Commit | Line | Data |
---|---|---|
1d658336 SS |
1 | /* |
2 | * GSS Proxy upcall module | |
3 | * | |
4 | * Copyright (C) 2012 Simo Sorce <simo@redhat.com> | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License as published by | |
8 | * the Free Software Foundation; either version 2 of the License, or | |
9 | * (at your option) any later version. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | * GNU General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with this program; if not, write to the Free Software | |
18 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
19 | */ | |
20 | ||
21 | #ifndef _LINUX_GSS_RPC_XDR_H | |
22 | #define _LINUX_GSS_RPC_XDR_H | |
23 | ||
24 | #include <linux/sunrpc/xdr.h> | |
25 | #include <linux/sunrpc/clnt.h> | |
26 | #include <linux/sunrpc/xprtsock.h> | |
27 | ||
28 | #ifdef RPC_DEBUG | |
29 | # define RPCDBG_FACILITY RPCDBG_AUTH | |
30 | #endif | |
31 | ||
32 | #define LUCID_OPTION "exported_context_type" | |
33 | #define LUCID_VALUE "linux_lucid_v1" | |
34 | #define CREDS_OPTION "exported_creds_type" | |
35 | #define CREDS_VALUE "linux_creds_v1" | |
36 | ||
37 | typedef struct xdr_netobj gssx_buffer; | |
38 | typedef struct xdr_netobj utf8string; | |
39 | typedef struct xdr_netobj gssx_OID; | |
40 | ||
41 | enum gssx_cred_usage { | |
42 | GSSX_C_INITIATE = 1, | |
43 | GSSX_C_ACCEPT = 2, | |
44 | GSSX_C_BOTH = 3, | |
45 | }; | |
46 | ||
47 | struct gssx_option { | |
48 | gssx_buffer option; | |
49 | gssx_buffer value; | |
50 | }; | |
51 | ||
52 | struct gssx_option_array { | |
53 | u32 count; | |
54 | struct gssx_option *data; | |
55 | }; | |
56 | ||
57 | struct gssx_status { | |
58 | u64 major_status; | |
59 | gssx_OID mech; | |
60 | u64 minor_status; | |
61 | utf8string major_status_string; | |
62 | utf8string minor_status_string; | |
63 | gssx_buffer server_ctx; | |
64 | struct gssx_option_array options; | |
65 | }; | |
66 | ||
67 | struct gssx_call_ctx { | |
68 | utf8string locale; | |
69 | gssx_buffer server_ctx; | |
70 | struct gssx_option_array options; | |
71 | }; | |
72 | ||
73 | struct gssx_name_attr { | |
74 | gssx_buffer attr; | |
75 | gssx_buffer value; | |
76 | struct gssx_option_array extensions; | |
77 | }; | |
78 | ||
79 | struct gssx_name_attr_array { | |
80 | u32 count; | |
81 | struct gssx_name_attr *data; | |
82 | }; | |
83 | ||
84 | struct gssx_name { | |
85 | gssx_buffer display_name; | |
86 | }; | |
87 | typedef struct gssx_name gssx_name; | |
88 | ||
89 | struct gssx_cred_element { | |
90 | gssx_name MN; | |
91 | gssx_OID mech; | |
92 | u32 cred_usage; | |
93 | u64 initiator_time_rec; | |
94 | u64 acceptor_time_rec; | |
95 | struct gssx_option_array options; | |
96 | }; | |
97 | ||
98 | struct gssx_cred_element_array { | |
99 | u32 count; | |
100 | struct gssx_cred_element *data; | |
101 | }; | |
102 | ||
103 | struct gssx_cred { | |
104 | gssx_name desired_name; | |
105 | struct gssx_cred_element_array elements; | |
106 | gssx_buffer cred_handle_reference; | |
107 | u32 needs_release; | |
108 | }; | |
109 | ||
110 | struct gssx_ctx { | |
111 | gssx_buffer exported_context_token; | |
112 | gssx_buffer state; | |
113 | u32 need_release; | |
114 | gssx_OID mech; | |
