svcauth_gss.c 38 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549
  1. /*
  2. * Neil Brown <neilb@cse.unsw.edu.au>
  3. * J. Bruce Fields <bfields@umich.edu>
  4. * Andy Adamson <andros@umich.edu>
  5. * Dug Song <dugsong@monkey.org>
  6. *
  7. * RPCSEC_GSS server authentication.
  8. * This implements RPCSEC_GSS as defined in rfc2203 (rpcsec_gss) and rfc2078
  9. * (gssapi)
  10. *
  11. * The RPCSEC_GSS involves three stages:
  12. * 1/ context creation
  13. * 2/ data exchange
  14. * 3/ context destruction
  15. *
  16. * Context creation is handled largely by upcalls to user-space.
  17. * In particular, GSS_Accept_sec_context is handled by an upcall
  18. * Data exchange is handled entirely within the kernel
  19. * In particular, GSS_GetMIC, GSS_VerifyMIC, GSS_Seal, GSS_Unseal are in-kernel.
  20. * Context destruction is handled in-kernel
  21. * GSS_Delete_sec_context is in-kernel
  22. *
  23. * Context creation is initiated by a RPCSEC_GSS_INIT request arriving.
  24. * The context handle and gss_token are used as a key into the rpcsec_init cache.
  25. * The content of this cache includes some of the outputs of GSS_Accept_sec_context,
  26. * being major_status, minor_status, context_handle, reply_token.
  27. * These are sent back to the client.
  28. * Sequence window management is handled by the kernel. The window size if currently
  29. * a compile time constant.
  30. *
  31. * When user-space is happy that a context is established, it places an entry
  32. * in the rpcsec_context cache. The key for this cache is the context_handle.
  33. * The content includes:
  34. * uid/gidlist - for determining access rights
  35. * mechanism type
  36. * mechanism specific information, such as a key
  37. *
  38. */
  39. #include <linux/slab.h>
  40. #include <linux/types.h>
  41. #include <linux/module.h>
  42. #include <linux/pagemap.h>
  43. #include <linux/user_namespace.h>
  44. #include <linux/sunrpc/auth_gss.h>
  45. #include <linux/sunrpc/gss_err.h>
  46. #include <linux/sunrpc/svcauth.h>
  47. #include <linux/sunrpc/svcauth_gss.h>
  48. #include <linux/sunrpc/cache.h>
  49. #include "../netns.h"
  50. #ifdef RPC_DEBUG
  51. # define RPCDBG_FACILITY RPCDBG_AUTH
  52. #endif
  53. /* The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests
  54. * into replies.
  55. *
  56. * Key is context handle (\x if empty) and gss_token.
  57. * Content is major_status minor_status (integers) context_handle, reply_token.
  58. *
  59. */
  60. static int netobj_equal(struct xdr_netobj *a, struct xdr_netobj *b)
  61. {
  62. return a->len == b->len && 0 == memcmp(a->data, b->data, a->len);
  63. }
  64. #define RSI_HASHBITS 6
  65. #define RSI_HASHMAX (1<<RSI_HASHBITS)
  66. struct rsi {
  67. struct cache_head h;
  68. struct xdr_netobj in_handle, in_token;
  69. struct xdr_netobj out_handle, out_token;
  70. int major_status, minor_status;
  71. };
  72. static struct rsi *rsi_update(struct cache_detail *cd, struct rsi *new, struct rsi *old);
  73. static struct rsi *rsi_lookup(struct cache_detail *cd, struct rsi *item);
  74. static void rsi_free(struct rsi *rsii)
  75. {
  76. kfree(rsii->in_handle.data);
  77. kfree(rsii->in_token.data);
  78. kfree(rsii->out_handle.data);
  79. kfree(rsii->out_token.data);
  80. }
  81. static void rsi_put(struct kref *ref)
  82. {
  83. struct rsi *rsii = container_of(ref, struct rsi, h.ref);
  84. rsi_free(rsii);
  85. kfree(rsii);
  86. }
  87. static inline int rsi_hash(struct rsi *item)
  88. {
  89. return hash_mem(item->in_handle.data, item->in_handle.len, RSI_HASHBITS)
  90. ^ hash_mem(item->in_token.data, item->in_token.len, RSI_HASHBITS);
  91. }
  92. static int rsi_match(struct cache_head *a, struct cache_head *b)
  93. {
  94. struct rsi *item = container_of(a, struct rsi, h);
  95. struct rsi *tmp = container_of(b, struct rsi, h);
  96. return netobj_equal(&item->in_handle, &tmp->in_handle) &&
  97. netobj_equal(&item->in_token, &tmp->in_token);
  98. }
  99. static int dup_to_netobj(struct xdr_netobj *dst, char *src, int len)
  100. {
  101. dst->len = len;
  102. dst->data = (len ? kmemdup(src, len, GFP_KERNEL) : NULL);
  103. if (len && !dst->data)
  104. return -ENOMEM;
  105. return 0;
  106. }
  107. static inline int dup_netobj(struct xdr_netobj *dst, struct xdr_netobj *src)
  108. {
  109. return dup_to_netobj(dst, src->data, src->len);
  110. }
  111. static void rsi_init(struct cache_head *cnew, struct cache_head *citem)
  112. {
  113. struct rsi *new = container_of(cnew, struct rsi, h);
  114. struct rsi *item = container_of(citem, struct rsi, h);
  115. new->out_handle.data = NULL;
  116. new->out_handle.len = 0;
  117. new->out_token.data = NULL;
  118. new->out_token.len = 0;
  119. new->in_handle.len = item->in_handle.len;
  120. item->in_handle.len = 0;
  121. new->in_token.len = item->in_token.len;
  122. item->in_token.len = 0;
  123. new->in_handle.data = item->in_handle.data;
  124. item->in_handle.data = NULL;
  125. new->in_token.data = item->in_token.data;
  126. item->in_token.data = NULL;
  127. }
  128. static void update_rsi(struct cache_head *cnew, struct cache_head *citem)
  129. {
  130. struct rsi *new = container_of(cnew, struct rsi, h);
  131. struct rsi *item = container_of(citem, struct rsi, h);
  132. BUG_ON(new->out_handle.data || new->out_token.data);
  133. new->out_handle.len = item->out_handle.len;
  134. item->out_handle.len = 0;
  135. new->out_token.len = item->out_token.len;
  136. item->out_token.len = 0;
  137. new->out_handle.data = item->out_handle.data;
  138. item->out_handle.data = NULL;
  139. new->out_token.data = item->out_token.data;
  140. item->out_token.data = NULL;
  141. new->major_status = item->major_status;
  142. new->minor_status = item->minor_status;
  143. }
  144. static struct cache_head *rsi_alloc(void)
  145. {
  146. struct rsi *rsii = kmalloc(sizeof(*rsii), GFP_KERNEL);
  147. if (rsii)
  148. return &rsii->h;
  149. else
  150. return NULL;
  151. }
  152. static void rsi_request(struct cache_detail *cd,
  153. struct cache_head *h,
  154. char **bpp, int *blen)
  155. {
  156. struct rsi *rsii = container_of(h, struct rsi, h);
  157. qword_addhex(bpp, blen, rsii->in_handle.data, rsii->in_handle.len);
