~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/sunrpc/auth_gss/auth_gss.c

Version: ~ [ linux-5.6 ] ~ [ linux-5.5.13 ] ~ [ linux-5.4.28 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.113 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.174 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.217 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.217 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.82 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * linux/net/sunrpc/auth_gss/auth_gss.c
  3  *
  4  * RPCSEC_GSS client authentication.
  5  *
  6  *  Copyright (c) 2000 The Regents of the University of Michigan.
  7  *  All rights reserved.
  8  *
  9  *  Dug Song       <dugsong@monkey.org>
 10  *  Andy Adamson   <andros@umich.edu>
 11  *
 12  *  Redistribution and use in source and binary forms, with or without
 13  *  modification, are permitted provided that the following conditions
 14  *  are met:
 15  *
 16  *  1. Redistributions of source code must retain the above copyright
 17  *     notice, this list of conditions and the following disclaimer.
 18  *  2. Redistributions in binary form must reproduce the above copyright
 19  *     notice, this list of conditions and the following disclaimer in the
 20  *     documentation and/or other materials provided with the distribution.
 21  *  3. Neither the name of the University nor the names of its
 22  *     contributors may be used to endorse or promote products derived
 23  *     from this software without specific prior written permission.
 24  *
 25  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 26  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 27  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 28  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 29  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 30  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 31  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 32  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 33  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 34  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 35  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 36  */
 37 
 38 
 39 #include <linux/module.h>
 40 #include <linux/init.h>
 41 #include <linux/types.h>
 42 #include <linux/slab.h>
 43 #include <linux/sched.h>
 44 #include <linux/pagemap.h>
 45 #include <linux/sunrpc/clnt.h>
 46 #include <linux/sunrpc/auth.h>
 47 #include <linux/sunrpc/auth_gss.h>
 48 #include <linux/sunrpc/svcauth_gss.h>
 49 #include <linux/sunrpc/gss_err.h>
 50 #include <linux/workqueue.h>
 51 #include <linux/sunrpc/rpc_pipe_fs.h>
 52 #include <linux/sunrpc/gss_api.h>
 53 #include <asm/uaccess.h>
 54 
 55 static const struct rpc_authops authgss_ops;
 56 
 57 static const struct rpc_credops gss_credops;
 58 static const struct rpc_credops gss_nullops;
 59 
 60 #define GSS_RETRY_EXPIRED 5
 61 static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
 62 
 63 #ifdef RPC_DEBUG
 64 # define RPCDBG_FACILITY        RPCDBG_AUTH
 65 #endif
 66 
 67 #define GSS_CRED_SLACK          (RPC_MAX_AUTH_SIZE * 2)
 68 /* length of a krb5 verifier (48), plus data added before arguments when
 69  * using integrity (two 4-byte integers): */
 70 #define GSS_VERF_SLACK          100
 71 
 72 struct gss_auth {
 73         struct kref kref;
 74         struct rpc_auth rpc_auth;
 75         struct gss_api_mech *mech;
 76         enum rpc_gss_svc service;
 77         struct rpc_clnt *client;
 78         /*
 79          * There are two upcall pipes; dentry[1], named "gssd", is used
 80          * for the new text-based upcall; dentry[0] is named after the
 81          * mechanism (for example, "krb5") and exists for
 82          * backwards-compatibility with older gssd's.
 83          */
 84         struct dentry *dentry[2];
 85 };
 86 
 87 /* pipe_version >= 0 if and only if someone has a pipe open. */
 88 static int pipe_version = -1;
 89 static atomic_t pipe_users = ATOMIC_INIT(0);
 90 static DEFINE_SPINLOCK(pipe_version_lock);
 91 static struct rpc_wait_queue pipe_version_rpc_waitqueue;
 92 static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
 93 
 94 static void gss_free_ctx(struct gss_cl_ctx *);
 95 static const struct rpc_pipe_ops gss_upcall_ops_v0;
 96 static const struct rpc_pipe_ops gss_upcall_ops_v1;
 97 
 98 static inline struct gss_cl_ctx *
 99 gss_get_ctx(struct gss_cl_ctx *ctx)
100 {
101         atomic_inc(&ctx->count);
102         return ctx;
103 }
104 
105 static inline void
106 gss_put_ctx(struct gss_cl_ctx *ctx)
107 {
108         if (atomic_dec_and_test(&ctx->count))
109                 gss_free_ctx(ctx);
110 }
111 
112 /* gss_cred_set_ctx:
113  * called by gss_upcall_callback and gss_create_upcall in order
114  * to set the gss context. The actual exchange of an old context
115  * and a new one is protected by the inode->i_lock.
