auth_gss.c 36 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372
  1. /*
  2. * linux/net/sunrpc/auth_gss/auth_gss.c
  3. *
  4. * RPCSEC_GSS client authentication.
  5. *
  6. * Copyright (c) 2000 The Regents of the University of Michigan.
  7. * All rights reserved.
  8. *
  9. * Dug Song <dugsong@monkey.org>
  10. * Andy Adamson <andros@umich.edu>
  11. *
  12. * Redistribution and use in source and binary forms, with or without
  13. * modification, are permitted provided that the following conditions
  14. * are met:
  15. *
  16. * 1. Redistributions of source code must retain the above copyright
  17. * notice, this list of conditions and the following disclaimer.
  18. * 2. Redistributions in binary form must reproduce the above copyright
  19. * notice, this list of conditions and the following disclaimer in the
  20. * documentation and/or other materials provided with the distribution.
  21. * 3. Neither the name of the University nor the names of its
  22. * contributors may be used to endorse or promote products derived
  23. * from this software without specific prior written permission.
  24. *
  25. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  26. * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  27. * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  28. * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  29. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  30. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  31. * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  32. * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  33. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  34. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  35. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36. *
  37. * $Id$
  38. */
  39. #include <linux/module.h>
  40. #include <linux/init.h>
  41. #include <linux/types.h>
  42. #include <linux/slab.h>
  43. #include <linux/sched.h>
  44. #include <linux/pagemap.h>
  45. #include <linux/sunrpc/clnt.h>
  46. #include <linux/sunrpc/auth.h>
  47. #include <linux/sunrpc/auth_gss.h>
  48. #include <linux/sunrpc/svcauth_gss.h>
  49. #include <linux/sunrpc/gss_err.h>
  50. #include <linux/workqueue.h>
  51. #include <linux/sunrpc/rpc_pipe_fs.h>
  52. #include <linux/sunrpc/gss_api.h>
  53. #include <asm/uaccess.h>
  54. static const struct rpc_authops authgss_ops;
  55. static const struct rpc_credops gss_credops;
  56. static const struct rpc_credops gss_nullops;
  57. #ifdef RPC_DEBUG
  58. # define RPCDBG_FACILITY RPCDBG_AUTH
  59. #endif
  60. #define NFS_NGROUPS 16
  61. #define GSS_CRED_SLACK 1024 /* XXX: unused */
  62. /* length of a krb5 verifier (48), plus data added before arguments when
  63. * using integrity (two 4-byte integers): */
  64. #define GSS_VERF_SLACK 100
  65. /* XXX this define must match the gssd define
  66. * as it is passed to gssd to signal the use of
  67. * machine creds should be part of the shared rpc interface */
  68. #define CA_RUN_AS_MACHINE 0x00000200
  69. /* dump the buffer in `emacs-hexl' style */
  70. #define isprint(c) ((c > 0x1f) && (c < 0x7f))
  71. struct gss_auth {
  72. struct kref kref;
  73. struct rpc_auth rpc_auth;
  74. struct gss_api_mech *mech;
  75. enum rpc_gss_svc service;
  76. struct rpc_clnt *client;
  77. struct dentry *dentry;
  78. };
  79. static void gss_free_ctx(struct gss_cl_ctx *);
  80. static struct rpc_pipe_ops gss_upcall_ops;
  81. static inline struct gss_cl_ctx *
  82. gss_get_ctx(struct gss_cl_ctx *ctx)
  83. {
  84. atomic_inc(&ctx->count);
  85. return ctx;
  86. }
  87. static inline void
  88. gss_put_ctx(struct gss_cl_ctx *ctx)
  89. {
  90. if (atomic_dec_and_test(&ctx->count))
  91. gss_free_ctx(ctx);
  92. }
  93. /* gss_cred_set_ctx:
  94. * called by gss_upcall_callback and gss_create_upcall in order
  95. * to set the gss context. The actual exchange of an old context
  96. * and a new one is protected by the inode->i_lock.
  97. */
  98. static void
  99. gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
  100. {
  101. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  102. struct gss_cl_ctx *old;
  103. old = gss_cred->gc_ctx;
  104. gss_get_ctx(ctx);
  105. rcu_assign_pointer(gss_cred->gc_ctx, ctx);
  106. set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  107. clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
  108. if (old)
  109. gss_put_ctx(old);
  110. }
  111. static int
  112. gss_cred_is_uptodate_ctx(struct rpc_cred *cred)
  113. {
  114. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  115. int res = 0;
  116. rcu_read_lock();
  117. if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) && gss_cred->gc_ctx)
  118. res = 1;
  119. rcu_read_unlock();
  120. return res;
  121. }
  122. static const void *
  123. simple_get_bytes(const void *p, const void *end, void *res, size_t len)
  124. {
  125. const void *q = (const void *)((const char *)p + len);
  126. if (unlikely(q > end || q < p))
  127. return ERR_PTR(-EFAULT);
  128. memcpy(res, p, len);
  129. return q;
  130. }
  131. static inline const void *
  132. simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
  133. {
  134. const void *q;
  135. unsigned int len;
  136. p = simple_get_bytes(p, end, &len, sizeof(len));
  137. if (IS_ERR(p))
  138. return p;
  139. q = (const void *)((const char *)p + len);
  140. if (unlikely(q > end || q < p))
  141. return ERR_PTR(-EFAULT);
  142. dest->data = kmemdup(p, len, GFP_KERNEL);
  143. if (unlikely(dest->data == NULL))
