1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0+ */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * GSS Proxy upcall module 4*4882a593Smuzhiyun * 5*4882a593Smuzhiyun * Copyright (C) 2012 Simo Sorce <simo@redhat.com> 6*4882a593Smuzhiyun */ 7*4882a593Smuzhiyun 8*4882a593Smuzhiyun #ifndef _LINUX_GSS_RPC_XDR_H 9*4882a593Smuzhiyun #define _LINUX_GSS_RPC_XDR_H 10*4882a593Smuzhiyun 11*4882a593Smuzhiyun #include <linux/sunrpc/xdr.h> 12*4882a593Smuzhiyun #include <linux/sunrpc/clnt.h> 13*4882a593Smuzhiyun #include <linux/sunrpc/xprtsock.h> 14*4882a593Smuzhiyun 15*4882a593Smuzhiyun #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) 16*4882a593Smuzhiyun # define RPCDBG_FACILITY RPCDBG_AUTH 17*4882a593Smuzhiyun #endif 18*4882a593Smuzhiyun 19*4882a593Smuzhiyun #define LUCID_OPTION "exported_context_type" 20*4882a593Smuzhiyun #define LUCID_VALUE "linux_lucid_v1" 21*4882a593Smuzhiyun #define CREDS_OPTION "exported_creds_type" 22*4882a593Smuzhiyun #define CREDS_VALUE "linux_creds_v1" 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun typedef struct xdr_netobj gssx_buffer; 25*4882a593Smuzhiyun typedef struct xdr_netobj utf8string; 26*4882a593Smuzhiyun typedef struct xdr_netobj gssx_OID; 27*4882a593Smuzhiyun 28*4882a593Smuzhiyun enum gssx_cred_usage { 29*4882a593Smuzhiyun GSSX_C_INITIATE = 1, 30*4882a593Smuzhiyun GSSX_C_ACCEPT = 2, 31*4882a593Smuzhiyun GSSX_C_BOTH = 3, 32*4882a593Smuzhiyun }; 33*4882a593Smuzhiyun 34*4882a593Smuzhiyun struct gssx_option { 35*4882a593Smuzhiyun gssx_buffer option; 36*4882a593Smuzhiyun gssx_buffer value; 37*4882a593Smuzhiyun }; 38*4882a593Smuzhiyun 39*4882a593Smuzhiyun struct gssx_option_array { 40*4882a593Smuzhiyun u32 count; 41*4882a593Smuzhiyun struct gssx_option *data; 42*4882a593Smuzhiyun }; 43*4882a593Smuzhiyun 44*4882a593Smuzhiyun struct gssx_status { 45*4882a593Smuzhiyun u64 major_status; 46*4882a593Smuzhiyun gssx_OID mech; 47*4882a593Smuzhiyun u64 minor_status; 48*4882a593Smuzhiyun utf8string major_status_string; 49*4882a593Smuzhiyun utf8string minor_status_string; 50*4882a593Smuzhiyun gssx_buffer server_ctx; 51*4882a593Smuzhiyun struct gssx_option_array options; 52*4882a593Smuzhiyun }; 53*4882a593Smuzhiyun 54*4882a593Smuzhiyun struct gssx_call_ctx { 55*4882a593Smuzhiyun utf8string locale; 56*4882a593Smuzhiyun gssx_buffer server_ctx; 57*4882a593Smuzhiyun struct gssx_option_array options; 58*4882a593Smuzhiyun }; 59*4882a593Smuzhiyun 60*4882a593Smuzhiyun struct gssx_name_attr { 61*4882a593Smuzhiyun gssx_buffer attr; 62*4882a593Smuzhiyun gssx_buffer value; 63*4882a593Smuzhiyun struct gssx_option_array extensions; 64*4882a593Smuzhiyun }; 65*4882a593Smuzhiyun 66*4882a593Smuzhiyun struct gssx_name_attr_array { 67*4882a593Smuzhiyun u32 count; 68*4882a593Smuzhiyun struct gssx_name_attr *data; 69*4882a593Smuzhiyun }; 70*4882a593Smuzhiyun 71*4882a593Smuzhiyun struct gssx_name { 72*4882a593Smuzhiyun gssx_buffer display_name; 73*4882a593Smuzhiyun }; 74*4882a593Smuzhiyun typedef struct gssx_name gssx_name; 75*4882a593Smuzhiyun 76*4882a593Smuzhiyun