whiterose

linux unikernel
Log | Files | Refs | README | LICENSE | git clone https://git.ne02ptzero.me/git/whiterose

auth.h (6223B)


      1 /* SPDX-License-Identifier: GPL-2.0 */
      2 /*
      3  * linux/include/linux/sunrpc/auth.h
      4  *
      5  * Declarations for the RPC client authentication machinery.
      6  *
      7  * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
      8  */
      9 
     10 #ifndef _LINUX_SUNRPC_AUTH_H
     11 #define _LINUX_SUNRPC_AUTH_H
     12 
     13 #ifdef __KERNEL__
     14 
     15 #include <linux/sunrpc/sched.h>
     16 #include <linux/sunrpc/msg_prot.h>
     17 #include <linux/sunrpc/xdr.h>
     18 
     19 #include <linux/atomic.h>
     20 #include <linux/rcupdate.h>
     21 #include <linux/uidgid.h>
     22 #include <linux/utsname.h>
     23 
     24 /*
     25  * Maximum size of AUTH_NONE authentication information, in XDR words.
     26  */
     27 #define NUL_CALLSLACK	(4)
     28 #define NUL_REPLYSLACK	(2)
     29 
     30 /*
     31  * Size of the nodename buffer. RFC1831 specifies a hard limit of 255 bytes,
     32  * but Linux hostnames are actually limited to __NEW_UTS_LEN bytes.
     33  */
     34 #define UNX_MAXNODENAME	__NEW_UTS_LEN
     35 #define UNX_CALLSLACK	(21 + XDR_QUADLEN(UNX_MAXNODENAME))
     36 #define UNX_NGROUPS	16
     37 
     38 struct rpcsec_gss_info;
     39 
     40 struct auth_cred {
     41 	const struct cred *cred;
     42 	const char *principal;	/* If present, this is a machine credential */
     43 };
     44 
     45 /*
     46  * Client user credentials
     47  */
     48 struct rpc_auth;
     49 struct rpc_credops;
     50 struct rpc_cred {
     51 	struct hlist_node	cr_hash;	/* hash chain */
     52 	struct list_head	cr_lru;		/* lru garbage collection */
     53 	struct rcu_head		cr_rcu;
     54 	struct rpc_auth *	cr_auth;
     55 	const struct rpc_credops *cr_ops;
     56 	unsigned long		cr_expire;	/* when to gc */
     57 	unsigned long		cr_flags;	/* various flags */
     58 	refcount_t		cr_count;	/* ref count */
     59 	const struct cred	*cr_cred;
     60 
     61 	/* per-flavor data */
     62 };
     63 #define RPCAUTH_CRED_NEW	0
     64 #define RPCAUTH_CRED_UPTODATE	1
     65 #define RPCAUTH_CRED_HASHED	2
     66 #define RPCAUTH_CRED_NEGATIVE	3
     67 
     68 const struct cred *rpc_machine_cred(void);
     69 
     70 /*
     71  * Client authentication handle
     72  */
     73 struct rpc_cred_cache;
     74 struct rpc_authops;
     75 struct rpc_auth {
     76 	unsigned int		au_cslack;	/* call cred size estimate */
     77 	unsigned int		au_rslack;	/* reply cred size estimate */
     78 	unsigned int		au_verfsize;	/* size of reply verifier */
     79 	unsigned int		au_ralign;	/* words before UL header */
     80 
     81 	unsigned int		au_flags;
     82 	const struct rpc_authops *au_ops;
     83 	rpc_authflavor_t	au_flavor;	/* pseudoflavor (note may
     84 						 * differ from the flavor in
     85 						 * au_ops->au_flavor in gss
     86 						 * case) */
     87 	refcount_t		au_count;	/* Reference counter */
     88 
     89 	struct rpc_cred_cache *	au_credcache;
     90 	/* per-flavor data */
     91 };
     92 
     93 /* rpc_auth au_flags */
     94 #define RPCAUTH_AUTH_DATATOUCH	0x00000002
     95 
     96 struct rpc_auth_create_args {
     97 	rpc_authflavor_t pseudoflavor;
     98 	const char *target_name;
     99 };
    100 
    101 /* Flags for rpcauth_lookupcred() */
    102 #define RPCAUTH_LOOKUP_NEW		0x01	/* Accept an uninitialised cred */
    103 
    104 /*
    105  * Client authentication ops
    106  */
    107 struct rpc_authops {
    108 	struct module		*owner;
    109 	rpc_authflavor_t	au_flavor;	/* flavor (RPC_AUTH_*) */
    110 	char *			au_name;
    111 	struct rpc_auth *	(*create)(const struct rpc_auth_create_args *,
    112 					  struct rpc_clnt *);
    113 	void			(*destroy)(struct rpc_auth *);
    114 
    115 	int			(*hash_cred)(struct auth_cred *, unsigned int);
