| Simo Sorce | 1d65833 | 2012-05-25 18:09:55 -0400 | [diff] [blame] | 1 | /* |
| 2 | * GSS Proxy upcall module |
| 3 | * |
| 4 | * Copyright (C) 2012 Simo Sorce <simo@redhat.com> |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU General Public License as published by |
| 8 | * the Free Software Foundation; either version 2 of the License, or |
| 9 | * (at your option) any later version. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | * GNU General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU General Public License |
| 17 | * along with this program; if not, write to the Free Software |
| 18 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 19 | */ |
| 20 | |
| 21 | #ifndef _LINUX_GSS_RPC_XDR_H |
| 22 | #define _LINUX_GSS_RPC_XDR_H |
| 23 | |
| 24 | #include <linux/sunrpc/xdr.h> |
| 25 | #include <linux/sunrpc/clnt.h> |
| 26 | #include <linux/sunrpc/xprtsock.h> |
| 27 | |
| 28 | #ifdef RPC_DEBUG |
| 29 | # define RPCDBG_FACILITY RPCDBG_AUTH |
| 30 | #endif |
| 31 | |
| 32 | #define LUCID_OPTION "exported_context_type" |
| 33 | #define LUCID_VALUE "linux_lucid_v1" |
| 34 | #define CREDS_OPTION "exported_creds_type" |
| 35 | #define CREDS_VALUE "linux_creds_v1" |
| 36 | |
| 37 | typedef struct xdr_netobj gssx_buffer; |
| 38 | typedef struct xdr_netobj utf8string; |
| 39 | typedef struct xdr_netobj gssx_OID; |
| 40 | |
| 41 | enum gssx_cred_usage { |
| 42 | GSSX_C_INITIATE = 1, |
| 43 | GSSX_C_ACCEPT = 2, |
| 44 | GSSX_C_BOTH = 3, |
| 45 | }; |
| 46 | |
| 47 | struct gssx_option { |
| 48 | gssx_buffer option; |
| 49 | gssx_buffer value; |
| 50 | }; |
| 51 | |
| 52 | struct gssx_option_array { |
| 53 | u32 count; |
| 54 | struct gssx_option *data; |
| 55 | }; |
| 56 | |
| 57 | struct gssx_status { |
| 58 | u64 major_status; |
| 59 | gssx_OID mech; |
| 60 | u64 minor_status; |
| 61 | utf8string major_status_string; |
| 62 | utf8string minor_status_string; |
| 63 | gssx_buffer server_ctx; |
| 64 | struct gssx_option_array options; |
| 65 | }; |
| 66 | |
| 67 | struct gssx_call_ctx { |
| 68 | utf8string locale; |
| 69 | gssx_buffer server_ctx; |
| 70 | struct gssx_option_array options; |
| 71 | }; |
| 72 | |
| 73 | struct gssx_name_attr { |
| 74 | gssx_buffer attr; |
| 75 | gssx_buffer value; |
| 76 | struct gssx_option_array extensions; |
| 77 | }; |
| 78 | |
| 79 | struct gssx_name_attr_array { |
| 80 | u32 count; |
| 81 | struct gssx_name_attr *data; |
| 82 | }; |
| 83 | |
| 84 | struct gssx_name { |
| 85 | gssx_buffer display_name; |
| 86 | }; |
| 87 | typedef struct gssx_name gssx_name; |
| 88 | |
| 89 | struct gssx_cred_element { |
| 90 | gssx_name MN; |
| 91 | gssx_OID mech; |
| 92 | u32 cred_usage; |
| 93 | u64 initiator_time_rec; |
| 94 | u64 acceptor_time_rec; |
| 95 | struct gssx_option_array options; |
| 96 | }; |
| 97 | |
| 98 | struct gssx_cred_element_array { |
| 99 | u32 count; |
| 100 | struct gssx_cred_element *data; |
| 101 | }; |
| 102 | |
| 103 | struct gssx_cred { |
| 104 | gssx_name desired_name; |
| 105 | struct gssx_cred_element_array elements; |
| 106 | gssx_buffer cred_handle_reference; |
| 107 | u32 needs_release; |
| 108 | }; |
| 109 | |
| 110 | struct gssx_ctx { |
| 111 | gssx_buffer exported_context_token; |
| 112 | gssx_buffer state; |
| 113 | u32 need_release; |
| 114 | gssx_OID mech; |
| 115 | gssx_name src_name; |
