X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=include%2Flinux%2Fsunrpc%2Fgss_api.h;h=5eca9e442051310525162222c9891776be778d9d;hb=refs%2Fheads%2Fvserver;hp=e24f9c0bafd19e8e9e370c53bc65252940efa371;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h index e24f9c0ba..5eca9e442 100644 --- a/include/linux/sunrpc/gss_api.h +++ b/include/linux/sunrpc/gss_api.h @@ -1,5 +1,5 @@ /* - * linux/include/linux/gss_api.h + * linux/include/linux/sunrpc/gss_api.h * * Somewhat simplified version of the gss api. * @@ -33,103 +33,102 @@ struct gss_ctx { /* gss-api prototypes; note that these are somewhat simplified versions of * the prototypes specified in RFC 2744. */ -u32 gss_import_sec_context( - struct xdr_netobj *input_token, +int gss_import_sec_context( + const void* input_token, + size_t bufsize, struct gss_api_mech *mech, struct gss_ctx **ctx_id); u32 gss_get_mic( struct gss_ctx *ctx_id, - u32 qop, struct xdr_buf *message, struct xdr_netobj *mic_token); u32 gss_verify_mic( struct gss_ctx *ctx_id, struct xdr_buf *message, - struct xdr_netobj *mic_token, - u32 *qstate); + struct xdr_netobj *mic_token); +u32 gss_wrap( + struct gss_ctx *ctx_id, + int offset, + struct xdr_buf *outbuf, + struct page **inpages); +u32 gss_unwrap( + struct gss_ctx *ctx_id, + int offset, + struct xdr_buf *inbuf); u32 gss_delete_sec_context( struct gss_ctx **ctx_id); -/* We maintain a list of the pseudoflavors (equivalently, mechanism-qop-service - * triples) that we currently support: */ +u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor); +char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service); -struct sup_sec_triple { - struct list_head triples; - u32 pseudoflavor; - struct gss_api_mech *mech; - u32 qop; - u32 service; +struct pf_desc { + u32 pseudoflavor; + u32 service; + char *name; + char *auth_domain_name; }; -int gss_register_triple(u32 pseudoflavor, struct gss_api_mech *mech, u32 qop, - u32 service); -int gss_unregister_triple(u32 pseudoflavor); -int gss_pseudoflavor_supported(u32 pseudoflavor); -u32 gss_cmp_triples(u32 oid_len, char *oid_data, u32 qop, u32 service); -u32 gss_get_pseudoflavor(struct gss_ctx *ctx_id, u32 qop, u32 service); -u32 gss_pseudoflavor_to_service(u32 pseudoflavor); -/* Both return NULL on failure: */ -struct gss_api_mech * gss_pseudoflavor_to_mech(u32 pseudoflavor); -int gss_pseudoflavor_to_mechOID(u32 pseudoflavor, struct xdr_netobj *mech); - /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and - * mechanisms may be dynamically registered or unregistered by modules. - * Our only built-in mechanism is a trivial debugging mechanism that provides - * no actual security; the following function registers that mechanism: */ - -void gss_mech_register_debug(void); + * mechanisms may be dynamically registered or unregistered by modules. */ /* Each mechanism is described by the following struct: */ struct gss_api_mech { - struct xdr_netobj gm_oid; struct list_head gm_list; - atomic_t gm_count; + struct module *gm_owner; + struct xdr_netobj gm_oid; + char *gm_name; struct gss_api_ops *gm_ops; + /* pseudoflavors supported by this mechanism: */ + int gm_pf_num; + struct pf_desc * gm_pfs; }; /* and must provide the following operations: */ struct gss_api_ops { - char *name; - u32 (*gss_import_sec_context)( - struct xdr_netobj *input_token, + int (*gss_import_sec_context)( + const void *input_token, + size_t bufsize, struct gss_ctx *ctx_id); u32 (*gss_get_mic)( struct gss_ctx *ctx_id, - u32 qop, struct xdr_buf *message, struct xdr_netobj *mic_token); u32 (*gss_verify_mic)( struct gss_ctx *ctx_id, struct xdr_buf *message, - struct xdr_netobj *mic_token, - u32 *qstate); + struct xdr_netobj *mic_token); + u32 (*gss_wrap)( + struct gss_ctx *ctx_id, + int offset, + struct xdr_buf *outbuf, + struct page **inpages); + u32 (*gss_unwrap)( + struct gss_ctx *ctx_id, + int offset, + struct xdr_buf *buf); void (*gss_delete_sec_context)( void *internal_ctx_id); }; -/* Returns nonzero on failure. */ -int gss_mech_register(struct xdr_netobj *, struct gss_api_ops *); +int gss_mech_register(struct gss_api_mech *); +void gss_mech_unregister(struct gss_api_mech *); -/* Returns nonzero iff someone still has a reference to this mech. */ -int gss_mech_unregister(struct gss_api_mech *); - -/* Returns nonzer iff someone still has a reference to some mech. */ -int gss_mech_unregister_all(void); - -/* returns a mechanism descriptor given an OID, an increments the mechanism's +/* returns a mechanism descriptor given an OID, and increments the mechanism's * reference count. */ struct gss_api_mech * gss_mech_get_by_OID(struct xdr_netobj *); -/* Similar, but get by name like "krb5", "spkm", etc., instead of OID. */ -struct gss_api_mech *gss_mech_get_by_name(char *); +/* Returns a reference to a mechanism, given a name like "krb5" etc. */ +struct gss_api_mech *gss_mech_get_by_name(const char *); + +/* Similar, but get by pseudoflavor. */ +struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32); /* Just increments the mechanism's reference count and returns its input: */ struct gss_api_mech * gss_mech_get(struct gss_api_mech *); -/* Returns nonzero iff you've released the last reference to this mech. - * Note that for every succesful gss_get_mech call there must be exactly - * one corresponding call to gss_mech_put.*/ -int gss_mech_put(struct gss_api_mech *); +/* For every successful gss_mech_get or gss_mech_get_by_* call there must be a + * corresponding call to gss_mech_put. */ +void gss_mech_put(struct gss_api_mech *); #endif /* __KERNEL__ */ #endif /* _LINUX_SUNRPC_GSS_API_H */