  158. qword_addhex(bpp, blen, rsii->in_token.data, rsii->in_token.len);
  159. (*bpp)[-1] = '\n';
  160. }
  161. static int rsi_upcall(struct cache_detail *cd, struct cache_head *h)
  162. {
  163. return sunrpc_cache_pipe_upcall(cd, h, rsi_request);
  164. }
  165. static int rsi_parse(struct cache_detail *cd,
  166. char *mesg, int mlen)
  167. {
  168. /* context token expiry major minor context token */
  169. char *buf = mesg;
  170. char *ep;
  171. int len;
  172. struct rsi rsii, *rsip = NULL;
  173. time_t expiry;
  174. int status = -EINVAL;
  175. memset(&rsii, 0, sizeof(rsii));
  176. /* handle */
  177. len = qword_get(&mesg, buf, mlen);
  178. if (len < 0)
  179. goto out;
  180. status = -ENOMEM;
  181. if (dup_to_netobj(&rsii.in_handle, buf, len))
  182. goto out;
  183. /* token */
  184. len = qword_get(&mesg, buf, mlen);
  185. status = -EINVAL;
  186. if (len < 0)
  187. goto out;
  188. status = -ENOMEM;
  189. if (dup_to_netobj(&rsii.in_token, buf, len))
  190. goto out;
  191. rsip = rsi_lookup(cd, &rsii);
  192. if (!rsip)
  193. goto out;
  194. rsii.h.flags = 0;
  195. /* expiry */
  196. expiry = get_expiry(&mesg);
  197. status = -EINVAL;
  198. if (expiry == 0)
  199. goto out;
  200. /* major/minor */
  201. len = qword_get(&mesg, buf, mlen);
  202. if (len <= 0)
  203. goto out;
  204. rsii.major_status = simple_strtoul(buf, &ep, 10);
  205. if (*ep)
  206. goto out;
  207. len = qword_get(&mesg, buf, mlen);
  208. if (len <= 0)
  209. goto out;
  210. rsii.minor_status = simple_strtoul(buf, &ep, 10);
  211. if (*ep)
  212. goto out;
  213. /* out_handle */
  214. len = qword_get(&mesg, buf, mlen);
  215. if (len < 0)
  216. goto out;
  217. status = -ENOMEM;
  218. if (dup_to_netobj(&rsii.out_handle, buf, len))
  219. goto out;
  220. /* out_token */
  221. len = qword_get(&mesg, buf, mlen);
  222. status = -EINVAL;
  223. if (len < 0)
  224. goto out;
  225. status = -ENOMEM;
  226. if (dup_to_netobj(&rsii.out_token, buf, len))
  227. goto out;
  228. rsii.h.expiry_time = expiry;
  229. rsip = rsi_update(cd, &rsii, rsip);
  230. status = 0;
  231. out:
  232. rsi_free(&rsii);
  233. if (rsip)
  234. cache_put(&rsip->h, cd);
  235. else
  236. status = -ENOMEM;
  237. return status;
  238. }
  239. static struct cache_detail rsi_cache_template = {
  240. .owner = THIS_MODULE,
  241. .hash_size = RSI_HASHMAX,
  242. .name = "auth.rpcsec.init",
  243. .cache_put = rsi_put,
  244. .cache_upcall = rsi_upcall,
  245. .cache_parse = rsi_parse,
  246. .match = rsi_match,
  247. .init = rsi_init,
  248. .update = update_rsi,
  249. .alloc = rsi_alloc,
  250. };
  251. static struct rsi *rsi_lookup(struct cache_detail *cd, struct rsi *item)
  252. {
  253. struct cache_head *ch;
  254. int hash = rsi_hash(item);
  255. ch = sunrpc_cache_lookup(cd, &item->h, hash);
  256. if (ch)
  257. return container_of(ch, struct rsi, h);
  258. else
  259. return NULL;
  260. }
  261. static struct rsi *rsi_update(struct cache_detail *cd, struct rsi *new, struct rsi *old)
  262. {
  263. struct cache_head *ch;
  264. int hash = rsi_hash(new);
  265. ch = sunrpc_cache_update(cd, &new->h,
  266. &old->h, hash);
  267. if (ch)
  268. return container_of(ch, struct rsi, h);
  269. else
  270. return NULL;
  271. }
  272. /*
  273. * The rpcsec_context cache is used to store a context that is
  274. * used in data exchange.
  275. * The key is a context handle. The content is:
  276. * uid, gidlist, mechanism, service-set, mech-specific-data
  277. */
  278. #define RSC_HASHBITS 10
  279. #define RSC_HASHMAX (1<<RSC_HASHBITS)
  280. #define GSS_SEQ_WIN 128
  281. struct gss_svc_seq_data {
  282. /* highest seq number seen so far: */
  283. int sd_max;
  284. /* for i such that sd_max-GSS_SEQ_WIN < i <= sd_max, the i-th bit of
  285. * sd_win is nonzero iff sequence number i has been seen already: */
  286. unsigned long sd_win[GSS_SEQ_WIN/BITS_PER_LONG];
  287. spinlock_t sd_lock;
  288. };
  289. struct rsc {
  290. struct cache_head h;
  291. struct xdr_netobj handle;
  292. struct svc_cred cred;
  293. struct gss_svc_seq_data seqdata;
  294. struct gss_ctx *mechctx;
  295. };
  296. static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct rsc *old);
  297. static struct rsc *rsc_lookup(struct cache_detail *cd, struct rsc *item);
  298. static void rsc_free(struct rsc *rsci)
  299. {
  300. kfree(rsci->handle.data);
  301. if (rsci->mechctx)
  302. gss_delete_sec_context(&rsci->mechctx);
  303. free_svc_cred(&rsci->cred);
  304. }
  305. static void rsc_put(struct kref *ref)
  306. {
  307. struct rsc *rsci = container_of(ref, struct rsc, h.ref);
  308. rsc_free(rsci);
  309. kfree(rsci);
  310. }
  311. static inline int
  312. rsc_hash(struct rsc *rsci)
  313. {
  314. return hash_mem(rsci->handle.data, rsci->handle.len, RSC_HASHBITS);
  315. }
  316. static int
  317. rsc_match(struct cache_head *a, struct cache_head *b)
  318. {
  319. struct rsc *new = container_of(a, struct rsc, h);
  320. struct rsc *tmp = container_of(b, struct rsc, h);
  321. return netobj_equal(&new->handle, &tmp->handle);
  322. }
  323. static void
  324. rsc_init(struct cache_head *cnew, struct cache_head *ctmp)
  325. {
  326. struct rsc *new = container_of(cnew, struct rsc, h);
  327. struct rsc *tmp = container_of(ctmp, struct rsc, h);
  328. new->handle.len = tmp->handle.len;
  329. tmp->handle.len = 0;
  330. new->handle.data = tmp->handle.data;
  331. tmp->handle.data = NULL;
  332. new->mechctx = NULL;
  333. new->cred.cr_group_info = NULL;
  334. new->cred.cr_principal = NULL;
  335. }
  336. static void
  337. update_rsc(struct cache_head *cnew, struct cache_head *ctmp)
  338. {
  339. struct rsc *new = container_of(cnew, struct rsc, h);
  340. struct rsc *tmp = container_of(ctmp, struct rsc, h);
  341. new->mechctx = tmp->mechctx;
  342. tmp->mechctx = NULL;
  343. memset(&new->seqdata, 0, sizeof(new->seqdata));
  344. spin_lock_init(&new->seqdata.sd_lock);
  345. new->cred = tmp->cred;
  346. tmp->cred.cr_group_info = NULL;
  347. new->cred.cr_principal = tmp->cred.cr_principal;
  348. tmp->cred.cr_principal = NULL;
  349. }
  350. static struct cache_head *
  351. rsc_alloc(void)
