1 | /* |
2 | * Copyright (c) 2007-2015 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | |
29 | #ifndef _NFS_NFS_GSS_H_ |
30 | #define _NFS_NFS_GSS_H_ |
31 | |
32 | #include "gss/gss_krb5_mech.h" |
33 | #include <gssd/gssd_mach.h> |
34 | #include <sys/param.h> |
35 | |
36 | #define RPCSEC_GSS 6 |
37 | #define RPCSEC_GSS_VERS_1 1 |
38 | |
39 | enum rpcsec_gss_proc { |
40 | RPCSEC_GSS_DATA = 0, |
41 | RPCSEC_GSS_INIT = 1, |
42 | RPCSEC_GSS_CONTINUE_INIT = 2, |
43 | RPCSEC_GSS_DESTROY = 3 |
44 | }; |
45 | |
46 | enum rpcsec_gss_service { |
47 | RPCSEC_GSS_SVC_NONE = 1, // sec=krb5 |
48 | RPCSEC_GSS_SVC_INTEGRITY = 2, // sec=krb5i |
49 | RPCSEC_GSS_SVC_PRIVACY = 3, // sec=krb5p |
50 | }; |
51 | |
52 | /* |
53 | * RFC 2203 and friends don't define maximums for token lengths |
54 | * and context handles. We try to pick reasonable values here. |
55 | * |
56 | * N.B. Kerberos mech tokens can be quite large from the output |
57 | * of a gss_init_sec_context if it includes a large PAC. |
58 | */ |
59 | |
60 | #define GSS_MAX_TOKEN_LEN 64*1024 |
61 | |
62 | /* |
63 | * Put a "reasonable" bound on MIC lengths |
64 | */ |
65 | #define GSS_MAX_MIC_LEN 2048 |
66 | |
67 | #define GSS_MAXSEQ 0x80000000 // The biggest sequence number |
68 | #define GSS_SVC_MAXCONTEXTS 500000 // Max contexts supported |
69 | #define GSS_SVC_SEQWINDOW 256 // Server's sequence window |
70 | |
71 | #define MAX_SKEYLEN 32 |
72 | #define MAX_LUCIDLEN (sizeof (lucid_context) + MAX_SKEYLEN) |
73 | |
74 | /* |
75 | * The server's RPCSEC_GSS context information |
76 | */ |
77 | struct nfs_gss_svc_ctx { |
78 | lck_mtx_t gss_svc_mtx; |
79 | LIST_ENTRY(nfs_gss_svc_ctx) gss_svc_entries; |
80 | uint32_t gss_svc_handle; // Identifies server context to client |
81 | uint32_t gss_svc_refcnt; // Reference count |
82 | uint32_t gss_svc_proc; // Current GSS proc from cred |
83 | uid_t gss_svc_uid; // UID of this user |
84 | gid_t gss_svc_gids[NGROUPS]; // GIDs of this user |
85 | uint32_t gss_svc_ngroups; // Count of gids |
86 | uint64_t gss_svc_incarnation; // Delete ctx if we exceed this + ttl value |
87 | uint32_t gss_svc_seqmax; // Current max GSS sequence number |
88 | uint32_t gss_svc_seqwin; // GSS sequence number window |
89 | uint32_t *gss_svc_seqbits; // Bitmap to track seq numbers |
90 | gssd_cred gss_svc_cred_handle; // Opaque cred handle from gssd |
91 | gssd_ctx gss_svc_context; // Opaque context handle from gssd |
92 | gss_ctx_id_t gss_svc_ctx_id; // Underlying gss context |
93 | u_char *gss_svc_token; // GSS token exchanged via gssd & client |
94 | uint32_t gss_svc_tokenlen; // Length of token |
95 | uint32_t gss_svc_major; // GSS major result from gssd |
96 | uint32_t gss_svc_minor; // GSS minor result from gssd |
97 | }; |
98 | |
99 | #define SVC_CTX_HASHSZ 64 |
100 | #define SVC_CTX_HASH(handle) ((handle) % SVC_CTX_HASHSZ) |
101 | LIST_HEAD(nfs_gss_svc_ctx_hashhead, nfs_gss_svc_ctx); |
102 | |
103 | /* |
104 | * Macros to manipulate bits in the sequence window |
105 | */ |
106 | #define win_getbit(bits, bit) ((bits[(bit) / 32] & (1 << (bit) % 32)) != 0) |
107 | #define win_setbit(bits, bit) do { bits[(bit) / 32] |= (1 << (bit) % 32); } while (0) |
108 | #define win_resetbit(bits, bit) do { bits[(bit) / 32] &= ~(1 << (bit) % 32); } while (0) |
109 | |
110 | /* |
111 | * Server context stale times |
112 | */ |
113 | #define GSS_CTX_PEND 5 // seconds |
114 | #define GSS_CTX_EXPIRE (8 * 3600) // seconds |
115 | #define GSS_CTX_TTL_MIN 1 // seconds |
116 | #define GSS_TIMER_PERIOD 300 // seconds |
117 | #define MSECS_PER_SEC 1000 |
118 | |
119 | __BEGIN_DECLS |
120 | |
121 | void nfs_gss_svc_init(void); |
122 | int nfs_gss_svc_cred_get(struct nfsrv_descript *, struct nfsm_chain *); |
123 | int nfs_gss_svc_verf_put(struct nfsrv_descript *, struct nfsm_chain *); |
124 | int nfs_gss_svc_ctx_init(struct nfsrv_descript *, struct nfsrv_sock *, mbuf_t *); |
125 | int nfs_gss_svc_prepare_reply(struct nfsrv_descript *, struct nfsm_chain *); |
126 | int nfs_gss_svc_protect_reply(struct nfsrv_descript *, mbuf_t); |
127 | void nfs_gss_svc_ctx_deref(struct nfs_gss_svc_ctx *); |
128 | void nfs_gss_svc_cleanup(void); |
129 | |
130 | __END_DECLS |
131 | #endif /* _NFS_NFS_GSS_H_ */ |
132 | |