1/*
2 * Copyright (c) 2007-2015 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29#ifndef _NFS_NFS_GSS_H_
30#define _NFS_NFS_GSS_H_
31
32#include "gss/gss_krb5_mech.h"
33#include <gssd/gssd_mach.h>
34#include <sys/param.h>
35#include <nfs/nfs_ioctl.h>
36
37#define RPCSEC_GSS 6
38#define RPCSEC_GSS_VERS_1 1
39
40enum rpcsec_gss_proc {
41 RPCSEC_GSS_DATA = 0,
42 RPCSEC_GSS_INIT = 1,
43 RPCSEC_GSS_CONTINUE_INIT = 2,
44 RPCSEC_GSS_DESTROY = 3
45};
46
47enum rpcsec_gss_service {
48 RPCSEC_GSS_SVC_NONE = 1, // sec=krb5
49 RPCSEC_GSS_SVC_INTEGRITY = 2, // sec=krb5i
50 RPCSEC_GSS_SVC_PRIVACY = 3, // sec=krb5p
51};
52
53/* encoded krb5 OID */
54extern u_char krb5_mech_oid[11];
55
56
57/*
58 * RFC 2203 and friends don't define maximums for token lengths
59 * and context handles. We try to pick reasonable values here.
60 *
61 * N.B. Kerberos mech tokens can be quite large from the output
62 * of a gss_init_sec_context if it includes a large PAC.
63 */
64
65#define GSS_MAX_CTX_HANDLE_LEN 256
66#define GSS_MAX_TOKEN_LEN 64*1024
67
68/*
69 * Put a "reasonble" bound on MIC lengths
70 */
71#define GSS_MAX_MIC_LEN 2048
72
73#define GSS_MAXSEQ 0x80000000 // The biggest sequence number
74#define GSS_SVC_MAXCONTEXTS 500000 // Max contexts supported
75#define GSS_SVC_SEQWINDOW 256 // Server's sequence window
76#define GSS_CLNT_SEQLISTMAX 32 // Max length of req seq num list
77
78#define MAX_SKEYLEN 32
79#define MAX_LUCIDLEN (sizeof (lucid_context) + MAX_SKEYLEN)
80#define GSS_MAX_NEG_CACHE_ENTRIES 16
81#define GSS_NEG_CACHE_TO 3
82#define GSS_PRINT_DELAY (8 * 3600) // Wait day before printing the same error message
83
84/*
85 * The client's RPCSEC_GSS context information
86 */
87struct nfs_gss_clnt_ctx {
88 lck_mtx_t *gss_clnt_mtx;
89 thread_t gss_clnt_thread; // Thread creating context
90 TAILQ_ENTRY(nfs_gss_clnt_ctx) gss_clnt_entries;
91 uint32_t gss_clnt_flags; // Flag bits - see below
92 int32_t gss_clnt_refcnt; // Reference count
93 kauth_cred_t gss_clnt_cred; // Owner of this context
94 uint8_t *gss_clnt_principal; // Principal to use for this credential
95 uint32_t gss_clnt_prinlen; // Length of principal
96 gssd_nametype gss_clnt_prinnt; // Name type of principal
97 char *gss_clnt_display; // display name of principal
98 uint32_t gss_clnt_proc; // Current GSS proc for cred
99 uint32_t gss_clnt_seqnum; // GSS sequence number
100 uint32_t gss_clnt_service; // Indicates krb5, krb5i or krb5p
101 uint8_t *gss_clnt_handle; // Identifies server context
102 uint32_t gss_clnt_handle_len; // Size of server's ctx handle
103 time_t gss_clnt_nctime; // When context was put in the negative cache
104 uint32_t gss_clnt_seqwin; // Server's seq num window
105 uint32_t *gss_clnt_seqbits; // Bitmap to track seq numbers in use
106 mach_port_t gss_clnt_mport; // Mach port for gssd upcall
107 uint32_t gss_clnt_verflen; // RPC verifier length from server
108 uint8_t *gss_clnt_verf; // RPC verifier from server
109 uint8_t *gss_clnt_svcname; // Service name e.g. "nfs/big.apple.com"
110 uint32_t gss_clnt_svcnamlen; // Service name length
111 gssd_nametype gss_clnt_svcnt; // Service name type
112 gssd_cred gss_clnt_cred_handle; // Opaque cred handle from gssd
113 gssd_ctx gss_clnt_context; // Opaque context handle from gssd
114 gss_ctx_id_t gss_clnt_ctx_id; // Underlying gss context
115 uint8_t *gss_clnt_token; // GSS token exchanged via gssd & server
116 uint32_t gss_clnt_tokenlen; // Length of token
117 uint32_t gss_clnt_gssd_flags; // Special flag bits to gssd
118 uint32_t gss_clnt_major; // GSS major result from gssd or server
119 uint32_t gss_clnt_minor; // GSS minor result from gssd or server
120 time_t gss_clnt_ptime; // When last error message was printed
121};
122
123/*
124 * gss_clnt_flags
125 */
126#define GSS_CTX_COMPLETE 0x00000001 // Context is complete