116  */
117 static void
118 gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
119 {
120         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
121 
122         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
123                 return;
124         gss_get_ctx(ctx);
125         rcu_assign_pointer(gss_cred->gc_ctx, ctx);
126         set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
127         smp_mb__before_clear_bit();
128         clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
129 }
130 
131 static const void *
132 simple_get_bytes(const void *p, const void *end, void *res, size_t len)
133 {
134         const void *q = (const void *)((const char *)p + len);
135         if (unlikely(q > end || q < p))
136                 return ERR_PTR(-EFAULT);
137         memcpy(res, p, len);
138         return q;
139 }
140 
141 static inline const void *
142 simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
143 {
144         const void *q;
145         unsigned int len;
146 
147         p = simple_get_bytes(p, end, &len, sizeof(len));
148         if (IS_ERR(p))
149                 return p;
150         q = (const void *)((const char *)p + len);
151         if (unlikely(q > end || q < p))
152                 return ERR_PTR(-EFAULT);
153         dest->data = kmemdup(p, len, GFP_NOFS);
154         if (unlikely(dest->data == NULL))
155                 return ERR_PTR(-ENOMEM);
156         dest->len = len;
157         return q;
158 }
159 
160 static struct gss_cl_ctx *
161 gss_cred_get_ctx(struct rpc_cred *cred)
162 {
163         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
164         struct gss_cl_ctx *ctx = NULL;
165 
166         rcu_read_lock();
167         if (gss_cred->gc_ctx)
168                 ctx = gss_get_ctx(gss_cred->gc_ctx);
169         rcu_read_unlock();
170         return ctx;
171 }
172 
173 static struct gss_cl_ctx *
174 gss_alloc_context(void)
175 {
176         struct gss_cl_ctx *ctx;
177 
178         ctx = kzalloc(sizeof(*ctx), GFP_NOFS);
179         if (ctx != NULL) {
180                 ctx->gc_proc = RPC_GSS_PROC_DATA;
181                 ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
182                 spin_lock_init(&ctx->gc_seq_lock);
183                 atomic_set(&ctx->count,1);
184         }
185         return ctx;
186 }
187 
188 #define GSSD_MIN_TIMEOUT (60 * 60)
189 static const void *
190 gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
191 {
192         const void *q;
193         unsigned int seclen;
194         unsigned int timeout;
195         u32 window_size;
196         int ret;
197 
198         /* First unsigned int gives the lifetime (in seconds) of the cred */
199         p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
200         if (IS_ERR(p))
201                 goto err;
202         if (timeout == 0)
203                 timeout = GSSD_MIN_TIMEOUT;
204         ctx->gc_expiry = jiffies + (unsigned long)timeout * HZ * 3 / 4;
205         /* Sequence number window. Determines the maximum number of simultaneous requests */
206         p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
207         if (IS_ERR(p))
208                 goto err;
209         ctx->gc_win = window_size;
210         /* gssd signals an error by passing ctx->gc_win = 0: */
211         if (ctx->gc_win == 0) {
212                 /*
213                  * in which case, p points to an error code. Anything other
214                  * than -EKEYEXPIRED gets converted to -EACCES.
215                  */
216                 p = simple_get_bytes(p, end, &ret, sizeof(ret));
217                 if (!IS_ERR(p))
218                         p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
219                                                     ERR_PTR(-EACCES);
220                 goto err;
221         }
222         /* copy the opaque wire context */
223         p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
224         if (IS_ERR(p))
225                 goto err;
226         /* import the opaque security context */
227         p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
228         if (IS_ERR(p))
229                 goto err;
230         q = (const void *)((const char *)p + seclen);
231         if (unlikely(q > end || q < p)) {
232                 p = ERR_PTR(-EFAULT);
233                 goto err;
234         }
235         ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, GFP_NOFS);
236         if (ret < 0) {
237                 p = ERR_PTR(ret);
238                 goto err;
239         }
240         return q;
241 err:
242         dprintk("RPC:       gss_fill_context returning %ld\n", -PTR_ERR(p));
243         return p;
244 }
245 
246 #define UPCALL_BUF_LEN 128
247 
248 struct gss_upcall_msg {
249         atomic_t count;
250         uid_t   uid;
251         struct rpc_pipe_msg msg;
252         struct list_head list;
253         struct gss_auth *auth;
254         struct rpc_inode *inode;
255         struct rpc_wait_queue rpc_waitqueue;
256         wait_queue_head_t waitqueue;
257         struct gss_cl_ctx *ctx;
258         char databuf[UPCALL_BUF_LEN];
259 };
260 
261 static int get_pipe_version(void)
262 {
263         int ret;
264 
265         spin_lock(&pipe_version_lock);
266         if (pipe_version >= 0) {
267                 atomic_inc(&pipe_users);
268                 ret = pipe_version;
269         } else
270                 ret = -EAGAIN;
271         spin_unlock(&pipe_version_lock);
272         return ret;
273 }
274 
275 static void put_pipe_version(void)
276 {
277         if (atomic_dec_and_lock(&pipe_users, &pipe_version_lock)) {
278                 pipe_version = -1;
279                 spin_unlock(&pipe_version_lock);
280         }
281 }
282 
283 static void
284 gss_release_msg(struct gss_upcall_msg *gss_msg)
285 {
286         if (!atomic_dec_and_test(&gss_msg->count))
287                 return;
288         put_pipe_version();
289         BUG_ON(!list_empty(&gss_msg->list));
290         if (gss_msg->ctx != NULL)
291                 gss_put_ctx(gss_msg->ctx);
292         rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
293         kfree(gss_msg);
294 }
295 
296 static struct gss_upcall_msg *
297 __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
298 {
299         struct gss_upcall_msg *pos;
300         list_for_each_entry(pos, &rpci->in_downcall, list) {
301                 if (pos->uid != uid)
302                         continue;
303                 atomic_inc(&pos->count);
304                 dprintk("RPC:       gss_find_upcall found msg %p\n", pos);
305                 return pos;
306         }
307         dprintk("RPC:       gss_find_upcall found nothing\n");
308         return NULL;
309 }
310 
311 /* Try to add an upcall to the pipefs queue.
312  * If an upcall owned by our uid already exists, then we return a reference
313  * to that upcall instead of adding the new upcall.
