source: src/linux/universal/linux-4.4/net/sunrpc/auth_gss/auth_gss.c @ 31885

Last change on this file since 31885 was 31885, checked in by brainslayer, 5 weeks ago

update

File size: 53.1 KB
Line 
1/*
2 * linux/net/sunrpc/auth_gss/auth_gss.c
3 *
4 * RPCSEC_GSS client authentication.
5 *
6 *  Copyright (c) 2000 The Regents of the University of Michigan.
7 *  All rights reserved.
8 *
9 *  Dug Song       <dugsong@monkey.org>
10 *  Andy Adamson   <andros@umich.edu>
11 *
12 *  Redistribution and use in source and binary forms, with or without
13 *  modification, are permitted provided that the following conditions
14 *  are met:
15 *
16 *  1. Redistributions of source code must retain the above copyright
17 *     notice, this list of conditions and the following disclaimer.
18 *  2. Redistributions in binary form must reproduce the above copyright
19 *     notice, this list of conditions and the following disclaimer in the
20 *     documentation and/or other materials provided with the distribution.
21 *  3. Neither the name of the University nor the names of its
22 *     contributors may be used to endorse or promote products derived
23 *     from this software without specific prior written permission.
24 *
25 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
26 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 */
37
38
39#include <linux/module.h>
40#include <linux/init.h>
41#include <linux/types.h>
42#include <linux/slab.h>
43#include <linux/sched.h>
44#include <linux/pagemap.h>
45#include <linux/sunrpc/clnt.h>
46#include <linux/sunrpc/auth.h>
47#include <linux/sunrpc/auth_gss.h>
48#include <linux/sunrpc/svcauth_gss.h>
49#include <linux/sunrpc/gss_err.h>
50#include <linux/workqueue.h>
51#include <linux/sunrpc/rpc_pipe_fs.h>
52#include <linux/sunrpc/gss_api.h>
53#include <asm/uaccess.h>
54#include <linux/hashtable.h>
55
56#include "../netns.h"
57
58static const struct rpc_authops authgss_ops;
59
60static const struct rpc_credops gss_credops;
61static const struct rpc_credops gss_nullops;
62
63#define GSS_RETRY_EXPIRED 5
64static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
65
66#define GSS_KEY_EXPIRE_TIMEO 240
67static unsigned int gss_key_expire_timeo = GSS_KEY_EXPIRE_TIMEO;
68
69#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
70# define RPCDBG_FACILITY        RPCDBG_AUTH
71#endif
72
73#define GSS_CRED_SLACK          (RPC_MAX_AUTH_SIZE * 2)
74/* length of a krb5 verifier (48), plus data added before arguments when
75 * using integrity (two 4-byte integers): */
76#define GSS_VERF_SLACK          100
77
78static DEFINE_HASHTABLE(gss_auth_hash_table, 4);
79static DEFINE_SPINLOCK(gss_auth_hash_lock);
80
81struct gss_pipe {
82        struct rpc_pipe_dir_object pdo;
83        struct rpc_pipe *pipe;
84        struct rpc_clnt *clnt;
85        const char *name;
86        struct kref kref;
87};
88
89struct gss_auth {
90        struct kref kref;
91        struct hlist_node hash;
92        struct rpc_auth rpc_auth;
93        struct gss_api_mech *mech;
94        enum rpc_gss_svc service;
95        struct rpc_clnt *client;
96        struct net *net;
97        /*
98         * There are two upcall pipes; dentry[1], named "gssd", is used
99         * for the new text-based upcall; dentry[0] is named after the
100         * mechanism (for example, "krb5") and exists for
101         * backwards-compatibility with older gssd's.
102         */
103        struct gss_pipe *gss_pipe[2];
104        const char *target_name;
105};
106
107/* pipe_version >= 0 if and only if someone has a pipe open. */
108static DEFINE_SPINLOCK(pipe_version_lock);
109static struct rpc_wait_queue pipe_version_rpc_waitqueue;
110static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
111static void gss_put_auth(struct gss_auth *gss_auth);
112
113static void gss_free_ctx(struct gss_cl_ctx *);
114static const struct rpc_pipe_ops gss_upcall_ops_v0;
115static const struct rpc_pipe_ops gss_upcall_ops_v1;
116
117static inline struct gss_cl_ctx *
118gss_get_ctx(struct gss_cl_ctx *ctx)
119{
120        atomic_inc(&ctx->count);
121        return ctx;
122}
123
124static inline void
125gss_put_ctx(struct gss_cl_ctx *ctx)
126{
127        if (atomic_dec_and_test(&ctx->count))
128                gss_free_ctx(ctx);
129}
130
131/* gss_cred_set_ctx:
132 * called by gss_upcall_callback and gss_create_upcall in order
133 * to set the gss context. The actual exchange of an old context
134 * and a new one is protected by the pipe->lock.
135 */
136static void
137gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
138{
139        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
140
141        if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
142                return;
143        gss_get_ctx(ctx);
144        rcu_assign_pointer(gss_cred->gc_ctx, ctx);
145        set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
146        smp_mb__before_atomic();
147        clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
148}
149
150static const void *
151simple_get_bytes(const void *p, const void *end, void *res, size_t len)
152{
153        const void *q = (const void *)((const char *)p + len);
154        if (unlikely(q > end || q < p))
155                return ERR_PTR(-EFAULT);
156        memcpy(res, p, len);
157        return q;
158}
159
160static inline const void *
161simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
162{
163        const void *q;
164        unsigned int len;
165
166        p = simple_get_bytes(p, end, &len, sizeof(len));
167        if (IS_ERR(p))
168                return p;
169        q = (const void *)((const char *)p + len);
170        if (unlikely(q > end || q < p))
171                return ERR_PTR(-EFAULT);
172        dest->data = kmemdup(p, len, GFP_NOFS);
173        if (unlikely(dest->data == NULL))
174                return ERR_PTR(-ENOMEM);
175        dest->len = len;
176        return q;
177}
178
179static struct gss_cl_ctx *
180gss_cred_get_ctx(struct rpc_cred *cred)
181{
182        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
183        struct gss_cl_ctx *ctx = NULL;
184
185        rcu_read_lock();
186        ctx = rcu_dereference(gss_cred->gc_ctx);
187        if (ctx)
188                gss_get_ctx(ctx);
189        rcu_read_unlock();
190        return ctx;
191}
192
193static struct gss_cl_ctx *
194gss_alloc_context(void)
195{
196        struct gss_cl_ctx *ctx;
197
198        ctx = kzalloc(sizeof(*ctx), GFP_NOFS);
199        if (ctx != NULL) {
200                ctx->gc_proc = RPC_GSS_PROC_DATA;
201                ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
202                spin_lock_init(&ctx->gc_seq_lock);
203                atomic_set(&ctx->count,1);
204        }
205        return ctx;
206}
207
208#define GSSD_MIN_TIMEOUT (60 * 60)
209static const void *
210gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
211{
212        const void *q;
213        unsigned int seclen;
214        unsigned int timeout;
215        unsigned long now = jiffies;
216        u32 window_size;
217        int ret;
218
219        /* First unsigned int gives the remaining lifetime in seconds of the
220         * credential - e.g. the remaining TGT lifetime for Kerberos or
221         * the -t value passed to GSSD.
222         */
223        p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
224        if (IS_ERR(p))
225                goto err;
226        if (timeout == 0)
227                timeout = GSSD_MIN_TIMEOUT;
228        ctx->gc_expiry = now + ((unsigned long)timeout * HZ);
229        /* Sequence number window. Determines the maximum number of
230         * simultaneous requests
231         */
232        p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
233        if (IS_ERR(p))
234                goto err;
235        ctx->gc_win = window_size;
236        /* gssd signals an error by passing ctx->gc_win = 0: */
237        if (ctx->gc_win == 0) {
238                /*
239                 * in which case, p points to an error code. Anything other
240                 * than -EKEYEXPIRED gets converted to -EACCES.