    116 	struct rpc_cred *	(*lookup_cred)(struct rpc_auth *, struct auth_cred *, int);
    117 	struct rpc_cred *	(*crcreate)(struct rpc_auth*, struct auth_cred *, int, gfp_t);
    118 	int			(*list_pseudoflavors)(rpc_authflavor_t *, int);
    119 	rpc_authflavor_t	(*info2flavor)(struct rpcsec_gss_info *);
    120 	int			(*flavor2info)(rpc_authflavor_t,
    121 						struct rpcsec_gss_info *);
    122 	int			(*key_timeout)(struct rpc_auth *,
    123 						struct rpc_cred *);
    124 };
    125 
    126 struct rpc_credops {
    127 	const char *		cr_name;	/* Name of the auth flavour */
    128 	int			(*cr_init)(struct rpc_auth *, struct rpc_cred *);
    129 	void			(*crdestroy)(struct rpc_cred *);
    130 
    131 	int			(*crmatch)(struct auth_cred *, struct rpc_cred *, int);
    132 	int			(*crmarshal)(struct rpc_task *task,
    133 					     struct xdr_stream *xdr);
    134 	int			(*crrefresh)(struct rpc_task *);
    135 	int			(*crvalidate)(struct rpc_task *task,
    136 					      struct xdr_stream *xdr);
    137 	int			(*crwrap_req)(struct rpc_task *task,
    138 					      struct xdr_stream *xdr);
    139 	int			(*crunwrap_resp)(struct rpc_task *task,
    140 						 struct xdr_stream *xdr);
    141 	int			(*crkey_timeout)(struct rpc_cred *);
    142 	char *			(*crstringify_acceptor)(struct rpc_cred *);
    143 	bool			(*crneed_reencode)(struct rpc_task *);
    144 };
    145 
    146 extern const struct rpc_authops	authunix_ops;
    147 extern const struct rpc_authops	authnull_ops;
    148 
    149 int __init		rpc_init_authunix(void);
    150 int __init		rpcauth_init_module(void);
    151 void			rpcauth_remove_module(void);
    152 void 			rpc_destroy_authunix(void);
    153 
    154 int			rpcauth_register(const struct rpc_authops *);
    155 int			rpcauth_unregister(const struct rpc_authops *);
    156 struct rpc_auth *	rpcauth_create(const struct rpc_auth_create_args *,
    157 				struct rpc_clnt *);
    158 void			rpcauth_release(struct rpc_auth *);
    159 rpc_authflavor_t	rpcauth_get_pseudoflavor(rpc_authflavor_t,
    160 				struct rpcsec_gss_info *);
    161 int			rpcauth_get_gssinfo(rpc_authflavor_t,
    162 				struct rpcsec_gss_info *);
    163 int			rpcauth_list_flavors(rpc_authflavor_t *, int);
    164 struct rpc_cred *	rpcauth_lookup_credcache(struct rpc_auth *, struct auth_cred *, int, gfp_t);
    165 void			rpcauth_init_cred(struct rpc_cred *, const struct auth_cred *, struct rpc_auth *, const struct rpc_credops *);
    166 struct rpc_cred *	rpcauth_lookupcred(struct rpc_auth *, int);
    167 void			put_rpccred(struct rpc_cred *);
    168 int			rpcauth_marshcred(struct rpc_task *task,
    169 					  struct xdr_stream *xdr);
    170 int			rpcauth_checkverf(struct rpc_task *task,
    171 					  struct xdr_stream *xdr);
    172 int			rpcauth_wrap_req_encode(struct rpc_task *task,
    173 						struct xdr_stream *xdr);
    174 int			rpcauth_wrap_req(struct rpc_task *task,
    175 					 struct xdr_stream *xdr);
    176 int			rpcauth_unwrap_resp_decode(struct rpc_task *task,
    177 						   struct xdr_stream *xdr);
    178 int			rpcauth_unwrap_resp(struct rpc_task *task,
    179 					    struct xdr_stream *xdr);
    180 bool			rpcauth_xmit_need_reencode(struct rpc_task *task);
    181 int			rpcauth_refreshcred(struct rpc_task *);
    182 void			rpcauth_invalcred(struct rpc_task *);
    183 int			rpcauth_uptodatecred(struct rpc_task *);
    184 int			rpcauth_init_credcache(struct rpc_auth *);
    185 void			rpcauth_destroy_credcache(struct rpc_auth *);
    186 void			rpcauth_clear_credcache(struct rpc_cred_cache *);
    187 char *			rpcauth_stringify_acceptor(struct rpc_cred *);
    188 
    189 static inline
    190 struct rpc_cred *get_rpccred(struct rpc_cred *cred)
    191 {
    192 	if (cred != NULL && refcount_inc_not_zero(&cred->cr_count))
    193 		return cred;
    194 	return NULL;
    195 }
    196 
    197 #endif /* __KERNEL__ */
    198 #endif /* _LINUX_SUNRPC_AUTH_H */