314  */
315 static inline struct gss_upcall_msg *
316 gss_add_msg(struct gss_upcall_msg *gss_msg)
317 {
318         struct rpc_inode *rpci = gss_msg->inode;
319         struct inode *inode = &rpci->vfs_inode;
320         struct gss_upcall_msg *old;
321 
322         spin_lock(&inode->i_lock);
323         old = __gss_find_upcall(rpci, gss_msg->uid);
324         if (old == NULL) {
325                 atomic_inc(&gss_msg->count);
326                 list_add(&gss_msg->list, &rpci->in_downcall);
327         } else
328                 gss_msg = old;
329         spin_unlock(&inode->i_lock);
330         return gss_msg;
331 }
332 
333 static void
334 __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
335 {
336         list_del_init(&gss_msg->list);
337         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
338         wake_up_all(&gss_msg->waitqueue);
339         atomic_dec(&gss_msg->count);
340 }
341 
342 static void
343 gss_unhash_msg(struct gss_upcall_msg *gss_msg)
344 {
345         struct inode *inode = &gss_msg->inode->vfs_inode;
346 
347         if (list_empty(&gss_msg->list))
348                 return;
349         spin_lock(&inode->i_lock);
350         if (!list_empty(&gss_msg->list))
351                 __gss_unhash_msg(gss_msg);
352         spin_unlock(&inode->i_lock);
353 }
354 
355 static void
356 gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss_msg)
357 {
358         switch (gss_msg->msg.errno) {
359         case 0:
360                 if (gss_msg->ctx == NULL)
361                         break;
362                 clear_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
363                 gss_cred_set_ctx(&gss_cred->gc_base, gss_msg->ctx);
364                 break;
365         case -EKEYEXPIRED:
366                 set_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
367         }
368         gss_cred->gc_upcall_timestamp = jiffies;
369         gss_cred->gc_upcall = NULL;
370         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
371 }
372 
373 static void
374 gss_upcall_callback(struct rpc_task *task)
375 {
376         struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
377                         struct gss_cred, gc_base);
378         struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
379         struct inode *inode = &gss_msg->inode->vfs_inode;
380 
381         spin_lock(&inode->i_lock);
382         gss_handle_downcall_result(gss_cred, gss_msg);
383         spin_unlock(&inode->i_lock);
384         task->tk_status = gss_msg->msg.errno;
385         gss_release_msg(gss_msg);
386 }
387 
388 static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
389 {
390         gss_msg->msg.data = &gss_msg->uid;
391         gss_msg->msg.len = sizeof(gss_msg->uid);
392 }
393 
394 static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
395                                 struct rpc_clnt *clnt,
396                                 const char *service_name)
397 {
398         struct gss_api_mech *mech = gss_msg->auth->mech;
399         char *p = gss_msg->databuf;
400         int len = 0;
401 
402         gss_msg->msg.len = sprintf(gss_msg->databuf, "mech=%s uid=%d ",
403                                    mech->gm_name,
404                                    gss_msg->uid);
405         p += gss_msg->msg.len;
406         if (clnt->cl_principal) {
407                 len = sprintf(p, "target=%s ", clnt->cl_principal);
408                 p += len;
409                 gss_msg->msg.len += len;
410         }
411         if (service_name != NULL) {
412                 len = sprintf(p, "service=%s ", service_name);
413                 p += len;
414                 gss_msg->msg.len += len;
415         }
416         if (mech->gm_upcall_enctypes) {
417                 len = sprintf(p, "enctypes=%s ", mech->gm_upcall_enctypes);
418                 p += len;
419                 gss_msg->msg.len += len;
420         }
421         len = sprintf(p, "\n");
422         gss_msg->msg.len += len;
423 
424         gss_msg->msg.data = gss_msg->databuf;
425         BUG_ON(gss_msg->msg.len > UPCALL_BUF_LEN);
426 }
427 
428 static void gss_encode_msg(struct gss_upcall_msg *gss_msg,
429                                 struct rpc_clnt *clnt,
430                                 const char *service_name)
431 {
432         if (pipe_version == 0)
433                 gss_encode_v0_msg(gss_msg);
434         else /* pipe_version == 1 */
435                 gss_encode_v1_msg(gss_msg, clnt, service_name);
436 }
437 
438 static struct gss_upcall_msg *
439 gss_alloc_msg(struct gss_auth *gss_auth, struct rpc_clnt *clnt,
440                 uid_t uid, const char *service_name)
441 {
442         struct gss_upcall_msg *gss_msg;
443         int vers;
444 
445         gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
446         if (gss_msg == NULL)
447                 return ERR_PTR(-ENOMEM);
448         vers = get_pipe_version();
449         if (vers < 0) {
450                 kfree(gss_msg);
451                 return ERR_PTR(vers);
452         }
453         gss_msg->inode = RPC_I(gss_auth->dentry[vers]->d_inode);
454         INIT_LIST_HEAD(&gss_msg->list);
455         rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
456         init_waitqueue_head(&gss_msg->waitqueue);
457         atomic_set(&gss_msg->count, 1);
458         gss_msg->uid = uid;
459         gss_msg->auth = gss_auth;
460         gss_encode_msg(gss_msg, clnt, service_name);
461         return gss_msg;
462 }
463 
464 static struct gss_upcall_msg *
465 gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
466 {
467         struct gss_cred *gss_cred = container_of(cred,
468                         struct gss_cred, gc_base);
469         struct gss_upcall_msg *gss_new, *gss_msg;
470         uid_t uid = cred->cr_uid;
471 
472         gss_new = gss_alloc_msg(gss_auth, clnt, uid, gss_cred->gc_principal);
473         if (IS_ERR(gss_new))
474                 return gss_new;
475         gss_msg = gss_add_msg(gss_new);
476         if (gss_msg == gss_new) {
477                 struct inode *inode = &gss_new->inode->vfs_inode;
478                 int res = rpc_queue_upcall(inode, &gss_new->msg);
479                 if (res) {
480                         gss_unhash_msg(gss_new);
481                         gss_msg = ERR_PTR(res);
482                 }
483         } else
484                 gss_release_msg(gss_new);
485         return gss_msg;
486 }
487 
488 static void warn_gssd(void)
489 {
490         static unsigned long ratelimit;
491         unsigned long now = jiffies;
492 
493         if (time_after(now, ratelimit)) {
494                 printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
495                                 "Please check user daemon is running.\n");
496                 ratelimit = now + 15*HZ;