  352. {
  353. struct rsc *rsci = kmalloc(sizeof(*rsci), GFP_KERNEL);
  354. if (rsci)
  355. return &rsci->h;
  356. else
  357. return NULL;
  358. }
  359. static int rsc_parse(struct cache_detail *cd,
  360. char *mesg, int mlen)
  361. {
  362. /* contexthandle expiry [ uid gid N <n gids> mechname ...mechdata... ] */
  363. char *buf = mesg;
  364. int len, rv;
  365. struct rsc rsci, *rscp = NULL;
  366. time_t expiry;
  367. int status = -EINVAL;
  368. struct gss_api_mech *gm = NULL;
  369. memset(&rsci, 0, sizeof(rsci));
  370. /* context handle */
  371. len = qword_get(&mesg, buf, mlen);
  372. if (len < 0) goto out;
  373. status = -ENOMEM;
  374. if (dup_to_netobj(&rsci.handle, buf, len))
  375. goto out;
  376. rsci.h.flags = 0;
  377. /* expiry */
  378. expiry = get_expiry(&mesg);
  379. status = -EINVAL;
  380. if (expiry == 0)
  381. goto out;
  382. rscp = rsc_lookup(cd, &rsci);
  383. if (!rscp)
  384. goto out;
  385. /* uid, or NEGATIVE */
  386. rv = get_int(&mesg, &rsci.cred.cr_uid);
  387. if (rv == -EINVAL)
  388. goto out;
  389. if (rv == -ENOENT)
  390. set_bit(CACHE_NEGATIVE, &rsci.h.flags);
  391. else {
  392. int N, i;
  393. /* gid */
  394. if (get_int(&mesg, &rsci.cred.cr_gid))
  395. goto out;
  396. /* number of additional gid's */
  397. if (get_int(&mesg, &N))
  398. goto out;
  399. status = -ENOMEM;
  400. rsci.cred.cr_group_info = groups_alloc(N);
  401. if (rsci.cred.cr_group_info == NULL)
  402. goto out;
  403. /* gid's */
  404. status = -EINVAL;
  405. for (i=0; i<N; i++) {
  406. gid_t gid;
  407. kgid_t kgid;
  408. if (get_int(&mesg, &gid))
  409. goto out;
  410. kgid = make_kgid(&init_user_ns, gid);
  411. if (!gid_valid(kgid))
  412. goto out;
  413. GROUP_AT(rsci.cred.cr_group_info, i) = kgid;
  414. }
  415. /* mech name */
  416. len = qword_get(&mesg, buf, mlen);
  417. if (len < 0)
  418. goto out;
  419. gm = gss_mech_get_by_name(buf);
  420. status = -EOPNOTSUPP;
  421. if (!gm)
  422. goto out;
  423. status = -EINVAL;
  424. /* mech-specific data: */
  425. len = qword_get(&mesg, buf, mlen);
  426. if (len < 0)
  427. goto out;
  428. status = gss_import_sec_context(buf, len, gm, &rsci.mechctx, GFP_KERNEL);
  429. if (status)
  430. goto out;
  431. /* get client name */
  432. len = qword_get(&mesg, buf, mlen);
  433. if (len > 0) {
  434. rsci.cred.cr_principal = kstrdup(buf, GFP_KERNEL);
  435. if (!rsci.cred.cr_principal)
  436. goto out;
  437. }
  438. }
  439. rsci.h.expiry_time = expiry;
  440. rscp = rsc_update(cd, &rsci, rscp);
  441. status = 0;
  442. out:
  443. gss_mech_put(gm);
  444. rsc_free(&rsci);
  445. if (rscp)
  446. cache_put(&rscp->h, cd);
  447. else
  448. status = -ENOMEM;
  449. return status;
  450. }
  451. static struct cache_detail rsc_cache_template = {
  452. .owner = THIS_MODULE,
  453. .hash_size = RSC_HASHMAX,
  454. .name = "auth.rpcsec.context",
  455. .cache_put = rsc_put,
  456. .cache_parse = rsc_parse,
  457. .match = rsc_match,
  458. .init = rsc_init,
  459. .update = update_rsc,
  460. .alloc = rsc_alloc,
  461. };
  462. static struct rsc *rsc_lookup(struct cache_detail *cd, struct rsc *item)
  463. {
  464. struct cache_head *ch;
  465. int hash = rsc_hash(item);
  466. ch = sunrpc_cache_lookup(cd, &item->h, hash);
  467. if (ch)
  468. return container_of(ch, struct rsc, h);
  469. else
  470. return NULL;
  471. }
  472. static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct rsc *old)
  473. {
  474. struct cache_head *ch;
  475. int hash = rsc_hash(new);
  476. ch = sunrpc_cache_update(cd, &new->h,
  477. &old->h, hash);
  478. if (ch)
  479. return container_of(ch, struct rsc, h);
  480. else
  481. return NULL;
  482. }
  483. static struct rsc *
  484. gss_svc_searchbyctx(struct cache_detail *cd, struct xdr_netobj *handle)
  485. {
  486. struct rsc rsci;
  487. struct rsc *found;
  488. memset(&rsci, 0, sizeof(rsci));
  489. if (dup_to_netobj(&rsci.handle, handle->data, handle->len))
  490. return NULL;
  491. found = rsc_lookup(cd, &rsci);
  492. rsc_free(&rsci);
  493. if (!found)
  494. return NULL;
  495. if (cache_check(cd, &found->h, NULL))
  496. return NULL;
  497. return found;
  498. }
  499. /* Implements sequence number algorithm as specified in RFC 2203. */
  500. static int
  501. gss_check_seq_num(struct rsc *rsci, int seq_num)
  502. {
  503. struct gss_svc_seq_data *sd = &rsci->seqdata;
  504. spin_lock(&sd->sd_lock);
  505. if (seq_num > sd->sd_max) {
  506. if (seq_num >= sd->sd_max + GSS_SEQ_WIN) {
  507. memset(sd->sd_win,0,sizeof(sd->sd_win));
  508. sd->sd_max = seq_num;
  509. } else while (sd->sd_max < seq_num) {
  510. sd->sd_max++;
  511. __clear_bit(sd->sd_max % GSS_SEQ_WIN, sd->sd_win);
  512. }
  513. __set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win);
  514. goto ok;
  515. } else if (seq_num <= sd->sd_max - GSS_SEQ_WIN) {
  516. goto drop;
  517. }
  518. /* sd_max - GSS_SEQ_WIN < seq_num <= sd_max */
  519. if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win))
  520. goto drop;
  521. ok:
  522. spin_unlock(&sd->sd_lock);
  523. return 1;
  524. drop:
  525. spin_unlock(&sd->sd_lock);
  526. return 0;
  527. }
  528. static inline u32 round_up_to_quad(u32 i)
  529. {
  530. return (i + 3 ) & ~3;
  531. }
  532. static inline int
  533. svc_safe_getnetobj(struct kvec *argv, struct xdr_netobj *o)
  534. {
  535. int l;
  536. if (argv->iov_len < 4)
  537. return -1;
  538. o->len = svc_getnl(argv);
  539. l = round_up_to_quad(o->len);
  540. if (argv->iov_len < l)
  541. return -1;
  542. o->data = argv->iov_base;
  543. argv->iov_base += l;
  544. argv->iov_len -= l;
  545. return 0;
  546. }
  547. static inline int
  548. svc_safe_putnetobj(struct kvec *resv, struct xdr_netobj *o)
  549. {
  550. u8 *p;
  551. if (resv->iov_len + 4 > PAGE_SIZE)
  552. return -1;
  553. svc_putnl(resv, o->len);
  554. p = resv->iov_base + resv->iov_len;
  555. resv->iov_len += round_up_to_quad(o->len);
  556. if (resv->iov_len > PAGE_SIZE)
  557. return -1;
  558. memcpy(p, o->data, o->len);
  559. memset(p + o->len, 0, round_up_to_quad(o->len) - o->len);
  560. return 0;
  561. }
  562. /*
  563. * Verify the checksum on the header and return SVC_OK on success.