  144. return ERR_PTR(-ENOMEM);
  145. dest->len = len;
  146. return q;
  147. }
  148. static struct gss_cl_ctx *
  149. gss_cred_get_ctx(struct rpc_cred *cred)
  150. {
  151. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  152. struct gss_cl_ctx *ctx = NULL;
  153. rcu_read_lock();
  154. if (gss_cred->gc_ctx)
  155. ctx = gss_get_ctx(gss_cred->gc_ctx);
  156. rcu_read_unlock();
  157. return ctx;
  158. }
  159. static struct gss_cl_ctx *
  160. gss_alloc_context(void)
  161. {
  162. struct gss_cl_ctx *ctx;
  163. ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
  164. if (ctx != NULL) {
  165. ctx->gc_proc = RPC_GSS_PROC_DATA;
  166. ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */
  167. spin_lock_init(&ctx->gc_seq_lock);
  168. atomic_set(&ctx->count,1);
  169. }
  170. return ctx;
  171. }
  172. #define GSSD_MIN_TIMEOUT (60 * 60)
  173. static const void *
  174. gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
  175. {
  176. const void *q;
  177. unsigned int seclen;
  178. unsigned int timeout;
  179. u32 window_size;
  180. int ret;
  181. /* First unsigned int gives the lifetime (in seconds) of the cred */
  182. p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
  183. if (IS_ERR(p))
  184. goto err;
  185. if (timeout == 0)
  186. timeout = GSSD_MIN_TIMEOUT;
  187. ctx->gc_expiry = jiffies + (unsigned long)timeout * HZ * 3 / 4;
  188. /* Sequence number window. Determines the maximum number of simultaneous requests */
  189. p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
  190. if (IS_ERR(p))
  191. goto err;
  192. ctx->gc_win = window_size;
  193. /* gssd signals an error by passing ctx->gc_win = 0: */
  194. if (ctx->gc_win == 0) {
  195. /* in which case, p points to an error code which we ignore */
  196. p = ERR_PTR(-EACCES);
  197. goto err;
  198. }
  199. /* copy the opaque wire context */
  200. p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
  201. if (IS_ERR(p))
  202. goto err;
  203. /* import the opaque security context */
  204. p = simple_get_bytes(p, end, &seclen, sizeof(seclen));
  205. if (IS_ERR(p))
  206. goto err;
  207. q = (const void *)((const char *)p + seclen);
  208. if (unlikely(q > end || q < p)) {
  209. p = ERR_PTR(-EFAULT);
  210. goto err;
  211. }
  212. ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx);
  213. if (ret < 0) {
  214. p = ERR_PTR(ret);
  215. goto err;
  216. }
  217. return q;
  218. err:
  219. dprintk("RPC: gss_fill_context returning %ld\n", -PTR_ERR(p));
  220. return p;
  221. }
  222. struct gss_upcall_msg {
  223. atomic_t count;
  224. uid_t uid;
  225. struct rpc_pipe_msg msg;
  226. struct list_head list;
  227. struct gss_auth *auth;
  228. struct rpc_wait_queue rpc_waitqueue;
  229. wait_queue_head_t waitqueue;
  230. struct gss_cl_ctx *ctx;
  231. };
  232. static void
  233. gss_release_msg(struct gss_upcall_msg *gss_msg)
  234. {
  235. if (!atomic_dec_and_test(&gss_msg->count))
  236. return;
  237. BUG_ON(!list_empty(&gss_msg->list));
  238. if (gss_msg->ctx != NULL)
  239. gss_put_ctx(gss_msg->ctx);
  240. rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
  241. kfree(gss_msg);
  242. }
  243. static struct gss_upcall_msg *
  244. __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
  245. {
  246. struct gss_upcall_msg *pos;
  247. list_for_each_entry(pos, &rpci->in_downcall, list) {
  248. if (pos->uid != uid)
  249. continue;
  250. atomic_inc(&pos->count);
  251. dprintk("RPC: gss_find_upcall found msg %p\n", pos);
  252. return pos;
  253. }
  254. dprintk("RPC: gss_find_upcall found nothing\n");
  255. return NULL;
  256. }
  257. /* Try to add a upcall to the pipefs queue.
  258. * If an upcall owned by our uid already exists, then we return a reference
  259. * to that upcall instead of adding the new upcall.
  260. */
  261. static inline struct gss_upcall_msg *
  262. gss_add_msg(struct gss_auth *gss_auth, struct gss_upcall_msg *gss_msg)
  263. {
  264. struct inode *inode = gss_auth->dentry->d_inode;
  265. struct rpc_inode *rpci = RPC_I(inode);
  266. struct gss_upcall_msg *old;
  267. spin_lock(&inode->i_lock);
  268. old = __gss_find_upcall(rpci, gss_msg->uid);
  269. if (old == NULL) {
  270. atomic_inc(&gss_msg->count);
  271. list_add(&gss_msg->list, &rpci->in_downcall);
  272. } else
  273. gss_msg = old;
  274. spin_unlock(&inode->i_lock);
  275. return gss_msg;
  276. }
  277. static void
  278. __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
  279. {
  280. list_del_init(&gss_msg->list);
  281. rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
  282. wake_up_all(&gss_msg->waitqueue);
  283. atomic_dec(&gss_msg->count);
  284. }
  285. static void
  286. gss_unhash_msg(struct gss_upcall_msg *gss_msg)
  287. {
  288. struct gss_auth *gss_auth = gss_msg->auth;
  289. struct inode *inode = gss_auth->dentry->d_inode;
  290. if (list_empty(&gss_msg->list))
  291. return;
  292. spin_lock(&inode->i_lock);
  293. if (!list_empty(&gss_msg->list))
  294. __gss_unhash_msg(gss_msg);
  295. spin_unlock(&inode->i_lock);
  296. }
  297. static void
  298. gss_upcall_callback(struct rpc_task *task)
  299. {
  300. struct gss_cred *gss_cred = container_of(task->tk_msg.rpc_cred,
  301. struct gss_cred, gc_base);
  302. struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
  303. struct inode *inode = gss_msg->auth->dentry->d_inode;
  304. spin_lock(&inode->i_lock);
  305. if (gss_msg->ctx)
  306. gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
  307. else
