| 1 | /* SPDX-License-Identifier: GPL-2.0-or-later WITH Linux-syscall-note */ |
|---|
| 2 | /* Types and definitions for AF_RXRPC. |
|---|
| 3 | * |
|---|
| 4 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. |
|---|
| 5 | * Written by David Howells (dhowells@redhat.com) |
|---|
| 6 | */ |
|---|
| 7 | |
|---|
| 8 | #ifndef _UAPI_LINUX_RXRPC_H |
|---|
| 9 | #define _UAPI_LINUX_RXRPC_H |
|---|
| 10 | |
|---|
| 11 | #include <linux/types.h> |
|---|
| 12 | #include <linux/in.h> |
|---|
| 13 | #include <linux/in6.h> |
|---|
| 14 | |
|---|
| 15 | /* |
|---|
| 16 | * RxRPC socket address |
|---|
| 17 | */ |
|---|
| 18 | struct sockaddr_rxrpc { |
|---|
| 19 | __kernel_sa_family_t srx_family; /* address family */ |
|---|
| 20 | __u16 srx_service; /* service desired */ |
|---|
| 21 | __u16 transport_type; /* type of transport socket (SOCK_DGRAM) */ |
|---|
| 22 | __u16 transport_len; /* length of transport address */ |
|---|
| 23 | union { |
|---|
| 24 | __kernel_sa_family_t family; /* transport address family */ |
|---|
| 25 | struct sockaddr_in sin; /* IPv4 transport address */ |
|---|
| 26 | struct sockaddr_in6 sin6; /* IPv6 transport address */ |
|---|
| 27 | } transport; |
|---|
| 28 | }; |
|---|
| 29 | |
|---|
| 30 | /* |
|---|
| 31 | * RxRPC socket options |
|---|
| 32 | */ |
|---|
| 33 | #define RXRPC_SECURITY_KEY 1 /* [clnt] set client security key */ |
|---|
| 34 | #define RXRPC_SECURITY_KEYRING 2 /* [srvr] set ring of server security keys */ |
|---|
| 35 | #define RXRPC_EXCLUSIVE_CONNECTION 3 /* Deprecated; use RXRPC_EXCLUSIVE_CALL instead */ |
|---|
| 36 | #define RXRPC_MIN_SECURITY_LEVEL 4 /* minimum security level */ |
|---|
| 37 | #define RXRPC_UPGRADEABLE_SERVICE 5 /* Upgrade service[0] -> service[1] */ |
|---|
| 38 | #define RXRPC_SUPPORTED_CMSG 6 /* Get highest supported control message type */ |
|---|
| 39 | #define RXRPC_MANAGE_RESPONSE 7 /* [clnt] Want to manage RESPONSE packets */ |
|---|
| 40 | |
|---|
| 41 | /* |
|---|
| 42 | * RxRPC control messages |
|---|
| 43 | * - If neither abort or accept are specified, the message is a data message. |
|---|
| 44 | * - terminal messages mean that a user call ID tag can be recycled |
|---|
| 45 | * - C/S/- indicate whether these are applicable to client, server or both |
|---|
| 46 | * - s/r/- indicate whether these are applicable to sendmsg() and/or recvmsg() |
|---|
| 47 | */ |
|---|
| 48 | enum rxrpc_cmsg_type { |
|---|
| 49 | RXRPC_USER_CALL_ID = 1, /* -sr: User call ID specifier */ |
|---|
| 50 | RXRPC_ABORT = 2, /* -sr: Abort request / notification [terminal] */ |
|---|
| 51 | RXRPC_ACK = 3, /* S-r: RPC op final ACK received [terminal] */ |
|---|
| 52 | RXRPC_NET_ERROR = 5, /* --r: Network error received [terminal] */ |
|---|
| 53 | RXRPC_BUSY = 6, /* C-r: Server busy received [terminal] */ |
|---|
| 54 | RXRPC_LOCAL_ERROR = 7, /* --r: Local error generated [terminal] */ |
|---|
| 55 | RXRPC_NEW_CALL = 8, /* S-r: New incoming call notification */ |
|---|
| 56 | RXRPC_EXCLUSIVE_CALL = 10, /* Cs-: Call should be on exclusive connection */ |
|---|
| 57 | RXRPC_UPGRADE_SERVICE = 11, /* Cs-: Request service upgrade for client call */ |
|---|
| 58 | RXRPC_TX_LENGTH = 12, /* -s-: Total length of Tx data */ |
|---|
| 59 | RXRPC_SET_CALL_TIMEOUT = 13, /* -s-: Set one or more call timeouts */ |
|---|
| 60 | RXRPC_CHARGE_ACCEPT = 14, /* Ss-: Charge the accept pool with a user call ID */ |
|---|