497         }
498 }
499 
500 static inline int
501 gss_refresh_upcall(struct rpc_task *task)
502 {
503         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
504         struct gss_auth *gss_auth = container_of(cred->cr_auth,
505                         struct gss_auth, rpc_auth);
506         struct gss_cred *gss_cred = container_of(cred,
507                         struct gss_cred, gc_base);
508         struct gss_upcall_msg *gss_msg;
509         struct inode *inode;
510         int err = 0;
511 
512         dprintk("RPC: %5u gss_refresh_upcall for uid %u\n", task->tk_pid,
513                                                                 cred->cr_uid);
514         gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
515         if (PTR_ERR(gss_msg) == -EAGAIN) {
516                 /* XXX: warning on the first, under the assumption we
517                  * shouldn't normally hit this case on a refresh. */
518                 warn_gssd();
519                 task->tk_timeout = 15*HZ;
520                 rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL);
521                 return -EAGAIN;
522         }
523         if (IS_ERR(gss_msg)) {
524                 err = PTR_ERR(gss_msg);
525                 goto out;
526         }
527         inode = &gss_msg->inode->vfs_inode;
528         spin_lock(&inode->i_lock);
529         if (gss_cred->gc_upcall != NULL)
530                 rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
531         else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
532                 task->tk_timeout = 0;
533                 gss_cred->gc_upcall = gss_msg;
534                 /* gss_upcall_callback will release the reference to gss_upcall_msg */
535                 atomic_inc(&gss_msg->count);
536                 rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
537         } else {
538                 gss_handle_downcall_result(gss_cred, gss_msg);
539                 err = gss_msg->msg.errno;
540         }
541         spin_unlock(&inode->i_lock);
542         gss_release_msg(gss_msg);
543 out:
544         dprintk("RPC: %5u gss_refresh_upcall for uid %u result %d\n",
545                         task->tk_pid, cred->cr_uid, err);
546         return err;
547 }
548 
549 static inline int
550 gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
551 {
552         struct inode *inode;
553         struct rpc_cred *cred = &gss_cred->gc_base;
554         struct gss_upcall_msg *gss_msg;
555         DEFINE_WAIT(wait);
556         int err = 0;
557 
558         dprintk("RPC:       gss_upcall for uid %u\n", cred->cr_uid);
559 retry:
560         gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
561         if (PTR_ERR(gss_msg) == -EAGAIN) {
562                 err = wait_event_interruptible_timeout(pipe_version_waitqueue,
563                                 pipe_version >= 0, 15*HZ);
564                 if (pipe_version < 0) {
565                         warn_gssd();
566                         err = -EACCES;
567                 }
568                 if (err)
569                         goto out;
570                 goto retry;
571         }
572         if (IS_ERR(gss_msg)) {
573                 err = PTR_ERR(gss_msg);
574                 goto out;
575         }
576         inode = &gss_msg->inode->vfs_inode;
577         for (;;) {
578                 prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
579                 spin_lock(&inode->i_lock);
580                 if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
581                         break;
582                 }
583                 spin_unlock(&inode->i_lock);
584                 if (fatal_signal_pending(current)) {
585                         err = -ERESTARTSYS;
586                         goto out_intr;
587                 }
588                 schedule();
589         }
590         if (gss_msg->ctx)
591                 gss_cred_set_ctx(cred, gss_msg->ctx);
592         else
593                 err = gss_msg->msg.errno;
594         spin_unlock(&inode->i_lock);
595 out_intr:
596         finish_wait(&gss_msg->waitqueue, &wait);
597         gss_release_msg(gss_msg);
598 out:
599         dprintk("RPC:       gss_create_upcall for uid %u result %d\n",
600                         cred->cr_uid, err);
601         return err;
602 }
603 
604 #define MSG_BUF_MAXSIZE 1024
605 
606 static ssize_t
607 gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
608 {
609         const void *p, *end;
610         void *buf;
611         struct gss_upcall_msg *gss_msg;
612         struct inode *inode = filp->f_path.dentry->d_inode;
613         struct gss_cl_ctx *ctx;
614         uid_t uid;
615         ssize_t err = -EFBIG;
616 
617         if (mlen > MSG_BUF_MAXSIZE)
618                 goto out;
619         err = -ENOMEM;
620         buf = kmalloc(mlen, GFP_NOFS);
621         if (!buf)
622                 goto out;
623 
624         err = -EFAULT;
625         if (copy_from_user(buf, src, mlen))
626                 goto err;
627 
628         end = (const void *)((char *)buf + mlen);
629         p = simple_get_bytes(buf, end, &uid, sizeof(uid));
630         if (IS_ERR(p)) {
631                 err = PTR_ERR(p);
632                 goto err;
633         }
634 
635         err = -ENOMEM;
636         ctx = gss_alloc_context();
637         if (ctx == NULL)
638                 goto err;
639 
640         err = -ENOENT;
641         /* Find a matching upcall */
642         spin_lock(&inode->i_lock);
643         gss_msg = __gss_find_upcall(RPC_I(inode), uid);
644         if (gss_msg == NULL) {
645                 spin_unlock(&inode->i_lock);
646                 goto err_put_ctx;
647         }
648         list_del_init(&gss_msg->list);
649         spin_unlock(&inode->i_lock);
650 
651         p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
652         if (IS_ERR(p)) {
653                 err = PTR_ERR(p);
654                 switch (err) {
655                 case -EACCES:
656                 case -EKEYEXPIRED:
657                         gss_msg->msg.errno = err;
658                         err = mlen;
659                         break;
660                 case -EFAULT:
661                 case -ENOMEM:
662                 case -EINVAL:
663                 case -ENOSYS:
664                         gss_msg->msg.errno = -EAGAIN;
665                         break;
666                 default:
667                         printk(KERN_CRIT "%s: bad return from "
668                                 "gss_fill_context: %zd\n", __func__, err);
669                         BUG();
670                 }
671                 goto err_release_msg;
672         }
673         gss_msg->ctx = gss_get_ctx(ctx);
674         err = mlen;
675 
676 err_release_msg:
677         spin_lock(&inode->i_lock);
678         __gss_unhash_msg(gss_msg);