  308. task->tk_status = gss_msg->msg.errno;
  309. gss_cred->gc_upcall = NULL;
  310. rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
  311. spin_unlock(&inode->i_lock);
  312. gss_release_msg(gss_msg);
  313. }
  314. static inline struct gss_upcall_msg *
  315. gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid)
  316. {
  317. struct gss_upcall_msg *gss_msg;
  318. gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL);
  319. if (gss_msg != NULL) {
  320. INIT_LIST_HEAD(&gss_msg->list);
  321. rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
  322. init_waitqueue_head(&gss_msg->waitqueue);
  323. atomic_set(&gss_msg->count, 1);
  324. gss_msg->msg.data = &gss_msg->uid;
  325. gss_msg->msg.len = sizeof(gss_msg->uid);
  326. gss_msg->uid = uid;
  327. gss_msg->auth = gss_auth;
  328. }
  329. return gss_msg;
  330. }
  331. static struct gss_upcall_msg *
  332. gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
  333. {
  334. struct gss_cred *gss_cred = container_of(cred,
  335. struct gss_cred, gc_base);
  336. struct gss_upcall_msg *gss_new, *gss_msg;
  337. uid_t uid = cred->cr_uid;
  338. /* Special case: rpc.gssd assumes that uid == 0 implies machine creds */
  339. if (gss_cred->gc_machine_cred != 0)
  340. uid = 0;
  341. gss_new = gss_alloc_msg(gss_auth, uid);
  342. if (gss_new == NULL)
  343. return ERR_PTR(-ENOMEM);
  344. gss_msg = gss_add_msg(gss_auth, gss_new);
  345. if (gss_msg == gss_new) {
  346. int res = rpc_queue_upcall(gss_auth->dentry->d_inode, &gss_new->msg);
  347. if (res) {
  348. gss_unhash_msg(gss_new);
  349. gss_msg = ERR_PTR(res);
  350. }
  351. } else
  352. gss_release_msg(gss_new);
  353. return gss_msg;
  354. }
  355. static inline int
  356. gss_refresh_upcall(struct rpc_task *task)
  357. {
  358. struct rpc_cred *cred = task->tk_msg.rpc_cred;
  359. struct gss_auth *gss_auth = container_of(cred->cr_auth,
  360. struct gss_auth, rpc_auth);
  361. struct gss_cred *gss_cred = container_of(cred,
  362. struct gss_cred, gc_base);
  363. struct gss_upcall_msg *gss_msg;
  364. struct inode *inode = gss_auth->dentry->d_inode;
  365. int err = 0;
  366. dprintk("RPC: %5u gss_refresh_upcall for uid %u\n", task->tk_pid,
  367. cred->cr_uid);
  368. gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
  369. if (IS_ERR(gss_msg)) {
  370. err = PTR_ERR(gss_msg);
  371. goto out;
  372. }
  373. spin_lock(&inode->i_lock);
  374. if (gss_cred->gc_upcall != NULL)
  375. rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
  376. else if (gss_msg->ctx != NULL) {
  377. gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
  378. gss_cred->gc_upcall = NULL;
  379. rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
  380. } else if (gss_msg->msg.errno >= 0) {
  381. task->tk_timeout = 0;
  382. gss_cred->gc_upcall = gss_msg;
  383. /* gss_upcall_callback will release the reference to gss_upcall_msg */
  384. atomic_inc(&gss_msg->count);
  385. rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
  386. } else
  387. err = gss_msg->msg.errno;
  388. spin_unlock(&inode->i_lock);
  389. gss_release_msg(gss_msg);
  390. out:
  391. dprintk("RPC: %5u gss_refresh_upcall for uid %u result %d\n",
  392. task->tk_pid, cred->cr_uid, err);
  393. return err;
  394. }
  395. static inline int
  396. gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
  397. {
  398. struct inode *inode = gss_auth->dentry->d_inode;
  399. struct rpc_cred *cred = &gss_cred->gc_base;
  400. struct gss_upcall_msg *gss_msg;
  401. DEFINE_WAIT(wait);
  402. int err = 0;
  403. dprintk("RPC: gss_upcall for uid %u\n", cred->cr_uid);
  404. gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
  405. if (IS_ERR(gss_msg)) {
  406. err = PTR_ERR(gss_msg);
  407. goto out;
  408. }
  409. for (;;) {
  410. prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_INTERRUPTIBLE);
  411. spin_lock(&inode->i_lock);
  412. if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
  413. break;
  414. }
  415. spin_unlock(&inode->i_lock);
  416. if (signalled()) {
  417. err = -ERESTARTSYS;
  418. goto out_intr;
  419. }
  420. schedule();
  421. }
  422. if (gss_msg->ctx)
  423. gss_cred_set_ctx(cred, gss_msg->ctx);
  424. else
  425. err = gss_msg->msg.errno;
  426. spin_unlock(&inode->i_lock);
  427. out_intr:
  428. finish_wait(&gss_msg->waitqueue, &wait);
  429. gss_release_msg(gss_msg);
  430. out:
  431. dprintk("RPC: gss_create_upcall for uid %u result %d\n",
  432. cred->cr_uid, err);
  433. return err;
  434. }
  435. static ssize_t
  436. gss_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg,
  437. char __user *dst, size_t buflen)
  438. {
  439. char *data = (char *)msg->data + msg->copied;
  440. size_t mlen = min(msg->len, buflen);
  441. unsigned long left;
  442. left = copy_to_user(dst, data, mlen);
  443. if (left == mlen) {
  444. msg->errno = -EFAULT;
  445. return -EFAULT;
  446. }
  447. mlen -= left;
  448. msg->copied += mlen;
  449. msg->errno = 0;
  450. return mlen;
  451. }
  452. #define MSG_BUF_MAXSIZE 1024
  453. static ssize_t
  454. gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
  455. {
  456. const void *p, *end;
  457. void *buf;
  458. struct rpc_clnt *clnt;
  459. struct gss_upcall_msg *gss_msg;
  460. struct inode *inode = filp->f_path.dentry->d_inode;
  461. struct gss_cl_ctx *ctx;
  462. uid_t uid;
  463. ssize_t err = -EFBIG;
  464. if (mlen > MSG_BUF_MAXSIZE)
  465. goto out;
  466. err = -ENOMEM;
  467. buf = kmalloc(mlen, GFP_KERNEL);
  468. if (!buf)
  469. goto out;