241                 */
242                p = simple_get_bytes(p, end, &ret, sizeof(ret));
243                if (!IS_ERR(p))
244                        p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
245                                                    ERR_PTR(-EACCES);
246                goto err;
247        }
248        /* copy the opaque wire context */
249        p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
250        if (IS_ERR(p))
251                goto err;
252        /* import the opaque security context */
253        p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
254        if (IS_ERR(p))
255                goto err;
256        q = (const void *)((const char *)p + seclen);
257        if (unlikely(q > end || q < p)) {
258                p = ERR_PTR(-EFAULT);
259                goto err;
260        }
261        ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, NULL, GFP_NOFS);
262        if (ret < 0) {
263                p = ERR_PTR(ret);
264                goto err;
265        }
266
267        /* is there any trailing data? */
268        if (q == end) {
269                p = q;
270                goto done;
271        }
272
273        /* pull in acceptor name (if there is one) */
274        p = simple_get_netobj(q, end, &ctx->gc_acceptor);
275        if (IS_ERR(p))
276                goto err;
277done:
278        dprintk("RPC:       %s Success. gc_expiry %lu now %lu timeout %u acceptor %.*s\n",
279                __func__, ctx->gc_expiry, now, timeout, ctx->gc_acceptor.len,
280                ctx->gc_acceptor.data);
281        return p;
282err:
283        dprintk("RPC:       %s returns error %ld\n", __func__, -PTR_ERR(p));
284        return p;
285}
286
287#define UPCALL_BUF_LEN 128
288
289struct gss_upcall_msg {
290        atomic_t count;
291        kuid_t  uid;
292        struct rpc_pipe_msg msg;
293        struct list_head list;
294        struct gss_auth *auth;
295        struct rpc_pipe *pipe;
296        struct rpc_wait_queue rpc_waitqueue;
297        wait_queue_head_t waitqueue;
298        struct gss_cl_ctx *ctx;
299        char databuf[UPCALL_BUF_LEN];
300};
301
302static int get_pipe_version(struct net *net)
303{
304        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
305        int ret;
306
307        spin_lock(&pipe_version_lock);
308        if (sn->pipe_version >= 0) {
309                atomic_inc(&sn->pipe_users);
310                ret = sn->pipe_version;
311        } else
312                ret = -EAGAIN;
313        spin_unlock(&pipe_version_lock);
314        return ret;
315}
316
317static void put_pipe_version(struct net *net)
318{
319        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
320
321        if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
322                sn->pipe_version = -1;
323                spin_unlock(&pipe_version_lock);
324        }
325}
326
327static void
328gss_release_msg(struct gss_upcall_msg *gss_msg)
329{
330        struct net *net = gss_msg->auth->net;
331        if (!atomic_dec_and_test(&gss_msg->count))
332                return;
333        put_pipe_version(net);
334        BUG_ON(!list_empty(&gss_msg->list));
335        if (gss_msg->ctx != NULL)
336                gss_put_ctx(gss_msg->ctx);
337        rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
338        gss_put_auth(gss_msg->auth);
339        kfree(gss_msg);
340}
341
342static struct gss_upcall_msg *
343__gss_find_upcall(struct rpc_pipe *pipe, kuid_t uid, const struct gss_auth *auth)
344{
345        struct gss_upcall_msg *pos;
346        list_for_each_entry(pos, &pipe->in_downcall, list) {
347                if (!uid_eq(pos->uid, uid))
348                        continue;
349                if (auth && pos->auth->service != auth->service)
350                        continue;
351                atomic_inc(&pos->count);
352                dprintk("RPC:       %s found msg %p\n", __func__, pos);
353                return pos;
354        }
355        dprintk("RPC:       %s found nothing\n", __func__);
356        return NULL;
357}
358
359/* Try to add an upcall to the pipefs queue.
360 * If an upcall owned by our uid already exists, then we return a reference
361 * to that upcall instead of adding the new upcall.
362 */
363static inline struct gss_upcall_msg *
364gss_add_msg(struct gss_upcall_msg *gss_msg)
365{
366        struct rpc_pipe *pipe = gss_msg->pipe;
367        struct gss_upcall_msg *old;
368
369        spin_lock(&pipe->lock);
370        old = __gss_find_upcall(pipe, gss_msg->uid, gss_msg->auth);
371        if (old == NULL) {
372                atomic_inc(&gss_msg->count);
373                list_add(&gss_msg->list, &pipe->in_downcall);
374        } else
375                gss_msg = old;
376        spin_unlock(&pipe->lock);
377        return gss_msg;
378}
379
380static void
381__gss_unhash_msg(struct gss_upcall_msg *gss_msg)
382{
383        list_del_init(&gss_msg->list);
384        rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
385        wake_up_all(&gss_msg->waitqueue);
386        atomic_dec(&gss_msg->count);
387}
388
389static void
390gss_unhash_msg(struct gss_upcall_msg *gss_msg)
391{
392        struct rpc_pipe *pipe = gss_msg->pipe;
393
394        if (list_empty(&gss_msg->list))
395                return;
396        spin_lock(&pipe->lock);
397        if (!list_empty(&gss_msg->list))
398                __gss_unhash_msg(gss_msg);
399        spin_unlock(&pipe->lock);
400}
401
402static void
403gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss_msg)
404{
405        switch (gss_msg->msg.errno) {
406        case 0:
407                if (gss_msg->ctx == NULL)
408                        break;
409                clear_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
410                gss_cred_set_ctx(&gss_cred->gc_base, gss_msg->ctx);
411                break;
412        case -EKEYEXPIRED:
413                set_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
414        }
415        gss_cred->gc_upcall_timestamp = jiffies;
416        gss_cred->gc_upcall = NULL;
417        rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
418}
419
420static void
421gss_upcall_callback(struct rpc_task *task)
422{
423        struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
424                        struct gss_cred, gc_base);
425        struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
426        struct rpc_pipe *pipe = gss_msg->pipe;
427
428        spin_lock(&pipe->lock);
429        gss_handle_downcall_result(gss_cred, gss_msg);
430        spin_unlock(&pipe->lock);
431        task->tk_status = gss_msg->msg.errno;
432        gss_release_msg(gss_msg);
433}
434
435static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
436{
437        uid_t uid = from_kuid(&init_user_ns, gss_msg->uid);
438        memcpy(gss_msg->databuf, &uid, sizeof(uid));
439        gss_msg->msg.data = gss_msg->databuf;
440        gss_msg->msg.len = sizeof(uid);
441
442        BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
443}
444
445static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
446                                const char *service_name,
447                                const char *target_name)
448{
449        struct gss_api_mech *mech = gss_msg->auth->mech;
450        char *p = gss_msg->databuf;
451        size_t buflen = sizeof(gss_msg->databuf);
452        int len;
453
454        len = scnprintf(p, buflen, "mech=%s uid=%d ", mech->gm_name,
455                        from_kuid(&init_user_ns, gss_msg->uid));
456        buflen -= len;
457        p += len;
458        gss_msg->msg.len = len;
459        if (target_name) {
460                len = scnprintf(p, buflen, "target=%s ", target_name);
461                buflen -= len;
462                p += len;
463                gss_msg->msg.len += len;
464        }
465        if (service_name != NULL) {
466                len = scnprintf(p, buflen, "service=%s ", service_name);
467                buflen -= len;
468                p += len;
469                gss_msg->msg.len += len;
470        }
471        if (mech->gm_upcall_enctypes) {
472                len = scnprintf(p, buflen, "enctypes=%s ",
473                                mech->gm_upcall_enctypes);
474                buflen -= len;
475                p += len;
476                gss_msg->msg.len += len;
477        }
478        len = scnprintf(p, buflen, "\n");
479        if (len == 0)
480                goto out_overflow;
481        gss_msg->msg.len += len;
482
483        gss_msg->msg.data = gss_msg->databuf;
484        return 0;
485out_overflow:
486        WARN_ON_ONCE(1);
487        return -ENOMEM;
488}
489
490static struct gss_upcall_msg *
491gss_alloc_msg(struct gss_auth *gss_auth,
492                kuid_t uid, const char *service_name)
493{
494        struct gss_upcall_msg *gss_msg;
495        int vers;
496        int err = -ENOMEM;
497
498        gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
499        if (gss_msg == NULL)
500                goto err;
501        vers = get_pipe_version(gss_auth->net);
502        err = vers;
503        if (err < 0)
504                goto err_free_msg;
505        gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