| 61 | RXRPC_OOB_ID = 15, /* -sr: OOB message ID */ |
|---|
| 62 | RXRPC_CHALLENGED = 16, /* C-r: Info on a received CHALLENGE */ |
|---|
| 63 | RXRPC_RESPOND = 17, /* Cs-: Respond to a challenge */ |
|---|
| 64 | RXRPC_RESPONDED = 18, /* S-r: Data received in RESPONSE */ |
|---|
| 65 | RXRPC_RESP_RXGK_APPDATA = 19, /* Cs-: RESPONSE: RxGK app data to include */ |
|---|
| 66 | RXRPC__SUPPORTED |
|---|
| 67 | }; |
|---|
| 68 | |
|---|
| 69 | /* |
|---|
| 70 | * RxRPC security levels |
|---|
| 71 | */ |
|---|
| 72 | #define RXRPC_SECURITY_PLAIN 0 /* plain secure-checksummed packets only */ |
|---|
| 73 | #define RXRPC_SECURITY_AUTH 1 /* authenticated packets */ |
|---|
| 74 | #define RXRPC_SECURITY_ENCRYPT 2 /* encrypted packets */ |
|---|
| 75 | |
|---|
| 76 | /* |
|---|
| 77 | * RxRPC security indices |
|---|
| 78 | */ |
|---|
| 79 | #define RXRPC_SECURITY_NONE 0 /* no security protocol */ |
|---|
| 80 | #define RXRPC_SECURITY_RXKAD 2 /* kaserver or kerberos 4 */ |
|---|
| 81 | #define RXRPC_SECURITY_RXGK 4 /* gssapi-based */ |
|---|
| 82 | #define RXRPC_SECURITY_RXK5 5 /* kerberos 5 */ |
|---|
| 83 | #define RXRPC_SECURITY_YFS_RXGK 6 /* YFS gssapi-based */ |
|---|
| 84 | |
|---|
| 85 | /* |
|---|
| 86 | * RxRPC-level abort codes |
|---|
| 87 | */ |
|---|
| 88 | #define RX_CALL_DEAD -1 /* call/conn has been inactive and is shut down */ |
|---|
| 89 | #define RX_INVALID_OPERATION -2 /* invalid operation requested / attempted */ |
|---|
| 90 | #define RX_CALL_TIMEOUT -3 /* call timeout exceeded */ |
|---|
| 91 | #define RX_EOF -4 /* unexpected end of data on read op */ |
|---|
| 92 | #define RX_PROTOCOL_ERROR -5 /* low-level protocol error */ |
|---|
| 93 | #define RX_USER_ABORT -6 /* generic user abort */ |
|---|
| 94 | #define RX_ADDRINUSE -7 /* UDP port in use */ |
|---|
| 95 | #define RX_DEBUGI_BADTYPE -8 /* bad debugging packet type */ |
|---|
| 96 | |
|---|
| 97 | /* |
|---|
| 98 | * (un)marshalling abort codes (rxgen) |
|---|
| 99 | */ |
|---|
| 100 | #define RXGEN_CC_MARSHAL -450 |
|---|
| 101 | #define RXGEN_CC_UNMARSHAL -451 |
|---|
| 102 | #define RXGEN_SS_MARSHAL -452 |
|---|
| 103 | #define RXGEN_SS_UNMARSHAL -453 |
|---|
| 104 | #define RXGEN_DECODE -454 |
|---|
| 105 | #define RXGEN_OPCODE -455 |
|---|
| 106 | #define RXGEN_SS_XDRFREE -456 |
|---|
| 107 | #define RXGEN_CC_XDRFREE -457 |
|---|
| 108 | |
|---|
| 109 | /* |
|---|
| 110 | * Rx kerberos security abort codes |
|---|
| 111 | * - unfortunately we have no generalised security abort codes to say things |
|---|
| 112 | * like "unsupported security", so we have to use these instead and hope the |
|---|
| 113 | * other side understands |
|---|
| 114 | */ |
|---|
| 115 | #define RXKADINCONSISTENCY 19270400 /* security module structure inconsistent */ |
|---|
| 116 | #define RXKADPACKETSHORT 19270401 /* packet too short for security challenge */ |
|---|
| 117 | #define RXKADLEVELFAIL 19270402 /* security level negotiation failed */ |
|---|
| 118 | #define RXKADTICKETLEN 19270403 /* ticket length too short or too long */ |
|---|
| 119 | #define RXKADOUTOFSEQUENCE 19270404 /* packet had bad sequence number */ |
|---|
| 120 | #define RXKADNOAUTH 19270405 /* caller not authorised */ |
|---|
| 121 | #define RXKADBADKEY 19270406 /* illegal key: bad parity or weak */ |
|---|
| 122 | #define RXKADBADTICKET 19270407 /* security object was passed a bad ticket */ |
|---|