  470. clnt = RPC_I(inode)->private;
  471. err = -EFAULT;
  472. if (copy_from_user(buf, src, mlen))
  473. goto err;
  474. end = (const void *)((char *)buf + mlen);
  475. p = simple_get_bytes(buf, end, &uid, sizeof(uid));
  476. if (IS_ERR(p)) {
  477. err = PTR_ERR(p);
  478. goto err;
  479. }
  480. err = -ENOMEM;
  481. ctx = gss_alloc_context();
  482. if (ctx == NULL)
  483. goto err;
  484. err = -ENOENT;
  485. /* Find a matching upcall */
  486. spin_lock(&inode->i_lock);
  487. gss_msg = __gss_find_upcall(RPC_I(inode), uid);
  488. if (gss_msg == NULL) {
  489. spin_unlock(&inode->i_lock);
  490. goto err_put_ctx;
  491. }
  492. list_del_init(&gss_msg->list);
  493. spin_unlock(&inode->i_lock);
  494. p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
  495. if (IS_ERR(p)) {
  496. err = PTR_ERR(p);
  497. gss_msg->msg.errno = (err == -EAGAIN) ? -EAGAIN : -EACCES;
  498. goto err_release_msg;
  499. }
  500. gss_msg->ctx = gss_get_ctx(ctx);
  501. err = mlen;
  502. err_release_msg:
  503. spin_lock(&inode->i_lock);
  504. __gss_unhash_msg(gss_msg);
  505. spin_unlock(&inode->i_lock);
  506. gss_release_msg(gss_msg);
  507. err_put_ctx:
  508. gss_put_ctx(ctx);
  509. err:
  510. kfree(buf);
  511. out:
  512. dprintk("RPC: gss_pipe_downcall returning %Zd\n", err);
  513. return err;
  514. }
  515. static void
  516. gss_pipe_release(struct inode *inode)
  517. {
  518. struct rpc_inode *rpci = RPC_I(inode);
  519. struct gss_upcall_msg *gss_msg;
  520. spin_lock(&inode->i_lock);
  521. while (!list_empty(&rpci->in_downcall)) {
  522. gss_msg = list_entry(rpci->in_downcall.next,
  523. struct gss_upcall_msg, list);
  524. gss_msg->msg.errno = -EPIPE;
  525. atomic_inc(&gss_msg->count);
  526. __gss_unhash_msg(gss_msg);
  527. spin_unlock(&inode->i_lock);
  528. gss_release_msg(gss_msg);
  529. spin_lock(&inode->i_lock);
  530. }
  531. spin_unlock(&inode->i_lock);
  532. }
  533. static void
  534. gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
  535. {
  536. struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
  537. static unsigned long ratelimit;
  538. if (msg->errno < 0) {
  539. dprintk("RPC: gss_pipe_destroy_msg releasing msg %p\n",
  540. gss_msg);
  541. atomic_inc(&gss_msg->count);
  542. gss_unhash_msg(gss_msg);
  543. if (msg->errno == -ETIMEDOUT) {
  544. unsigned long now = jiffies;
  545. if (time_after(now, ratelimit)) {
  546. printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
  547. "Please check user daemon is running!\n");
  548. ratelimit = now + 15*HZ;
  549. }
  550. }
  551. gss_release_msg(gss_msg);
  552. }
  553. }
  554. /*
  555. * NOTE: we have the opportunity to use different
  556. * parameters based on the input flavor (which must be a pseudoflavor)
  557. */
  558. static struct rpc_auth *
  559. gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
  560. {
  561. struct gss_auth *gss_auth;
  562. struct rpc_auth * auth;
  563. int err = -ENOMEM; /* XXX? */
  564. dprintk("RPC: creating GSS authenticator for client %p\n", clnt);
  565. if (!try_module_get(THIS_MODULE))
  566. return ERR_PTR(err);
  567. if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
  568. goto out_dec;
  569. gss_auth->client = clnt;
  570. err = -EINVAL;
  571. gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
  572. if (!gss_auth->mech) {
  573. printk(KERN_WARNING "%s: Pseudoflavor %d not found!\n",
  574. __FUNCTION__, flavor);
  575. goto err_free;
  576. }
  577. gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
  578. if (gss_auth->service == 0)
  579. goto err_put_mech;
  580. auth = &gss_auth->rpc_auth;
  581. auth->au_cslack = GSS_CRED_SLACK >> 2;
  582. auth->au_rslack = GSS_VERF_SLACK >> 2;
  583. auth->au_ops = &authgss_ops;
  584. auth->au_flavor = flavor;
  585. atomic_set(&auth->au_count, 1);
  586. kref_init(&gss_auth->kref);
  587. gss_auth->dentry = rpc_mkpipe(clnt->cl_dentry, gss_auth->mech->gm_name,
  588. clnt, &gss_upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
  589. if (IS_ERR(gss_auth->dentry)) {
  590. err = PTR_ERR(gss_auth->dentry);
  591. goto err_put_mech;
  592. }
  593. err = rpcauth_init_credcache(auth);
  594. if (err)
  595. goto err_unlink_pipe;
  596. return auth;
  597. err_unlink_pipe:
  598. rpc_unlink(gss_auth->dentry);
  599. err_put_mech:
  600. gss_mech_put(gss_auth->mech);
  601. err_free:
  602. kfree(gss_auth);
  603. out_dec:
  604. module_put(THIS_MODULE);
  605. return ERR_PTR(err);
  606. }
  607. static void
  608. gss_free(struct gss_auth *gss_auth)
  609. {
  610. rpc_unlink(gss_auth->dentry);
  611. gss_auth->dentry = NULL;
  612. gss_mech_put(gss_auth->mech);
  613. kfree(gss_auth);
  614. module_put(THIS_MODULE);
  615. }
  616. static void
  617. gss_free_callback(struct kref *kref)
  618. {
  619. struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
  620. gss_free(gss_auth);
  621. }
  622. static void
  623. gss_destroy(struct rpc_auth *auth)
  624. {
  625. struct gss_auth *gss_auth;
  626. dprintk("RPC: destroying GSS authenticator %p flavor %d\n",
  627. auth, auth->au_flavor);
  628. rpcauth_destroy_credcache(auth);
  629. gss_auth = container_of(auth, struct gss_auth, rpc_auth);
  630. kref_put(&gss_auth->kref, gss_free_callback);
  631. }
  632. /*
  633. * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
  634. * to the server with the GSS control procedure field set to
  635. * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
  636. * all RPCSEC_GSS state associated with that context.