struct gssx_cred_element { 77*4882a593Smuzhiyun gssx_name MN; 78*4882a593Smuzhiyun gssx_OID mech; 79*4882a593Smuzhiyun u32 cred_usage; 80*4882a593Smuzhiyun u64 initiator_time_rec; 81*4882a593Smuzhiyun u64 acceptor_time_rec; 82*4882a593Smuzhiyun struct gssx_option_array options; 83*4882a593Smuzhiyun }; 84*4882a593Smuzhiyun 85*4882a593Smuzhiyun struct gssx_cred_element_array { 86*4882a593Smuzhiyun u32 count; 87*4882a593Smuzhiyun struct gssx_cred_element *data; 88*4882a593Smuzhiyun }; 89*4882a593Smuzhiyun 90*4882a593Smuzhiyun struct gssx_cred { 91*4882a593Smuzhiyun gssx_name desired_name; 92*4882a593Smuzhiyun struct gssx_cred_element_array elements; 93*4882a593Smuzhiyun gssx_buffer cred_handle_reference; 94*4882a593Smuzhiyun u32 needs_release; 95*4882a593Smuzhiyun }; 96*4882a593Smuzhiyun 97*4882a593Smuzhiyun struct gssx_ctx { 98*4882a593Smuzhiyun gssx_buffer exported_context_token; 99*4882a593Smuzhiyun gssx_buffer state; 100*4882a593Smuzhiyun u32 need_release; 101*4882a593Smuzhiyun gssx_OID mech; 102*4882a593Smuzhiyun gssx_name src_name; 103*4882a593Smuzhiyun gssx_name targ_name; 104*4882a593Smuzhiyun u64 lifetime; 105*4882a593Smuzhiyun u64 ctx_flags; 106*4882a593Smuzhiyun u32 locally_initiated; 107*4882a593Smuzhiyun u32 open; 108*4882a593Smuzhiyun struct gssx_option_array options; 109*4882a593Smuzhiyun }; 110*4882a593Smuzhiyun 111*4882a593Smuzhiyun struct gssx_cb { 112*4882a593Smuzhiyun u64 initiator_addrtype; 113*4882a593Smuzhiyun gssx_buffer initiator_address; 114*4882a593Smuzhiyun u64 acceptor_addrtype; 115*4882a593Smuzhiyun gssx_buffer acceptor_address; 116*4882a593Smuzhiyun gssx_buffer application_data; 117*4882a593Smuzhiyun }; 118*4882a593Smuzhiyun 119*4882a593Smuzhiyun 120*4882a593Smuzhiyun /* This structure is not defined in the protocol. 121*4882a593Smuzhiyun * It is used in the kernel to carry around a big buffer 122*4882a593Smuzhiyun * as a set of pages */ 123*4882a593Smuzhiyun struct gssp_in_token { 124*4882a593Smuzhiyun struct page **pages; /* Array of contiguous pages */ 125*4882a593Smuzhiyun unsigned int page_base; /* Start of page data */ 126*4882a593Smuzhiyun unsigned int page_len; /* Length of page data */ 127*4882a593Smuzhiyun }; 128*4882a593Smuzhiyun 129*4882a593Smuzhiyun struct gssx_arg_accept_sec_context { 130*4882a593Smuzhiyun struct gssx_call_ctx call_ctx; 131*4882a593Smuzhiyun struct gssx_ctx *context_handle; 132*4882a593Smuzhiyun struct gssx_cred *cred_handle; 133*4882a593Smuzhiyun struct gssp_in_token input_token; 134*4882a593Smuzhiyun struct gssx_cb *input_cb; 135*4882a593Smuzhiyun u32 ret_deleg_cred; 136*4882a593Smuzhiyun struct gssx_option_array options; 137*4882a593Smuzhiyun struct page **pages; 138*4882a593Smuzhiyun unsigned int npages; 139*4882a593Smuzhiyun }; 140*4882a593Smuzhiyun 141*4882a593Smuzhiyun struct gssx_res_accept_sec_context { 142*4882a593Smuzhiyun struct gssx_status status; 143*4882a593Smuzhiyun struct gssx_ctx *context_handle; 144*4882a593Smuzhiyun gssx_buffer *output_token; 145*4882a593Smuzhiyun /* struct gssx_cred *delegated_cred_handle; not