679         spin_unlock(&inode->i_lock);
680         gss_release_msg(gss_msg);
681 err_put_ctx:
682         gss_put_ctx(ctx);
683 err:
684         kfree(buf);
685 out:
686         dprintk("RPC:       gss_pipe_downcall returning %Zd\n", err);
687         return err;
688 }
689 
690 static int gss_pipe_open(struct inode *inode, int new_version)
691 {
692         int ret = 0;
693 
694         spin_lock(&pipe_version_lock);
695         if (pipe_version < 0) {
696                 /* First open of any gss pipe determines the version: */
697                 pipe_version = new_version;
698                 rpc_wake_up(&pipe_version_rpc_waitqueue);
699                 wake_up(&pipe_version_waitqueue);
700         } else if (pipe_version != new_version) {
701                 /* Trying to open a pipe of a different version */
702                 ret = -EBUSY;
703                 goto out;
704         }
705         atomic_inc(&pipe_users);
706 out:
707         spin_unlock(&pipe_version_lock);
708         return ret;
709 
710 }
711 
712 static int gss_pipe_open_v0(struct inode *inode)
713 {
714         return gss_pipe_open(inode, 0);
715 }
716 
717 static int gss_pipe_open_v1(struct inode *inode)
718 {
719         return gss_pipe_open(inode, 1);
720 }
721 
722 static void
723 gss_pipe_release(struct inode *inode)
724 {
725         struct rpc_inode *rpci = RPC_I(inode);
726         struct gss_upcall_msg *gss_msg;
727 
728 restart:
729         spin_lock(&inode->i_lock);
730         list_for_each_entry(gss_msg, &rpci->in_downcall, list) {
731 
732                 if (!list_empty(&gss_msg->msg.list))
733                         continue;
734                 gss_msg->msg.errno = -EPIPE;
735                 atomic_inc(&gss_msg->count);
736                 __gss_unhash_msg(gss_msg);
737                 spin_unlock(&inode->i_lock);
738                 gss_release_msg(gss_msg);
739                 goto restart;
740         }
741         spin_unlock(&inode->i_lock);
742 
743         put_pipe_version();
744 }
745 
746 static void
747 gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
748 {
749         struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
750 
751         if (msg->errno < 0) {
752                 dprintk("RPC:       gss_pipe_destroy_msg releasing msg %p\n",
753                                 gss_msg);
754                 atomic_inc(&gss_msg->count);
755                 gss_unhash_msg(gss_msg);
756                 if (msg->errno == -ETIMEDOUT)
757                         warn_gssd();
758                 gss_release_msg(gss_msg);
759         }
760 }
761 
762 /*
763  * NOTE: we have the opportunity to use different
764  * parameters based on the input flavor (which must be a pseudoflavor)
765  */
766 static struct rpc_auth *
767 gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
768 {
769         struct gss_auth *gss_auth;
770         struct rpc_auth * auth;
771         int err = -ENOMEM; /* XXX? */
772 
773         dprintk("RPC:       creating GSS authenticator for client %p\n", clnt);
774 
775         if (!try_module_get(THIS_MODULE))
776                 return ERR_PTR(err);
777         if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
778                 goto out_dec;
779         gss_auth->client = clnt;
780         err = -EINVAL;
781         gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
782         if (!gss_auth->mech) {
783                 printk(KERN_WARNING "%s: Pseudoflavor %d not found!\n",
784                                 __func__, flavor);
785                 goto err_free;
786         }
787         gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
788         if (gss_auth->service == 0)
789                 goto err_put_mech;
790         auth = &gss_auth->rpc_auth;
791         auth->au_cslack = GSS_CRED_SLACK >> 2;
792         auth->au_rslack = GSS_VERF_SLACK >> 2;
793         auth->au_ops = &authgss_ops;
794         auth->au_flavor = flavor;
795         atomic_set(&auth->au_count, 1);
796         kref_init(&gss_auth->kref);
797 
798         /*
799          * Note: if we created the old pipe first, then someone who
800          * examined the directory at the right moment might conclude
801          * that we supported only the old pipe.  So we instead create
802          * the new pipe first.
803          */
804         gss_auth->dentry[1] = rpc_mkpipe(clnt->cl_path.dentry,
805                                          "gssd",
806                                          clnt, &gss_upcall_ops_v1,
807                                          RPC_PIPE_WAIT_FOR_OPEN);
808         if (IS_ERR(gss_auth->dentry[1])) {
809                 err = PTR_ERR(gss_auth->dentry[1]);
810                 goto err_put_mech;
811         }
812 
813         gss_auth->dentry[0] = rpc_mkpipe(clnt->cl_path.dentry,
814                                          gss_auth->mech->gm_name,
815                                          clnt, &gss_upcall_ops_v0,
816                                          RPC_PIPE_WAIT_FOR_OPEN);
817         if (IS_ERR(gss_auth->dentry[0])) {
818                 err = PTR_ERR(gss_auth->dentry[0]);
819                 goto err_unlink_pipe_1;
820         }
821         err = rpcauth_init_credcache(auth);
822         if (err)
823                 goto err_unlink_pipe_0;
824 
825         return auth;
826 err_unlink_pipe_0:
827         rpc_unlink(gss_auth->dentry[0]);
828 err_unlink_pipe_1:
829         rpc_unlink(gss_auth->dentry[1]);
830 err_put_mech:
831         gss_mech_put(gss_auth->mech);
832 err_free:
833         kfree(gss_auth);
834 out_dec:
835         module_put(THIS_MODULE);
836         return ERR_PTR(err);
837 }
838 
839 static void
840 gss_free(struct gss_auth *gss_auth)
841 {
842         rpc_unlink(gss_auth->dentry[1]);
843         rpc_unlink(gss_auth->dentry[0]);
844         gss_mech_put(gss_auth->mech);
845 
846         kfree(gss_auth);
847         module_put(THIS_MODULE);
848 }
849 
850 static void
851 gss_free_callback(struct kref *kref)
852 {
853         struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
854 
855         gss_free(gss_auth);
856 }
857 
858 static void
859 gss_destroy(struct rpc_auth *auth)
860 {
861         struct gss_auth *gss_auth;
862 
863         dprintk("RPC:       destroying GSS authenticator %p flavor %d\n",
864                         auth, auth->au_flavor);
865 
866         rpcauth_destroy_credcache(auth);
867 
868         gss_auth = container_of(auth, struct gss_auth, rpc_auth);
869         kref_put(&gss_auth->kref, gss_free_callback);
870 }
871 
872 /*
873  * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
874  * to the server with the GSS control procedure field set to
875  * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
876  * all RPCSEC_GSS state associated with that context.