| 116 | gssx_name targ_name; |
| 117 | u64 lifetime; |
| 118 | u64 ctx_flags; |
| 119 | u32 locally_initiated; |
| 120 | u32 open; |
| 121 | struct gssx_option_array options; |
| 122 | }; |
| 123 | |
| 124 | struct gssx_cb { |
| 125 | u64 initiator_addrtype; |
| 126 | gssx_buffer initiator_address; |
| 127 | u64 acceptor_addrtype; |
| 128 | gssx_buffer acceptor_address; |
| 129 | gssx_buffer application_data; |
| 130 | }; |
| 131 | |
| 132 | |
| 133 | /* This structure is not defined in the protocol. |
| 134 | * It is used in the kernel to carry around a big buffer |
| 135 | * as a set of pages */ |
| 136 | struct gssp_in_token { |
| 137 | struct page **pages; /* Array of contiguous pages */ |
| 138 | unsigned int page_base; /* Start of page data */ |
| 139 | unsigned int page_len; /* Length of page data */ |
| 140 | }; |
| 141 | |
| 142 | struct gssx_arg_accept_sec_context { |
| 143 | struct gssx_call_ctx call_ctx; |
| 144 | struct gssx_ctx *context_handle; |
| 145 | struct gssx_cred *cred_handle; |
| 146 | struct gssp_in_token input_token; |
| 147 | struct gssx_cb *input_cb; |
| 148 | u32 ret_deleg_cred; |
| 149 | struct gssx_option_array options; |
| J. Bruce Fields | 9dfd87d | 2013-08-20 18:13:27 -0400 | [diff] [blame] | 150 | struct page **pages; |
| 151 | unsigned int npages; |
| Simo Sorce | 1d65833 | 2012-05-25 18:09:55 -0400 | [diff] [blame] | 152 | }; |
| 153 | |
| 154 | struct gssx_res_accept_sec_context { |
| 155 | struct gssx_status status; |
| 156 | struct gssx_ctx *context_handle; |
| 157 | gssx_buffer *output_token; |
| 158 | /* struct gssx_cred *delegated_cred_handle; not used in kernel */ |
| 159 | struct gssx_option_array options; |
| 160 | }; |
| 161 | |
| 162 | |
| 163 | |
| 164 | #define gssx_enc_indicate_mechs NULL |
| 165 | #define gssx_dec_indicate_mechs NULL |
| 166 | #define gssx_enc_get_call_context NULL |
| 167 | #define gssx_dec_get_call_context NULL |
| 168 | #define gssx_enc_import_and_canon_name NULL |
| 169 | #define gssx_dec_import_and_canon_name NULL |
| 170 | #define gssx_enc_export_cred NULL |
| 171 | #define gssx_dec_export_cred NULL |
| 172 | #define gssx_enc_import_cred NULL |
| 173 | #define gssx_dec_import_cred NULL |
| 174 | #define gssx_enc_acquire_cred NULL |
| 175 | #define gssx_dec_acquire_cred NULL |
| 176 | #define gssx_enc_store_cred NULL |
| 177 | #define gssx_dec_store_cred NULL |
| 178 | #define gssx_enc_init_sec_context NULL |
| 179 | #define gssx_dec_init_sec_context NULL |
| 180 | void gssx_enc_accept_sec_context(struct rpc_rqst *req, |
| 181 | struct xdr_stream *xdr, |
| 182 | struct gssx_arg_accept_sec_context *args); |
| 183 | int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, |
| 184 | struct xdr_stream *xdr, |
| 185 | struct gssx_res_accept_sec_context *res); |
| 186 | #define gssx_enc_release_handle NULL |
| 187 | #define gssx_dec_release_handle NULL |
| 188 | #define gssx_enc_get_mic NULL |
| 189 | #define gssx_dec_get_mic NULL |
| 190 | #define gssx_enc_verify NULL |
| 191 | #define gssx_dec_verify NULL |
| 192 | #define gssx_enc_wrap NULL |
| 193 | #define gssx_dec_wrap NULL |
| 194 | #define gssx_enc_unwrap NULL |
| 195 | #define gssx_dec_unwrap NULL |
| 196 | #define gssx_enc_wrap_size_limit NULL |
| 197 | #define gssx_dec_wrap_size_limit NULL |
| 198 | |
