Loading...
1/* SPDX-License-Identifier: GPL-2.0+ */
2/*
3 * GSS Proxy upcall module
4 *
5 * Copyright (C) 2012 Simo Sorce <simo@redhat.com>
6 */
7
8#ifndef _LINUX_GSS_RPC_XDR_H
9#define _LINUX_GSS_RPC_XDR_H
10
11#include <linux/sunrpc/xdr.h>
12#include <linux/sunrpc/clnt.h>
13#include <linux/sunrpc/xprtsock.h>
14
15#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
16# define RPCDBG_FACILITY RPCDBG_AUTH
17#endif
18
19#define LUCID_OPTION "exported_context_type"
20#define LUCID_VALUE "linux_lucid_v1"
21#define CREDS_OPTION "exported_creds_type"
22#define CREDS_VALUE "linux_creds_v1"
23
24typedef struct xdr_netobj gssx_buffer;
25typedef struct xdr_netobj utf8string;
26typedef struct xdr_netobj gssx_OID;
27
28enum gssx_cred_usage {
29 GSSX_C_INITIATE = 1,
30 GSSX_C_ACCEPT = 2,
31 GSSX_C_BOTH = 3,
32};
33
34struct gssx_option {
35 gssx_buffer option;
36 gssx_buffer value;
37};
38
39struct gssx_option_array {
40 u32 count;
41 struct gssx_option *data;
42};
43
44struct gssx_status {
45 u64 major_status;
46 gssx_OID mech;
47 u64 minor_status;
48 utf8string major_status_string;
49 utf8string minor_status_string;
50 gssx_buffer server_ctx;
51 struct gssx_option_array options;
52};
53
54struct gssx_call_ctx {
55 utf8string locale;
56 gssx_buffer server_ctx;
57 struct gssx_option_array options;
58};
59
60struct gssx_name_attr {
61 gssx_buffer attr;
62 gssx_buffer value;
63 struct gssx_option_array extensions;
64};
65
66struct gssx_name_attr_array {
67 u32 count;
68 struct gssx_name_attr *data;
69};
70
71struct gssx_name {
72 gssx_buffer display_name;
73};
74typedef struct gssx_name gssx_name;
75
76struct gssx_cred_element {
77 gssx_name MN;
78 gssx_OID mech;
79 u32 cred_usage;
80 u64 initiator_time_rec;
81 u64 acceptor_time_rec;
82 struct gssx_option_array options;
83};
84
85struct gssx_cred_element_array {
86 u32 count;
87 struct gssx_cred_element *data;
88};
89
90struct gssx_cred {
91 gssx_name desired_name;
92 struct gssx_cred_element_array elements;
93 gssx_buffer cred_handle_reference;
94 u32 needs_release;
95};
96
97struct gssx_ctx {
98 gssx_buffer exported_context_token;
99 gssx_buffer state;
100 u32 need_release;
101 gssx_OID mech;
102 gssx_name src_name;
103 gssx_name targ_name;
104 u64 lifetime;
105 u64 ctx_flags;
106 u32 locally_initiated;
107 u32 open;
108 struct gssx_option_array options;
109};
110
111struct gssx_cb {
112 u64 initiator_addrtype;
113 gssx_buffer initiator_address;
114 u64 acceptor_addrtype;
115 gssx_buffer acceptor_address;
116 gssx_buffer application_data;
117};
118
119
120/* This structure is not defined in the protocol.