used in kernel */ 146*4882a593Smuzhiyun struct gssx_option_array options; 147*4882a593Smuzhiyun }; 148*4882a593Smuzhiyun 149*4882a593Smuzhiyun 150*4882a593Smuzhiyun 151*4882a593Smuzhiyun #define gssx_enc_indicate_mechs NULL 152*4882a593Smuzhiyun #define gssx_dec_indicate_mechs NULL 153*4882a593Smuzhiyun #define gssx_enc_get_call_context NULL 154*4882a593Smuzhiyun #define gssx_dec_get_call_context NULL 155*4882a593Smuzhiyun #define gssx_enc_import_and_canon_name NULL 156*4882a593Smuzhiyun #define gssx_dec_import_and_canon_name NULL 157*4882a593Smuzhiyun #define gssx_enc_export_cred NULL 158*4882a593Smuzhiyun #define gssx_dec_export_cred NULL 159*4882a593Smuzhiyun #define gssx_enc_import_cred NULL 160*4882a593Smuzhiyun #define gssx_dec_import_cred NULL 161*4882a593Smuzhiyun #define gssx_enc_acquire_cred NULL 162*4882a593Smuzhiyun #define gssx_dec_acquire_cred NULL 163*4882a593Smuzhiyun #define gssx_enc_store_cred NULL 164*4882a593Smuzhiyun #define gssx_dec_store_cred NULL 165*4882a593Smuzhiyun #define gssx_enc_init_sec_context NULL 166*4882a593Smuzhiyun #define gssx_dec_init_sec_context NULL 167*4882a593Smuzhiyun void gssx_enc_accept_sec_context(struct rpc_rqst *req, 168*4882a593Smuzhiyun struct xdr_stream *xdr, 169*4882a593Smuzhiyun const void *data); 170*4882a593Smuzhiyun int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, 171*4882a593Smuzhiyun struct xdr_stream *xdr, 172*4882a593Smuzhiyun void *data); 173*4882a593Smuzhiyun #define gssx_enc_release_handle NULL 174*4882a593Smuzhiyun #define gssx_dec_release_handle NULL 175*4882a593Smuzhiyun #define gssx_enc_get_mic NULL 176*4882a593Smuzhiyun #define gssx_dec_get_mic NULL 177*4882a593Smuzhiyun #define gssx_enc_verify NULL 178*4882a593Smuzhiyun #define gssx_dec_verify NULL 179*4882a593Smuzhiyun #define gssx_enc_wrap NULL 180*4882a593Smuzhiyun #define gssx_dec_wrap NULL 181*4882a593Smuzhiyun #define gssx_enc_unwrap NULL 182*4882a593Smuzhiyun #define gssx_dec_unwrap NULL 183*4882a593Smuzhiyun #define gssx_enc_wrap_size_limit NULL 184*4882a593Smuzhiyun #define gssx_dec_wrap_size_limit NULL 185*4882a593Smuzhiyun 186*4882a593Smuzhiyun /* non implemented calls are set to 0 size */ 187*4882a593Smuzhiyun #define GSSX_ARG_indicate_mechs_sz 0 188*4882a593Smuzhiyun #define GSSX_RES_indicate_mechs_sz 0 189*4882a593Smuzhiyun #define GSSX_ARG_get_call_context_sz 0 190*4882a593Smuzhiyun #define GSSX_RES_get_call_context_sz 0 191*4882a593Smuzhiyun #define GSSX_ARG_import_and_canon_name_sz 0 192*4882a593Smuzhiyun #define GSSX_RES_import_and_canon_name_sz 0 193*4882a593Smuzhiyun #define GSSX_ARG_export_cred_sz 0 194*4882a593Smuzhiyun #define GSSX_RES_export_cred_sz 0 195*4882a593Smuzhiyun #define GSSX_ARG_import_cred_sz 0 196*4882a593Smuzhiyun #define GSSX_RES_import_cred_sz 0 197*4882a593Smuzhiyun #define GSSX_ARG_acquire_cred_sz 0 198*4882a593Smuzhiyun #define GSSX_RES_acquire_cred_sz 0 199*4882a593Smuzhiyun #define GSSX_ARG_store_cred_sz 0 200*4882a593Smuzhiyun #define GSSX_RES_store_cred_sz 0 201*4882a593Smuzhiyun #define GSSX_ARG_init_sec_context_sz 