[linux-2.6-block.git] / include / linux / sunrpc / auth.h

/* SPDX-License-Identifier: GPL-2.0 */
/*
 * linux/include/linux/sunrpc/auth.h
 *
 * Declarations for the RPC client authentication machinery.
 *
 * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
 */

#ifndef _LINUX_SUNRPC_AUTH_H
#define _LINUX_SUNRPC_AUTH_H

#include <linux/sunrpc/sched.h>
#include <linux/sunrpc/msg_prot.h>
#include <linux/sunrpc/xdr.h>

#include <linux/atomic.h>
#include <linux/rcupdate.h>
#include <linux/uidgid.h>
#include <linux/utsname.h>

/*
 * Maximum size of AUTH_NONE authentication information, in XDR words.
 */
#define NUL_CALLSLACK	(4)
#define NUL_REPLYSLACK	(2)

/*
 * Size of the nodename buffer. RFC1831 specifies a hard limit of 255 bytes,
 * but Linux hostnames are actually limited to __NEW_UTS_LEN bytes.
 */
#define UNX_MAXNODENAME	__NEW_UTS_LEN
#define UNX_CALLSLACK	(21 + XDR_QUADLEN(UNX_MAXNODENAME))
#define UNX_NGROUPS	16

struct rpcsec_gss_info;

struct auth_cred {
	const struct cred *cred;
	const char *principal;	/* If present, this is a machine credential */
};

/*
 * Client user credentials
 */
struct rpc_auth;
struct rpc_credops;
struct rpc_cred {
	struct hlist_node	cr_hash;	/* hash chain */
	struct list_head	cr_lru;		/* lru garbage collection */
	struct rcu_head		cr_rcu;
	struct rpc_auth *	cr_auth;
	const struct rpc_credops *cr_ops;
	unsigned long		cr_expire;	/* when to gc */
	unsigned long		cr_flags;	/* various flags */
	refcount_t		cr_count;	/* ref count */
	const struct cred	*cr_cred;

	/* per-flavor data */
};
#define RPCAUTH_CRED_NEW	0
#define RPCAUTH_CRED_UPTODATE	1
#define RPCAUTH_CRED_HASHED	2
#define RPCAUTH_CRED_NEGATIVE	3

const struct cred *rpc_machine_cred(void);

/*
 * Client authentication handle
 */
struct rpc_cred_cache;
struct rpc_authops;
struct rpc_auth {
	unsigned int		au_cslack;	/* call cred size estimate */
	unsigned int		au_rslack;	/* reply cred size estimate */
	unsigned int		au_verfsize;	/* size of reply verifier */
	unsigned int		au_ralign;	/* words before UL header */

	unsigned long		au_flags;
	const struct rpc_authops *au_ops;
	rpc_authflavor_t	au_flavor;	/* pseudoflavor (note may
						 * differ from the flavor in
						 * au_ops->au_flavor in gss
						 * case) */
	refcount_t		au_count;	/* Reference counter */

	struct rpc_cred_cache *	au_credcache;
	/* per-flavor data */
};

/* rpc_auth au_flags */
#define RPCAUTH_AUTH_DATATOUCH		(1)
#define RPCAUTH_AUTH_UPDATE_SLACK	(2)

struct rpc_auth_create_args {
	rpc_authflavor_t pseudoflavor;
	const char *target_name;
};

/* Flags for rpcauth_lookupcred() */
#define RPCAUTH_LOOKUP_NEW		0x01	/* Accept an uninitialised cred */
#define RPCAUTH_LOOKUP_ASYNC		0x02	/* Don't block waiting for memory */

/*
 * Client authentication ops
 */
struct rpc_authops {
	struct module		*owner;
	rpc_authflavor_t	au_flavor;	/* flavor (RPC_AUTH_*) */
	char *			au_name;
	struct rpc_auth *	(*create)(const struct rpc_auth_create_args *,
					  struct rpc_clnt *);
	void			(*destroy)(struct rpc_auth *);

	int			(*hash_cred)(struct auth_cred *, unsigned int);
	struct rpc_cred *	(*lookup_cred)(struct rpc_auth *, struct auth_cred *, int);
	struct rpc_cred *	(*crcreate)(struct rpc_auth*, struct auth_cred *, int, gfp_t);
	rpc_authflavor_t	(*info2flavor)(struct rpcsec_gss_info *);
	int			(*flavor2info)(rpc_authflavor_t,
						struct rpcsec_gss_info *);
	int			(*key_timeout)(struct rpc_auth *,
						struct rpc_cred *);
	int			(*ping)(struct rpc_clnt *clnt);
};