121 * It is used in the kernel to carry around a big buffer
122 * as a set of pages */
123struct gssp_in_token {
124 struct page **pages; /* Array of contiguous pages */
125 unsigned int page_base; /* Start of page data */
126 unsigned int page_len; /* Length of page data */
127};
128
129struct gssx_arg_accept_sec_context {
130 struct gssx_call_ctx call_ctx;
131 struct gssx_ctx *context_handle;
132 struct gssx_cred *cred_handle;
133 struct gssp_in_token input_token;
134 struct gssx_cb *input_cb;
135 u32 ret_deleg_cred;
136 struct gssx_option_array options;
137 struct page **pages;
138 unsigned int npages;
139};
140
141struct gssx_res_accept_sec_context {
142 struct gssx_status status;
143 struct gssx_ctx *context_handle;
144 gssx_buffer *output_token;
145 /* struct gssx_cred *delegated_cred_handle; not used in kernel */
146 struct gssx_option_array options;
147};
148
149
150
151#define gssx_enc_indicate_mechs NULL
152#define gssx_dec_indicate_mechs NULL
153#define gssx_enc_get_call_context NULL
154#define gssx_dec_get_call_context NULL
155#define gssx_enc_import_and_canon_name NULL
156#define gssx_dec_import_and_canon_name NULL
157#define gssx_enc_export_cred NULL
158#define gssx_dec_export_cred NULL
159#define gssx_enc_import_cred NULL
160#define gssx_dec_import_cred NULL
161#define gssx_enc_acquire_cred NULL
162#define gssx_dec_acquire_cred NULL
163#define gssx_enc_store_cred NULL
164#define gssx_dec_store_cred NULL
165#define gssx_enc_init_sec_context NULL
166#define gssx_dec_init_sec_context NULL
167void gssx_enc_accept_sec_context(struct rpc_rqst *req,
168 struct xdr_stream *xdr,
169 const void *data);
170int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
171 struct xdr_stream *xdr,
172 void *data);
173#define gssx_enc_release_handle NULL
174#define gssx_dec_release_handle NULL
175#define gssx_enc_get_mic NULL
176#define gssx_dec_get_mic NULL
177#define gssx_enc_verify NULL
178#define gssx_dec_verify NULL
179#define gssx_enc_wrap NULL
180#define gssx_dec_wrap NULL
181#define gssx_enc_unwrap NULL
182#define gssx_dec_unwrap NULL
183#define gssx_enc_wrap_size_limit NULL
184#define gssx_dec_wrap_size_limit NULL
185
186/* non implemented calls are set to 0 size */
187#define GSSX_ARG_indicate_mechs_sz 0
188#define GSSX_RES_indicate_mechs_sz 0
189#define GSSX_ARG_get_call_context_sz 0
190#define GSSX_RES_get_call_context_sz 0
191#define GSSX_ARG_import_and_canon_name_sz 0
192#define GSSX_RES_import_and_canon_name_sz 0
193#define GSSX_ARG_export_cred_sz 0
194#define GSSX_RES_export_cred_sz 0
195#define GSSX_ARG_import_cred_sz 0
196#define GSSX_RES_import_cred_sz 0
197#define GSSX_ARG_acquire_cred_sz 0
198#define GSSX_RES_acquire_cred_sz 0
199#define GSSX_ARG_store_cred_sz 0
200#define GSSX_RES_store_cred_sz 0
201#define GSSX_ARG_init_sec_context_sz 0
202#define GSSX_RES_init_sec_context_sz 0
203
204#define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \
205 8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \
206 8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE))
207#define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \
208 4 + 4 + 4)
209#define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */
210#define GSSX_default_in_token_sz 4 /* does *not* include token data */
211#define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */
212#define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \
213 GSSX_default_in_ctx_hndl_sz + \
214 GSSX_default_in_cred_sz + \
215 GSSX_default_in_token_sz + \
216 GSSX_default_in_cb_sz + \
217 4 /* no deleg creds boolean */ + \
218 4) /* empty options */
219
220/* somewhat arbitrary numbers but large enough (we ignore some of the data
221 * sent down, but it is part of the protocol so we need enough space to take