  637. */
  638. static int
  639. gss_destroying_context(struct rpc_cred *cred)
  640. {
  641. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  642. struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
  643. struct rpc_task *task;
  644. if (gss_cred->gc_ctx == NULL ||
  645. test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
  646. return 0;
  647. gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
  648. cred->cr_ops = &gss_nullops;
  649. /* Take a reference to ensure the cred will be destroyed either
  650. * by the RPC call or by the put_rpccred() below */
  651. get_rpccred(cred);
  652. task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
  653. if (!IS_ERR(task))
  654. rpc_put_task(task);
  655. put_rpccred(cred);
  656. return 1;
  657. }
  658. /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
  659. * to create a new cred or context, so they check that things have been
  660. * allocated before freeing them. */
  661. static void
  662. gss_do_free_ctx(struct gss_cl_ctx *ctx)
  663. {
  664. dprintk("RPC: gss_free_ctx\n");
  665. kfree(ctx->gc_wire_ctx.data);
  666. kfree(ctx);
  667. }
  668. static void
  669. gss_free_ctx_callback(struct rcu_head *head)
  670. {
  671. struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
  672. gss_do_free_ctx(ctx);
  673. }
  674. static void
  675. gss_free_ctx(struct gss_cl_ctx *ctx)
  676. {
  677. struct gss_ctx *gc_gss_ctx;
  678. gc_gss_ctx = rcu_dereference(ctx->gc_gss_ctx);
  679. rcu_assign_pointer(ctx->gc_gss_ctx, NULL);
  680. call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
  681. if (gc_gss_ctx)
  682. gss_delete_sec_context(&gc_gss_ctx);
  683. }
  684. static void
  685. gss_free_cred(struct gss_cred *gss_cred)
  686. {
  687. dprintk("RPC: gss_free_cred %p\n", gss_cred);
  688. kfree(gss_cred);
  689. }
  690. static void
  691. gss_free_cred_callback(struct rcu_head *head)
  692. {
  693. struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
  694. gss_free_cred(gss_cred);
  695. }
  696. static void
  697. gss_destroy_cred(struct rpc_cred *cred)
  698. {
  699. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  700. struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
  701. struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
  702. if (gss_destroying_context(cred))
  703. return;
  704. rcu_assign_pointer(gss_cred->gc_ctx, NULL);
  705. call_rcu(&cred->cr_rcu, gss_free_cred_callback);
  706. if (ctx)
  707. gss_put_ctx(ctx);
  708. kref_put(&gss_auth->kref, gss_free_callback);
  709. }
  710. /*
  711. * Lookup RPCSEC_GSS cred for the current process
  712. */
  713. static struct rpc_cred *
  714. gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
  715. {
  716. return rpcauth_lookup_credcache(auth, acred, flags);
  717. }
  718. static struct rpc_cred *
  719. gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
  720. {
  721. struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
  722. struct gss_cred *cred = NULL;
  723. int err = -ENOMEM;
  724. dprintk("RPC: gss_create_cred for uid %d, flavor %d\n",
  725. acred->uid, auth->au_flavor);
  726. if (!(cred = kzalloc(sizeof(*cred), GFP_KERNEL)))
  727. goto out_err;
  728. rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
  729. /*
  730. * Note: in order to force a call to call_refresh(), we deliberately
  731. * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
  732. */
  733. cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
  734. cred->gc_service = gss_auth->service;
  735. cred->gc_machine_cred = acred->machine_cred;
  736. kref_get(&gss_auth->kref);
  737. return &cred->gc_base;
  738. out_err:
  739. dprintk("RPC: gss_create_cred failed with error %d\n", err);
  740. return ERR_PTR(err);
  741. }
  742. static int
  743. gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
  744. {
  745. struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
  746. struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
  747. int err;
  748. do {
  749. err = gss_create_upcall(gss_auth, gss_cred);
  750. } while (err == -EAGAIN);
  751. return err;
  752. }
  753. static int
  754. gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
  755. {
  756. struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
  757. /*
  758. * If the searchflags have set RPCAUTH_LOOKUP_NEW, then
  759. * we don't really care if the credential has expired or not,
  760. * since the caller should be prepared to reinitialise it.