0 202*4882a593Smuzhiyun #define GSSX_RES_init_sec_context_sz 0 203*4882a593Smuzhiyun 204*4882a593Smuzhiyun #define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \ 205*4882a593Smuzhiyun 8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \ 206*4882a593Smuzhiyun 8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE)) 207*4882a593Smuzhiyun #define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \ 208*4882a593Smuzhiyun 4 + 4 + 4) 209*4882a593Smuzhiyun #define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */ 210*4882a593Smuzhiyun #define GSSX_default_in_token_sz 4 /* does *not* include token data */ 211*4882a593Smuzhiyun #define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */ 212*4882a593Smuzhiyun #define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \ 213*4882a593Smuzhiyun GSSX_default_in_ctx_hndl_sz + \ 214*4882a593Smuzhiyun GSSX_default_in_cred_sz + \ 215*4882a593Smuzhiyun GSSX_default_in_token_sz + \ 216*4882a593Smuzhiyun GSSX_default_in_cb_sz + \ 217*4882a593Smuzhiyun 4 /* no deleg creds boolean */ + \ 218*4882a593Smuzhiyun 4) /* empty options */ 219*4882a593Smuzhiyun 220*4882a593Smuzhiyun /* somewhat arbitrary numbers but large enough (we ignore some of the data 221*4882a593Smuzhiyun * sent down, but it is part of the protocol so we need enough space to take 222*4882a593Smuzhiyun * it in) */ 223*4882a593Smuzhiyun #define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4 224*4882a593Smuzhiyun #define GSSX_max_output_handle_sz 128 225*4882a593Smuzhiyun #define GSSX_max_oid_sz 16 226*4882a593Smuzhiyun #define GSSX_max_princ_sz 256 227*4882a593Smuzhiyun #define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \ 228*4882a593Smuzhiyun 16 + 4 + GSSX_max_oid_sz + \ 229*4882a593Smuzhiyun 2 * GSSX_max_princ_sz + \ 230*4882a593Smuzhiyun 8 + 8 + 4 + 4 + 4) 231*4882a593Smuzhiyun #define GSSX_max_output_token_sz 1024 232*4882a593Smuzhiyun /* grouplist not included; we allocate separate pages for that: */ 233*4882a593Smuzhiyun #define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */) 234*4882a593Smuzhiyun #define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \ 235*4882a593Smuzhiyun GSSX_default_ctx_sz + \ 236*4882a593Smuzhiyun GSSX_max_output_token_sz + \ 237*4882a593Smuzhiyun 4 + GSSX_max_creds_sz) 238*4882a593Smuzhiyun 239*4882a593Smuzhiyun #define GSSX_ARG_release_handle_sz 0 240*4882a593Smuzhiyun #define GSSX_RES_release_handle_sz 0 241*4882a593Smuzhiyun #define GSSX_ARG_get_mic_sz 0 242*4882a593Smuzhiyun #define GSSX_RES_get_mic_sz 0 243*4882a593Smuzhiyun #define GSSX_ARG_verify_sz 0 244*4882a593Smuzhiyun #define GSSX_RES_verify_sz 0 245*4882a593Smuzhiyun #define GSSX_ARG_wrap_sz 0 246*4882a593Smuzhiyun #define GSSX_RES_wrap_sz 0 247*4882a593Smuzhiyun #define GSSX_ARG_unwrap_sz 0 248*4882a593Smuzhiyun #define GSSX_RES_unwrap_sz 0 249*4882a593Smuzhiyun #define GSSX_ARG_wrap_size_limit_sz 0 250*4882a593Smuzhiyun #define GSSX_RES_wrap_size_limit_sz 0 251*4882a593Smuzhiyun 252*4882a593Smuzhiyun #endif /* _LINUX_GSS_RPC_XDR_H */ 253