1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
/* SPDX-License-Identifier: GPL-2.0-or-later WITH Linux-syscall-note */
/* Types and definitions for AF_RXRPC.
*
* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*/
#ifndef _UAPI_LINUX_RXRPC_H
#define _UAPI_LINUX_RXRPC_H
#include <linux/types.h>
#include <linux/in.h>
#include <linux/in6.h>
/*
* RxRPC socket address
*/
struct sockaddr_rxrpc {
__kernel_sa_family_t srx_family; /* address family */
__u16 srx_service; /* service desired */
__u16 transport_type; /* type of transport socket (SOCK_DGRAM) */
__u16 transport_len; /* length of transport address */
union {
__kernel_sa_family_t family; /* transport address family */
struct sockaddr_in sin; /* IPv4 transport address */
struct sockaddr_in6 sin6; /* IPv6 transport address */
} transport;
};
/*
* RxRPC socket options
*/
#define RXRPC_SECURITY_KEY 1 /* [clnt] set client security key */
#define RXRPC_SECURITY_KEYRING 2 /* [srvr] set ring of server security keys */
#define RXRPC_EXCLUSIVE_CONNECTION 3 /* Deprecated; use RXRPC_EXCLUSIVE_CALL instead */
#define RXRPC_MIN_SECURITY_LEVEL 4 /* minimum security level */
#define RXRPC_UPGRADEABLE_SERVICE 5 /* Upgrade service[0] -> service[1] */
#define RXRPC_SUPPORTED_CMSG 6 /* Get highest supported control message type */
#define RXRPC_MANAGE_RESPONSE 7 /* [clnt] Want to manage RESPONSE packets */
/*
* RxRPC control messages
* - If neither abort or accept are specified, the message is a data message.
* - terminal messages mean that a user call ID tag can be recycled
* - C/S/- indicate whether these are applicable to client, server or both
* - s/r/- indicate whether these are applicable to sendmsg() and/or recvmsg()
*/
enum rxrpc_cmsg_type {
RXRPC_USER_CALL_ID = 1, /* -sr: User call ID specifier */
RXRPC_ABORT = 2, /* -sr: Abort request / notification [terminal] */
RXRPC_ACK = 3, /* S-r: RPC op final ACK received [terminal] */
RXRPC_NET_ERROR = 5, /* --r: Network error received [terminal] */
RXRPC_BUSY = 6, /* C-r: Server busy received [terminal] */
RXRPC_LOCAL_ERROR = 7, /* --r: Local error generated [terminal] */
RXRPC_NEW_CALL = 8, /* S-r: New incoming call notification */
RXRPC_EXCLUSIVE_CALL = 10, /* Cs-: Call should be on exclusive connection */
RXRPC_UPGRADE_SERVICE = 11, /* Cs-: Request service upgrade for client call */
RXRPC_TX_LENGTH = 12, /* -s-: Total length of Tx data */
RXRPC_SET_CALL_TIMEOUT = 13, /* -s-: Set one or more call timeouts */
RXRPC_CHARGE_ACCEPT = 14, /* Ss-: Charge the accept pool with a user call ID */
RXRPC_OOB_ID = 15, /* -sr: OOB message ID */
RXRPC_CHALLENGED = 16, /* C-r: Info on a received CHALLENGE */
RXRPC_RESPOND = 17, /* Cs-: Respond to a challenge */
RXRPC_RESPONDED = 18, /* S-r: Data received in RESPONSE */
RXRPC_RESP_RXGK_APPDATA = 19, /* Cs-: RESPONSE: RxGK app data to include */
RXRPC__SUPPORTED
};
/*
* RxRPC security levels
*/
#define RXRPC_SECURITY_PLAIN 0 /* plain secure-checksummed packets only */
#define RXRPC_SECURITY_AUTH 1 /* authenticated packets */
#define RXRPC_SECURITY_ENCRYPT 2 /* encrypted packets */
/*
* RxRPC security indices
*/
#define RXRPC_SECURITY_NONE 0 /* no security protocol */
#define RXRPC_SECURITY_RXKAD 2 /* kaserver or kerberos 4 */
#define RXRPC_SECURITY_RXGK 4 /* gssapi-based */
#define RXRPC_SECURITY_RXK5 5 /* kerberos 5 */
#define RXRPC_SECURITY_YFS_RXGK 6 /* YFS gssapi-based */
/*
* RxRPC-level abort codes
*/
#define RX_CALL_DEAD -1 /* call/conn has been inactive and is shut down */
#define RX_INVALID_OPERATION -2 /* invalid operation requested / attempted */
#define RX_CALL_TIMEOUT -3 /* call timeout exceeded */
#define RX_EOF -4 /* unexpected end of data on read op */
#define RX_PROTOCOL_ERROR -5 /* low-level protocol error */
#define RX_USER_ABORT -6 /* generic user abort */