506        INIT_LIST_HEAD(&gss_msg->list);
507        rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
508        init_waitqueue_head(&gss_msg->waitqueue);
509        atomic_set(&gss_msg->count, 1);
510        gss_msg->uid = uid;
511        gss_msg->auth = gss_auth;
512        switch (vers) {
513        case 0:
514                gss_encode_v0_msg(gss_msg);
515                break;
516        default:
517                err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name);
518                if (err)
519                        goto err_put_pipe_version;
520        };
521        kref_get(&gss_auth->kref);
522        return gss_msg;
523err_put_pipe_version:
524        put_pipe_version(gss_auth->net);
525err_free_msg:
526        kfree(gss_msg);
527err:
528        return ERR_PTR(err);
529}
530
531static struct gss_upcall_msg *
532gss_setup_upcall(struct gss_auth *gss_auth, struct rpc_cred *cred)
533{
534        struct gss_cred *gss_cred = container_of(cred,
535                        struct gss_cred, gc_base);
536        struct gss_upcall_msg *gss_new, *gss_msg;
537        kuid_t uid = cred->cr_uid;
538
539        gss_new = gss_alloc_msg(gss_auth, uid, gss_cred->gc_principal);
540        if (IS_ERR(gss_new))
541                return gss_new;
542        gss_msg = gss_add_msg(gss_new);
543        if (gss_msg == gss_new) {
544                int res;
545                atomic_inc(&gss_msg->count);
546                res = rpc_queue_upcall(gss_new->pipe, &gss_new->msg);
547                if (res) {
548                        gss_unhash_msg(gss_new);
549                        atomic_dec(&gss_msg->count);
550                        gss_release_msg(gss_new);
551                        gss_msg = ERR_PTR(res);
552                }
553        } else
554                gss_release_msg(gss_new);
555        return gss_msg;
556}
557
558static void warn_gssd(void)
559{
560        dprintk("AUTH_GSS upcall failed. Please check user daemon is running.\n");
561}
562
563static inline int
564gss_refresh_upcall(struct rpc_task *task)
565{
566        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
567        struct gss_auth *gss_auth = container_of(cred->cr_auth,
568                        struct gss_auth, rpc_auth);
569        struct gss_cred *gss_cred = container_of(cred,
570                        struct gss_cred, gc_base);
571        struct gss_upcall_msg *gss_msg;
572        struct rpc_pipe *pipe;
573        int err = 0;
574
575        dprintk("RPC: %5u %s for uid %u\n",
576                task->tk_pid, __func__, from_kuid(&init_user_ns, cred->cr_uid));
577        gss_msg = gss_setup_upcall(gss_auth, cred);
578        if (PTR_ERR(gss_msg) == -EAGAIN) {
579                /* XXX: warning on the first, under the assumption we
580                 * shouldn't normally hit this case on a refresh. */
581                warn_gssd();
582                task->tk_timeout = 15*HZ;
583                rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL);
584                return -EAGAIN;
585        }
586        if (IS_ERR(gss_msg)) {
587                err = PTR_ERR(gss_msg);
588                goto out;
589        }
590        pipe = gss_msg->pipe;
591        spin_lock(&pipe->lock);
592        if (gss_cred->gc_upcall != NULL)
593                rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
594        else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
595                task->tk_timeout = 0;
596                gss_cred->gc_upcall = gss_msg;
597                /* gss_upcall_callback will release the reference to gss_upcall_msg */
598                atomic_inc(&gss_msg->count);
599                rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
600        } else {
601                gss_handle_downcall_result(gss_cred, gss_msg);
602                err = gss_msg->msg.errno;
603        }
604        spin_unlock(&pipe->lock);
605        gss_release_msg(gss_msg);
606out:
607        dprintk("RPC: %5u %s for uid %u result %d\n",
608                task->tk_pid, __func__,
609                from_kuid(&init_user_ns, cred->cr_uid), err);
610        return err;
611}
612
613static inline int
614gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
615{
616        struct net *net = gss_auth->net;
617        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
618        struct rpc_pipe *pipe;
619        struct rpc_cred *cred = &gss_cred->gc_base;
620        struct gss_upcall_msg *gss_msg;
621        DEFINE_WAIT(wait);
622        int err;
623
624        dprintk("RPC:       %s for uid %u\n",
625                __func__, from_kuid(&init_user_ns, cred->cr_uid));
626retry:
627        err = 0;
628        /* if gssd is down, just skip upcalling altogether */
629        if (!gssd_running(net)) {
630                warn_gssd();
631                return -EACCES;
632        }
633        gss_msg = gss_setup_upcall(gss_auth, cred);
634        if (PTR_ERR(gss_msg) == -EAGAIN) {
635                err = wait_event_interruptible_timeout(pipe_version_waitqueue,
636                                sn->pipe_version >= 0, 15 * HZ);
637                if (sn->pipe_version < 0) {
638                        warn_gssd();
639                        err = -EACCES;
640                }
641                if (err < 0)
642                        goto out;
643                goto retry;
644        }
645        if (IS_ERR(gss_msg)) {
646                err = PTR_ERR(gss_msg);
647                goto out;
648        }
649        pipe = gss_msg->pipe;
650        for (;;) {
651                prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
652                spin_lock(&pipe->lock);
653                if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
654                        break;
655                }
656                spin_unlock(&pipe->lock);
657                if (fatal_signal_pending(current)) {
658                        err = -ERESTARTSYS;
659                        goto out_intr;
660                }
661                schedule();
662        }
663        if (gss_msg->ctx)
664                gss_cred_set_ctx(cred, gss_msg->ctx);
665        else
666                err = gss_msg->msg.errno;
667        spin_unlock(&pipe->lock);
668out_intr:
669        finish_wait(&gss_msg->waitqueue, &wait);
670        gss_release_msg(gss_msg);
671out:
672        dprintk("RPC:       %s for uid %u result %d\n",
673                __func__, from_kuid(&init_user_ns, cred->cr_uid), err);
674        return err;
675}
676
677#define MSG_BUF_MAXSIZE 1024
678
679static ssize_t
680gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
681{
682        const void *p, *end;
683        void *buf;
684        struct gss_upcall_msg *gss_msg;
685        struct rpc_pipe *pipe = RPC_I(file_inode(filp))->pipe;
686        struct gss_cl_ctx *ctx;
687        uid_t id;
688        kuid_t uid;
689        ssize_t err = -EFBIG;
690
691        if (mlen > MSG_BUF_MAXSIZE)
692                goto out;
693        err = -ENOMEM;
694        buf = kmalloc(mlen, GFP_NOFS);
695        if (!buf)
696                goto out;
697
698        err = -EFAULT;
699        if (copy_from_user(buf, src, mlen))
700                goto err;
701
702        end = (const void *)((char *)buf + mlen);
703        p = simple_get_bytes(buf, end, &id, sizeof(id));
704        if (IS_ERR(p)) {
705                err = PTR_ERR(p);
706                goto err;
707        }
708
709        uid = make_kuid(&init_user_ns, id);
710        if (!uid_valid(uid)) {
711                err = -EINVAL;
712                goto err;
713        }
714
715        err = -ENOMEM;
716        ctx = gss_alloc_context();
717        if (ctx == NULL)
718                goto err;
719
720        err = -ENOENT;
721        /* Find a matching upcall */
722        spin_lock(&pipe->lock);
723        gss_msg = __gss_find_upcall(pipe, uid, NULL);
724        if (gss_msg == NULL) {
725                spin_unlock(&pipe->lock);
726                goto err_put_ctx;
727        }
728        list_del_init(&gss_msg->list);
729        spin_unlock(&pipe->lock);
730
731        p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
732        if (IS_ERR(p)) {
733                err = PTR_ERR(p);
734                switch (err) {
735                case -EACCES:
736                case -EKEYEXPIRED:
737                        gss_msg->msg.errno = err;
738                        err = mlen;
739                        break;
740                case -EFAULT:
741                case -ENOMEM:
742                case -EINVAL:
743                case -ENOSYS:
744                        gss_msg->msg.errno = -EAGAIN;
745                        break;
746                default:
747                        printk(KERN_CRIT "%s: bad return from "
748                                "gss_fill_context: %zd\n", __func__, err);
749                        BUG();
750                }
751                goto err_release_msg;
752        }
753        gss_msg->ctx = gss_get_ctx(ctx);
754        err = mlen;
755
756err_release_msg:
757        spin_lock(&pipe->lock);
758        __gss_unhash_msg(gss_msg);
759        spin_unlock(&pipe->lock);
760        gss_release_msg(gss_msg);
761err_put_ctx:
762        gss_put_ctx(ctx);
763err:
764        kfree(buf);
