diff options
| author | Trond Myklebust <trond.myklebust@fys.uio.no> | 2004-02-07 16:44:01 +0100 |
|---|---|---|
| committer | Trond Myklebust <trond.myklebust@fys.uio.no> | 2004-02-07 16:44:01 +0100 |
| commit | 955ac3514fc5eb754827bd69edbe09012b95beb8 (patch) | |
| tree | 6cfbc5880a3dce8a8b5396307d9b8dfff08baa90 /include/linux | |
| parent | 0ca8cb3651edc5932c5ff9ba3f72869bbc8a7ff5 (diff) | |
RPCSEC_GSS: Client-side only support for rpcsec_gss integrity
protection. Since this requires checksumming an entire request,
instead of just the header, and since the request may include,
for example, pages with write data, we modify the gss_api
routines to pass xdr_bufs instead of xdr_netobjs where
necessary.
We add rpcauth_wrap_req and rpcauth_unwrap_resp to rpcauth.c,
wrappers for the new rpc cred ops crwrap_req and crunwrap_req,
which are called just before encoding, and just after decoding,
respectively.
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/sunrpc/auth.h | 6 | ||||
| -rw-r--r-- | include/linux/sunrpc/gss_api.h | 9 | ||||
| -rw-r--r-- | include/linux/sunrpc/gss_krb5.h | 6 | ||||
| -rw-r--r-- | include/linux/sunrpc/xdr.h | 4 |
4 files changed, 18 insertions, 7 deletions
diff --git a/include/linux/sunrpc/auth.h b/include/linux/sunrpc/auth.h index 70cc3360e608..a68f18bf0a46 100644 --- a/include/linux/sunrpc/auth.h +++ b/include/linux/sunrpc/auth.h @@ -102,6 +102,10 @@ struct rpc_credops { u32 * (*crmarshal)(struct rpc_task *, u32 *, int); int (*crrefresh)(struct rpc_task *); u32 * (*crvalidate)(struct rpc_task *, u32 *); + int (*crwrap_req)(struct rpc_task *, kxdrproc_t, + void *, u32 *, void *); + int (*crunwrap_resp)(struct rpc_task *, kxdrproc_t, + void *, u32 *, void *); }; extern struct rpc_authops authunix_ops; @@ -124,6 +128,8 @@ void put_rpccred(struct rpc_cred *); void rpcauth_unbindcred(struct rpc_task *); u32 * rpcauth_marshcred(struct rpc_task *, u32 *); u32 * rpcauth_checkverf(struct rpc_task *, u32 *); +int rpcauth_wrap_req(struct rpc_task *task, kxdrproc_t encode, void *rqstp, u32 *data, void *obj); +int rpcauth_unwrap_resp(struct rpc_task *task, kxdrproc_t decode, void *rqstp, u32 *data, void *obj); int rpcauth_refreshcred(struct rpc_task *); void rpcauth_invalcred(struct rpc_task *); int rpcauth_uptodatecred(struct rpc_task *); diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h index 35988e7bfb77..cbb60ac22fd4 100644 --- a/include/linux/sunrpc/gss_api.h +++ b/include/linux/sunrpc/gss_api.h @@ -16,6 +16,7 @@ #ifdef __KERNEL__ #include <linux/sunrpc/xdr.h> +#include <linux/uio.h> /* The mechanism-independent gss-api context: */ struct gss_ctx { @@ -39,11 +40,11 @@ u32 gss_import_sec_context( u32 gss_get_mic( struct gss_ctx *ctx_id, u32 qop, - struct xdr_netobj *message, + struct xdr_buf *message, struct xdr_netobj *mic_token); u32 gss_verify_mic( struct gss_ctx *ctx_id, - struct xdr_netobj *message, + struct xdr_buf *message, struct xdr_netobj *mic_token, u32 *qstate); u32 gss_delete_sec_context( @@ -95,11 +96,11 @@ struct gss_api_ops { u32 (*gss_get_mic)( struct gss_ctx *ctx_id, u32 qop, - struct xdr_netobj *message, + struct xdr_buf *message, struct xdr_netobj *mic_token); u32 (*gss_verify_mic)( struct gss_ctx *ctx_id, - struct xdr_netobj *message, + struct xdr_buf *message, struct xdr_netobj *mic_token, u32 *qstate); void (*gss_delete_sec_context)( diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h index aac2ad4f7d56..9616746407f3 100644 --- a/include/linux/sunrpc/gss_krb5.h +++ b/include/linux/sunrpc/gss_krb5.h @@ -115,18 +115,18 @@ enum seal_alg { #define ENCTYPE_UNKNOWN 0x01ff s32 -krb5_make_checksum(s32 cksumtype, char *header, char *body, int body_len, +krb5_make_checksum(s32 cksumtype, char *header, struct xdr_buf *body, struct xdr_netobj *cksum); u32 krb5_make_token(struct krb5_ctx *context_handle, int qop_req, - struct xdr_netobj *input_message_buffer, + struct xdr_buf *input_message_buffer, struct xdr_netobj *output_message_buffer, int toktype); u32 krb5_read_token(struct krb5_ctx *context_handle, struct xdr_netobj *input_token_buffer, - struct xdr_netobj *message_buffer, + struct xdr_buf *message_buffer, int *qop_state, int toktype); u32 diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h index 2c6f76d1cc14..8082a0029100 100644 --- a/include/linux/sunrpc/xdr.h +++ b/include/linux/sunrpc/xdr.h @@ -141,6 +141,10 @@ void xdr_shift_iovec(struct iovec *, int, size_t); extern int xdr_kmap(struct iovec *, struct xdr_buf *, size_t); extern void xdr_kunmap(struct xdr_buf *, size_t); extern void xdr_shift_buf(struct xdr_buf *, size_t); +extern void _copy_from_pages(char *, struct page **, size_t, size_t); +extern void xdr_buf_from_iov(struct iovec *, struct xdr_buf *); +extern int xdr_buf_subsegment(struct xdr_buf *, struct xdr_buf *, int, int); +extern int xdr_buf_read_netobj(struct xdr_buf *, struct xdr_netobj *, int); /* * Helper structure for copying from an sk_buff. |