222 * it in) */
223#define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4
224#define GSSX_max_output_handle_sz 128
225#define GSSX_max_oid_sz 16
226#define GSSX_max_princ_sz 256
227#define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \
228 16 + 4 + GSSX_max_oid_sz + \
229 2 * GSSX_max_princ_sz + \
230 8 + 8 + 4 + 4 + 4)
231#define GSSX_max_output_token_sz 1024
232/* grouplist not included; we allocate separate pages for that: */
233#define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */)
234#define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \
235 GSSX_default_ctx_sz + \
236 GSSX_max_output_token_sz + \
237 4 + GSSX_max_creds_sz)
238
239#define GSSX_ARG_release_handle_sz 0
240#define GSSX_RES_release_handle_sz 0
241#define GSSX_ARG_get_mic_sz 0
242#define GSSX_RES_get_mic_sz 0
243#define GSSX_ARG_verify_sz 0
244#define GSSX_RES_verify_sz 0
245#define GSSX_ARG_wrap_sz 0
246#define GSSX_RES_wrap_sz 0
247#define GSSX_ARG_unwrap_sz 0
248#define GSSX_RES_unwrap_sz 0
249#define GSSX_ARG_wrap_size_limit_sz 0
250#define GSSX_RES_wrap_size_limit_sz 0
251
252#endif /* _LINUX_GSS_RPC_XDR_H */
1/*
2 * GSS Proxy upcall module
3 *
4 * Copyright (C) 2012 Simo Sorce <simo@redhat.com>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21#ifndef _LINUX_GSS_RPC_XDR_H
22#define _LINUX_GSS_RPC_XDR_H
23
24#include <linux/sunrpc/xdr.h>
25#include <linux/sunrpc/clnt.h>
26#include <linux/sunrpc/xprtsock.h>
27
28#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
29# define RPCDBG_FACILITY RPCDBG_AUTH
30#endif
31
32#define LUCID_OPTION "exported_context_type"
33#define LUCID_VALUE "linux_lucid_v1"
34#define CREDS_OPTION "exported_creds_type"
35#define CREDS_VALUE "linux_creds_v1"
36
37typedef struct xdr_netobj gssx_buffer;
38typedef struct xdr_netobj utf8string;
39typedef struct xdr_netobj gssx_OID;
40
41enum gssx_cred_usage {
42 GSSX_C_INITIATE = 1,
43 GSSX_C_ACCEPT = 2,
44 GSSX_C_BOTH = 3,
45};
46
47struct gssx_option {
48 gssx_buffer option;
49 gssx_buffer value;
50};
51
52struct gssx_option_array {
53 u32 count;
54 struct gssx_option *data;
55};
56
57struct gssx_status {
58 u64 major_status;
59 gssx_OID mech;
60 u64 minor_status;
61 utf8string major_status_string;
62 utf8string minor_status_string;
63 gssx_buffer server_ctx;
64 struct gssx_option_array options;
65};
66
67struct gssx_call_ctx {
68 utf8string locale;
69 gssx_buffer server_ctx;
70 struct gssx_option_array options;
71};
72
73struct gssx_name_attr {
74 gssx_buffer attr;
75 gssx_buffer value;
76 struct gssx_option_array extensions;
77};
78
79struct gssx_name_attr_array {
80 u32 count;
81 struct gssx_name_attr *data;
82};
83
84struct gssx_name {
85 gssx_buffer display_name;
86};
87typedef struct gssx_name gssx_name;
88
89struct gssx_cred_element {
90 gssx_name MN;
91 gssx_OID mech;
92 u32 cred_usage;
93 u64 initiator_time_rec;
94 u64 acceptor_time_rec;
95 struct gssx_option_array options;
96};
97
98struct gssx_cred_element_array {
99 u32 count;
100 struct gssx_cred_element *data;
101};
102
103struct gssx_cred {
104 gssx_name desired_name;
105 struct gssx_cred_element_array elements;
106 gssx_buffer cred_handle_reference;
107 u32 needs_release;
108};
109
110struct gssx_ctx {
111 gssx_buffer exported_context_token;
112 gssx_buffer state;
113 u32 need_release;
114 gssx_OID mech;
115 gssx_name src_name;
116 gssx_name targ_name;
117 u64 lifetime;
118 u64 ctx_flags;
119 u32 locally_initiated;
120 u32 open;
121 struct gssx_option_array options;
122};
123
124struct gssx_cb {
125 u64 initiator_addrtype;
126 gssx_buffer initiator_address;
127 u64 acceptor_addrtype;
128 gssx_buffer acceptor_address;
129 gssx_buffer application_data;
130};
131
132
133/* This structure is not defined in the protocol.