  564. * Otherwise, return SVC_DROP (in the case of a bad sequence number)
  565. * or return SVC_DENIED and indicate error in authp.
  566. */
  567. static int
  568. gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci,
  569. __be32 *rpcstart, struct rpc_gss_wire_cred *gc, __be32 *authp)
  570. {
  571. struct gss_ctx *ctx_id = rsci->mechctx;
  572. struct xdr_buf rpchdr;
  573. struct xdr_netobj checksum;
  574. u32 flavor = 0;
  575. struct kvec *argv = &rqstp->rq_arg.head[0];
  576. struct kvec iov;
  577. /* data to compute the checksum over: */
  578. iov.iov_base = rpcstart;
  579. iov.iov_len = (u8 *)argv->iov_base - (u8 *)rpcstart;
  580. xdr_buf_from_iov(&iov, &rpchdr);
  581. *authp = rpc_autherr_badverf;
  582. if (argv->iov_len < 4)
  583. return SVC_DENIED;
  584. flavor = svc_getnl(argv);
  585. if (flavor != RPC_AUTH_GSS)
  586. return SVC_DENIED;
  587. if (svc_safe_getnetobj(argv, &checksum))
  588. return SVC_DENIED;
  589. if (rqstp->rq_deferred) /* skip verification of revisited request */
  590. return SVC_OK;
  591. if (gss_verify_mic(ctx_id, &rpchdr, &checksum) != GSS_S_COMPLETE) {
  592. *authp = rpcsec_gsserr_credproblem;
  593. return SVC_DENIED;
  594. }
  595. if (gc->gc_seq > MAXSEQ) {
  596. dprintk("RPC: svcauth_gss: discarding request with "
  597. "large sequence number %d\n", gc->gc_seq);
  598. *authp = rpcsec_gsserr_ctxproblem;
  599. return SVC_DENIED;
  600. }
  601. if (!gss_check_seq_num(rsci, gc->gc_seq)) {
  602. dprintk("RPC: svcauth_gss: discarding request with "
  603. "old sequence number %d\n", gc->gc_seq);
  604. return SVC_DROP;
  605. }
  606. return SVC_OK;
  607. }
  608. static int
  609. gss_write_null_verf(struct svc_rqst *rqstp)
  610. {
  611. __be32 *p;
  612. svc_putnl(rqstp->rq_res.head, RPC_AUTH_NULL);
  613. p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;
  614. /* don't really need to check if head->iov_len > PAGE_SIZE ... */
  615. *p++ = 0;
  616. if (!xdr_ressize_check(rqstp, p))
  617. return -1;
  618. return 0;
  619. }
  620. static int
  621. gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq)
  622. {
  623. __be32 xdr_seq;
  624. u32 maj_stat;
  625. struct xdr_buf verf_data;
  626. struct xdr_netobj mic;
  627. __be32 *p;
  628. struct kvec iov;
  629. svc_putnl(rqstp->rq_res.head, RPC_AUTH_GSS);
  630. xdr_seq = htonl(seq);
  631. iov.iov_base = &xdr_seq;
  632. iov.iov_len = sizeof(xdr_seq);
  633. xdr_buf_from_iov(&iov, &verf_data);
  634. p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;
  635. mic.data = (u8 *)(p + 1);
  636. maj_stat = gss_get_mic(ctx_id, &verf_data, &mic);
  637. if (maj_stat != GSS_S_COMPLETE)
  638. return -1;
  639. *p++ = htonl(mic.len);
  640. memset((u8 *)p + mic.len, 0, round_up_to_quad(mic.len) - mic.len);
  641. p += XDR_QUADLEN(mic.len);
  642. if (!xdr_ressize_check(rqstp, p))
  643. return -1;
  644. return 0;
  645. }
  646. struct gss_domain {
  647. struct auth_domain h;
  648. u32 pseudoflavor;
  649. };
  650. static struct auth_domain *
  651. find_gss_auth_domain(struct gss_ctx *ctx, u32 svc)
  652. {
  653. char *name;
  654. name = gss_service_to_auth_domain_name(ctx->mech_type, svc);
  655. if (!name)
  656. return NULL;
  657. return auth_domain_find(name);
  658. }
  659. static struct auth_ops svcauthops_gss;
  660. u32 svcauth_gss_flavor(struct auth_domain *dom)
  661. {
  662. struct gss_domain *gd = container_of(dom, struct gss_domain, h);
  663. return gd->pseudoflavor;
  664. }
  665. EXPORT_SYMBOL_GPL(svcauth_gss_flavor);
  666. int
  667. svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
  668. {
  669. struct gss_domain *new;
  670. struct auth_domain *test;
  671. int stat = -ENOMEM;
  672. new = kmalloc(sizeof(*new), GFP_KERNEL);
  673. if (!new)
  674. goto out;
  675. kref_init(&new->h.ref);
  676. new->h.name = kstrdup(name, GFP_KERNEL);
  677. if (!new->h.name)
  678. goto out_free_dom;
  679. new->h.flavour = &svcauthops_gss;
  680. new->pseudoflavor = pseudoflavor;
  681. stat = 0;
  682. test = auth_domain_lookup(name, &new->h);
  683. if (test != &new->h) { /* Duplicate registration */
  684. auth_domain_put(test);
  685. kfree(new->h.name);
  686. goto out_free_dom;
  687. }
  688. return 0;
  689. out_free_dom:
  690. kfree(new);
  691. out:
  692. return stat;
  693. }
  694. EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor);
  695. static inline int
  696. read_u32_from_xdr_buf(struct xdr_buf *buf, int base, u32 *obj)
  697. {
  698. __be32 raw;
  699. int status;
  700. status = read_bytes_from_xdr_buf(buf, base, &raw, sizeof(*obj));
  701. if (status)
  702. return status;
  703. *obj = ntohl(raw);
  704. return 0;
  705. }
  706. /* It would be nice if this bit of code could be shared with the client.
  707. * Obstacles:
  708. * The client shouldn't malloc(), would have to pass in own memory.