  761. */
  762. if ((flags & RPCAUTH_LOOKUP_NEW) && test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
  763. goto out;
  764. /* Don't match with creds that have expired. */
  765. if (gss_cred->gc_ctx && time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
  766. return 0;
  767. out:
  768. if (acred->machine_cred != gss_cred->gc_machine_cred)
  769. return 0;
  770. return (rc->cr_uid == acred->uid);
  771. }
  772. /*
  773. * Marshal credentials.
  774. * Maybe we should keep a cached credential for performance reasons.
  775. */
  776. static __be32 *
  777. gss_marshal(struct rpc_task *task, __be32 *p)
  778. {
  779. struct rpc_cred *cred = task->tk_msg.rpc_cred;
  780. struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
  781. gc_base);
  782. struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
  783. __be32 *cred_len;
  784. struct rpc_rqst *req = task->tk_rqstp;
  785. u32 maj_stat = 0;
  786. struct xdr_netobj mic;
  787. struct kvec iov;
  788. struct xdr_buf verf_buf;
  789. dprintk("RPC: %5u gss_marshal\n", task->tk_pid);
  790. *p++ = htonl(RPC_AUTH_GSS);
  791. cred_len = p++;
  792. spin_lock(&ctx->gc_seq_lock);
  793. req->rq_seqno = ctx->gc_seq++;
  794. spin_unlock(&ctx->gc_seq_lock);
  795. *p++ = htonl((u32) RPC_GSS_VERSION);
  796. *p++ = htonl((u32) ctx->gc_proc);
  797. *p++ = htonl((u32) req->rq_seqno);
  798. *p++ = htonl((u32) gss_cred->gc_service);
  799. p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
  800. *cred_len = htonl((p - (cred_len + 1)) << 2);
  801. /* We compute the checksum for the verifier over the xdr-encoded bytes
  802. * starting with the xid and ending at the end of the credential: */
  803. iov.iov_base = xprt_skip_transport_header(task->tk_xprt,
  804. req->rq_snd_buf.head[0].iov_base);
  805. iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
  806. xdr_buf_from_iov(&iov, &verf_buf);
  807. /* set verifier flavor*/
  808. *p++ = htonl(RPC_AUTH_GSS);
  809. mic.data = (u8 *)(p + 1);
  810. maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
  811. if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
  812. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  813. } else if (maj_stat != 0) {
  814. printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
  815. goto out_put_ctx;
  816. }
  817. p = xdr_encode_opaque(p, NULL, mic.len);
  818. gss_put_ctx(ctx);
  819. return p;
  820. out_put_ctx:
  821. gss_put_ctx(ctx);
  822. return NULL;
  823. }
  824. /*
  825. * Refresh credentials. XXX - finish
  826. */
  827. static int
  828. gss_refresh(struct rpc_task *task)
  829. {
  830. if (!gss_cred_is_uptodate_ctx(task->tk_msg.rpc_cred))
  831. return gss_refresh_upcall(task);
  832. return 0;
  833. }
  834. /* Dummy refresh routine: used only when destroying the context */
  835. static int
  836. gss_refresh_null(struct rpc_task *task)
  837. {
  838. return -EACCES;
  839. }
  840. static __be32 *
  841. gss_validate(struct rpc_task *task, __be32 *p)
  842. {
  843. struct rpc_cred *cred = task->tk_msg.rpc_cred;
  844. struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
  845. __be32 seq;
  846. struct kvec iov;
  847. struct xdr_buf verf_buf;
  848. struct xdr_netobj mic;
  849. u32 flav,len;
  850. u32 maj_stat;
  851. dprintk("RPC: %5u gss_validate\n", task->tk_pid);
  852. flav = ntohl(*p++);
  853. if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
  854. goto out_bad;
  855. if (flav != RPC_AUTH_GSS)
  856. goto out_bad;
  857. seq = htonl(task->tk_rqstp->rq_seqno);
  858. iov.iov_base = &seq;
  859. iov.iov_len = sizeof(seq);
  860. xdr_buf_from_iov(&iov, &verf_buf);
  861. mic.data = (u8 *)p;
  862. mic.len = len;
  863. maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
  864. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  865. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  866. if (maj_stat) {
  867. dprintk("RPC: %5u gss_validate: gss_verify_mic returned "
  868. "error 0x%08x\n", task->tk_pid, maj_stat);
  869. goto out_bad;
  870. }
  871. /* We leave it to unwrap to calculate au_rslack. For now we just
  872. * calculate the length of the verifier: */
  873. cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
  874. gss_put_ctx(ctx);
  875. dprintk("RPC: %5u gss_validate: gss_verify_mic succeeded.\n",
  876. task->tk_pid);
  877. return p + XDR_QUADLEN(len);
  878. out_bad:
  879. gss_put_ctx(ctx);
  880. dprintk("RPC: %5u gss_validate failed.\n", task->tk_pid);
  881. return NULL;
  882. }
  883. static inline int
  884. gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
  885. kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
  886. {
  887. struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
  888. struct xdr_buf integ_buf;
  889. __be32 *integ_len = NULL;
  890. struct xdr_netobj mic;
  891. u32 offset;
  892. __be32 *q;
  893. struct kvec *iov;
  894. u32 maj_stat = 0;
  895. int status = -EIO;
  896. integ_len = p++;
  897. offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
  898. *p++ = htonl(rqstp->rq_seqno);