| 123 | #define RXKADUNKNOWNKEY 19270408 /* ticket contained unknown key version number */ |
|---|
| 124 | #define RXKADEXPIRED 19270409 /* authentication expired */ |
|---|
| 125 | #define RXKADSEALEDINCON 19270410 /* sealed data inconsistent */ |
|---|
| 126 | #define RXKADDATALEN 19270411 /* user data too long */ |
|---|
| 127 | #define RXKADILLEGALLEVEL 19270412 /* caller not authorised to use encrypted conns */ |
|---|
| 128 | |
|---|
| 129 | /* |
|---|
| 130 | * RxGK GSSAPI security abort codes. |
|---|
| 131 | */ |
|---|
| 132 | #if 0 /* Original standard abort codes (used by OpenAFS) */ |
|---|
| 133 | #define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */ |
|---|
| 134 | #define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */ |
|---|
| 135 | #define RXGK_BADCHALLENGE 1233242882 /* Invalid security challenge */ |
|---|
| 136 | #define RXGK_BADETYPE 1233242883 /* Invalid or impermissible encryption type */ |
|---|
| 137 | #define RXGK_BADLEVEL 1233242884 /* Invalid or impermissible security level */ |
|---|
| 138 | #define RXGK_BADKEYNO 1233242885 /* Key version number not found */ |
|---|
| 139 | #define RXGK_EXPIRED 1233242886 /* Token has expired */ |
|---|
| 140 | #define RXGK_NOTAUTH 1233242887 /* Caller not authorized */ |
|---|
| 141 | #define RXGK_BAD_TOKEN 1233242888 /* Security object was passed a bad token */ |
|---|
| 142 | #define RXGK_SEALED_INCON 1233242889 /* Sealed data inconsistent */ |
|---|
| 143 | #define RXGK_DATA_LEN 1233242890 /* User data too long */ |
|---|
| 144 | #define RXGK_BAD_QOP 1233242891 /* Inadequate quality of protection available */ |
|---|
| 145 | #else /* Revised standard abort codes (used by YFS) */ |
|---|
| 146 | #define RXGK_INCONSISTENCY 1233242880 /* Security module structure inconsistent */ |
|---|
| 147 | #define RXGK_PACKETSHORT 1233242881 /* Packet too short for security challenge */ |
|---|
| 148 | #define RXGK_BADCHALLENGE 1233242882 /* Security challenge/response failed */ |
|---|
| 149 | #define RXGK_SEALEDINCON 1233242883 /* Sealed data is inconsistent */ |
|---|
| 150 | #define RXGK_NOTAUTH 1233242884 /* Caller not authorised */ |
|---|
| 151 | #define RXGK_EXPIRED 1233242885 /* Authentication expired */ |
|---|
| 152 | #define RXGK_BADLEVEL 1233242886 /* Unsupported or not permitted security level */ |
|---|
| 153 | #define RXGK_BADKEYNO 1233242887 /* Bad transport key number */ |
|---|
| 154 | #define RXGK_NOTRXGK 1233242888 /* Security layer is not rxgk */ |
|---|
| 155 | #define RXGK_UNSUPPORTED 1233242889 /* Endpoint does not support rxgk */ |
|---|
| 156 | #define RXGK_GSSERROR 1233242890 /* GSSAPI mechanism error */ |
|---|
| 157 | #endif |
|---|
| 158 | |
|---|
| 159 | /* |
|---|
| 160 | * Challenge information in the RXRPC_CHALLENGED control message. |
|---|
| 161 | */ |
|---|
| 162 | struct rxrpc_challenge { |
|---|
| 163 | __u16 service_id; /* The service ID of the connection (may be upgraded) */ |
|---|
| 164 | __u8 security_index; /* The security index of the connection */ |
|---|
| 165 | __u8 pad; /* Round out to a multiple of 4 bytes. */ |
|---|
| 166 | /* ... The security class gets to append extra information ... */ |
|---|
| 167 | }; |
|---|
| 168 | |
|---|
| 169 | struct rxgk_challenge { |
|---|
| 170 | struct rxrpc_challenge base; |
|---|
| 171 | __u32 enctype; /* Krb5 encoding type */ |
|---|
| 172 | }; |
|---|
| 173 | |
|---|
| 174 | #endif /* _UAPI_LINUX_RXRPC_H */ |
|---|
| 175 | |
|---|