765out:
766        dprintk("RPC:       %s returning %Zd\n", __func__, err);
767        return err;
768}
769
770static int gss_pipe_open(struct inode *inode, int new_version)
771{
772        struct net *net = inode->i_sb->s_fs_info;
773        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
774        int ret = 0;
775
776        spin_lock(&pipe_version_lock);
777        if (sn->pipe_version < 0) {
778                /* First open of any gss pipe determines the version: */
779                sn->pipe_version = new_version;
780                rpc_wake_up(&pipe_version_rpc_waitqueue);
781                wake_up(&pipe_version_waitqueue);
782        } else if (sn->pipe_version != new_version) {
783                /* Trying to open a pipe of a different version */
784                ret = -EBUSY;
785                goto out;
786        }
787        atomic_inc(&sn->pipe_users);
788out:
789        spin_unlock(&pipe_version_lock);
790        return ret;
791
792}
793
794static int gss_pipe_open_v0(struct inode *inode)
795{
796        return gss_pipe_open(inode, 0);
797}
798
799static int gss_pipe_open_v1(struct inode *inode)
800{
801        return gss_pipe_open(inode, 1);
802}
803
804static void
805gss_pipe_release(struct inode *inode)
806{
807        struct net *net = inode->i_sb->s_fs_info;
808        struct rpc_pipe *pipe = RPC_I(inode)->pipe;
809        struct gss_upcall_msg *gss_msg;
810
811restart:
812        spin_lock(&pipe->lock);
813        list_for_each_entry(gss_msg, &pipe->in_downcall, list) {
814
815                if (!list_empty(&gss_msg->msg.list))
816                        continue;
817                gss_msg->msg.errno = -EPIPE;
818                atomic_inc(&gss_msg->count);
819                __gss_unhash_msg(gss_msg);
820                spin_unlock(&pipe->lock);
821                gss_release_msg(gss_msg);
822                goto restart;
823        }
824        spin_unlock(&pipe->lock);
825
826        put_pipe_version(net);
827}
828
829static void
830gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
831{
832        struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
833
834        if (msg->errno < 0) {
835                dprintk("RPC:       %s releasing msg %p\n",
836                        __func__, gss_msg);
837                atomic_inc(&gss_msg->count);
838                gss_unhash_msg(gss_msg);
839                if (msg->errno == -ETIMEDOUT)
840                        warn_gssd();
841                gss_release_msg(gss_msg);
842        }
843        gss_release_msg(gss_msg);
844}
845
846static void gss_pipe_dentry_destroy(struct dentry *dir,
847                struct rpc_pipe_dir_object *pdo)
848{
849        struct gss_pipe *gss_pipe = pdo->pdo_data;
850        struct rpc_pipe *pipe = gss_pipe->pipe;
851
852        if (pipe->dentry != NULL) {
853                rpc_unlink(pipe->dentry);
854                pipe->dentry = NULL;
855        }
856}
857
858static int gss_pipe_dentry_create(struct dentry *dir,
859                struct rpc_pipe_dir_object *pdo)
860{
861        struct gss_pipe *p = pdo->pdo_data;
862        struct dentry *dentry;
863
864        dentry = rpc_mkpipe_dentry(dir, p->name, p->clnt, p->pipe);
865        if (IS_ERR(dentry))
866                return PTR_ERR(dentry);
867        p->pipe->dentry = dentry;
868        return 0;
869}
870
871static const struct rpc_pipe_dir_object_ops gss_pipe_dir_object_ops = {
872        .create = gss_pipe_dentry_create,
873        .destroy = gss_pipe_dentry_destroy,
874};
875
876static struct gss_pipe *gss_pipe_alloc(struct rpc_clnt *clnt,
877                const char *name,
878                const struct rpc_pipe_ops *upcall_ops)
879{
880        struct gss_pipe *p;
881        int err = -ENOMEM;
882
883        p = kmalloc(sizeof(*p), GFP_KERNEL);
884        if (p == NULL)
885                goto err;
886        p->pipe = rpc_mkpipe_data(upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
887        if (IS_ERR(p->pipe)) {
888                err = PTR_ERR(p->pipe);
889                goto err_free_gss_pipe;
890        }
891        p->name = name;
892        p->clnt = clnt;
893        kref_init(&p->kref);
894        rpc_init_pipe_dir_object(&p->pdo,
895                        &gss_pipe_dir_object_ops,
896                        p);
897        return p;
898err_free_gss_pipe:
899        kfree(p);
900err:
901        return ERR_PTR(err);
902}
903
904struct gss_alloc_pdo {
905        struct rpc_clnt *clnt;
906        const char *name;
907        const struct rpc_pipe_ops *upcall_ops;
908};
909
910static int gss_pipe_match_pdo(struct rpc_pipe_dir_object *pdo, void *data)
911{
912        struct gss_pipe *gss_pipe;
913        struct gss_alloc_pdo *args = data;
914
915        if (pdo->pdo_ops != &gss_pipe_dir_object_ops)
916                return 0;
917        gss_pipe = container_of(pdo, struct gss_pipe, pdo);
918        if (strcmp(gss_pipe->name, args->name) != 0)
919                return 0;
920        if (!kref_get_unless_zero(&gss_pipe->kref))
921                return 0;
922        return 1;
923}
924
925static struct rpc_pipe_dir_object *gss_pipe_alloc_pdo(void *data)
926{
927        struct gss_pipe *gss_pipe;
928        struct gss_alloc_pdo *args = data;
929
930        gss_pipe = gss_pipe_alloc(args->clnt, args->name, args->upcall_ops);
931        if (!IS_ERR(gss_pipe))
932                return &gss_pipe->pdo;
933        return NULL;
934}
935
936static struct gss_pipe *gss_pipe_get(struct rpc_clnt *clnt,
937                const char *name,
938                const struct rpc_pipe_ops *upcall_ops)
939{
940        struct net *net = rpc_net_ns(clnt);
941        struct rpc_pipe_dir_object *pdo;
942        struct gss_alloc_pdo args = {
943                .clnt = clnt,
944                .name = name,
945                .upcall_ops = upcall_ops,
946        };
947
948        pdo = rpc_find_or_alloc_pipe_dir_object(net,
949                        &clnt->cl_pipedir_objects,
950                        gss_pipe_match_pdo,
951                        gss_pipe_alloc_pdo,
952                        &args);
953        if (pdo != NULL)
954                return container_of(pdo, struct gss_pipe, pdo);
955        return ERR_PTR(-ENOMEM);
956}
957
958static void __gss_pipe_free(struct gss_pipe *p)
959{
960        struct rpc_clnt *clnt = p->clnt;
961        struct net *net = rpc_net_ns(clnt);
962
963        rpc_remove_pipe_dir_object(net,
964                        &clnt->cl_pipedir_objects,
965                        &p->pdo);
966        rpc_destroy_pipe_data(p->pipe);
967        kfree(p);
968}
969
970static void __gss_pipe_release(struct kref *kref)
971{
972        struct gss_pipe *p = container_of(kref, struct gss_pipe, kref);
973
974        __gss_pipe_free(p);
975}
976
977static void gss_pipe_free(struct gss_pipe *p)
978{
979        if (p != NULL)
980                kref_put(&p->kref, __gss_pipe_release);
981}
982
983/*
984 * NOTE: we have the opportunity to use different
985 * parameters based on the input flavor (which must be a pseudoflavor)
986 */
987static struct gss_auth *
988gss_create_new(struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
989{
990        rpc_authflavor_t flavor = args->pseudoflavor;
991        struct gss_auth *gss_auth;
992        struct gss_pipe *gss_pipe;
993        struct rpc_auth * auth;
994        int err = -ENOMEM; /* XXX? */
995
996        dprintk("RPC:       creating GSS authenticator for client %p\n", clnt);
997
998        if (!try_module_get(THIS_MODULE))
999                return ERR_PTR(err);
1000        if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
1001                goto out_dec;
1002        INIT_HLIST_NODE(&gss_auth->hash);
1003        gss_auth->target_name = NULL;
1004        if (args->target_name) {
1005                gss_auth->target_name = kstrdup(args->target_name, GFP_KERNEL);
1006                if (gss_auth->target_name == NULL)
1007                        goto err_free;
1008        }
1009        gss_auth->client = clnt;
1010        gss_auth->net = get_net(rpc_net_ns(clnt));
1011        err = -EINVAL;
1012        gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
1013        if (!gss_auth->mech) {
1014                dprintk("RPC:       Pseudoflavor %d not found!\n", flavor);
1015                goto err_put_net;
1016        }
1017        gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
1018        if (gss_auth->service == 0)
1019                goto err_put_mech;
1020        if (!gssd_running(gss_auth->net))
1021                goto err_put_mech;
1022        auth = &gss_auth->rpc_auth;
1023        auth->au_cslack = GSS_CRED_SLACK >> 2;
1024        auth->au_rslack = GSS_VERF_SLACK >> 2;
1025        auth->au_ops = &authgss_ops;
1026        auth->au_flavor = flavor;
1027        atomic_set(&auth->au_count, 1);
1028        kref_init(&gss_auth->kref);
1029
1030        err = rpcauth_init_credcache(auth);
1031        if (err)
1032                goto err_put_mech;
1033        /*
1034         * Note: if we created the old pipe first, then someone who
1035         * examined the directory at the right moment might conclude
1036         * that we supported only the old pipe.  So we instead create
1037         * the new pipe first.