877  */
878 static int
879 gss_destroying_context(struct rpc_cred *cred)
880 {
881         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
882         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
883         struct rpc_task *task;
884 
885         if (gss_cred->gc_ctx == NULL ||
886             test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
887                 return 0;
888 
889         gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
890         cred->cr_ops = &gss_nullops;
891 
892         /* Take a reference to ensure the cred will be destroyed either
893          * by the RPC call or by the put_rpccred() below */
894         get_rpccred(cred);
895 
896         task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
897         if (!IS_ERR(task))
898                 rpc_put_task(task);
899 
900         put_rpccred(cred);
901         return 1;
902 }
903 
904 /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
905  * to create a new cred or context, so they check that things have been
906  * allocated before freeing them. */
907 static void
908 gss_do_free_ctx(struct gss_cl_ctx *ctx)
909 {
910         dprintk("RPC:       gss_free_ctx\n");
911 
912         gss_delete_sec_context(&ctx->gc_gss_ctx);
913         kfree(ctx->gc_wire_ctx.data);
914         kfree(ctx);
915 }
916 
917 static void
918 gss_free_ctx_callback(struct rcu_head *head)
919 {
920         struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
921         gss_do_free_ctx(ctx);
922 }
923 
924 static void
925 gss_free_ctx(struct gss_cl_ctx *ctx)
926 {
927         call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
928 }
929 
930 static void
931 gss_free_cred(struct gss_cred *gss_cred)
932 {
933         dprintk("RPC:       gss_free_cred %p\n", gss_cred);
934         kfree(gss_cred);
935 }
936 
937 static void
938 gss_free_cred_callback(struct rcu_head *head)
939 {
940         struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
941         gss_free_cred(gss_cred);
942 }
943 
944 static void
945 gss_destroy_nullcred(struct rpc_cred *cred)
946 {
947         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
948         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
949         struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
950 
951         RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
952         call_rcu(&cred->cr_rcu, gss_free_cred_callback);
953         if (ctx)
954                 gss_put_ctx(ctx);
955         kref_put(&gss_auth->kref, gss_free_callback);
956 }
957 
958 static void
959 gss_destroy_cred(struct rpc_cred *cred)
960 {
961 
962         if (gss_destroying_context(cred))
963                 return;
964         gss_destroy_nullcred(cred);
965 }
966 
967 /*
968  * Lookup RPCSEC_GSS cred for the current process
969  */
970 static struct rpc_cred *
971 gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
972 {
973         return rpcauth_lookup_credcache(auth, acred, flags);
974 }
975 
976 static struct rpc_cred *
977 gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
978 {
979         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
980         struct gss_cred *cred = NULL;
981         int err = -ENOMEM;
982 
983         dprintk("RPC:       gss_create_cred for uid %d, flavor %d\n",
984                 acred->uid, auth->au_flavor);
985 
986         if (!(cred = kzalloc(sizeof(*cred), GFP_NOFS)))
987                 goto out_err;
988 
989         rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
990         /*
991          * Note: in order to force a call to call_refresh(), we deliberately
992          * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
993          */
994         cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
995         cred->gc_service = gss_auth->service;
996         cred->gc_principal = NULL;
997         if (acred->machine_cred)
998                 cred->gc_principal = acred->principal;
999         kref_get(&gss_auth->kref);
1000         return &cred->gc_base;
1001 
1002 out_err:
1003         dprintk("RPC:       gss_create_cred failed with error %d\n", err);
1004         return ERR_PTR(err);
1005 }
1006 
1007 static int
1008 gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
1009 {
1010         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1011         struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
1012         int err;
1013 
1014         do {
1015                 err = gss_create_upcall(gss_auth, gss_cred);
1016         } while (err == -EAGAIN);
1017         return err;
1018 }
1019 
1020 static int
1021 gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
1022 {
1023         struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1024 
1025         if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
1026                 goto out;
1027         /* Don't match with creds that have expired. */
1028         if (time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
1029                 return 0;
1030         if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
1031                 return 0;
1032 out:
1033         if (acred->principal != NULL) {
1034                 if (gss_cred->gc_principal == NULL)
1035                         return 0;
1036                 return strcmp(acred->principal, gss_cred->gc_principal) == 0;
1037         }
1038         if (gss_cred->gc_principal != NULL)
1039                 return 0;
1040         return rc->cr_uid == acred->uid;
1041 }
1042 
1043 /*
1044 * Marshal credentials.
1045 * Maybe we should keep a cached credential for performance reasons.