struct rpc_credops {
	const char *		cr_name;	/* Name of the auth flavour */
	int			(*cr_init)(struct rpc_auth *, struct rpc_cred *);
	void			(*crdestroy)(struct rpc_cred *);

	int			(*crmatch)(struct auth_cred *, struct rpc_cred *, int);
	int			(*crmarshal)(struct rpc_task *task,
					     struct xdr_stream *xdr);
	int			(*crrefresh)(struct rpc_task *);
	int			(*crvalidate)(struct rpc_task *task,
					      struct xdr_stream *xdr);
	int			(*crwrap_req)(struct rpc_task *task,
					      struct xdr_stream *xdr);
	int			(*crunwrap_resp)(struct rpc_task *task,
						 struct xdr_stream *xdr);
	int			(*crkey_timeout)(struct rpc_cred *);
	char *			(*crstringify_acceptor)(struct rpc_cred *);
	bool			(*crneed_reencode)(struct rpc_task *);
};

extern const struct rpc_authops	authunix_ops;
extern const struct rpc_authops	authnull_ops;
extern const struct rpc_authops	authtls_ops;

int __init		rpc_init_authunix(void);
int __init		rpcauth_init_module(void);
void			rpcauth_remove_module(void);
void 			rpc_destroy_authunix(void);

int			rpcauth_register(const struct rpc_authops *);
int			rpcauth_unregister(const struct rpc_authops *);
struct rpc_auth *	rpcauth_create(const struct rpc_auth_create_args *,
				struct rpc_clnt *);
void			rpcauth_release(struct rpc_auth *);
rpc_authflavor_t	rpcauth_get_pseudoflavor(rpc_authflavor_t,
				struct rpcsec_gss_info *);
int			rpcauth_get_gssinfo(rpc_authflavor_t,
				struct rpcsec_gss_info *);
struct rpc_cred *	rpcauth_lookup_credcache(struct rpc_auth *, struct auth_cred *, int, gfp_t);
void			rpcauth_init_cred(struct rpc_cred *, const struct auth_cred *, struct rpc_auth *, const struct rpc_credops *);
struct rpc_cred *	rpcauth_lookupcred(struct rpc_auth *, int);
void			put_rpccred(struct rpc_cred *);
int			rpcauth_marshcred(struct rpc_task *task,
					  struct xdr_stream *xdr);
int			rpcauth_checkverf(struct rpc_task *task,
					  struct xdr_stream *xdr);
int			rpcauth_wrap_req_encode(struct rpc_task *task,
						struct xdr_stream *xdr);
int			rpcauth_wrap_req(struct rpc_task *task,
					 struct xdr_stream *xdr);
int			rpcauth_unwrap_resp_decode(struct rpc_task *task,
						   struct xdr_stream *xdr);
int			rpcauth_unwrap_resp(struct rpc_task *task,
					    struct xdr_stream *xdr);
bool			rpcauth_xmit_need_reencode(struct rpc_task *task);
int			rpcauth_refreshcred(struct rpc_task *);
void			rpcauth_invalcred(struct rpc_task *);
int			rpcauth_uptodatecred(struct rpc_task *);
int			rpcauth_init_credcache(struct rpc_auth *);
void			rpcauth_destroy_credcache(struct rpc_auth *);
void			rpcauth_clear_credcache(struct rpc_cred_cache *);
char *			rpcauth_stringify_acceptor(struct rpc_cred *);

static inline
struct rpc_cred *get_rpccred(struct rpc_cred *cred)
{
	if (cred != NULL && refcount_inc_not_zero(&cred->cr_count))
		return cred;
	return NULL;
}