1038         */
1039        gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
1040        if (IS_ERR(gss_pipe)) {
1041                err = PTR_ERR(gss_pipe);
1042                goto err_destroy_credcache;
1043        }
1044        gss_auth->gss_pipe[1] = gss_pipe;
1045
1046        gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
1047                        &gss_upcall_ops_v0);
1048        if (IS_ERR(gss_pipe)) {
1049                err = PTR_ERR(gss_pipe);
1050                goto err_destroy_pipe_1;
1051        }
1052        gss_auth->gss_pipe[0] = gss_pipe;
1053
1054        return gss_auth;
1055err_destroy_pipe_1:
1056        gss_pipe_free(gss_auth->gss_pipe[1]);
1057err_destroy_credcache:
1058        rpcauth_destroy_credcache(auth);
1059err_put_mech:
1060        gss_mech_put(gss_auth->mech);
1061err_put_net:
1062        put_net(gss_auth->net);
1063err_free:
1064        kfree(gss_auth->target_name);
1065        kfree(gss_auth);
1066out_dec:
1067        module_put(THIS_MODULE);
1068        return ERR_PTR(err);
1069}
1070
1071static void
1072gss_free(struct gss_auth *gss_auth)
1073{
1074        gss_pipe_free(gss_auth->gss_pipe[0]);
1075        gss_pipe_free(gss_auth->gss_pipe[1]);
1076        gss_mech_put(gss_auth->mech);
1077        put_net(gss_auth->net);
1078        kfree(gss_auth->target_name);
1079
1080        kfree(gss_auth);
1081        module_put(THIS_MODULE);
1082}
1083
1084static void
1085gss_free_callback(struct kref *kref)
1086{
1087        struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
1088
1089        gss_free(gss_auth);
1090}
1091
1092static void
1093gss_put_auth(struct gss_auth *gss_auth)
1094{
1095        kref_put(&gss_auth->kref, gss_free_callback);
1096}
1097
1098static void
1099gss_destroy(struct rpc_auth *auth)
1100{
1101        struct gss_auth *gss_auth = container_of(auth,
1102                        struct gss_auth, rpc_auth);
1103
1104        dprintk("RPC:       destroying GSS authenticator %p flavor %d\n",
1105                        auth, auth->au_flavor);
1106
1107        if (hash_hashed(&gss_auth->hash)) {
1108                spin_lock(&gss_auth_hash_lock);
1109                hash_del(&gss_auth->hash);
1110                spin_unlock(&gss_auth_hash_lock);
1111        }
1112
1113        gss_pipe_free(gss_auth->gss_pipe[0]);
1114        gss_auth->gss_pipe[0] = NULL;
1115        gss_pipe_free(gss_auth->gss_pipe[1]);
1116        gss_auth->gss_pipe[1] = NULL;
1117        rpcauth_destroy_credcache(auth);
1118
1119        gss_put_auth(gss_auth);
1120}
1121
1122/*
1123 * Auths may be shared between rpc clients that were cloned from a
1124 * common client with the same xprt, if they also share the flavor and
1125 * target_name.
1126 *
1127 * The auth is looked up from the oldest parent sharing the same
1128 * cl_xprt, and the auth itself references only that common parent
1129 * (which is guaranteed to last as long as any of its descendants).
1130 */
1131static struct gss_auth *
1132gss_auth_find_or_add_hashed(struct rpc_auth_create_args *args,
1133                struct rpc_clnt *clnt,
1134                struct gss_auth *new)
1135{
1136        struct gss_auth *gss_auth;
1137        unsigned long hashval = (unsigned long)clnt;
1138
1139        spin_lock(&gss_auth_hash_lock);
1140        hash_for_each_possible(gss_auth_hash_table,
1141                        gss_auth,
1142                        hash,
1143                        hashval) {
1144                if (gss_auth->client != clnt)
1145                        continue;
1146                if (gss_auth->rpc_auth.au_flavor != args->pseudoflavor)
1147                        continue;
1148                if (gss_auth->target_name != args->target_name) {
1149                        if (gss_auth->target_name == NULL)
1150                                continue;
1151                        if (args->target_name == NULL)
1152                                continue;
1153                        if (strcmp(gss_auth->target_name, args->target_name))
1154                                continue;
1155                }
1156                if (!atomic_inc_not_zero(&gss_auth->rpc_auth.au_count))
1157                        continue;
1158                goto out;
1159        }
1160        if (new)
1161                hash_add(gss_auth_hash_table, &new->hash, hashval);
1162        gss_auth = new;
1163out:
1164        spin_unlock(&gss_auth_hash_lock);
1165        return gss_auth;
1166}
1167
1168static struct gss_auth *
1169gss_create_hashed(struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
1170{
1171        struct gss_auth *gss_auth;
1172        struct gss_auth *new;
1173
1174        gss_auth = gss_auth_find_or_add_hashed(args, clnt, NULL);
1175        if (gss_auth != NULL)
1176                goto out;
1177        new = gss_create_new(args, clnt);
1178        if (IS_ERR(new))
1179                return new;
1180        gss_auth = gss_auth_find_or_add_hashed(args, clnt, new);
1181        if (gss_auth != new)
1182                gss_destroy(&new->rpc_auth);
1183out:
1184        return gss_auth;
1185}
1186
1187static struct rpc_auth *
1188gss_create(struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
1189{
1190        struct gss_auth *gss_auth;
1191        struct rpc_xprt *xprt = rcu_access_pointer(clnt->cl_xprt);
1192
1193        while (clnt != clnt->cl_parent) {
1194                struct rpc_clnt *parent = clnt->cl_parent;
1195                /* Find the original parent for this transport */
1196                if (rcu_access_pointer(parent->cl_xprt) != xprt)
1197                        break;
1198                clnt = parent;
1199        }
1200
1201        gss_auth = gss_create_hashed(args, clnt);
1202        if (IS_ERR(gss_auth))
1203                return ERR_CAST(gss_auth);
1204        return &gss_auth->rpc_auth;
1205}
1206
1207/*
1208 * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
1209 * to the server with the GSS control procedure field set to
1210 * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
1211 * all RPCSEC_GSS state associated with that context.