115 | gssx_name src_name; | |
116 | gssx_name targ_name; | |
117 | u64 lifetime; | |
118 | u64 ctx_flags; | |
119 | u32 locally_initiated; | |
120 | u32 open; | |
121 | struct gssx_option_array options; | |
122 | }; | |
123 | ||
124 | struct gssx_cb { | |
125 | u64 initiator_addrtype; | |
126 | gssx_buffer initiator_address; | |
127 | u64 acceptor_addrtype; | |
128 | gssx_buffer acceptor_address; | |
129 | gssx_buffer application_data; | |
130 | }; | |
131 | ||
132 | ||
133 | /* This structure is not defined in the protocol. | |
134 | * It is used in the kernel to carry around a big buffer | |
135 | * as a set of pages */ | |
136 | struct gssp_in_token { | |
137 | struct page **pages; /* Array of contiguous pages */ | |
138 | unsigned int page_base; /* Start of page data */ | |
139 | unsigned int page_len; /* Length of page data */ | |
140 | }; | |
141 | ||
142 | struct gssx_arg_accept_sec_context { | |
143 | struct gssx_call_ctx call_ctx; | |
144 | struct gssx_ctx *context_handle; | |
145 | struct gssx_cred *cred_handle; | |
146 | struct gssp_in_token input_token; | |
147 | struct gssx_cb *input_cb; | |
148 | u32 ret_deleg_cred; | |
149 | struct gssx_option_array options; | |
9dfd87da BF |
150 | struct page **pages; |
151 | unsigned int npages; | |
1d658336 SS |
152 | }; |
153 | ||
154 | struct gssx_res_accept_sec_context { | |
155 | struct gssx_status status; | |
156 | struct gssx_ctx *context_handle; | |
157 | gssx_buffer *output_token; | |
158 | /* struct gssx_cred *delegated_cred_handle; not used in kernel */ | |
159 | struct gssx_option_array options; | |
160 | }; | |
161 | ||
162 | ||
163 | ||
164 | #define gssx_enc_indicate_mechs NULL | |
165 | #define gssx_dec_indicate_mechs NULL | |
166 | #define gssx_enc_get_call_context NULL | |
167 | #define gssx_dec_get_call_context NULL | |
168 | #define gssx_enc_import_and_canon_name NULL | |
169 | #define gssx_dec_import_and_canon_name NULL | |
170 | #define gssx_enc_export_cred NULL | |
171 | #define gssx_dec_export_cred NULL | |
172 | #define gssx_enc_import_cred NULL | |
173 | #define gssx_dec_import_cred NULL | |
174 | #define gssx_enc_acquire_cred NULL | |
175 | #define gssx_dec_acquire_cred NULL | |
176 | #define gssx_enc_store_cred NULL | |
177 | #define gssx_dec_store_cred NULL | |
178 | #define gssx_enc_init_sec_context NULL | |
179 | #define gssx_dec_init_sec_context NULL | |
180 | void gssx_enc_accept_sec_context(struct rpc_rqst *req, | |
181 | struct xdr_stream *xdr, | |
182 | struct gssx_arg_accept_sec_context *args); | |
183 | int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |
184 | struct xdr_stream *xdr, | |
185 | struct gssx_res_accept_sec_context *res); | |
186 | #define gssx_enc_release_handle NULL | |
187 | #define gssx_dec_release_handle NULL | |
188 | #define gssx_enc_get_mic NULL | |
189 | #define gssx_dec_get_mic NULL | |
190 | #define gssx_enc_verify NULL | |
191 | #define gssx_dec_verify NULL | |
192 | #define gssx_enc_wrap NULL | |
193 | #define gssx_dec_wrap NULL | |
194 | #define gssx_enc_unwrap NULL | |
195 | #define gssx_dec_unwrap NULL | |
196 | #define gssx_enc_wrap_size_limit NULL | |
197 | #define gssx_dec_wrap_size_limit NULL | |
198 | ||