#endif /* _LINUX_SUNRPC_AUTH_H */
Commit	Line	Data
	1	/* SPDX-License-Identifier: GPL-2.0 */
	2	/*
	3	* linux/include/linux/sunrpc/auth.h
	4	*
	5	* Declarations for the RPC client authentication machinery.
	6	*
	7	* Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
	8	*/
	9
	10	#ifndef _LINUX_SUNRPC_AUTH_H
	11	#define _LINUX_SUNRPC_AUTH_H
	12
	13	#include <linux/sunrpc/sched.h>
	14	#include <linux/sunrpc/msg_prot.h>
	15	#include <linux/sunrpc/xdr.h>
	16
	17	#include <linux/atomic.h>
	18	#include <linux/rcupdate.h>
	19	#include <linux/uidgid.h>
	20	#include <linux/utsname.h>
	21
	22	/*
	23	* Maximum size of AUTH_NONE authentication information, in XDR words.
	24	*/
	25	#define NUL_CALLSLACK (4)
	26	#define NUL_REPLYSLACK (2)
	27
	28	/*
	29	* Size of the nodename buffer. RFC1831 specifies a hard limit of 255 bytes,
	30	* but Linux hostnames are actually limited to __NEW_UTS_LEN bytes.
	31	*/
	32	#define UNX_MAXNODENAME __NEW_UTS_LEN
	33	#define UNX_CALLSLACK (21 + XDR_QUADLEN(UNX_MAXNODENAME))
	34	#define UNX_NGROUPS 16
	35
	36	struct rpcsec_gss_info;
	37
	38	struct auth_cred {
	39	const struct cred *cred;
	40	const char principal; / If present, this is a machine credential */
	41	};
	42
	43	/*
	44	* Client user credentials
	45	*/
	46	struct rpc_auth;
	47	struct rpc_credops;
	48	struct rpc_cred {
	49	struct hlist_node cr_hash; /* hash chain */
	50	struct list_head cr_lru; /* lru garbage collection */
	51	struct rcu_head cr_rcu;
	52	struct rpc_auth * cr_auth;
	53	const struct rpc_credops *cr_ops;
	54	unsigned long cr_expire; /* when to gc */
	55	unsigned long cr_flags; /* various flags */
	56	refcount_t cr_count; /* ref count */
	57	const struct cred *cr_cred;
	58
	59	/* per-flavor data */
	60	};
	61	#define RPCAUTH_CRED_NEW 0
	62	#define RPCAUTH_CRED_UPTODATE 1
	63	#define RPCAUTH_CRED_HASHED 2
	64	#define RPCAUTH_CRED_NEGATIVE 3
	65
	66	const struct cred *rpc_machine_cred(void);
	67
	68	/*
	69	* Client authentication handle
	70	*/
	71	struct rpc_cred_cache;
	72	struct rpc_authops;
	73	struct rpc_auth {
	74	unsigned int au_cslack; /* call cred size estimate */
	75	unsigned int au_rslack; /* reply cred size estimate */
	76	unsigned int au_verfsize; /* size of reply verifier */
	77	unsigned int au_ralign; /* words before UL header */
	78
	79	unsigned long au_flags;
	80	const struct rpc_authops *au_ops;
	81	rpc_authflavor_t au_flavor; /* pseudoflavor (note may
	82	* differ from the flavor in
	83	* au_ops->au_flavor in gss
	84	* case) */
	85	refcount_t au_count; /* Reference counter */
	86
	87	struct rpc_cred_cache * au_credcache;
	88	/* per-flavor data */
	89	};
	90
	91	/* rpc_auth au_flags */
	92	#define RPCAUTH_AUTH_DATATOUCH (1)
	93	#define RPCAUTH_AUTH_UPDATE_SLACK (2)
	94
	95	struct rpc_auth_create_args {
	96	rpc_authflavor_t pseudoflavor;
	97	const char *target_name;
	98	};
	99
	100	/* Flags for rpcauth_lookupcred() */
	101	#define RPCAUTH_LOOKUP_NEW 0x01 /* Accept an uninitialised cred */
	102	#define RPCAUTH_LOOKUP_ASYNC 0x02 /* Don't block waiting for memory */
	103
	104	/*
	105	* Client authentication ops
	106	*/
	107	struct rpc_authops {
	108	struct module *owner;
	109	rpc_authflavor_t au_flavor; /* flavor (RPC_AUTH_) /
	110	char * au_name;
	111	struct rpc_auth * (create)(const struct rpc_auth_create_args ,
	112	struct rpc_clnt *);
	113	void (destroy)(struct rpc_auth );
	114
	115	int (hash_cred)(struct auth_cred , unsigned int);