| 199 | /* non implemented calls are set to 0 size */ |
| 200 | #define GSSX_ARG_indicate_mechs_sz 0 |
| 201 | #define GSSX_RES_indicate_mechs_sz 0 |
| 202 | #define GSSX_ARG_get_call_context_sz 0 |
| 203 | #define GSSX_RES_get_call_context_sz 0 |
| 204 | #define GSSX_ARG_import_and_canon_name_sz 0 |
| 205 | #define GSSX_RES_import_and_canon_name_sz 0 |
| 206 | #define GSSX_ARG_export_cred_sz 0 |
| 207 | #define GSSX_RES_export_cred_sz 0 |
| 208 | #define GSSX_ARG_import_cred_sz 0 |
| 209 | #define GSSX_RES_import_cred_sz 0 |
| 210 | #define GSSX_ARG_acquire_cred_sz 0 |
| 211 | #define GSSX_RES_acquire_cred_sz 0 |
| 212 | #define GSSX_ARG_store_cred_sz 0 |
| 213 | #define GSSX_RES_store_cred_sz 0 |
| 214 | #define GSSX_ARG_init_sec_context_sz 0 |
| 215 | #define GSSX_RES_init_sec_context_sz 0 |
| 216 | |
| 217 | #define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \ |
| 218 | 8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \ |
| 219 | 8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE)) |
| 220 | #define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \ |
| 221 | 4 + 4 + 4) |
| 222 | #define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */ |
| 223 | #define GSSX_default_in_token_sz 4 /* does *not* include token data */ |
| 224 | #define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */ |
| 225 | #define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \ |
| 226 | GSSX_default_in_ctx_hndl_sz + \ |
| 227 | GSSX_default_in_cred_sz + \ |
| 228 | GSSX_default_in_token_sz + \ |
| 229 | GSSX_default_in_cb_sz + \ |
| 230 | 4 /* no deleg creds boolean */ + \ |
| 231 | 4) /* empty options */ |
| 232 | |
| 233 | /* somewhat arbitrary numbers but large enough (we ignore some of the data |
| 234 | * sent down, but it is part of the protocol so we need enough space to take |
| 235 | * it in) */ |
| 236 | #define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4 |
| 237 | #define GSSX_max_output_handle_sz 128 |
| 238 | #define GSSX_max_oid_sz 16 |
| 239 | #define GSSX_max_princ_sz 256 |
| 240 | #define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \ |
| 241 | 16 + 4 + GSSX_max_oid_sz + \ |
| 242 | 2 * GSSX_max_princ_sz + \ |
| 243 | 8 + 8 + 4 + 4 + 4) |
| 244 | #define GSSX_max_output_token_sz 1024 |
| J. Bruce Fields | 9dfd87d | 2013-08-20 18:13:27 -0400 | [diff] [blame] | 245 | /* grouplist not included; we allocate separate pages for that: */ |
| 246 | #define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */) |
| Simo Sorce | 1d65833 | 2012-05-25 18:09:55 -0400 | [diff] [blame] | 247 | #define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \ |
| 248 | GSSX_default_ctx_sz + \ |
| 249 | GSSX_max_output_token_sz + \ |
| 250 | 4 + GSSX_max_creds_sz) |
| 251 | |
| 252 | #define GSSX_ARG_release_handle_sz 0 |
| 253 | #define GSSX_RES_release_handle_sz 0 |
| 254 | #define GSSX_ARG_get_mic_sz 0 |
| 255 | #define GSSX_RES_get_mic_sz 0 |
| 256 | #define GSSX_ARG_verify_sz 0 |
| 257 | #define GSSX_RES_verify_sz 0 |
| 258 | #define GSSX_ARG_wrap_sz 0 |
| 259 | #define GSSX_RES_wrap_sz 0 |
| 260 | #define GSSX_ARG_unwrap_sz 0 |
| 261 | #define GSSX_RES_unwrap_sz 0 |
| 262 | #define GSSX_ARG_wrap_size_limit_sz 0 |
| 263 | #define GSSX_RES_wrap_size_limit_sz 0 |
| 264 | |
| 265 | |
| 266 | |
| 267 | #endif /* _LINUX_GSS_RPC_XDR_H */ |