1212 */
1213static int
1214gss_destroying_context(struct rpc_cred *cred)
1215{
1216        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1217        struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1218        struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1219        struct rpc_task *task;
1220
1221        if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
1222                return 0;
1223
1224        ctx->gc_proc = RPC_GSS_PROC_DESTROY;
1225        cred->cr_ops = &gss_nullops;
1226
1227        /* Take a reference to ensure the cred will be destroyed either
1228         * by the RPC call or by the put_rpccred() below */
1229        get_rpccred(cred);
1230
1231        task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
1232        if (!IS_ERR(task))
1233                rpc_put_task(task);
1234
1235        put_rpccred(cred);
1236        return 1;
1237}
1238
1239/* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
1240 * to create a new cred or context, so they check that things have been
1241 * allocated before freeing them. */
1242static void
1243gss_do_free_ctx(struct gss_cl_ctx *ctx)
1244{
1245        dprintk("RPC:       %s\n", __func__);
1246
1247        gss_delete_sec_context(&ctx->gc_gss_ctx);
1248        kfree(ctx->gc_wire_ctx.data);
1249        kfree(ctx->gc_acceptor.data);
1250        kfree(ctx);
1251}
1252
1253static void
1254gss_free_ctx_callback(struct rcu_head *head)
1255{
1256        struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
1257        gss_do_free_ctx(ctx);
1258}
1259
1260static void
1261gss_free_ctx(struct gss_cl_ctx *ctx)
1262{
1263        call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
1264}
1265
1266static void
1267gss_free_cred(struct gss_cred *gss_cred)
1268{
1269        dprintk("RPC:       %s cred=%p\n", __func__, gss_cred);
1270        kfree(gss_cred);
1271}
1272
1273static void
1274gss_free_cred_callback(struct rcu_head *head)
1275{
1276        struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
1277        gss_free_cred(gss_cred);
1278}
1279
1280static void
1281gss_destroy_nullcred(struct rpc_cred *cred)
1282{
1283        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1284        struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1285        struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1286
1287        RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
1288        call_rcu(&cred->cr_rcu, gss_free_cred_callback);
1289        if (ctx)
1290                gss_put_ctx(ctx);
1291        gss_put_auth(gss_auth);
1292}
1293
1294static void
1295gss_destroy_cred(struct rpc_cred *cred)
1296{
1297
1298        if (gss_destroying_context(cred))
1299                return;
1300        gss_destroy_nullcred(cred);
1301}
1302
1303/*
1304 * Lookup RPCSEC_GSS cred for the current process
1305 */
1306static struct rpc_cred *
1307gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
1308{
1309        return rpcauth_lookup_credcache(auth, acred, flags);
1310}
1311
1312static struct rpc_cred *
1313gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
1314{
1315        struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1316        struct gss_cred *cred = NULL;
1317        int err = -ENOMEM;
1318
1319        dprintk("RPC:       %s for uid %d, flavor %d\n",
1320                __func__, from_kuid(&init_user_ns, acred->uid),
1321                auth->au_flavor);
1322
1323        if (!(cred = kzalloc(sizeof(*cred), GFP_NOFS)))
1324                goto out_err;
1325
1326        rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
1327        /*
1328         * Note: in order to force a call to call_refresh(), we deliberately
1329         * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
1330         */
1331        cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
1332        cred->gc_service = gss_auth->service;
1333        cred->gc_principal = NULL;
1334        if (acred->machine_cred)
1335                cred->gc_principal = acred->principal;
1336        kref_get(&gss_auth->kref);
1337        return &cred->gc_base;
1338
1339out_err:
1340        dprintk("RPC:       %s failed with error %d\n", __func__, err);
1341        return ERR_PTR(err);
1342}
1343
1344static int
1345gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
1346{
1347        struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1348        struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
1349        int err;
1350
1351        do {
1352                err = gss_create_upcall(gss_auth, gss_cred);
1353        } while (err == -EAGAIN);
1354        return err;
1355}
1356
1357static char *
1358gss_stringify_acceptor(struct rpc_cred *cred)
1359{
1360        char *string = NULL;
1361        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1362        struct gss_cl_ctx *ctx;
1363        unsigned int len;
1364        struct xdr_netobj *acceptor;
1365
1366        rcu_read_lock();
1367        ctx = rcu_dereference(gss_cred->gc_ctx);
1368        if (!ctx)
1369                goto out;
1370
1371        len = ctx->gc_acceptor.len;
1372        rcu_read_unlock();
1373
1374        /* no point if there's no string */
1375        if (!len)
1376                return NULL;
1377realloc:
1378        string = kmalloc(len + 1, GFP_KERNEL);
1379        if (!string)
1380                return NULL;
1381
1382        rcu_read_lock();
1383        ctx = rcu_dereference(gss_cred->gc_ctx);
1384
1385        /* did the ctx disappear or was it replaced by one with no acceptor? */
1386        if (!ctx || !ctx->gc_acceptor.len) {
1387                kfree(string);
1388                string = NULL;
1389                goto out;
1390        }
1391
1392        acceptor = &ctx->gc_acceptor;
1393
1394        /*
1395         * Did we find a new acceptor that's longer than the original? Allocate
1396         * a longer buffer and try again.
1397         */
1398        if (len < acceptor->len) {
1399                len = acceptor->len;
1400                rcu_read_unlock();
1401                kfree(string);
1402                goto realloc;
1403        }
1404
1405        memcpy(string, acceptor->data, acceptor->len);
1406        string[acceptor->len] = '\0';
1407out:
1408        rcu_read_unlock();
1409        return string;
1410}
1411
1412/*
1413 * Returns -EACCES if GSS context is NULL or will expire within the
1414 * timeout (miliseconds)
1415 */
1416static int
1417gss_key_timeout(struct rpc_cred *rc)
1418{
1419        struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1420        struct gss_cl_ctx *ctx;
1421        unsigned long timeout = jiffies + (gss_key_expire_timeo * HZ);
1422        int ret = 0;
1423
1424        rcu_read_lock();
1425        ctx = rcu_dereference(gss_cred->gc_ctx);
1426        if (!ctx || time_after(timeout, ctx->gc_expiry))
1427                ret = -EACCES;
1428        rcu_read_unlock();
1429
1430        return ret;
1431}
1432
1433static int
1434gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
1435{
1436        struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1437        struct gss_cl_ctx *ctx;
1438        int ret;
1439
1440        if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
1441                goto out;
1442        /* Don't match with creds that have expired. */
1443        rcu_read_lock();
1444        ctx = rcu_dereference(gss_cred->gc_ctx);
1445        if (!ctx || time_after(jiffies, ctx->gc_expiry)) {
1446                rcu_read_unlock();
1447                return 0;
1448        }
1449        rcu_read_unlock();
1450        if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
1451                return 0;
1452out:
1453        if (acred->principal != NULL) {
1454                if (gss_cred->gc_principal == NULL)
1455                        return 0;
1456                ret = strcmp(acred->principal, gss_cred->gc_principal) == 0;
1457                goto check_expire;
1458        }
1459        if (gss_cred->gc_principal != NULL)
1460                return 0;
1461        ret = uid_eq(rc->cr_uid, acred->uid);
1462
1463check_expire:
1464        if (ret == 0)
1465                return ret;
1466
1467        /* Notify acred users of GSS context expiration timeout */
1468        if (test_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags) &&
1469            (gss_key_timeout(rc) != 0)) {
1470                /* test will now be done from generic cred */
1471                test_and_clear_bit(RPC_CRED_NOTIFY_TIMEOUT, &acred->ac_flags);
1472                /* tell NFS layer that key will expire soon */
1473                set_bit(RPC_CRED_KEY_EXPIRE_SOON, &acred->ac_flags);
1474        }
1475        return ret;
1476}
1477
1478/*
1479* Marshal credentials.
1480* Maybe we should keep a cached credential for performance reasons.
1481*/
1482static __be32 *
1483gss_marshal(struct rpc_task *task, __be32 *p)
1484{
1485        struct rpc_rqst *req = task->tk_rqstp;
1486        struct rpc_cred *cred = req->rq_cred;
1487        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1488                                                 gc_base);
1489        struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
1490        __be32          *cred_len;
1491        u32             maj_stat = 0;
1492        struct xdr_netobj mic;
1493        struct kvec     iov;
1494        struct xdr_buf  verf_buf;
1495
1496        dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1497
1498        *p++ = htonl(RPC_AUTH_GSS);
1499        cred_len = p++;
1500
1501        spin_lock(&ctx->gc_seq_lock);
1502        req->rq_seqno = ctx->gc_seq++;
1503        spin_unlock(&ctx->gc_seq_lock);
1504
1505        *p++ = htonl((u32) RPC_GSS_VERSION);
1506        *p++ = htonl((u32) ctx->gc_proc);
1507        *p++ = htonl((u32) req->rq_seqno);
1508        *p++ = htonl((u32) gss_cred->gc_service);
1509        p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
1510        *cred_len = htonl((p - (cred_len + 1)) << 2);
1511
1512        /* We compute the checksum for the verifier over the xdr-encoded bytes
1513         * starting with the xid and ending at the end of the credential: */
1514        iov.iov_base = xprt_skip_transport_header(req->rq_xprt,
1515                                        req->rq_snd_buf.head[0].iov_base);
1516        iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
1517        xdr_buf_from_iov(&iov, &verf_buf);
1518
1519        /* set verifier flavor*/
1520        *p++ = htonl(RPC_AUTH_GSS);
1521
1522        mic.data = (u8 *)(p + 1);
1523        maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1524        if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
1525                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1526        } else if (maj_stat != 0) {
1527                printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
1528                goto out_put_ctx;
1529        }
1530        p = xdr_encode_opaque(p, NULL, mic.len);
1531        gss_put_ctx(ctx);
1532        return p;
1533out_put_ctx:
1534        gss_put_ctx(ctx);
1535        return NULL;
1536}
1537
1538static int gss_renew_cred(struct rpc_task *task)
1539{
1540        struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
1541        struct gss_cred *gss_cred = container_of(oldcred,
1542                                                 struct gss_cred,
1543                                                 gc_base);