  709. * The server uses base of head iovec as read pointer, while the
  710. * client uses separate pointer. */
  711. static int
  712. unwrap_integ_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)
  713. {
  714. int stat = -EINVAL;
  715. u32 integ_len, maj_stat;
  716. struct xdr_netobj mic;
  717. struct xdr_buf integ_buf;
  718. /* Did we already verify the signature on the original pass through? */
  719. if (rqstp->rq_deferred)
  720. return 0;
  721. integ_len = svc_getnl(&buf->head[0]);
  722. if (integ_len & 3)
  723. return stat;
  724. if (integ_len > buf->len)
  725. return stat;
  726. if (xdr_buf_subsegment(buf, &integ_buf, 0, integ_len))
  727. BUG();
  728. /* copy out mic... */
  729. if (read_u32_from_xdr_buf(buf, integ_len, &mic.len))
  730. BUG();
  731. if (mic.len > RPC_MAX_AUTH_SIZE)
  732. return stat;
  733. mic.data = kmalloc(mic.len, GFP_KERNEL);
  734. if (!mic.data)
  735. return stat;
  736. if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len))
  737. goto out;
  738. maj_stat = gss_verify_mic(ctx, &integ_buf, &mic);
  739. if (maj_stat != GSS_S_COMPLETE)
  740. goto out;
  741. if (svc_getnl(&buf->head[0]) != seq)
  742. goto out;
  743. /* trim off the mic at the end before returning */
  744. xdr_buf_trim(buf, mic.len + 4);
  745. stat = 0;
  746. out:
  747. kfree(mic.data);
  748. return stat;
  749. }
  750. static inline int
  751. total_buf_len(struct xdr_buf *buf)
  752. {
  753. return buf->head[0].iov_len + buf->page_len + buf->tail[0].iov_len;
  754. }
  755. static void
  756. fix_priv_head(struct xdr_buf *buf, int pad)
  757. {
  758. if (buf->page_len == 0) {
  759. /* We need to adjust head and buf->len in tandem in this
  760. * case to make svc_defer() work--it finds the original
  761. * buffer start using buf->len - buf->head[0].iov_len. */
  762. buf->head[0].iov_len -= pad;
  763. }
  764. }
  765. static int
  766. unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)
  767. {
  768. u32 priv_len, maj_stat;
  769. int pad, saved_len, remaining_len, offset;
  770. rqstp->rq_splice_ok = 0;
  771. priv_len = svc_getnl(&buf->head[0]);
  772. if (rqstp->rq_deferred) {
  773. /* Already decrypted last time through! The sequence number
  774. * check at out_seq is unnecessary but harmless: */
  775. goto out_seq;
  776. }
  777. /* buf->len is the number of bytes from the original start of the
  778. * request to the end, where head[0].iov_len is just the bytes
  779. * not yet read from the head, so these two values are different: */
  780. remaining_len = total_buf_len(buf);
  781. if (priv_len > remaining_len)
  782. return -EINVAL;
  783. pad = remaining_len - priv_len;
  784. buf->len -= pad;
  785. fix_priv_head(buf, pad);
  786. /* Maybe it would be better to give gss_unwrap a length parameter: */
  787. saved_len = buf->len;
  788. buf->len = priv_len;
  789. maj_stat = gss_unwrap(ctx, 0, buf);
  790. pad = priv_len - buf->len;
  791. buf->len = saved_len;
  792. buf->len -= pad;
  793. /* The upper layers assume the buffer is aligned on 4-byte boundaries.
  794. * In the krb5p case, at least, the data ends up offset, so we need to
  795. * move it around. */
  796. /* XXX: This is very inefficient. It would be better to either do
  797. * this while we encrypt, or maybe in the receive code, if we can peak
  798. * ahead and work out the service and mechanism there. */
  799. offset = buf->head[0].iov_len % 4;
  800. if (offset) {
  801. buf->buflen = RPCSVC_MAXPAYLOAD;
  802. xdr_shift_buf(buf, offset);
  803. fix_priv_head(buf, pad);
  804. }
  805. if (maj_stat != GSS_S_COMPLETE)
  806. return -EINVAL;
  807. out_seq:
  808. if (svc_getnl(&buf->head[0]) != seq)
  809. return -EINVAL;
  810. return 0;
  811. }
  812. struct gss_svc_data {
  813. /* decoded gss client cred: */
  814. struct rpc_gss_wire_cred clcred;
  815. /* save a pointer to the beginning of the encoded verifier,
  816. * for use in encryption/checksumming in svcauth_gss_release: */
  817. __be32 *verf_start;
  818. struct rsc *rsci;
  819. };
  820. static int
  821. svcauth_gss_set_client(struct svc_rqst *rqstp)
  822. {
  823. struct gss_svc_data *svcdata = rqstp->rq_auth_data;
  824. struct rsc *rsci = svcdata->rsci;
  825. struct rpc_gss_wire_cred *gc = &svcdata->clcred;
  826. int stat;
  827. /*
  828. * A gss export can be specified either by:
  829. * export *(sec=krb5,rw)
  830. * or by
  831. * export gss/krb5(rw)
  832. * The latter is deprecated; but for backwards compatibility reasons
  833. * the nfsd code will still fall back on trying it if the former
  834. * doesn't work; so we try to make both available to nfsd, below.
  835. */
  836. rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);
  837. if (rqstp->rq_gssclient == NULL)
  838. return SVC_DENIED;
  839. stat = svcauth_unix_set_client(rqstp);
  840. if (stat == SVC_DROP || stat == SVC_CLOSE)
  841. return stat;
  842. return SVC_OK;
  843. }
  844. static inline int
  845. gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp,
  846. struct xdr_netobj *out_handle, int *major_status)
  847. {
  848. struct rsc *rsci;
  849. int rc;
  850. if (*major_status != GSS_S_COMPLETE)
  851. return gss_write_null_verf(rqstp);
  852. rsci = gss_svc_searchbyctx(cd, out_handle);
  853. if (rsci == NULL) {
  854. *major_status = GSS_S_NO_CONTEXT;
  855. return gss_write_null_verf(rqstp);
  856. }
  857. rc = gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN);
  858. cache_put(&rsci->h, cd);
  859. return rc;
  860. }
  861. static inline int
  862. gss_read_verf(struct rpc_gss_wire_cred *gc,
  863. struct kvec *argv, __be32 *authp,
  864. struct xdr_netobj *in_handle,
  865. struct xdr_netobj *in_token)
  866. {
  867. struct xdr_netobj tmpobj;
  868. /* Read the verifier; should be NULL: */
  869. *authp = rpc_autherr_badverf;
  870. if (argv->iov_len < 2 * 4)
  871. return SVC_DENIED;
  872. if (svc_getnl(argv) != RPC_AUTH_NULL)
  873. return SVC_DENIED;
  874. if (svc_getnl(argv) != 0)
  875. return SVC_DENIED;
  876. /* Martial context handle and token for upcall: */
  877. *authp = rpc_autherr_badcred;
  878. if (gc->gc_proc == RPC_GSS_PROC_INIT && gc->gc_ctx.len != 0)
  879. return SVC_DENIED;
  880. if (dup_netobj(in_handle, &gc->gc_ctx))
  881. return SVC_CLOSE;
  882. *authp = rpc_autherr_badverf;
  883. if (svc_safe_getnetobj(argv, &tmpobj)) {
  884. kfree(in_handle->data);
  885. return SVC_DENIED;
  886. }
  887. if (dup_netobj(in_token, &tmpobj)) {
  888. kfree(in_handle->data);
  889. return SVC_CLOSE;
  890. }
  891. return 0;
  892. }
  893. static inline int
  894. gss_write_resv(struct kvec *resv, size_t size_limit,
  895. struct xdr_netobj *out_handle, struct xdr_netobj *out_token,
  896. int major_status, int minor_status)
  897. {
  898. if (resv->iov_len + 4 > size_limit)
  899. return -1;
  900. svc_putnl(resv, RPC_SUCCESS);
  901. if (svc_safe_putnetobj(resv, out_handle))
  902. return -1;
  903. if (resv->iov_len + 3 * 4 > size_limit)
  904. return -1;
  905. svc_putnl(resv, major_status);
  906. svc_putnl(resv, minor_status);
  907. svc_putnl(resv, GSS_SEQ_WIN);
  908. if (svc_safe_putnetobj(resv, out_token))
  909. return -1;
  910. return 0;
  911. }
  912. /*
  913. * Having read the cred already and found we're in the context
  914. * initiation case, read the verifier and initiate (or check the results
  915. * of) upcalls to userspace for help with context initiation. If
  916. * the upcall results are available, write the verifier and result.
