Commit | Line | Data |
---|---|---|
1da177e4 | 1 | /* |
f30c2269 | 2 | * linux/include/linux/sunrpc/gss_api.h |
1da177e4 LT |
3 | * |
4 | * Somewhat simplified version of the gss api. | |
5 | * | |
6 | * Dug Song <dugsong@monkey.org> | |
7 | * Andy Adamson <andros@umich.edu> | |
8 | * Bruce Fields <bfields@umich.edu> | |
9 | * Copyright (c) 2000 The Regents of the University of Michigan | |
1da177e4 LT |
10 | */ |
11 | ||
12 | #ifndef _LINUX_SUNRPC_GSS_API_H | |
13 | #define _LINUX_SUNRPC_GSS_API_H | |
14 | ||
15 | #ifdef __KERNEL__ | |
16 | #include <linux/sunrpc/xdr.h> | |
6a1a1e34 | 17 | #include <linux/sunrpc/msg_prot.h> |
1da177e4 LT |
18 | #include <linux/uio.h> |
19 | ||
20 | /* The mechanism-independent gss-api context: */ | |
21 | struct gss_ctx { | |
22 | struct gss_api_mech *mech_type; | |
23 | void *internal_ctx_id; | |
24 | }; | |
25 | ||
26 | #define GSS_C_NO_BUFFER ((struct xdr_netobj) 0) | |
27 | #define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0) | |
83523d08 | 28 | #define GSS_C_QOP_DEFAULT (0) |
1da177e4 LT |
29 | |
30 | /*XXX arbitrary length - is this set somewhere? */ | |
31 | #define GSS_OID_MAX_LEN 32 | |
fb15b26f CL |
32 | struct rpcsec_gss_oid { |
33 | unsigned int len; | |
34 | u8 data[GSS_OID_MAX_LEN]; | |
35 | }; | |
36 | ||
37 | /* From RFC 3530 */ | |
38 | struct rpcsec_gss_info { | |
39 | struct rpcsec_gss_oid oid; | |
40 | u32 qop; | |
41 | u32 service; | |
42 | }; | |
1da177e4 LT |
43 | |
44 | /* gss-api prototypes; note that these are somewhat simplified versions of | |
45 | * the prototypes specified in RFC 2744. */ | |
46 | int gss_import_sec_context( | |
47 | const void* input_token, | |
48 | size_t bufsize, | |
49 | struct gss_api_mech *mech, | |
1f4c86c0 | 50 | struct gss_ctx **ctx_id, |
400f26b5 | 51 | time_t *endtime, |
1f4c86c0 | 52 | gfp_t gfp_mask); |
1da177e4 LT |
53 | u32 gss_get_mic( |
54 | struct gss_ctx *ctx_id, | |
1da177e4 LT |
55 | struct xdr_buf *message, |
56 | struct xdr_netobj *mic_token); | |
57 | u32 gss_verify_mic( | |
58 | struct gss_ctx *ctx_id, | |
59 | struct xdr_buf *message, | |
00fd6e14 | 60 | struct xdr_netobj *mic_token); |
293f1eb5 BF |
61 | u32 gss_wrap( |
62 | struct gss_ctx *ctx_id, | |
293f1eb5 BF |
63 | int offset, |
64 | struct xdr_buf *outbuf, | |
65 | struct page **inpages); | |
66 | u32 gss_unwrap( | |
67 | struct gss_ctx *ctx_id, | |
293f1eb5 BF |
68 | int offset, |
69 | struct xdr_buf *inbuf); | |
1da177e4 LT |
70 | u32 gss_delete_sec_context( |
71 | struct gss_ctx **ctx_id); | |
72 | ||
83523d08 CL |
73 | rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop, |
74 | u32 service); | |
1da177e4 LT |
75 | u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor); |
76 | char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service); | |
77 | ||
78 | struct pf_desc { | |
79 | u32 pseudoflavor; | |
83523d08 | 80 | u32 qop; |
1da177e4 LT |
81 | u32 service; |
82 | char *name; | |
83 | char *auth_domain_name; | |
84 | }; | |
85 | ||
86 | /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and | |
87 | * mechanisms may be dynamically registered or unregistered by modules. */ | |
88 | ||