1544        struct rpc_auth *auth = oldcred->cr_auth;
1545        struct auth_cred acred = {
1546                .uid = oldcred->cr_uid,
1547                .principal = gss_cred->gc_principal,
1548                .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0),
1549        };
1550        struct rpc_cred *new;
1551
1552        new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
1553        if (IS_ERR(new))
1554                return PTR_ERR(new);
1555        task->tk_rqstp->rq_cred = new;
1556        put_rpccred(oldcred);
1557        return 0;
1558}
1559
1560static int gss_cred_is_negative_entry(struct rpc_cred *cred)
1561{
1562        if (test_bit(RPCAUTH_CRED_NEGATIVE, &cred->cr_flags)) {
1563                unsigned long now = jiffies;
1564                unsigned long begin, expire;
1565                struct gss_cred *gss_cred;
1566
1567                gss_cred = container_of(cred, struct gss_cred, gc_base);
1568                begin = gss_cred->gc_upcall_timestamp;
1569                expire = begin + gss_expired_cred_retry_delay * HZ;
1570
1571                if (time_in_range_open(now, begin, expire))
1572                        return 1;
1573        }
1574        return 0;
1575}
1576
1577/*
1578* Refresh credentials. XXX - finish
1579*/
1580static int
1581gss_refresh(struct rpc_task *task)
1582{
1583        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1584        int ret = 0;
1585
1586        if (gss_cred_is_negative_entry(cred))
1587                return -EKEYEXPIRED;
1588
1589        if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
1590                        !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
1591                ret = gss_renew_cred(task);
1592                if (ret < 0)
1593                        goto out;
1594                cred = task->tk_rqstp->rq_cred;
1595        }
1596
1597        if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
1598                ret = gss_refresh_upcall(task);
1599out:
1600        return ret;
1601}
1602
1603/* Dummy refresh routine: used only when destroying the context */
1604static int
1605gss_refresh_null(struct rpc_task *task)
1606{
1607        return 0;
1608}
1609
1610static __be32 *
1611gss_validate(struct rpc_task *task, __be32 *p)
1612{
1613        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1614        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1615        __be32          seq;
1616        struct kvec     iov;
1617        struct xdr_buf  verf_buf;
1618        struct xdr_netobj mic;
1619        u32             flav,len;
1620        u32             maj_stat;
1621        __be32          *ret = ERR_PTR(-EIO);
1622
1623        dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1624
1625        flav = ntohl(*p++);
1626        if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
1627                goto out_bad;
1628        if (flav != RPC_AUTH_GSS)
1629                goto out_bad;
1630        seq = htonl(task->tk_rqstp->rq_seqno);
1631        iov.iov_base = &seq;
1632        iov.iov_len = sizeof(seq);
1633        xdr_buf_from_iov(&iov, &verf_buf);
1634        mic.data = (u8 *)p;
1635        mic.len = len;
1636
1637        ret = ERR_PTR(-EACCES);
1638        maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1639        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1640                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1641        if (maj_stat) {
1642                dprintk("RPC: %5u %s: gss_verify_mic returned error 0x%08x\n",
1643                        task->tk_pid, __func__, maj_stat);
1644                goto out_bad;
1645        }
1646        /* We leave it to unwrap to calculate au_rslack. For now we just
1647         * calculate the length of the verifier: */
1648        cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1649        gss_put_ctx(ctx);
1650        dprintk("RPC: %5u %s: gss_verify_mic succeeded.\n",
1651                        task->tk_pid, __func__);
1652        return p + XDR_QUADLEN(len);
1653out_bad:
1654        gss_put_ctx(ctx);
1655        dprintk("RPC: %5u %s failed ret %ld.\n", task->tk_pid, __func__,
1656                PTR_ERR(ret));
1657        return ret;
1658}
1659
1660static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
1661                                __be32 *p, void *obj)
1662{
1663        struct xdr_stream xdr;
1664
1665        xdr_init_encode(&xdr, &rqstp->rq_snd_buf, p);
1666        encode(rqstp, &xdr, obj);
1667}
1668
1669static inline int
1670gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1671                   kxdreproc_t encode, struct rpc_rqst *rqstp,
1672                   __be32 *p, void *obj)
1673{
1674        struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1675        struct xdr_buf  integ_buf;
1676        __be32          *integ_len = NULL;
1677        struct xdr_netobj mic;
1678        u32             offset;
1679        __be32          *q;
1680        struct kvec     *iov;
1681        u32             maj_stat = 0;
1682        int             status = -EIO;
1683
1684        integ_len = p++;
1685        offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1686        *p++ = htonl(rqstp->rq_seqno);
1687
1688        gss_wrap_req_encode(encode, rqstp, p, obj);
1689
1690        if (xdr_buf_subsegment(snd_buf, &integ_buf,
1691                                offset, snd_buf->len - offset))
1692                return status;
1693        *integ_len = htonl(integ_buf.len);
1694
1695        /* guess whether we're in the head or the tail: */
1696        if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1697                iov = snd_buf->tail;
1698        else
1699                iov = snd_buf->head;
1700        p = iov->iov_base + iov->iov_len;
1701        mic.data = (u8 *)(p + 1);
1702
1703        maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1704        status = -EIO; /* XXX? */
1705        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1706                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1707        else if (maj_stat)
1708                return status;
1709        q = xdr_encode_opaque(p, NULL, mic.len);
1710
1711        offset = (u8 *)q - (u8 *)p;
1712        iov->iov_len += offset;
1713        snd_buf->len += offset;
1714        return 0;
1715}
1716
1717static void
1718priv_release_snd_buf(struct rpc_rqst *rqstp)
1719{
1720        int i;
1721
1722        for (i=0; i < rqstp->rq_enc_pages_num; i++)
1723                __free_page(rqstp->rq_enc_pages[i]);
1724        kfree(rqstp->rq_enc_pages);
1725}
1726
1727static int
1728alloc_enc_pages(struct rpc_rqst *rqstp)
1729{
1730        struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1731        int first, last, i;
1732
1733        if (snd_buf->page_len == 0) {
1734                rqstp->rq_enc_pages_num = 0;
1735                return 0;
1736        }
1737
1738        first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1739        last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
1740        rqstp->rq_enc_pages_num = last - first + 1 + 1;
1741        rqstp->rq_enc_pages
1742                = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
1743                                GFP_NOFS);
1744        if (!rqstp->rq_enc_pages)
1745                goto out;
1746        for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1747                rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1748                if (rqstp->rq_enc_pages[i] == NULL)
1749                        goto out_free;
1750        }
1751        rqstp->rq_release_snd_buf = priv_release_snd_buf;
1752        return 0;
1753out_free:
1754        rqstp->rq_enc_pages_num = i;
1755        priv_release_snd_buf(rqstp);
1756out:
1757        return -EAGAIN;
1758}
1759
1760static inline int
1761gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1762                  kxdreproc_t encode, struct rpc_rqst *rqstp,
1763                  __be32 *p, void *obj)
1764{
1765        struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1766        u32             offset;
1767        u32             maj_stat;
1768        int             status;
1769        __be32          *opaque_len;
1770        struct page     **inpages;
1771        int             first;
1772        int             pad;
1773        struct kvec     *iov;
1774        char            *tmp;
1775
1776        opaque_len = p++;
1777        offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1778        *p++ = htonl(rqstp->rq_seqno);
1779
1780        gss_wrap_req_encode(encode, rqstp, p, obj);
1781
1782        status = alloc_enc_pages(rqstp);
1783        if (status)
1784                return status;
1785        first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1786        inpages = snd_buf->pages + first;
1787        snd_buf->pages = rqstp->rq_enc_pages;
1788        snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1789        /*
1790         * Give the tail its own page, in case we need extra space in the
1791         * head when wrapping:
1792         *
1793         * call_allocate() allocates twice the slack space required
1794         * by the authentication flavor to rq_callsize.
1795         * For GSS, slack is GSS_CRED_SLACK.
1796         */
1797        if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1798                tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1799                memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1800                snd_buf->tail[0].iov_base = tmp;
1801        }
1802        maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1803        /* slack space should prevent this ever happening: */
1804        BUG_ON(snd_buf->len > snd_buf->buflen);
1805        status = -EIO;
1806        /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1807         * done anyway, so it's safe to put the request on the wire: */
1808        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1809                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1810        else if (maj_stat)
1811                return status;
1812
1813        *opaque_len = htonl(snd_buf->len - offset);
1814        /* guess whether we're in the head or the tail: */
1815        if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1816                iov = snd_buf->tail;
1817        else
1818                iov = snd_buf->head;
1819        p = iov->iov_base + iov->iov_len;
1820        pad = 3 - ((snd_buf->len - offset - 1) & 3);
1821        memset(p, 0, pad);
1822        iov->iov_len += pad;
1823        snd_buf->len += pad;
1824
1825        return 0;
1826}
1827
1828static int
1829gss_wrap_req(struct rpc_task *task,
1830             kxdreproc_t encode, void *rqstp, __be32 *p, void *obj)
1831{
1832        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1833        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1834                        gc_base);
1835        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1836        int             status = -EIO;
1837
1838        dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1839        if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1840                /* The spec seems a little ambiguous here, but I think that not
1841                 * wrapping context destruction requests makes the most sense.