  917. * Otherwise, drop the request pending an answer to the upcall.
  918. */
  919. static int svcauth_gss_handle_init(struct svc_rqst *rqstp,
  920. struct rpc_gss_wire_cred *gc, __be32 *authp)
  921. {
  922. struct kvec *argv = &rqstp->rq_arg.head[0];
  923. struct kvec *resv = &rqstp->rq_res.head[0];
  924. struct rsi *rsip, rsikey;
  925. int ret;
  926. struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id);
  927. memset(&rsikey, 0, sizeof(rsikey));
  928. ret = gss_read_verf(gc, argv, authp,
  929. &rsikey.in_handle, &rsikey.in_token);
  930. if (ret)
  931. return ret;
  932. /* Perform upcall, or find upcall result: */
  933. rsip = rsi_lookup(sn->rsi_cache, &rsikey);
  934. rsi_free(&rsikey);
  935. if (!rsip)
  936. return SVC_CLOSE;
  937. if (cache_check(sn->rsi_cache, &rsip->h, &rqstp->rq_chandle) < 0)
  938. /* No upcall result: */
  939. return SVC_CLOSE;
  940. ret = SVC_CLOSE;
  941. /* Got an answer to the upcall; use it: */
  942. if (gss_write_init_verf(sn->rsc_cache, rqstp,
  943. &rsip->out_handle, &rsip->major_status))
  944. goto out;
  945. if (gss_write_resv(resv, PAGE_SIZE,
  946. &rsip->out_handle, &rsip->out_token,
  947. rsip->major_status, rsip->minor_status))
  948. goto out;
  949. ret = SVC_COMPLETE;
  950. out:
  951. cache_put(&rsip->h, sn->rsi_cache);
  952. return ret;
  953. }
  954. /*
  955. * Accept an rpcsec packet.
  956. * If context establishment, punt to user space
  957. * If data exchange, verify/decrypt
  958. * If context destruction, handle here
  959. * In the context establishment and destruction case we encode
  960. * response here and return SVC_COMPLETE.
  961. */
  962. static int
  963. svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
  964. {
  965. struct kvec *argv = &rqstp->rq_arg.head[0];
  966. struct kvec *resv = &rqstp->rq_res.head[0];
  967. u32 crlen;
  968. struct gss_svc_data *svcdata = rqstp->rq_auth_data;
  969. struct rpc_gss_wire_cred *gc;
  970. struct rsc *rsci = NULL;
  971. __be32 *rpcstart;
  972. __be32 *reject_stat = resv->iov_base + resv->iov_len;
  973. int ret;
  974. struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id);
  975. dprintk("RPC: svcauth_gss: argv->iov_len = %zd\n",
  976. argv->iov_len);
  977. *authp = rpc_autherr_badcred;
  978. if (!svcdata)
  979. svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL);
  980. if (!svcdata)
  981. goto auth_err;
  982. rqstp->rq_auth_data = svcdata;
  983. svcdata->verf_start = NULL;
  984. svcdata->rsci = NULL;
  985. gc = &svcdata->clcred;
  986. /* start of rpc packet is 7 u32's back from here:
  987. * xid direction rpcversion prog vers proc flavour
  988. */
  989. rpcstart = argv->iov_base;
  990. rpcstart -= 7;
  991. /* credential is:
  992. * version(==1), proc(0,1,2,3), seq, service (1,2,3), handle
  993. * at least 5 u32s, and is preceded by length, so that makes 6.
  994. */
  995. if (argv->iov_len < 5 * 4)
  996. goto auth_err;
  997. crlen = svc_getnl(argv);
  998. if (svc_getnl(argv) != RPC_GSS_VERSION)
  999. goto auth_err;
  1000. gc->gc_proc = svc_getnl(argv);
  1001. gc->gc_seq = svc_getnl(argv);
  1002. gc->gc_svc = svc_getnl(argv);
  1003. if (svc_safe_getnetobj(argv, &gc->gc_ctx))
  1004. goto auth_err;
  1005. if (crlen != round_up_to_quad(gc->gc_ctx.len) + 5 * 4)
  1006. goto auth_err;
  1007. if ((gc->gc_proc != RPC_GSS_PROC_DATA) && (rqstp->rq_proc != 0))
  1008. goto auth_err;
  1009. *authp = rpc_autherr_badverf;
  1010. switch (gc->gc_proc) {
  1011. case RPC_GSS_PROC_INIT:
  1012. case RPC_GSS_PROC_CONTINUE_INIT:
  1013. return svcauth_gss_handle_init(rqstp, gc, authp);
  1014. case RPC_GSS_PROC_DATA:
  1015. case RPC_GSS_PROC_DESTROY:
  1016. /* Look up the context, and check the verifier: */
  1017. *authp = rpcsec_gsserr_credproblem;
  1018. rsci = gss_svc_searchbyctx(sn->rsc_cache, &gc->gc_ctx);
  1019. if (!rsci)
  1020. goto auth_err;
  1021. switch (gss_verify_header(rqstp, rsci, rpcstart, gc, authp)) {
  1022. case SVC_OK:
  1023. break;
  1024. case SVC_DENIED:
  1025. goto auth_err;
  1026. case SVC_DROP:
  1027. goto drop;
  1028. }
  1029. break;
  1030. default:
  1031. *authp = rpc_autherr_rejectedcred;
  1032. goto auth_err;
  1033. }
  1034. /* now act upon the command: */
  1035. switch (gc->gc_proc) {
  1036. case RPC_GSS_PROC_DESTROY:
  1037. if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
  1038. goto auth_err;
  1039. rsci->h.expiry_time = get_seconds();
  1040. set_bit(CACHE_NEGATIVE, &rsci->h.flags);
  1041. if (resv->iov_len + 4 > PAGE_SIZE)
  1042. goto drop;
  1043. svc_putnl(resv, RPC_SUCCESS);
  1044. goto complete;
  1045. case RPC_GSS_PROC_DATA:
  1046. *authp = rpcsec_gsserr_ctxproblem;
  1047. svcdata->verf_start = resv->iov_base + resv->iov_len;
  1048. if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
  1049. goto auth_err;
  1050. rqstp->rq_cred = rsci->cred;
  1051. get_group_info(rsci->cred.cr_group_info);
  1052. *authp = rpc_autherr_badcred;
  1053. switch (gc->gc_svc) {
  1054. case RPC_GSS_SVC_NONE:
  1055. break;
  1056. case RPC_GSS_SVC_INTEGRITY:
  1057. /* placeholders for length and seq. number: */
  1058. svc_putnl(resv, 0);
  1059. svc_putnl(resv, 0);
  1060. if (unwrap_integ_data(rqstp, &rqstp->rq_arg,
  1061. gc->gc_seq, rsci->mechctx))
  1062. goto garbage_args;
  1063. break;
  1064. case RPC_GSS_SVC_PRIVACY:
  1065. /* placeholders for length and seq. number: */
  1066. svc_putnl(resv, 0);
  1067. svc_putnl(resv, 0);
  1068. if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
  1069. gc->gc_seq, rsci->mechctx))
  1070. goto garbage_args;
  1071. break;
  1072. default:
  1073. goto auth_err;
  1074. }
  1075. svcdata->rsci = rsci;
  1076. cache_get(&rsci->h);
  1077. rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor(
  1078. rsci->mechctx->mech_type, gc->gc_svc);
  1079. ret = SVC_OK;
  1080. goto out;
  1081. }
  1082. garbage_args:
  1083. ret = SVC_GARBAGE;
  1084. goto out;
  1085. auth_err:
  1086. /* Restore write pointer to its original value: */
  1087. xdr_ressize_check(rqstp, reject_stat);
  1088. ret = SVC_DENIED;
  1089. goto out;
  1090. complete:
  1091. ret = SVC_COMPLETE;
  1092. goto out;
  1093. drop:
  1094. ret = SVC_DROP;
  1095. out:
  1096. if (rsci)
  1097. cache_put(&rsci->h, sn->rsc_cache);
  1098. return ret;
  1099. }
  1100. static __be32 *
  1101. svcauth_gss_prepare_to_wrap(struct xdr_buf *resbuf, struct gss_svc_data *gsd)
  1102. {
  1103. __be32 *p;
  1104. u32 verf_len;
  1105. p = gsd->verf_start;
  1106. gsd->verf_start = NULL;
  1107. /* If the reply stat is nonzero, don't wrap: */
  1108. if (*(p-1) != rpc_success)
  1109. return NULL;
  1110. /* Skip the verifier: */
  1111. p += 1;
  1112. verf_len = ntohl(*p++);
  1113. p += XDR_QUADLEN(verf_len);
  1114. /* move accept_stat to right place: */
  1115. memcpy(p, p + 2, 4);
  1116. /* Also don't wrap if the accept stat is nonzero: */
  1117. if (*p != rpc_success) {
  1118. resbuf->head[0].iov_len -= 2 * 4;
  1119. return NULL;
  1120. }
  1121. p++;
  1122. return p;
  1123. }
  1124. static inline int
  1125. svcauth_gss_wrap_resp_integ(struct svc_rqst *rqstp)
  1126. {
  1127. struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;
  1128. struct rpc_gss_wire_cred *gc = &gsd->clcred;
  1129. struct xdr_buf *resbuf = &rqstp->rq_res;
  1130. struct xdr_buf integ_buf;
  1131. struct xdr_netobj mic;
  1132. struct kvec *resv;
  1133. __be32 *p;
  1134. int integ_offset, integ_len;
  1135. int stat = -EINVAL;
  1136. p = svcauth_gss_prepare_to_wrap(resbuf, gsd);
  1137. if (p == NULL)
  1138. goto out;
  1139. integ_offset = (u8 *)(p + 1) - (u8 *)resbuf->head[0].iov_base;
  1140. integ_len = resbuf->len - integ_offset;
  1141. BUG_ON(integ_len % 4);
  1142. *p++ = htonl(integ_len);
  1143. *p++ = htonl(gc->gc_seq);
  1144. if (xdr_buf_subsegment(resbuf, &integ_buf, integ_offset,
  1145. integ_len))
  1146. BUG();
  1147. if (resbuf->tail[0].iov_base == NULL) {
  1148. if (resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE > PAGE_SIZE)
  1149. goto out_err;
  1150. resbuf->tail[0].iov_base = resbuf->head[0].iov_base
  1151. + resbuf->head[0].iov_len;
  1152. resbuf->tail[0].iov_len = 0;
  1153. resv = &resbuf->tail[0];
  1154. } else {
  1155. resv = &resbuf->tail[0];
  1156. }
  1157. mic.data = (u8 *)resv->iov_base + resv->iov_len + 4;
  1158. if (gss_get_mic(gsd->rsci->mechctx, &integ_buf, &mic))
  1159. goto out_err;
  1160. svc_putnl(resv, mic.len);
  1161. memset(mic.data + mic.len, 0,
  1162. round_up_to_quad(mic.len) - mic.len);
  1163. resv->iov_len += XDR_QUADLEN(mic.len) << 2;
  1164. /* not strictly required: */
  1165. resbuf->len += XDR_QUADLEN(mic.len) << 2;
  1166. BUG_ON(resv->iov_len > PAGE_SIZE);
  1167. out:
  1168. stat = 0;
  1169. out_err:
  1170. return stat;
  1171. }
  1172. static inline int
  1173. svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp)
  1174. {
  1175. struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;
  1176. struct rpc_gss_wire_cred *gc = &gsd->clcred;
  1177. struct xdr_buf *resbuf = &rqstp->rq_res;
  1178. struct page **inpages = NULL;
  1179. __be32 *p, *len;
  1180. int offset;
  1181. int pad;
  1182. p = svcauth_gss_prepare_to_wrap(resbuf, gsd);
  1183. if (p == NULL)
  1184. return 0;
  1185. len = p++;
  1186. offset = (u8 *)p - (u8 *)resbuf->head[0].iov_base;
  1187. *p++ = htonl(gc->gc_seq);
  1188. inpages = resbuf->pages;
  1189. /* XXX: Would be better to write some xdr helper functions for
  1190. * nfs{2,3,4}xdr.c that place the data right, instead of copying: */
  1191. /*
  1192. * If there is currently tail data, make sure there is
  1193. * room for the head, tail, and 2 * RPC_MAX_AUTH_SIZE in
  1194. * the page, and move the current tail data such that
  1195. * there is RPC_MAX_AUTH_SIZE slack space available in
  1196. * both the head and tail.
  1197. */
  1198. if (resbuf->tail[0].iov_base) {
  1199. BUG_ON(resbuf->tail[0].iov_base >= resbuf->head[0].iov_base
  1200. + PAGE_SIZE);
  1201. BUG_ON(resbuf->tail[0].iov_base < resbuf->head[0].iov_base);
  1202. if (resbuf->tail[0].iov_len + resbuf->head[0].iov_len
  1203. + 2 * RPC_MAX_AUTH_SIZE > PAGE_SIZE)
  1204. return -ENOMEM;
  1205. memmove(resbuf->tail[0].iov_base + RPC_MAX_AUTH_SIZE,
  1206. resbuf->tail[0].iov_base,
  1207. resbuf->tail[0].iov_len);
  1208. resbuf->tail[0].iov_base += RPC_MAX_AUTH_SIZE;
  1209. }
  1210. /*
  1211. * If there is no current tail data, make sure there is
  1212. * room for the head data, and 2 * RPC_MAX_AUTH_SIZE in the
  1213. * allotted page, and set up tail information such that there
  1214. * is RPC_MAX_AUTH_SIZE slack space available in both the
  1215. * head and tail.
