// SPDX-License-Identifier: BSD-3-Clause /* * linux/net/sunrpc/gss_mech_switch.c * * Copyright (c) 2001 The Regents of the University of Michigan. * All rights reserved. * * J. Bruce Fields <[email protected]> */ #include <linux/types.h> #include <linux/slab.h> #include <linux/module.h> #include <linux/oid_registry.h> #include <linux/sunrpc/msg_prot.h> #include <linux/sunrpc/gss_asn1.h> #include <linux/sunrpc/auth_gss.h> #include <linux/sunrpc/svcauth_gss.h> #include <linux/sunrpc/gss_err.h> #include <linux/sunrpc/sched.h> #include <linux/sunrpc/gss_api.h> #include <linux/sunrpc/clnt.h> #include <trace/events/rpcgss.h> #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) #define RPCDBG_FACILITY … #endif static LIST_HEAD(registered_mechs); static DEFINE_SPINLOCK(registered_mechs_lock); static void gss_mech_free(struct gss_api_mech *gm) { … } static inline char * make_auth_domain_name(char *name) { … } static int gss_mech_svc_setup(struct gss_api_mech *gm) { … } /** * gss_mech_register - register a GSS mechanism * @gm: GSS mechanism handle * * Returns zero if successful, or a negative errno. */ int gss_mech_register(struct gss_api_mech *gm) { … } EXPORT_SYMBOL_GPL(…); /** * gss_mech_unregister - release a GSS mechanism * @gm: GSS mechanism handle * */ void gss_mech_unregister(struct gss_api_mech *gm) { … } EXPORT_SYMBOL_GPL(…); struct gss_api_mech *gss_mech_get(struct gss_api_mech *gm) { … } EXPORT_SYMBOL(…); static struct gss_api_mech * _gss_mech_get_by_name(const char *name) { … } struct gss_api_mech * gss_mech_get_by_name(const char *name) { … } struct gss_api_mech *gss_mech_get_by_OID(struct rpcsec_gss_oid *obj) { … } static inline int mech_supports_pseudoflavor(struct gss_api_mech *gm, u32 pseudoflavor) { … } static struct gss_api_mech *_gss_mech_get_by_pseudoflavor(u32 pseudoflavor) { … } struct gss_api_mech * gss_mech_get_by_pseudoflavor(u32 pseudoflavor) { … } /** * gss_svc_to_pseudoflavor - map a GSS service number to a pseudoflavor * @gm: GSS mechanism handle * @qop: GSS quality-of-protection value * @service: GSS service value * * Returns a matching security flavor, or RPC_AUTH_MAXFLAVOR if none is found. */ rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 qop, u32 service) { … } /** * gss_mech_info2flavor - look up a pseudoflavor given a GSS tuple * @info: a GSS mech OID, quality of protection, and service value * * Returns a matching pseudoflavor, or RPC_AUTH_MAXFLAVOR if the tuple is * not supported. */ rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *info) { … } /** * gss_mech_flavor2info - look up a GSS tuple for a given pseudoflavor * @pseudoflavor: GSS pseudoflavor to match * @info: rpcsec_gss_info structure to fill in * * Returns zero and fills in "info" if pseudoflavor matches a * supported mechanism. Otherwise a negative errno is returned. */ int gss_mech_flavor2info(rpc_authflavor_t pseudoflavor, struct rpcsec_gss_info *info) { … } u32 gss_pseudoflavor_to_service(struct gss_api_mech *gm, u32 pseudoflavor) { … } EXPORT_SYMBOL(…); bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *gm, u32 pseudoflavor) { … } char * gss_service_to_auth_domain_name(struct gss_api_mech *gm, u32 service) { … } void gss_mech_put(struct gss_api_mech * gm) { … } EXPORT_SYMBOL(…); /* The mech could probably be determined from the token instead, but it's just * as easy for now to pass it in. */ int gss_import_sec_context(const void *input_token, size_t bufsize, struct gss_api_mech *mech, struct gss_ctx **ctx_id, time64_t *endtime, gfp_t gfp_mask) { … } /* gss_get_mic: compute a mic over message and return mic_token. */ u32 gss_get_mic(struct gss_ctx *context_handle, struct xdr_buf *message, struct xdr_netobj *mic_token) { … } /* gss_verify_mic: check whether the provided mic_token verifies message. */ u32 gss_verify_mic(struct gss_ctx *context_handle, struct xdr_buf *message, struct xdr_netobj *mic_token) { … } /* * This function is called from both the client and server code. * Each makes guarantees about how much "slack" space is available * for the underlying function in "buf"'s head and tail while * performing the wrap. * * The client and server code allocate RPC_MAX_AUTH_SIZE extra * space in both the head and tail which is available for use by * the wrap function. * * Underlying functions should verify they do not use more than * RPC_MAX_AUTH_SIZE of extra space in either the head or tail * when performing the wrap. */ u32 gss_wrap(struct gss_ctx *ctx_id, int offset, struct xdr_buf *buf, struct page **inpages) { … } u32 gss_unwrap(struct gss_ctx *ctx_id, int offset, int len, struct xdr_buf *buf) { … } /* gss_delete_sec_context: free all resources associated with context_handle. * Note this differs from the RFC 2744-specified prototype in that we don't * bother returning an output token, since it would never be used anyway. */ u32 gss_delete_sec_context(struct gss_ctx **context_handle) { … }
Codebase Browser
linux