1842                 */
1843                gss_wrap_req_encode(encode, rqstp, p, obj);
1844                status = 0;
1845                goto out;
1846        }
1847        switch (gss_cred->gc_service) {
1848        case RPC_GSS_SVC_NONE:
1849                gss_wrap_req_encode(encode, rqstp, p, obj);
1850                status = 0;
1851                break;
1852        case RPC_GSS_SVC_INTEGRITY:
1853                status = gss_wrap_req_integ(cred, ctx, encode, rqstp, p, obj);
1854                break;
1855        case RPC_GSS_SVC_PRIVACY:
1856                status = gss_wrap_req_priv(cred, ctx, encode, rqstp, p, obj);
1857                break;
1858        }
1859out:
1860        gss_put_ctx(ctx);
1861        dprintk("RPC: %5u %s returning %d\n", task->tk_pid, __func__, status);
1862        return status;
1863}
1864
1865static inline int
1866gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1867                struct rpc_rqst *rqstp, __be32 **p)
1868{
1869        struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1870        struct xdr_buf integ_buf;
1871        struct xdr_netobj mic;
1872        u32 data_offset, mic_offset;
1873        u32 integ_len;
1874        u32 maj_stat;
1875        int status = -EIO;
1876
1877        integ_len = ntohl(*(*p)++);
1878        if (integ_len & 3)
1879                return status;
1880        data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1881        mic_offset = integ_len + data_offset;
1882        if (mic_offset > rcv_buf->len)
1883                return status;
1884        if (ntohl(*(*p)++) != rqstp->rq_seqno)
1885                return status;
1886
1887        if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1888                                mic_offset - data_offset))
1889                return status;
1890
1891        if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1892                return status;
1893
1894        maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1895        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1896                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1897        if (maj_stat != GSS_S_COMPLETE)
1898                return status;
1899        return 0;
1900}
1901
1902static inline int
1903gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1904                struct rpc_rqst *rqstp, __be32 **p)
1905{
1906        struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1907        u32 offset;
1908        u32 opaque_len;
1909        u32 maj_stat;
1910        int status = -EIO;
1911
1912        opaque_len = ntohl(*(*p)++);
1913        offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1914        if (offset + opaque_len > rcv_buf->len)
1915                return status;
1916        /* remove padding: */
1917        rcv_buf->len = offset + opaque_len;
1918
1919        maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1920        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1921                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1922        if (maj_stat != GSS_S_COMPLETE)
1923                return status;
1924        if (ntohl(*(*p)++) != rqstp->rq_seqno)
1925                return status;
1926
1927        return 0;
1928}
1929
1930static int
1931gss_unwrap_req_decode(kxdrdproc_t decode, struct rpc_rqst *rqstp,
1932                      __be32 *p, void *obj)
1933{
1934        struct xdr_stream xdr;
1935
1936        xdr_init_decode(&xdr, &rqstp->rq_rcv_buf, p);
1937        return decode(rqstp, &xdr, obj);
1938}
1939
1940static int
1941gss_unwrap_resp(struct rpc_task *task,
1942                kxdrdproc_t decode, void *rqstp, __be32 *p, void *obj)
1943{
1944        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1945        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1946                        gc_base);
1947        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1948        __be32          *savedp = p;
1949        struct kvec     *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1950        int             savedlen = head->iov_len;
1951        int             status = -EIO;
1952
1953        if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1954                goto out_decode;
1955        switch (gss_cred->gc_service) {
1956        case RPC_GSS_SVC_NONE:
1957                break;
1958        case RPC_GSS_SVC_INTEGRITY:
1959                status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1960                if (status)
1961                        goto out;
1962                break;
1963        case RPC_GSS_SVC_PRIVACY:
1964                status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1965                if (status)
1966                        goto out;
1967                break;
1968        }
1969        /* take into account extra slack for integrity and privacy cases: */
1970        cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1971                                                + (savedlen - head->iov_len);
1972out_decode:
1973        status = gss_unwrap_req_decode(decode, rqstp, p, obj);
1974out:
1975        gss_put_ctx(ctx);
1976        dprintk("RPC: %5u %s returning %d\n",
1977                task->tk_pid, __func__, status);
1978        return status;
1979}
1980
1981static const struct rpc_authops authgss_ops = {
1982        .owner          = THIS_MODULE,
1983        .au_flavor      = RPC_AUTH_GSS,
1984        .au_name        = "RPCSEC_GSS",
1985        .create         = gss_create,
1986        .destroy        = gss_destroy,
1987        .lookup_cred    = gss_lookup_cred,
1988        .crcreate       = gss_create_cred,
1989        .list_pseudoflavors = gss_mech_list_pseudoflavors,
1990        .info2flavor    = gss_mech_info2flavor,
1991        .flavor2info    = gss_mech_flavor2info,
1992};
1993
1994static const struct rpc_credops gss_credops = {
1995        .cr_name                = "AUTH_GSS",
1996        .crdestroy              = gss_destroy_cred,
1997        .cr_init                = gss_cred_init,
1998        .crbind                 = rpcauth_generic_bind_cred,
1999        .crmatch                = gss_match,
2000        .crmarshal              = gss_marshal,
2001        .crrefresh              = gss_refresh,
2002        .crvalidate             = gss_validate,
2003        .crwrap_req             = gss_wrap_req,
2004        .crunwrap_resp          = gss_unwrap_resp,
2005        .crkey_timeout          = gss_key_timeout,
2006        .crstringify_acceptor   = gss_stringify_acceptor,
2007};
2008
2009static const struct rpc_credops gss_nullops = {
2010        .cr_name                = "AUTH_GSS",
2011        .crdestroy              = gss_destroy_nullcred,
2012        .crbind                 = rpcauth_generic_bind_cred,
2013        .crmatch                = gss_match,
2014        .crmarshal              = gss_marshal,
2015        .crrefresh              = gss_refresh_null,
2016        .crvalidate             = gss_validate,
2017        .crwrap_req             = gss_wrap_req,
2018        .crunwrap_resp          = gss_unwrap_resp,
2019        .crstringify_acceptor   = gss_stringify_acceptor,
2020};
2021
2022static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
2023        .upcall         = rpc_pipe_generic_upcall,
2024        .downcall       = gss_pipe_downcall,
2025        .destroy_msg    = gss_pipe_destroy_msg,
2026        .open_pipe      = gss_pipe_open_v0,
2027        .release_pipe   = gss_pipe_release,
2028};
2029
2030static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
2031        .upcall         = rpc_pipe_generic_upcall,
2032        .downcall       = gss_pipe_downcall,
2033        .destroy_msg    = gss_pipe_destroy_msg,
2034        .open_pipe      = gss_pipe_open_v1,
2035        .release_pipe   = gss_pipe_release,
2036};
2037
2038static __net_init int rpcsec_gss_init_net(struct net *net)
2039{
2040        return gss_svc_init_net(net);
2041}
2042
2043static __net_exit void rpcsec_gss_exit_net(struct net *net)
2044{
2045        gss_svc_shutdown_net(net);
2046}
2047
2048static struct pernet_operations rpcsec_gss_net_ops = {
2049        .init = rpcsec_gss_init_net,
2050        .exit = rpcsec_gss_exit_net,
2051};
2052
2053/*
2054 * Initialize RPCSEC_GSS module
2055 */
2056static int __init init_rpcsec_gss(void)
2057{
2058        int err = 0;
2059
2060        err = rpcauth_register(&authgss_ops);
2061        if (err)
2062                goto out;
2063        err = gss_svc_init();
2064        if (err)
2065                goto out_unregister;
2066        err = register_pernet_subsys(&rpcsec_gss_net_ops);
2067        if (err)
2068                goto out_svc_exit;
2069        rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
2070        return 0;
2071out_svc_exit:
2072        gss_svc_shutdown();
2073out_unregister:
2074        rpcauth_unregister(&authgss_ops);
2075out:
2076        return err;
2077}
2078
2079static void __exit exit_rpcsec_gss(void)
2080{
2081        unregister_pernet_subsys(&rpcsec_gss_net_ops);
2082        gss_svc_shutdown();
2083        rpcauth_unregister(&authgss_ops);
2084        rcu_barrier(); /* Wait for completion of call_rcu()'s */
2085}
2086
2087MODULE_ALIAS("rpc-auth-6");
2088MODULE_LICENSE("GPL");
2089module_param_named(expired_cred_retry_delay,
2090                   gss_expired_cred_retry_delay,
2091                   uint, 0644);
2092MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
2093                "the RPC engine retries an expired credential");
2094
2095module_param_named(key_expire_timeo,
2096                   gss_key_expire_timeo,
2097                   uint, 0644);
2098MODULE_PARM_DESC(key_expire_timeo, "Time (in seconds) at the end of a "
2099                "credential keys lifetime where the NFS layer cleans up "
2100                "prior to key expiration");
2101
2102module_init(init_rpcsec_gss)
2103module_exit(exit_rpcsec_gss)
Note: See TracBrowser for help on using the repository browser.