	116	struct rpc_cred * (lookup_cred)(struct rpc_auth , struct auth_cred *, int);
	117	struct rpc_cred * (crcreate)(struct rpc_auth, struct auth_cred *, int, gfp_t);
	118	rpc_authflavor_t (info2flavor)(struct rpcsec_gss_info );
	119	int (*flavor2info)(rpc_authflavor_t,
	120	struct rpcsec_gss_info *);
	121	int (key_timeout)(struct rpc_auth ,
	122	struct rpc_cred *);
	123	int (ping)(struct rpc_clnt clnt);
	124	};
	125
	126	struct rpc_credops {
	127	const char * cr_name; /* Name of the auth flavour */
	128	int (cr_init)(struct rpc_auth , struct rpc_cred *);
	129	void (crdestroy)(struct rpc_cred );
	130
	131	int (crmatch)(struct auth_cred , struct rpc_cred *, int);
	132	int (crmarshal)(struct rpc_task task,
	133	struct xdr_stream *xdr);
	134	int (crrefresh)(struct rpc_task );
	135	int (crvalidate)(struct rpc_task task,
	136	struct xdr_stream *xdr);
	137	int (crwrap_req)(struct rpc_task task,
	138	struct xdr_stream *xdr);
	139	int (crunwrap_resp)(struct rpc_task task,
	140	struct xdr_stream *xdr);
	141	int (crkey_timeout)(struct rpc_cred );
	142	char * (crstringify_acceptor)(struct rpc_cred );
	143	bool (crneed_reencode)(struct rpc_task );
	144	};
	145
	146	extern const struct rpc_authops authunix_ops;
	147	extern const struct rpc_authops authnull_ops;
	148	extern const struct rpc_authops authtls_ops;
	149
	150	int __init rpc_init_authunix(void);
	151	int __init rpcauth_init_module(void);
	152	void rpcauth_remove_module(void);
	153	void rpc_destroy_authunix(void);
	154
	155	int rpcauth_register(const struct rpc_authops *);
	156	int rpcauth_unregister(const struct rpc_authops *);
	157	struct rpc_auth * rpcauth_create(const struct rpc_auth_create_args *,
	158	struct rpc_clnt *);
	159	void rpcauth_release(struct rpc_auth *);
	160	rpc_authflavor_t rpcauth_get_pseudoflavor(rpc_authflavor_t,
	161	struct rpcsec_gss_info *);
	162	int rpcauth_get_gssinfo(rpc_authflavor_t,
	163	struct rpcsec_gss_info *);
	164	struct rpc_cred * rpcauth_lookup_credcache(struct rpc_auth , struct auth_cred , int, gfp_t);
	165	void rpcauth_init_cred(struct rpc_cred , const struct auth_cred , struct rpc_auth , const struct rpc_credops );
	166	struct rpc_cred * rpcauth_lookupcred(struct rpc_auth *, int);
	167	void put_rpccred(struct rpc_cred *);
	168	int rpcauth_marshcred(struct rpc_task *task,
	169	struct xdr_stream *xdr);
	170	int rpcauth_checkverf(struct rpc_task *task,
	171	struct xdr_stream *xdr);
	172	int rpcauth_wrap_req_encode(struct rpc_task *task,
	173	struct xdr_stream *xdr);
	174	int rpcauth_wrap_req(struct rpc_task *task,
	175	struct xdr_stream *xdr);
	176	int rpcauth_unwrap_resp_decode(struct rpc_task *task,
	177	struct xdr_stream *xdr);
	178	int rpcauth_unwrap_resp(struct rpc_task *task,
	179	struct xdr_stream *xdr);
	180	bool rpcauth_xmit_need_reencode(struct rpc_task *task);
	181	int rpcauth_refreshcred(struct rpc_task *);
	182	void rpcauth_invalcred(struct rpc_task *);
	183	int rpcauth_uptodatecred(struct rpc_task *);
	184	int rpcauth_init_credcache(struct rpc_auth *);
	185	void rpcauth_destroy_credcache(struct rpc_auth *);
	186	void rpcauth_clear_credcache(struct rpc_cred_cache *);
	187	char * rpcauth_stringify_acceptor(struct rpc_cred *);
	188
	189	static inline
	190	struct rpc_cred get_rpccred(struct rpc_cred cred)
	191	{
	192	if (cred != NULL && refcount_inc_not_zero(&cred->cr_count))
	193	return cred;
	194	return NULL;
	195	}
	196
	197	#endif /* _LINUX_SUNRPC_AUTH_H */