  1216. */
  1217. if (resbuf->tail[0].iov_base == NULL) {
  1218. if (resbuf->head[0].iov_len + 2*RPC_MAX_AUTH_SIZE > PAGE_SIZE)
  1219. return -ENOMEM;
  1220. resbuf->tail[0].iov_base = resbuf->head[0].iov_base
  1221. + resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE;
  1222. resbuf->tail[0].iov_len = 0;
  1223. }
  1224. if (gss_wrap(gsd->rsci->mechctx, offset, resbuf, inpages))
  1225. return -ENOMEM;
  1226. *len = htonl(resbuf->len - offset);
  1227. pad = 3 - ((resbuf->len - offset - 1)&3);
  1228. p = (__be32 *)(resbuf->tail[0].iov_base + resbuf->tail[0].iov_len);
  1229. memset(p, 0, pad);
  1230. resbuf->tail[0].iov_len += pad;
  1231. resbuf->len += pad;
  1232. return 0;
  1233. }
  1234. static int
  1235. svcauth_gss_release(struct svc_rqst *rqstp)
  1236. {
  1237. struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;
  1238. struct rpc_gss_wire_cred *gc = &gsd->clcred;
  1239. struct xdr_buf *resbuf = &rqstp->rq_res;
  1240. int stat = -EINVAL;
  1241. struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id);
  1242. if (gc->gc_proc != RPC_GSS_PROC_DATA)
  1243. goto out;
  1244. /* Release can be called twice, but we only wrap once. */
  1245. if (gsd->verf_start == NULL)
  1246. goto out;
  1247. /* normally not set till svc_send, but we need it here: */
  1248. /* XXX: what for? Do we mess it up the moment we call svc_putu32
  1249. * or whatever? */
  1250. resbuf->len = total_buf_len(resbuf);
  1251. switch (gc->gc_svc) {
  1252. case RPC_GSS_SVC_NONE:
  1253. break;
  1254. case RPC_GSS_SVC_INTEGRITY:
  1255. stat = svcauth_gss_wrap_resp_integ(rqstp);
  1256. if (stat)
  1257. goto out_err;
  1258. break;
  1259. case RPC_GSS_SVC_PRIVACY:
  1260. stat = svcauth_gss_wrap_resp_priv(rqstp);
  1261. if (stat)
  1262. goto out_err;
  1263. break;
  1264. /*
  1265. * For any other gc_svc value, svcauth_gss_accept() already set
  1266. * the auth_error appropriately; just fall through:
  1267. */
  1268. }
  1269. out:
  1270. stat = 0;
  1271. out_err:
  1272. if (rqstp->rq_client)
  1273. auth_domain_put(rqstp->rq_client);
  1274. rqstp->rq_client = NULL;
  1275. if (rqstp->rq_gssclient)
  1276. auth_domain_put(rqstp->rq_gssclient);
  1277. rqstp->rq_gssclient = NULL;
  1278. if (rqstp->rq_cred.cr_group_info)
  1279. put_group_info(rqstp->rq_cred.cr_group_info);
  1280. rqstp->rq_cred.cr_group_info = NULL;
  1281. if (gsd->rsci)
  1282. cache_put(&gsd->rsci->h, sn->rsc_cache);
  1283. gsd->rsci = NULL;
  1284. return stat;
  1285. }
  1286. static void
  1287. svcauth_gss_domain_release(struct auth_domain *dom)
  1288. {
  1289. struct gss_domain *gd = container_of(dom, struct gss_domain, h);
  1290. kfree(dom->name);
  1291. kfree(gd);
  1292. }
  1293. static struct auth_ops svcauthops_gss = {
  1294. .name = "rpcsec_gss",
  1295. .owner = THIS_MODULE,
  1296. .flavour = RPC_AUTH_GSS,
  1297. .accept = svcauth_gss_accept,
  1298. .release = svcauth_gss_release,
  1299. .domain_release = svcauth_gss_domain_release,
  1300. .set_client = svcauth_gss_set_client,
  1301. };
  1302. static int rsi_cache_create_net(struct net *net)
  1303. {
  1304. struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
  1305. struct cache_detail *cd;
  1306. int err;
  1307. cd = cache_create_net(&rsi_cache_template, net);
  1308. if (IS_ERR(cd))
  1309. return PTR_ERR(cd);
  1310. err = cache_register_net(cd, net);
  1311. if (err) {
  1312. cache_destroy_net(cd, net);
  1313. return err;
  1314. }
  1315. sn->rsi_cache = cd;
  1316. return 0;
  1317. }
  1318. static void rsi_cache_destroy_net(struct net *net)
  1319. {
  1320. struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
  1321. struct cache_detail *cd = sn->rsi_cache;
  1322. sn->rsi_cache = NULL;
  1323. cache_purge(cd);
  1324. cache_unregister_net(cd, net);
  1325. cache_destroy_net(cd, net);
  1326. }
  1327. static int rsc_cache_create_net(struct net *net)
  1328. {
  1329. struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
  1330. struct cache_detail *cd;
  1331. int err;
  1332. cd = cache_create_net(&rsc_cache_template, net);
  1333. if (IS_ERR(cd))
  1334. return PTR_ERR(cd);
  1335. err = cache_register_net(cd, net);
  1336. if (err) {
  1337. cache_destroy_net(cd, net);
  1338. return err;
  1339. }
  1340. sn->rsc_cache = cd;
  1341. return 0;
  1342. }
  1343. static void rsc_cache_destroy_net(struct net *net)
  1344. {
  1345. struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
  1346. struct cache_detail *cd = sn->rsc_cache;
  1347. sn->rsc_cache = NULL;
  1348. cache_purge(cd);
  1349. cache_unregister_net(cd, net);
  1350. cache_destroy_net(cd, net);
  1351. }
  1352. int
  1353. gss_svc_init_net(struct net *net)
  1354. {
  1355. int rv;
  1356. rv = rsc_cache_create_net(net);
  1357. if (rv)
  1358. return rv;
  1359. rv = rsi_cache_create_net(net);
  1360. if (rv)
  1361. goto out1;
  1362. return 0;
  1363. out1:
  1364. rsc_cache_destroy_net(net);
  1365. return rv;
  1366. }
  1367. void
  1368. gss_svc_shutdown_net(struct net *net)
  1369. {
  1370. rsi_cache_destroy_net(net);
  1371. rsc_cache_destroy_net(net);
  1372. }
  1373. int
  1374. gss_svc_init(void)
  1375. {
  1376. return svc_auth_register(RPC_AUTH_GSS, &svcauthops_gss);
  1377. }
  1378. void
  1379. gss_svc_shutdown(void)
  1380. {
  1381. svc_auth_unregister(RPC_AUTH_GSS);
  1382. }