Rev 423 | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 423 | giacomo | 1 | /* |
| 2 | * linux/include/linux/gss_api.h |
||
| 3 | * |
||
| 4 | * Somewhat simplified version of the gss api. |
||
| 5 | * |
||
| 6 | * Dug Song <dugsong@monkey.org> |
||
| 7 | * Andy Adamson <andros@umich.edu> |
||
| 8 | * Bruce Fields <bfields@umich.edu> |
||
| 9 | * Copyright (c) 2000 The Regents of the University of Michigan |
||
| 10 | * |
||
| 11 | * $Id: gss_api.h,v 1.1 2004-01-28 15:31:11 giacomo Exp $ |
||
| 12 | */ |
||
| 13 | |||
| 14 | #ifndef _LINUX_SUNRPC_GSS_API_H |
||
| 15 | #define _LINUX_SUNRPC_GSS_API_H |
||
| 16 | |||
| 17 | #ifdef __KERNEL__ |
||
| 18 | #include <linux/sunrpc/xdr.h> |
||
| 19 | |||
| 20 | /* The mechanism-independent gss-api context: */ |
||
| 21 | struct gss_ctx { |
||
| 22 | struct gss_api_mech *mech_type; |
||
| 23 | void *internal_ctx_id; |
||
| 24 | }; |
||
| 25 | |||
| 26 | #define GSS_C_NO_BUFFER ((struct xdr_netobj) 0) |
||
| 27 | #define GSS_C_NO_CONTEXT ((struct gss_ctx *) 0) |
||
| 28 | #define GSS_C_NULL_OID ((struct xdr_netobj) 0) |
||
| 29 | |||
| 30 | /*XXX arbitrary length - is this set somewhere? */ |
||
| 31 | #define GSS_OID_MAX_LEN 32 |
||
| 32 | |||
| 33 | /* gss-api prototypes; note that these are somewhat simplified versions of |
||
| 34 | * the prototypes specified in RFC 2744. */ |
||
| 35 | u32 gss_import_sec_context( |
||
| 36 | struct xdr_netobj *input_token, |
||
| 37 | struct gss_api_mech *mech, |
||
| 38 | struct gss_ctx **ctx_id); |
||
| 39 | u32 gss_get_mic( |
||
| 40 | struct gss_ctx *ctx_id, |
||
| 41 | u32 qop, |
||
| 42 | struct xdr_netobj *message, |
||
| 43 | struct xdr_netobj *mic_token); |
||
| 44 | u32 gss_verify_mic( |
||
| 45 | struct gss_ctx *ctx_id, |
||
| 46 | struct xdr_netobj *message, |
||
| 47 | struct xdr_netobj *mic_token, |
||
| 48 | u32 *qstate); |
||
| 49 | u32 gss_delete_sec_context( |
||
| 50 | struct gss_ctx **ctx_id); |
||
| 51 | |||
| 52 | /* We maintain a list of the pseudoflavors (equivalently, mechanism-qop-service |
||
| 53 | * triples) that we currently support: */ |
||
| 54 | |||
| 55 | struct sup_sec_triple { |
||
| 56 | struct list_head triples; |
||
| 57 | u32 pseudoflavor; |
||
| 58 | struct gss_api_mech *mech; |
||
| 59 | u32 qop; |
||
| 60 | u32 service; |
||
| 61 | }; |
||
| 62 | |||
| 63 | int gss_register_triple(u32 pseudoflavor, struct gss_api_mech *mech, u32 qop, |
||
| 64 | u32 service); |
||
| 65 | int gss_unregister_triple(u32 pseudoflavor); |
||
| 66 | int gss_pseudoflavor_supported(u32 pseudoflavor); |
||
| 67 | u32 gss_cmp_triples(u32 oid_len, char *oid_data, u32 qop, u32 service); |
||
| 68 | u32 gss_get_pseudoflavor(struct gss_ctx *ctx_id, u32 qop, u32 service); |
||
| 69 | u32 gss_pseudoflavor_to_service(u32 pseudoflavor); |
||
| 70 | /* Both return NULL on failure: */ |
||
| 71 | struct gss_api_mech * gss_pseudoflavor_to_mech(u32 pseudoflavor); |
||
| 72 | int gss_pseudoflavor_to_mechOID(u32 pseudoflavor, struct xdr_netobj *mech); |
||
| 73 | |||
| 74 | /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and |
||
| 75 | * mechanisms may be dynamically registered or unregistered by modules. |
||
| 76 | * Our only built-in mechanism is a trivial debugging mechanism that provides |
||
| 77 | * no actual security; the following function registers that mechanism: */ |
||
| 78 | |||
| 79 | void gss_mech_register_debug(void); |
||
| 80 | |||
| 81 | /* Each mechanism is described by the following struct: */ |
||
| 82 | struct gss_api_mech { |
||
| 83 | struct xdr_netobj gm_oid; |
||
| 84 | struct list_head gm_list; |
||
| 85 | atomic_t gm_count; |
||
| 86 | struct gss_api_ops *gm_ops; |
||
| 87 | }; |
||
| 88 | |||
| 89 | /* and must provide the following operations: */ |
||
| 90 | struct gss_api_ops { |
||
| 91 | char *name; |
||
| 92 | u32 (*gss_import_sec_context)( |
||
| 93 | struct xdr_netobj *input_token, |
||
| 94 | struct gss_ctx *ctx_id); |
||
| 95 | u32 (*gss_get_mic)( |
||
| 96 | struct gss_ctx *ctx_id, |
||
| 97 | u32 qop, |
||
| 98 | struct xdr_netobj *message, |
||
| 99 | struct xdr_netobj *mic_token); |
||
| 100 | u32 (*gss_verify_mic)( |
||
| 101 | struct gss_ctx *ctx_id, |
||
| 102 | struct xdr_netobj *message, |
||
| 103 | struct xdr_netobj *mic_token, |
||
| 104 | u32 *qstate); |
||
| 105 | void (*gss_delete_sec_context)( |
||
| 106 | void *internal_ctx_id); |
||
| 107 | }; |
||
| 108 | |||
| 109 | /* Returns nonzero on failure. */ |
||
| 110 | int gss_mech_register(struct xdr_netobj *, struct gss_api_ops *); |
||
| 111 | |||
| 112 | /* Returns nonzero iff someone still has a reference to this mech. */ |
||
| 113 | int gss_mech_unregister(struct gss_api_mech *); |
||
| 114 | |||
| 115 | /* Returns nonzer iff someone still has a reference to some mech. */ |
||
| 116 | int gss_mech_unregister_all(void); |
||
| 117 | |||
| 118 | /* returns a mechanism descriptor given an OID, an increments the mechanism's |
||
| 119 | * reference count. */ |
||
| 120 | struct gss_api_mech * gss_mech_get_by_OID(struct xdr_netobj *); |
||
| 121 | |||
| 122 | /* Just increments the mechanism's reference count and returns its input: */ |
||
| 123 | struct gss_api_mech * gss_mech_get(struct gss_api_mech *); |
||
| 124 | |||
| 125 | /* Returns nonzero iff you've released the last reference to this mech. |
||
| 126 | * Note that for every succesful gss_get_mech call there must be exactly |
||
| 127 | * one corresponding call to gss_mech_put.*/ |
||
| 128 | int gss_mech_put(struct gss_api_mech *); |
||
| 129 | |||
| 130 | #endif /* __KERNEL__ */ |
||
| 131 | #endif /* _LINUX_SUNRPC_GSS_API_H */ |
||
| 132 |