199 | /* non implemented calls are set to 0 size */ | |
200 | #define GSSX_ARG_indicate_mechs_sz 0 | |
201 | #define GSSX_RES_indicate_mechs_sz 0 | |
202 | #define GSSX_ARG_get_call_context_sz 0 | |
203 | #define GSSX_RES_get_call_context_sz 0 | |
204 | #define GSSX_ARG_import_and_canon_name_sz 0 | |
205 | #define GSSX_RES_import_and_canon_name_sz 0 | |
206 | #define GSSX_ARG_export_cred_sz 0 | |
207 | #define GSSX_RES_export_cred_sz 0 | |
208 | #define GSSX_ARG_import_cred_sz 0 | |
209 | #define GSSX_RES_import_cred_sz 0 | |
210 | #define GSSX_ARG_acquire_cred_sz 0 | |
211 | #define GSSX_RES_acquire_cred_sz 0 | |
212 | #define GSSX_ARG_store_cred_sz 0 | |
213 | #define GSSX_RES_store_cred_sz 0 | |
214 | #define GSSX_ARG_init_sec_context_sz 0 | |
215 | #define GSSX_RES_init_sec_context_sz 0 | |
216 | ||
217 | #define GSSX_default_in_call_ctx_sz (4 + 4 + 4 + \ | |
218 | 8 + sizeof(LUCID_OPTION) + sizeof(LUCID_VALUE) + \ | |
219 | 8 + sizeof(CREDS_OPTION) + sizeof(CREDS_VALUE)) | |
220 | #define GSSX_default_in_ctx_hndl_sz (4 + 4+8 + 4 + 4 + 6*4 + 6*4 + 8 + 8 + \ | |
221 | 4 + 4 + 4) | |
222 | #define GSSX_default_in_cred_sz 4 /* we send in no cred_handle */ | |
223 | #define GSSX_default_in_token_sz 4 /* does *not* include token data */ | |
224 | #define GSSX_default_in_cb_sz 4 /* we do not use channel bindings */ | |
225 | #define GSSX_ARG_accept_sec_context_sz (GSSX_default_in_call_ctx_sz + \ | |
226 | GSSX_default_in_ctx_hndl_sz + \ | |
227 | GSSX_default_in_cred_sz + \ | |
228 | GSSX_default_in_token_sz + \ | |
229 | GSSX_default_in_cb_sz + \ | |
230 | 4 /* no deleg creds boolean */ + \ | |
231 | 4) /* empty options */ | |
232 | ||
233 | /* somewhat arbitrary numbers but large enough (we ignore some of the data | |
234 | * sent down, but it is part of the protocol so we need enough space to take | |
235 | * it in) */ | |
236 | #define GSSX_default_status_sz 8 + 24 + 8 + 256 + 256 + 16 + 4 | |
237 | #define GSSX_max_output_handle_sz 128 | |
238 | #define GSSX_max_oid_sz 16 | |
239 | #define GSSX_max_princ_sz 256 | |
240 | #define GSSX_default_ctx_sz (GSSX_max_output_handle_sz + \ | |
241 | 16 + 4 + GSSX_max_oid_sz + \ | |
242 | 2 * GSSX_max_princ_sz + \ | |
243 | 8 + 8 + 4 + 4 + 4) | |
244 | #define GSSX_max_output_token_sz 1024 | |
9dfd87da BF |
245 | /* grouplist not included; we allocate separate pages for that: */ |
246 | #define GSSX_max_creds_sz (4 + 4 + 4 /* + NGROUPS_MAX*4 */) | |
1d658336 SS |
247 | #define GSSX_RES_accept_sec_context_sz (GSSX_default_status_sz + \ |
248 | GSSX_default_ctx_sz + \ | |
249 | GSSX_max_output_token_sz + \ | |
250 | 4 + GSSX_max_creds_sz) | |
251 | ||
252 | #define GSSX_ARG_release_handle_sz 0 | |
253 | #define GSSX_RES_release_handle_sz 0 | |
254 | #define GSSX_ARG_get_mic_sz 0 | |
255 | #define GSSX_RES_get_mic_sz 0 | |
256 | #define GSSX_ARG_verify_sz 0 | |
257 | #define GSSX_RES_verify_sz 0 | |
258 | #define GSSX_ARG_wrap_sz 0 | |
259 | #define GSSX_RES_wrap_sz 0 | |
260 | #define GSSX_ARG_unwrap_sz 0 | |
261 | #define GSSX_RES_unwrap_sz 0 | |
262 | #define GSSX_ARG_wrap_size_limit_sz 0 | |
263 | #define GSSX_RES_wrap_size_limit_sz 0 | |
264 | ||
265 | ||
266 | ||
267 | #endif /* _LINUX_GSS_RPC_XDR_H */ |