#define RX_ADDRINUSE -7 /* UDP port in use */
#define RX_DEBUGI_BADTYPE -8 /* bad debugging packet type */
/*
* (un)marshalling abort codes (rxgen)
*/
#define RXGEN_CC_MARSHAL -450
#define RXGEN_CC_UNMARSHAL -451
#define RXGEN_SS_MARSHAL -452
#define RXGEN_SS_UNMARSHAL -453
#define RXGEN_DECODE -454
#define RXGEN_OPCODE -455
#define RXGEN_SS_XDRFREE -456
#define RXGEN_CC_XDRFREE -457
/*
* Rx kerberos security abort codes
* - unfortunately we have no generalised security abort codes to say things
* like "unsupported security", so we have to use these instead and hope the
* other side understands
*/
#define RXKADINCONSISTENCY 19270400 /* security module structure inconsistent */
#define RXKADPACKETSHORT 19270401 /* packet too short for security challenge */
#define RXKADLEVELFAIL 19270402 /* security level negotiation failed */
#define RXKADTICKETLEN 19270403 /* ticket length too short or too long */
#define RXKADOUTOFSEQUENCE 19270404 /* packet had bad sequence number */
#define RXKADNOAUTH 19270405 /* caller not authorised */
#define RXKADBADKEY 19270406 /* illegal key: bad parity or weak */
#define RXKADBADTICKET 19270407 /* security object was passed a bad ticket */
#define RXKADUNKNOWNKEY 19270408 /* ticket contained unknown key version number */
#define RXKADEXPIRED 19270409 /* authentication expired */
#define RXKADSEALEDINCON 19270410 /* sealed data inconsistent */
#define RXKADDATALEN 19270411 /* user data too long */
#define RXKADILLEGALLEVEL 19270412 /* caller not authorised to use encrypted conns */
/*
* RxGK GSSAPI security abort codes.
*/
#if 0 /* Original standard abort codes (used by OpenAFS) */
#define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */
#define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */
#define RXGK_BADCHALLENGE 1233242882 /* Invalid security challenge */
#define RXGK_BADETYPE 1233242883 /* Invalid or impermissible encryption type */
#define RXGK_BADLEVEL 1233242884 /* Invalid or impermissible security level */
#define RXGK_BADKEYNO 1233242885 /* Key version number not found */
#define RXGK_EXPIRED 1233242886 /* Token has expired */
#define RXGK_NOTAUTH 1233242887 /* Caller not authorized */
#define RXGK_BAD_TOKEN 1233242888 /* Security object was passed a bad token */
#define RXGK_SEALED_INCON 1233242889 /* Sealed data inconsistent */
#define RXGK_DATA_LEN 1233242890 /* User data too long */
#define RXGK_BAD_QOP 1233242891 /* Inadequate quality of protection available */
#else /* Revised standard abort codes (used by YFS) */
#define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */
#define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */
#define RXGK_BADCHALLENGE 1233242882 /* Security challenge/response failed */
#define RXGK_SEALEDINCON 1233242883 /* Sealed data is inconsistent */
#define RXGK_NOTAUTH 1233242884 /* Caller not authorised */
#define RXGK_EXPIRED 1233242885 /* Authentication expired */
#define RXGK_BADLEVEL 1233242886 /* Unsupported or not permitted security level */
#define RXGK_BADKEYNO 1233242887 /* Bad transport key number */
#define RXGK_NOTRXGK 1233242888 /* Security layer is not rxgk */
#define RXGK_UNSUPPORTED 1233242889 /* Endpoint does not support rxgk */
#define RXGK_GSSERROR 1233242890 /* GSSAPI mechanism error */
#endif
/*
* Challenge information in the RXRPC_CHALLENGED control message.
*/
struct rxrpc_challenge {
__u16 service_id; /* The service ID of the connection (may be upgraded) */
__u8 security_index; /* The security index of the connection */
__u8 pad; /* Round out to a multiple of 4 bytes. */
/* ... The security class gets to append extra information ... */
};
struct rxgk_challenge {
struct rxrpc_challenge base;
__u32 enctype; /* Krb5 encoding type */
};
#endif /* _UAPI_LINUX_RXRPC_H */
|