  899. status = rpc_call_xdrproc(encode, rqstp, p, obj);
  900. if (status)
  901. return status;
  902. if (xdr_buf_subsegment(snd_buf, &integ_buf,
  903. offset, snd_buf->len - offset))
  904. return status;
  905. *integ_len = htonl(integ_buf.len);
  906. /* guess whether we're in the head or the tail: */
  907. if (snd_buf->page_len || snd_buf->tail[0].iov_len)
  908. iov = snd_buf->tail;
  909. else
  910. iov = snd_buf->head;
  911. p = iov->iov_base + iov->iov_len;
  912. mic.data = (u8 *)(p + 1);
  913. maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
  914. status = -EIO; /* XXX? */
  915. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  916. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  917. else if (maj_stat)
  918. return status;
  919. q = xdr_encode_opaque(p, NULL, mic.len);
  920. offset = (u8 *)q - (u8 *)p;
  921. iov->iov_len += offset;
  922. snd_buf->len += offset;
  923. return 0;
  924. }
  925. static void
  926. priv_release_snd_buf(struct rpc_rqst *rqstp)
  927. {
  928. int i;
  929. for (i=0; i < rqstp->rq_enc_pages_num; i++)
  930. __free_page(rqstp->rq_enc_pages[i]);
  931. kfree(rqstp->rq_enc_pages);
  932. }
  933. static int
  934. alloc_enc_pages(struct rpc_rqst *rqstp)
  935. {
  936. struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
  937. int first, last, i;
  938. if (snd_buf->page_len == 0) {
  939. rqstp->rq_enc_pages_num = 0;
  940. return 0;
  941. }
  942. first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
  943. last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
  944. rqstp->rq_enc_pages_num = last - first + 1 + 1;
  945. rqstp->rq_enc_pages
  946. = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
  947. GFP_NOFS);
  948. if (!rqstp->rq_enc_pages)
  949. goto out;
  950. for (i=0; i < rqstp->rq_enc_pages_num; i++) {
  951. rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
  952. if (rqstp->rq_enc_pages[i] == NULL)
  953. goto out_free;
  954. }
  955. rqstp->rq_release_snd_buf = priv_release_snd_buf;
  956. return 0;
  957. out_free:
  958. for (i--; i >= 0; i--) {
  959. __free_page(rqstp->rq_enc_pages[i]);
  960. }
  961. out:
  962. return -EAGAIN;
  963. }
  964. static inline int
  965. gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
  966. kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
  967. {
  968. struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
  969. u32 offset;
  970. u32 maj_stat;
  971. int status;
  972. __be32 *opaque_len;
  973. struct page **inpages;
  974. int first;
  975. int pad;
  976. struct kvec *iov;
  977. char *tmp;
  978. opaque_len = p++;
  979. offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
  980. *p++ = htonl(rqstp->rq_seqno);
  981. status = rpc_call_xdrproc(encode, rqstp, p, obj);
  982. if (status)
  983. return status;
  984. status = alloc_enc_pages(rqstp);
  985. if (status)
  986. return status;
  987. first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
  988. inpages = snd_buf->pages + first;
  989. snd_buf->pages = rqstp->rq_enc_pages;
  990. snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
  991. /* Give the tail its own page, in case we need extra space in the
  992. * head when wrapping: */
  993. if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
  994. tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
  995. memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
  996. snd_buf->tail[0].iov_base = tmp;
  997. }
  998. maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
  999. /* RPC_SLACK_SPACE should prevent this ever happening: */
  1000. BUG_ON(snd_buf->len > snd_buf->buflen);
  1001. status = -EIO;
  1002. /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
  1003. * done anyway, so it's safe to put the request on the wire: */
  1004. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  1005. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  1006. else if (maj_stat)
  1007. return status;
  1008. *opaque_len = htonl(snd_buf->len - offset);
  1009. /* guess whether we're in the head or the tail: */
  1010. if (snd_buf->page_len || snd_buf->tail[0].iov_len)
  1011. iov = snd_buf->tail;
  1012. else
  1013. iov = snd_buf->head;
  1014. p = iov->iov_base + iov->iov_len;
  1015. pad = 3 - ((snd_buf->len - offset - 1) & 3);
  1016. memset(p, 0, pad);
  1017. iov->iov_len += pad;
  1018. snd_buf->len += pad;
  1019. return 0;
  1020. }
  1021. static int
  1022. gss_wrap_req(struct rpc_task *task,
  1023. kxdrproc_t encode, void *rqstp, __be32 *p, void *obj)
  1024. {
  1025. struct rpc_cred *cred = task->tk_msg.rpc_cred;
  1026. struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
  1027. gc_base);
  1028. struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
  1029. int status = -EIO;
  1030. dprintk("RPC: %5u gss_wrap_req\n", task->tk_pid);
  1031. if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
  1032. /* The spec seems a little ambiguous here, but I think that not
  1033. * wrapping context destruction requests makes the most sense.