127#define GSS_CTX_INVAL 0x00000002 // Context is invalid
128#define GSS_CTX_STICKY 0x00000004 // Context has been set by user
129#define GSS_NEEDSEQ 0x00000008 // Need a sequence number
130#define GSS_NEEDCTX 0x00000010 // Need the context
131#define GSS_CTX_DESTROY 0x00000020 // Context is being destroyed, don't cache
132
133/*
134 * The server's RPCSEC_GSS context information
135 */
136struct nfs_gss_svc_ctx {
137 lck_mtx_t *gss_svc_mtx;
138 LIST_ENTRY(nfs_gss_svc_ctx) gss_svc_entries;
139 uint32_t gss_svc_handle; // Identifies server context to client
140 uint32_t gss_svc_refcnt; // Reference count
141 uint32_t gss_svc_proc; // Current GSS proc from cred
142 uid_t gss_svc_uid; // UID of this user
143 gid_t gss_svc_gids[NGROUPS]; // GIDs of this user
144 uint32_t gss_svc_ngroups; // Count of gids
145 uint64_t gss_svc_incarnation; // Delete ctx if we exceed this + ttl value
146 uint32_t gss_svc_seqmax; // Current max GSS sequence number
147 uint32_t gss_svc_seqwin; // GSS sequence number window
148 uint32_t *gss_svc_seqbits; // Bitmap to track seq numbers
149 gssd_cred gss_svc_cred_handle; // Opaque cred handle from gssd
150 gssd_ctx gss_svc_context; // Opaque context handle from gssd
151 gss_ctx_id_t gss_svc_ctx_id; // Underlying gss context
152 u_char *gss_svc_token; // GSS token exchanged via gssd & client
153 uint32_t gss_svc_tokenlen; // Length of token
154 uint32_t gss_svc_major; // GSS major result from gssd
155 uint32_t gss_svc_minor; // GSS minor result from gssd
156};
157
158#define SVC_CTX_HASHSZ 64
159#define SVC_CTX_HASH(handle) ((handle) % SVC_CTX_HASHSZ)
160LIST_HEAD(nfs_gss_svc_ctx_hashhead, nfs_gss_svc_ctx);
161
162/*
163 * Macros to manipulate bits in the sequence window
164 */
165#define win_getbit(bits, bit) ((bits[(bit) / 32] & (1 << (bit) % 32)) != 0)
166#define win_setbit(bits, bit) do { bits[(bit) / 32] |= (1 << (bit) % 32); } while (0)
167#define win_resetbit(bits, bit) do { bits[(bit) / 32] &= ~(1 << (bit) % 32); } while (0)
168
169/*
170 * Server context stale times
171 */
172#define GSS_CTX_PEND 5 // seconds
173#define GSS_CTX_EXPIRE (8 * 3600) // seconds
174#define GSS_CTX_TTL_MIN 1 // seconds
175#define GSS_TIMER_PERIOD 300 // seconds
176#define MSECS_PER_SEC 1000
177
178#define auth_is_kerberized(auth) \
179 (auth == RPCAUTH_KRB5 || \
180 auth == RPCAUTH_KRB5I || \
181 auth == RPCAUTH_KRB5P)
182
183__BEGIN_DECLS
184
185void nfs_gss_init(void);
186uid_t nfs_cred_getasid2uid(kauth_cred_t);
187int nfs_gss_clnt_cred_put(struct nfsreq *, struct nfsm_chain *, mbuf_t);
188int nfs_gss_clnt_verf_get(struct nfsreq *, struct nfsm_chain *,
189 uint32_t, uint32_t, uint32_t *);
190void nfs_gss_clnt_rpcdone(struct nfsreq *);
191int nfs_gss_clnt_args_restore(struct nfsreq *);
192int nfs_gss_clnt_ctx_renew(struct nfsreq *);
193void nfs_gss_clnt_ctx_ref(struct nfsreq *, struct nfs_gss_clnt_ctx *);
194void nfs_gss_clnt_ctx_unref(struct nfsreq *);
195void nfs_gss_clnt_ctx_unmount(struct nfsmount *);
196int nfs_gss_clnt_ctx_remove(struct nfsmount *, kauth_cred_t);
197int nfs_gss_clnt_ctx_set_principal(struct nfsmount *, vfs_context_t, uint8_t *, uint32_t, uint32_t);
198int nfs_gss_clnt_ctx_get_principal(struct nfsmount *, vfs_context_t, struct user_nfs_gss_principal *);
199int nfs_gss_svc_cred_get(struct nfsrv_descript *, struct nfsm_chain *);
200int nfs_gss_svc_verf_put(struct nfsrv_descript *, struct nfsm_chain *);
201int nfs_gss_svc_ctx_init(struct nfsrv_descript *, struct nfsrv_sock *, mbuf_t *);
202int nfs_gss_svc_prepare_reply(struct nfsrv_descript *, struct nfsm_chain *);
203int nfs_gss_svc_protect_reply(struct nfsrv_descript *, mbuf_t);
204void nfs_gss_svc_ctx_deref(struct nfs_gss_svc_ctx *);
205void nfs_gss_svc_cleanup(void);
206
207__END_DECLS
208#endif /* _NFS_NFS_GSS_H_ */
209