1/*
2 * Copyright (c) 2007-2015 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29#ifndef _NFS_NFS_GSS_H_
30#define _NFS_NFS_GSS_H_
31
32#include "gss/gss_krb5_mech.h"
33#include <gssd/gssd_mach.h>
34#include <sys/param.h>
35
36#define RPCSEC_GSS 6
37#define RPCSEC_GSS_VERS_1 1
38
39enum rpcsec_gss_proc {
40 RPCSEC_GSS_DATA = 0,
41 RPCSEC_GSS_INIT = 1,
42 RPCSEC_GSS_CONTINUE_INIT = 2,
43 RPCSEC_GSS_DESTROY = 3
44};
45
46enum rpcsec_gss_service {
47 RPCSEC_GSS_SVC_NONE = 1, // sec=krb5
48 RPCSEC_GSS_SVC_INTEGRITY = 2, // sec=krb5i
49 RPCSEC_GSS_SVC_PRIVACY = 3, // sec=krb5p
50};
51
52/*
53 * RFC 2203 and friends don't define maximums for token lengths
54 * and context handles. We try to pick reasonable values here.
55 *
56 * N.B. Kerberos mech tokens can be quite large from the output
57 * of a gss_init_sec_context if it includes a large PAC.
58 */
59
60#define GSS_MAX_TOKEN_LEN 64*1024
61
62/*
63 * Put a "reasonable" bound on MIC lengths
64 */
65#define GSS_MAX_MIC_LEN 2048
66
67#define GSS_MAXSEQ 0x80000000 // The biggest sequence number
68#define GSS_SVC_MAXCONTEXTS 500000 // Max contexts supported
69#define GSS_SVC_SEQWINDOW 256 // Server's sequence window
70
71#define MAX_SKEYLEN 32
72#define MAX_LUCIDLEN (sizeof (lucid_context) + MAX_SKEYLEN)
73
74/*
75 * The server's RPCSEC_GSS context information
76 */
77struct nfs_gss_svc_ctx {
78 lck_mtx_t gss_svc_mtx;
79 LIST_ENTRY(nfs_gss_svc_ctx) gss_svc_entries;
80 uint32_t gss_svc_handle; // Identifies server context to client
81 uint32_t gss_svc_refcnt; // Reference count
82 uint32_t gss_svc_proc; // Current GSS proc from cred
83 uid_t gss_svc_uid; // UID of this user
84 gid_t gss_svc_gids[NGROUPS]; // GIDs of this user
85 uint32_t gss_svc_ngroups; // Count of gids
86 uint64_t gss_svc_incarnation; // Delete ctx if we exceed this + ttl value
87 uint32_t gss_svc_seqmax; // Current max GSS sequence number
88 uint32_t gss_svc_seqwin; // GSS sequence number window
89 uint32_t *gss_svc_seqbits; // Bitmap to track seq numbers
90 gssd_cred gss_svc_cred_handle; // Opaque cred handle from gssd
91 gssd_ctx gss_svc_context; // Opaque context handle from gssd
92 gss_ctx_id_t gss_svc_ctx_id; // Underlying gss context
93 u_char *gss_svc_token; // GSS token exchanged via gssd & client
94 uint32_t gss_svc_tokenlen; // Length of token
95 uint32_t gss_svc_major; // GSS major result from gssd
96 uint32_t gss_svc_minor; // GSS minor result from gssd
97};
98
99#define SVC_CTX_HASHSZ 64
100#define SVC_CTX_HASH(handle) ((handle) % SVC_CTX_HASHSZ)
101LIST_HEAD(nfs_gss_svc_ctx_hashhead, nfs_gss_svc_ctx);
102
103/*
104 * Macros to manipulate bits in the sequence window
105 */
106#define win_getbit(bits, bit) ((bits[(bit) / 32] & (1 << (bit) % 32)) != 0)
107#define win_setbit(bits, bit) do { bits[(bit) / 32] |= (1 << (bit) % 32); } while (0)
108#define win_resetbit(bits, bit) do { bits[(bit) / 32] &= ~(1 << (bit) % 32); } while (0)
109
110/*
111 * Server context stale times
112 */
113#define GSS_CTX_PEND 5 // seconds
114#define GSS_CTX_EXPIRE (8 * 3600) // seconds
115#define GSS_CTX_TTL_MIN 1 // seconds
116#define GSS_TIMER_PERIOD 300 // seconds
117#define MSECS_PER_SEC 1000
118
119__BEGIN_DECLS
120
121void nfs_gss_svc_init(void);
122int nfs_gss_svc_cred_get(struct nfsrv_descript *, struct nfsm_chain *);
123int nfs_gss_svc_verf_put(struct nfsrv_descript *, struct nfsm_chain *);
124int nfs_gss_svc_ctx_init(struct nfsrv_descript *, struct nfsrv_sock *, mbuf_t *);
125int nfs_gss_svc_prepare_reply(struct nfsrv_descript *, struct nfsm_chain *);
126int nfs_gss_svc_protect_reply(struct nfsrv_descript *, mbuf_t);
127void nfs_gss_svc_ctx_deref(struct nfs_gss_svc_ctx *);
128void nfs_gss_svc_cleanup(void);
129
130__END_DECLS
131#endif /* _NFS_NFS_GSS_H_ */
132