134 * It is used in the kernel to carry around a big buffer
135 * as a set of pages */
136struct gssp_in_token {
137 struct page **pages; /* Array of contiguous pages */
138 unsigned int page_base; /* Start of page data */
139 unsigned int page_len; /* Length of page data */
140};
141
142struct gssx_arg_accept_sec_context {
143 struct gssx_call_ctx call_ctx;
144 struct gssx_ctx *context_handle;
145 struct gssx_cred *cred_handle;
146 struct gssp_in_token input_token;
147 struct gssx_cb *input_cb;
148 u32 ret_deleg_cred;
149 struct gssx_option_array options;
150 struct page **pages;
151 unsigned int npages;
152};
153
154struct gssx_res_accept_sec_context {
155 struct gssx_status status;
156 struct gssx_ctx *context_handle;
157 gssx_buffer *output_token;
158 /* struct gssx_cred *delegated_cred_handle; not used in kernel */
159 struct gssx_option_array options;
160};
161
162
163
164#define gssx_enc_indicate_mechs NULL
165#define gssx_dec_indicate_mechs NULL
166#define gssx_enc_get_call_context NULL
167#define gssx_dec_get_call_context NULL
168#define gssx_enc_import_and_canon_name NULL
169#define gssx_dec_import_and_canon_name NULL
170#define gssx_enc_export_cred NULL
171#define gssx_dec_export_cred NULL
172#define gssx_enc_import_cred NULL
173#define gssx_dec_import_cred NULL
174#define gssx_enc_acquire_cred NULL
175#define gssx_dec_acquire_cred NULL
176#define gssx_enc_store_cred NULL
177#define gssx_dec_store_cred NULL
178#define gssx_enc_init_sec_context NULL
179#define gssx_dec_init_sec_context NULL
180void gssx_enc_accept_sec_context(struct rpc_rqst *req,
181 struct xdr_stream *xdr,
182 struct gssx_arg_accept_sec_context *args);
183int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
184 struct xdr_stream *xdr,
185 struct gssx_res_accept_sec_context *res);
186#define gssx_enc_release_handle NULL
187#define gssx_dec_release_handle NULL
188#define gssx_enc_get_mic NULL
189#define gssx_dec_get_mic NULL
190#define gssx_enc_verify NULL
191#define gssx_dec_verify NULL
192#define gssx_enc_wrap NULL
193#define gssx_dec_wrap NULL
194#define gssx_enc_unwrap NULL
195#define gssx_dec_unwrap NULL
196#define gssx_enc_wrap_size_limit NULL
197#define gssx_dec_wrap_size_limit NULL
198
199/* non implemented calls are set to 0 size */
200#define GSSX_ARG_indicate_mechs_sz 0
201#define GSSX_RES_indicate_mechs_sz 0
202#define GSSX_ARG_get_call_context_sz 0
203#define GSSX_RES_get_call_context_sz 0
204#define GSSX_ARG_import_and_canon_name_sz 0
205#define GSSX_RES_import_and_canon_name_sz 0
206#define GSSX_ARG_export_cred_sz 0
207#define GSSX_RES_export_cred_sz 0
208#define GSSX_ARG_import_cred_sz 0
209#define GSSX_RES_import_cred_sz 0
210#define GSSX_ARG_acquire_cred_sz 0
211#define GSSX_RES_acquire_cred_sz 0
212#define GSSX_ARG_store_cred_sz 0
213#define GSSX_RES_store_cred_sz 0
214#define GSSX_ARG_init_sec_context_sz 0
215#define GSSX_RES_init_sec_context_sz 0
216
217#define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \
218 8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \
219 8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE))
220#define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \
221 4 + 4 + 4)
222#define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */
223#define GSSX_default_in_token_sz 4 /* does *not* include token data */
224#define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */
225#define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \
226 GSSX_default_in_ctx_hndl_sz + \
227 GSSX_default_in_cred_sz + \
228 GSSX_default_in_token_sz + \
229 GSSX_default_in_cb_sz + \
230 4 /* no deleg creds boolean */ + \
231 4) /* empty options */
232
233/* somewhat arbitrary numbers but large enough (we ignore some of the data
234 * sent down, but it is part of the protocol so we need enough space to take
235 * it in) */
236#define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4
237#define GSSX_max_output_handle_sz 128
238#define GSSX_max_oid_sz 16
239#define GSSX_max_princ_sz 256
240#define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \
241 16 + 4 + GSSX_max_oid_sz + \
242 2 * GSSX_max_princ_sz + \
243 8 + 8 + 4 + 4 + 4)
244#define GSSX_max_output_token_sz 1024
245/* grouplist not included; we allocate separate pages for that: */
246#define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */)
247#define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \
248 GSSX_default_ctx_sz + \
249 GSSX_max_output_token_sz + \
250 4 + GSSX_max_creds_sz)
251
252#define GSSX_ARG_release_handle_sz 0
253#define GSSX_RES_release_handle_sz 0
254#define GSSX_ARG_get_mic_sz 0
255#define GSSX_RES_get_mic_sz 0
256#define GSSX_ARG_verify_sz 0
257#define GSSX_RES_verify_sz 0
258#define GSSX_ARG_wrap_sz 0
259#define GSSX_RES_wrap_sz 0
260#define GSSX_ARG_unwrap_sz 0
261#define GSSX_RES_unwrap_sz 0
262#define GSSX_ARG_wrap_size_limit_sz 0
263#define GSSX_RES_wrap_size_limit_sz 0
264
265
266
267#endif /* _LINUX_GSS_RPC_XDR_H */