SUNRPC: Refactor nfsd4_do_encode_secinfo()
[linux-3.10.git] / include / linux / sunrpc / gss_api.h
index 689262f..fca2338 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * linux/include/linux/gss_api.h
+ * linux/include/linux/sunrpc/gss_api.h
  *
  * Somewhat simplified version of the gss api.
  *
@@ -7,8 +7,6 @@
  * Andy Adamson <andros@umich.edu>
  * Bruce Fields <bfields@umich.edu>
  * Copyright (c) 2000 The Regents of the University of Michigan
- *
- * $Id$
  */
 
 #ifndef _LINUX_SUNRPC_GSS_API_H
@@ -16,6 +14,7 @@
 
 #ifdef __KERNEL__
 #include <linux/sunrpc/xdr.h>
+#include <linux/sunrpc/msg_prot.h>
 #include <linux/uio.h>
 
 /* The mechanism-independent gss-api context: */
@@ -26,10 +25,21 @@ struct gss_ctx {
 
 #define GSS_C_NO_BUFFER                ((struct xdr_netobj) 0)
 #define GSS_C_NO_CONTEXT       ((struct gss_ctx *) 0)
-#define GSS_C_NULL_OID         ((struct xdr_netobj) 0)
+#define GSS_C_QOP_DEFAULT      (0)
 
 /*XXX  arbitrary length - is this set somewhere? */
 #define GSS_OID_MAX_LEN 32
+struct rpcsec_gss_oid {
+       unsigned int    len;
+       u8              data[GSS_OID_MAX_LEN];
+};
+
+/* From RFC 3530 */
+struct rpcsec_gss_info {
+       struct rpcsec_gss_oid   oid;
+       u32                     qop;
+       u32                     service;
+};
 
 /* gss-api prototypes; note that these are somewhat simplified versions of
  * the prototypes specified in RFC 2744. */
@@ -37,20 +47,30 @@ int gss_import_sec_context(
                const void*             input_token,
                size_t                  bufsize,
                struct gss_api_mech     *mech,
-               struct gss_ctx          **ctx_id);
+               struct gss_ctx          **ctx_id,
+               gfp_t                   gfp_mask);
 u32 gss_get_mic(
                struct gss_ctx          *ctx_id,
-               u32                     qop,
                struct xdr_buf          *message,
                struct xdr_netobj       *mic_token);
 u32 gss_verify_mic(
                struct gss_ctx          *ctx_id,
                struct xdr_buf          *message,
-               struct xdr_netobj       *mic_token,
-               u32                     *qstate);
+               struct xdr_netobj       *mic_token);
+u32 gss_wrap(
+               struct gss_ctx          *ctx_id,
+               int                     offset,
+               struct xdr_buf          *outbuf,
+               struct page             **inpages);
+u32 gss_unwrap(
+               struct gss_ctx          *ctx_id,
+               int                     offset,
+               struct xdr_buf          *inbuf);
 u32 gss_delete_sec_context(
                struct gss_ctx          **ctx_id);
 
+rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
+                                       u32 service);
 u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
 char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
 
@@ -69,12 +89,14 @@ struct pf_desc {
 struct gss_api_mech {
        struct list_head        gm_list;
        struct module           *gm_owner;
-       struct xdr_netobj       gm_oid;
+       struct rpcsec_gss_oid   gm_oid;
        char                    *gm_name;
-       struct gss_api_ops      *gm_ops;
+       const struct gss_api_ops *gm_ops;
        /* pseudoflavors supported by this mechanism: */
        int                     gm_pf_num;
        struct pf_desc *        gm_pfs;
+       /* Should the following be a callback operation instead? */
+       const char              *gm_upcall_enctypes;
 };
 
 /* and must provide the following operations: */
@@ -82,17 +104,25 @@ struct gss_api_ops {
        int (*gss_import_sec_context)(
                        const void              *input_token,
                        size_t                  bufsize,
-                       struct gss_ctx          *ctx_id);
+                       struct gss_ctx          *ctx_id,
+                       gfp_t                   gfp_mask);
        u32 (*gss_get_mic)(
                        struct gss_ctx          *ctx_id,
-                       u32                     qop, 
                        struct xdr_buf          *message,
                        struct xdr_netobj       *mic_token);
        u32 (*gss_verify_mic)(
                        struct gss_ctx          *ctx_id,
                        struct xdr_buf          *message,
-                       struct xdr_netobj       *mic_token,
-                       u32                     *qstate);
+                       struct xdr_netobj       *mic_token);
+       u32 (*gss_wrap)(
+                       struct gss_ctx          *ctx_id,
+                       int                     offset,
+                       struct xdr_buf          *outbuf,
+                       struct page             **inpages);
+       u32 (*gss_unwrap)(
+                       struct gss_ctx          *ctx_id,
+                       int                     offset,
+                       struct xdr_buf          *buf);
        void (*gss_delete_sec_context)(
                        void                    *internal_ctx_id);
 };
@@ -100,9 +130,11 @@ struct gss_api_ops {
 int gss_mech_register(struct gss_api_mech *);
 void gss_mech_unregister(struct gss_api_mech *);
 
-/* returns a mechanism descriptor given an OID, and increments the mechanism's
- * reference count. */
-struct gss_api_mech * gss_mech_get_by_OID(struct xdr_netobj *);
+/* Given a GSS security tuple, look up a pseudoflavor */
+rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
+
+/* Given a pseudoflavor, look up a GSS security tuple */
+int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
 
 /* Returns a reference to a mechanism, given a name like "krb5" etc. */
 struct gss_api_mech *gss_mech_get_by_name(const char *);
@@ -110,10 +142,13 @@ struct gss_api_mech *gss_mech_get_by_name(const char *);
 /* Similar, but get by pseudoflavor. */
 struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
 
+/* Fill in an array with a list of supported pseudoflavors */
+int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int);
+
 /* Just increments the mechanism's reference count and returns its input: */
 struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
 
-/* For every succesful gss_mech_get or gss_mech_get_by_* call there must be a
+/* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
  * corresponding call to gss_mech_put. */
 void gss_mech_put(struct gss_api_mech *);