  1034. */
  1035. status = rpc_call_xdrproc(encode, rqstp, p, obj);
  1036. goto out;
  1037. }
  1038. switch (gss_cred->gc_service) {
  1039. case RPC_GSS_SVC_NONE:
  1040. status = rpc_call_xdrproc(encode, rqstp, p, obj);
  1041. break;
  1042. case RPC_GSS_SVC_INTEGRITY:
  1043. status = gss_wrap_req_integ(cred, ctx, encode,
  1044. rqstp, p, obj);
  1045. break;
  1046. case RPC_GSS_SVC_PRIVACY:
  1047. status = gss_wrap_req_priv(cred, ctx, encode,
  1048. rqstp, p, obj);
  1049. break;
  1050. }
  1051. out:
  1052. gss_put_ctx(ctx);
  1053. dprintk("RPC: %5u gss_wrap_req returning %d\n", task->tk_pid, status);
  1054. return status;
  1055. }
  1056. static inline int
  1057. gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
  1058. struct rpc_rqst *rqstp, __be32 **p)
  1059. {
  1060. struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
  1061. struct xdr_buf integ_buf;
  1062. struct xdr_netobj mic;
  1063. u32 data_offset, mic_offset;
  1064. u32 integ_len;
  1065. u32 maj_stat;
  1066. int status = -EIO;
  1067. integ_len = ntohl(*(*p)++);
  1068. if (integ_len & 3)
  1069. return status;
  1070. data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
  1071. mic_offset = integ_len + data_offset;
  1072. if (mic_offset > rcv_buf->len)
  1073. return status;
  1074. if (ntohl(*(*p)++) != rqstp->rq_seqno)
  1075. return status;
  1076. if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
  1077. mic_offset - data_offset))
  1078. return status;
  1079. if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
  1080. return status;
  1081. maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
  1082. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  1083. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  1084. if (maj_stat != GSS_S_COMPLETE)
  1085. return status;
  1086. return 0;
  1087. }
  1088. static inline int
  1089. gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
  1090. struct rpc_rqst *rqstp, __be32 **p)
  1091. {
  1092. struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
  1093. u32 offset;
  1094. u32 opaque_len;
  1095. u32 maj_stat;
  1096. int status = -EIO;
  1097. opaque_len = ntohl(*(*p)++);
  1098. offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
  1099. if (offset + opaque_len > rcv_buf->len)
  1100. return status;
  1101. /* remove padding: */
  1102. rcv_buf->len = offset + opaque_len;
  1103. maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
  1104. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  1105. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  1106. if (maj_stat != GSS_S_COMPLETE)
  1107. return status;
  1108. if (ntohl(*(*p)++) != rqstp->rq_seqno)
  1109. return status;
  1110. return 0;
  1111. }
  1112. static int
  1113. gss_unwrap_resp(struct rpc_task *task,
  1114. kxdrproc_t decode, void *rqstp, __be32 *p, void *obj)
  1115. {
  1116. struct rpc_cred *cred = task->tk_msg.rpc_cred;
  1117. struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
  1118. gc_base);
  1119. struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
  1120. __be32 *savedp = p;
  1121. struct kvec *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
  1122. int savedlen = head->iov_len;
  1123. int status = -EIO;
  1124. if (ctx->gc_proc != RPC_GSS_PROC_DATA)
  1125. goto out_decode;
  1126. switch (gss_cred->gc_service) {
  1127. case RPC_GSS_SVC_NONE:
  1128. break;
  1129. case RPC_GSS_SVC_INTEGRITY:
  1130. status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
  1131. if (status)
  1132. goto out;
  1133. break;
  1134. case RPC_GSS_SVC_PRIVACY:
  1135. status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
  1136. if (status)
  1137. goto out;
  1138. break;
  1139. }
  1140. /* take into account extra slack for integrity and privacy cases: */
  1141. cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
  1142. + (savedlen - head->iov_len);
  1143. out_decode:
  1144. status = rpc_call_xdrproc(decode, rqstp, p, obj);
  1145. out:
  1146. gss_put_ctx(ctx);
  1147. dprintk("RPC: %5u gss_unwrap_resp returning %d\n", task->tk_pid,
  1148. status);
  1149. return status;
  1150. }
  1151. static const struct rpc_authops authgss_ops = {
  1152. .owner = THIS_MODULE,
  1153. .au_flavor = RPC_AUTH_GSS,
  1154. .au_name = "RPCSEC_GSS",
  1155. .create = gss_create,
  1156. .destroy = gss_destroy,
  1157. .lookup_cred = gss_lookup_cred,
  1158. .crcreate = gss_create_cred
  1159. };
  1160. static const struct rpc_credops gss_credops = {
  1161. .cr_name = "AUTH_GSS",
  1162. .crdestroy = gss_destroy_cred,
  1163. .cr_init = gss_cred_init,
  1164. .crbind = rpcauth_generic_bind_cred,
  1165. .crmatch = gss_match,
  1166. .crmarshal = gss_marshal,
  1167. .crrefresh = gss_refresh,
  1168. .crvalidate = gss_validate,
  1169. .crwrap_req = gss_wrap_req,
  1170. .crunwrap_resp = gss_unwrap_resp,
  1171. };
  1172. static const struct rpc_credops gss_nullops = {
  1173. .cr_name = "AUTH_GSS",
  1174. .crdestroy = gss_destroy_cred,
  1175. .crbind = rpcauth_generic_bind_cred,
  1176. .crmatch = gss_match,
  1177. .crmarshal = gss_marshal,
  1178. .crrefresh = gss_refresh_null,
  1179. .crvalidate = gss_validate,
  1180. .crwrap_req = gss_wrap_req,
  1181. .crunwrap_resp = gss_unwrap_resp,
  1182. };
  1183. static struct rpc_pipe_ops gss_upcall_ops = {
  1184. .upcall = gss_pipe_upcall,
  1185. .downcall = gss_pipe_downcall,
  1186. .destroy_msg = gss_pipe_destroy_msg,
  1187. .release_pipe = gss_pipe_release,
  1188. };
  1189. /*
  1190. * Initialize RPCSEC_GSS module
  1191. */
  1192. static int __init init_rpcsec_gss(void)
  1193. {
  1194. int err = 0;
  1195. err = rpcauth_register(&authgss_ops);
  1196. if (err)
  1197. goto out;
  1198. err = gss_svc_init();
  1199. if (err)
  1200. goto out_unregister;
  1201. return 0;
  1202. out_unregister:
  1203. rpcauth_unregister(&authgss_ops);
  1204. out:
  1205. return err;
  1206. }
  1207. static void __exit exit_rpcsec_gss(void)
  1208. {
  1209. gss_svc_shutdown();
  1210. rpcauth_unregister(&authgss_ops);
  1211. }
  1212. MODULE_LICENSE("GPL");
  1213. module_init(init_rpcsec_gss)
  1214. module_exit(exit_rpcsec_gss)