzhiyun 			size_t			bufsize,
113*4882a593Smuzhiyun 			struct gss_ctx		*ctx_id,
114*4882a593Smuzhiyun 			time64_t		*endtime,
115*4882a593Smuzhiyun 			gfp_t			gfp_mask);
116*4882a593Smuzhiyun 	u32 (*gss_get_mic)(
117*4882a593Smuzhiyun 			struct gss_ctx		*ctx_id,
118*4882a593Smuzhiyun 			struct xdr_buf		*message,
119*4882a593Smuzhiyun 			struct xdr_netobj	*mic_token);
120*4882a593Smuzhiyun 	u32 (*gss_verify_mic)(
121*4882a593Smuzhiyun 			struct gss_ctx		*ctx_id,
122*4882a593Smuzhiyun 			struct xdr_buf		*message,
123*4882a593Smuzhiyun 			struct xdr_netobj	*mic_token);
124*4882a593Smuzhiyun 	u32 (*gss_wrap)(
125*4882a593Smuzhiyun 			struct gss_ctx		*ctx_id,
126*4882a593Smuzhiyun 			int			offset,
127*4882a593Smuzhiyun 			struct xdr_buf		*outbuf,
128*4882a593Smuzhiyun 			struct page		**inpages);
129*4882a593Smuzhiyun 	u32 (*gss_unwrap)(
130*4882a593Smuzhiyun 			struct gss_ctx		*ctx_id,
131*4882a593Smuzhiyun 			int			offset,
132*4882a593Smuzhiyun 			int			len,
133*4882a593Smuzhiyun 			struct xdr_buf		*buf);
134*4882a593Smuzhiyun 	void (*gss_delete_sec_context)(
135*4882a593Smuzhiyun 			void			*internal_ctx_id);
136*4882a593Smuzhiyun };
137*4882a593Smuzhiyun 
138*4882a593Smuzhiyun int gss_mech_register(struct gss_api_mech *);
139*4882a593Smuzhiyun void gss_mech_unregister(struct gss_api_mech *);
140*4882a593Smuzhiyun 
141*4882a593Smuzhiyun /* returns a mechanism descriptor given an OID, and increments the mechanism's
142*4882a593Smuzhiyun  * reference count. */
143*4882a593Smuzhiyun struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *);
144*4882a593Smuzhiyun 
145*4882a593Smuzhiyun /* Given a GSS security tuple, look up a pseudoflavor */
146*4882a593Smuzhiyun rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
147*4882a593Smuzhiyun 
148*4882a593Smuzhiyun /* Given a pseudoflavor, look up a GSS security tuple */
149*4882a593Smuzhiyun int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
150*4882a593Smuzhiyun 
151*4882a593Smuzhiyun /* Returns a reference to a mechanism, given a name like "krb5" etc. */
152*4882a593Smuzhiyun struct gss_api_mech *gss_mech_get_by_name(const char *);
153*4882a593Smuzhiyun 
154*4882a593Smuzhiyun /* Similar, but get by pseudoflavor. */
155*4882a593Smuzhiyun struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
156*4882a593Smuzhiyun 
157*4882a593Smuzhiyun struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
158*4882a593Smuzhiyun 
159*4882a593Smuzhiyun /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
160*4882a593Smuzhiyun  * corresponding call to gss_mech_put. */
161*4882a593Smuzhiyun void gss_mech_put(struct gss_api_mech *);
162*4882a593Smuzhiyun 
163*4882a593Smuzhiyun #endif /* _LINUX_SUNRPC_GSS_API_H */
164*4882a593Smuzhiyun 
165