89 | /* Each mechanism is described by the following struct: */ | |
90 | struct gss_api_mech { | |
91 | struct list_head gm_list; | |
92 | struct module *gm_owner; | |
fb15b26f | 93 | struct rpcsec_gss_oid gm_oid; |
1da177e4 | 94 | char *gm_name; |
f1c0a861 | 95 | const struct gss_api_ops *gm_ops; |
1da177e4 LT |
96 | /* pseudoflavors supported by this mechanism: */ |
97 | int gm_pf_num; | |
98 | struct pf_desc * gm_pfs; | |
683ac665 TM |
99 | /* Should the following be a callback operation instead? */ |
100 | const char *gm_upcall_enctypes; | |
1da177e4 LT |
101 | }; |
102 | ||
103 | /* and must provide the following operations: */ | |
104 | struct gss_api_ops { | |
105 | int (*gss_import_sec_context)( | |
106 | const void *input_token, | |
107 | size_t bufsize, | |
1f4c86c0 | 108 | struct gss_ctx *ctx_id, |
400f26b5 | 109 | time_t *endtime, |
1f4c86c0 | 110 | gfp_t gfp_mask); |
1da177e4 LT |
111 | u32 (*gss_get_mic)( |
112 | struct gss_ctx *ctx_id, | |
1da177e4 LT |
113 | struct xdr_buf *message, |
114 | struct xdr_netobj *mic_token); | |
115 | u32 (*gss_verify_mic)( | |
116 | struct gss_ctx *ctx_id, | |
117 | struct xdr_buf *message, | |
00fd6e14 | 118 | struct xdr_netobj *mic_token); |
293f1eb5 BF |
119 | u32 (*gss_wrap)( |
120 | struct gss_ctx *ctx_id, | |
293f1eb5 BF |
121 | int offset, |
122 | struct xdr_buf *outbuf, | |
123 | struct page **inpages); | |
124 | u32 (*gss_unwrap)( | |
125 | struct gss_ctx *ctx_id, | |
293f1eb5 BF |
126 | int offset, |
127 | struct xdr_buf *buf); | |
1da177e4 LT |
128 | void (*gss_delete_sec_context)( |
129 | void *internal_ctx_id); | |
130 | }; | |
131 | ||
132 | int gss_mech_register(struct gss_api_mech *); | |
133 | void gss_mech_unregister(struct gss_api_mech *); | |
134 | ||
135 | /* returns a mechanism descriptor given an OID, and increments the mechanism's | |
136 | * reference count. */ | |
b1df7637 BF |
137 | struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *); |
138 | ||
9568c5e9 CL |
139 | /* Given a GSS security tuple, look up a pseudoflavor */ |
140 | rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *); | |
1da177e4 | 141 | |
a77c806f CL |
142 | /* Given a pseudoflavor, look up a GSS security tuple */ |
143 | int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *); | |
1da177e4 LT |
144 | |
145 | /* Returns a reference to a mechanism, given a name like "krb5" etc. */ | |
146 | struct gss_api_mech *gss_mech_get_by_name(const char *); | |
147 | ||
148 | /* Similar, but get by pseudoflavor. */ | |
149 | struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32); | |
150 | ||
8f70e95f | 151 | /* Fill in an array with a list of supported pseudoflavors */ |
6a1a1e34 | 152 | int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int); |
8f70e95f | 153 | |
0dc1531a BF |
154 | struct gss_api_mech * gss_mech_get(struct gss_api_mech *); |
155 | ||
d6e05edc | 156 | /* For every successful gss_mech_get or gss_mech_get_by_* call there must be a |
1da177e4 LT |
157 | * corresponding call to gss_mech_put. */ |
158 | void gss_mech_put(struct gss_api_mech *); | |
159 | ||
160 | #endif /* __KERNEL__ */ | |
161 | #endif /* _LINUX_SUNRPC_GSS_API_H */ | |
162 |