1046 */
1047 static __be32 *
1048 gss_marshal(struct rpc_task *task, __be32 *p)
1049 {
1050         struct rpc_rqst *req = task->tk_rqstp;
1051         struct rpc_cred *cred = req->rq_cred;
1052         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1053                                                  gc_base);
1054         struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
1055         __be32          *cred_len;
1056         u32             maj_stat = 0;
1057         struct xdr_netobj mic;
1058         struct kvec     iov;
1059         struct xdr_buf  verf_buf;
1060 
1061         dprintk("RPC: %5u gss_marshal\n", task->tk_pid);
1062 
1063         *p++ = htonl(RPC_AUTH_GSS);
1064         cred_len = p++;
1065 
1066         spin_lock(&ctx->gc_seq_lock);
1067         req->rq_seqno = ctx->gc_seq++;
1068         spin_unlock(&ctx->gc_seq_lock);
1069 
1070         *p++ = htonl((u32) RPC_GSS_VERSION);
1071         *p++ = htonl((u32) ctx->gc_proc);
1072         *p++ = htonl((u32) req->rq_seqno);
1073         *p++ = htonl((u32) gss_cred->gc_service);
1074         p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
1075         *cred_len = htonl((p - (cred_len + 1)) << 2);
1076 
1077         /* We compute the checksum for the verifier over the xdr-encoded bytes
1078          * starting with the xid and ending at the end of the credential: */
1079         iov.iov_base = xprt_skip_transport_header(task->tk_xprt,
1080                                         req->rq_snd_buf.head[0].iov_base);
1081         iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
1082         xdr_buf_from_iov(&iov, &verf_buf);
1083 
1084         /* set verifier flavor*/
1085         *p++ = htonl(RPC_AUTH_GSS);
1086 
1087         mic.data = (u8 *)(p + 1);
1088         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1089         if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
1090                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1091         } else if (maj_stat != 0) {
1092                 printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
1093                 goto out_put_ctx;
1094         }
1095         p = xdr_encode_opaque(p, NULL, mic.len);
1096         gss_put_ctx(ctx);
1097         return p;
1098 out_put_ctx:
1099         gss_put_ctx(ctx);
1100         return NULL;
1101 }
1102 
1103 static int gss_renew_cred(struct rpc_task *task)
1104 {
1105         struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
1106         struct gss_cred *gss_cred = container_of(oldcred,
1107                                                  struct gss_cred,
1108                                                  gc_base);
1109         struct rpc_auth *auth = oldcred->cr_auth;
1110         struct auth_cred acred = {
1111                 .uid = oldcred->cr_uid,
1112                 .principal = gss_cred->gc_principal,
1113                 .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0),
1114         };
1115         struct rpc_cred *new;
1116 
1117         new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
1118         if (IS_ERR(new))
1119                 return PTR_ERR(new);
1120         task->tk_rqstp->rq_cred = new;
1121         put_rpccred(oldcred);
1122         return 0;
1123 }
1124 
1125 static int gss_cred_is_negative_entry(struct rpc_cred *cred)
1126 {
1127         if (test_bit(RPCAUTH_CRED_NEGATIVE, &cred->cr_flags)) {
1128                 unsigned long now = jiffies;
1129                 unsigned long begin, expire;
1130                 struct gss_cred *gss_cred; 
1131 
1132                 gss_cred = container_of(cred, struct gss_cred, gc_base);
1133                 begin = gss_cred->gc_upcall_timestamp;
1134                 expire = begin + gss_expired_cred_retry_delay * HZ;
1135 
1136                 if (time_in_range_open(now, begin, expire))
1137                         return 1;
1138         }
1139         return 0;
1140 }
1141 
1142 /*
1143 * Refresh credentials. XXX - finish
1144 */
1145 static int
1146 gss_refresh(struct rpc_task *task)
1147 {
1148         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1149         int ret = 0;
1150 
1151         if (gss_cred_is_negative_entry(cred))
1152                 return -EKEYEXPIRED;
1153 
1154         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
1155                         !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
1156                 ret = gss_renew_cred(task);
1157                 if (ret < 0)
1158                         goto out;
1159                 cred = task->tk_rqstp->rq_cred;
1160         }
1161 
1162         if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
1163                 ret = gss_refresh_upcall(task);
1164 out:
1165         return ret;
1166 }
1167 
1168 /* Dummy refresh routine: used only when destroying the context */
1169 static int
1170 gss_refresh_null(struct rpc_task *task)
1171 {
1172         return -EACCES;
1173 }
1174 
1175 static __be32 *
1176 gss_validate(struct rpc_task *task, __be32 *p)
1177 {
1178         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1179         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1180         __be32          seq;
1181         struct kvec     iov;
1182         struct xdr_buf  verf_buf;
1183         struct xdr_netobj mic;
1184         u32             flav,len;
1185         u32             maj_stat;
1186 
1187         dprintk("RPC: %5u gss_validate\n", task->tk_pid);
1188 
1189         flav = ntohl(*p++);
1190         if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
1191                 goto out_bad;
1192         if (flav != RPC_AUTH_GSS)
1193                 goto out_bad;
1194         seq = htonl(task->tk_rqstp->rq_seqno);
1195         iov.iov_base = &seq;
1196         iov.iov_len = sizeof(seq);
1197         xdr_buf_from_iov(&iov, &verf_buf);
1198         mic.data = (u8 *)p;
1199         mic.len = len;
1200 
1201         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1202         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1203                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1204         if (maj_stat) {
1205                 dprintk("RPC: %5u gss_validate: gss_verify_mic returned "
1206                                 "error 0x%08x\n", task->tk_pid, maj_stat);
1207                 goto out_bad;
1208         }
1209         /* We leave it to unwrap to calculate au_rslack. For now we just
1210          * calculate the length of the verifier: */
1211         cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1212         gss_put_ctx(ctx);
1213         dprintk("RPC: %5u gss_validate: gss_verify_mic succeeded.\n",
1214                         task->tk_pid);
1215         return p + XDR_QUADLEN(len);
1216 out_bad:
1217         gss_put_ctx(ctx);
1218         dprintk("RPC: %5u gss_validate failed.\n", task->tk_pid);
1219         return NULL;
1220 }
1221 
1222 static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
1223                                 __be32 *p, void *obj)
1224 {
1225         struct xdr_stream xdr;
1226 
1227         xdr_init_encode(&xdr, &rqstp->rq_snd_buf, p);
1228         encode(rqstp, &xdr, obj);
1229 }
1230 
1231 static inline int
1232 gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1233                    kxdreproc_t encode, struct rpc_rqst *rqstp,
1234                    __be32 *p, void *obj)
1235 {
1236         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1237         struct xdr_buf  integ_buf;
1238         __be32          *integ_len = NULL;
1239         struct xdr_netobj mic;
1240         u32             offset;
1241         __be32          *q;
1242         struct kvec     *iov;
1243         u32             maj_stat = 0;
1244         int             status = -EIO;
1245 
1246         integ_len = p++;
1247         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1248         *p++ = htonl(rqstp->rq_seqno);
1249 
1250         gss_wrap_req_encode(encode, rqstp, p, obj);
1251 
1252         if (xdr_buf_subsegment(snd_buf, &integ_buf,
1253                                 offset, snd_buf->len - offset))
1254                 return status;
1255         *integ_len = htonl(integ_buf.len);
1256 
1257         /* guess whether we're in the head or the tail: */
1258         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1259                 iov = snd_buf->tail;
1260         else
1261                 iov = snd_buf->head;
1262         p = iov->iov_base + iov->iov_len;
1263         mic.data = (u8 *)(p + 1);
1264 
1265         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1266         status = -EIO; /* XXX? */
1267         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1268                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1269         else if (maj_stat)
1270                 return status;
1271         q = xdr_encode_opaque(p, NULL, mic.len);
1272 
1273         offset = (u8 *)q - (u8 *)p;
1274         iov->iov_len += offset;
1275         snd_buf->len += offset;
1276         return 0;
1277 }
1278 
1279 static void
1280 priv_release_snd_buf(struct rpc_rqst *rqstp)
1281 {
1282         int i;
1283 
1284         for (i=0; i < rqstp->rq_enc_pages_num; i++)
1285                 __free_page(rqstp->rq_enc_pages[i]);
1286         kfree(rqstp->rq_enc_pages);
1287 }
1288 
1289 static int
1290 alloc_enc_pages(struct rpc_rqst *rqstp)
1291 {
1292         struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1293         int first, last, i;
1294 
1295         if (snd_buf->page_len == 0) {
1296                 rqstp->rq_enc_pages_num = 0;
1297                 return 0;
1298         }
1299 
1300         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1301         last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
1302         rqstp->rq_enc_pages_num = last - first + 1 + 1;
1303         rqstp->rq_enc_pages
1304                 = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
1305                                 GFP_NOFS);
1306         if (!rqstp->rq_enc_pages)
1307                 goto out;
1308         for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1309                 rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1310                 if (rqstp->rq_enc_pages[i] == NULL)
1311                         goto out_free;
1312         }
1313         rqstp->rq_release_snd_buf = priv_release_snd_buf;
1314         return 0;
1315 out_free:
1316         rqstp->rq_enc_pages_num = i;
1317         priv_release_snd_buf(rqstp);
1318 out:
1319         return -EAGAIN;
1320 }
1321 
1322 static inline int
1323 gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1324                   kxdreproc_t encode, struct rpc_rqst *rqstp,
1325                   __be32 *p, void *obj)
1326 {
1327         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1328         u32             offset;
1329         u32             maj_stat;
1330         int             status;
1331         __be32          *opaque_len;
1332         struct page     **inpages;
1333         int             first;
1334         int             pad;
1335         struct kvec     *iov;
1336         char            *tmp;
1337 
1338         opaque_len = p++;
1339         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1340         *p++ = htonl(rqstp->rq_seqno);
1341 
1342         gss_wrap_req_encode(encode, rqstp, p, obj);
1343 
1344         status = alloc_enc_pages(rqstp);
1345         if (status)
1346                 return status;
1347         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1348         inpages = snd_buf->pages + first;
1349         snd_buf->pages = rqstp->rq_enc_pages;
1350         snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1351         /*
1352          * Give the tail its own page, in case we need extra space in the
1353          * head when wrapping:
1354          *
1355          * call_allocate() allocates twice the slack space required
1356          * by the authentication flavor to rq_callsize.
1357          * For GSS, slack is GSS_CRED_SLACK.
1358          */
1359         if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1360                 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1361                 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1362                 snd_buf->tail[0].iov_base = tmp;
1363         }
1364         maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1365         /* slack space should prevent this ever happening: */
1366         BUG_ON(snd_buf->len > snd_buf->buflen);
1367         status = -EIO;
1368         /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1369          * done anyway, so it's safe to put the request on the wire: */
1370         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1371                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1372         else if (maj_stat)
1373                 return status;
1374 
1375         *opaque_len = htonl(snd_buf->len - offset);
1376         /* guess whether we're in the head or the tail: */
1377         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1378                 iov = snd_buf->tail;
1379         else
1380                 iov = snd_buf->head;
1381         p = iov->iov_base + iov->iov_len;
1382         pad = 3 - ((snd_buf->len - offset - 1) & 3);
1383         memset(p, 0, pad);
1384         iov->iov_len += pad;
1385         snd_buf->len += pad;
1386 
1387         return 0;
1388 }
1389 
1390 static int
1391 gss_wrap_req(struct rpc_task *task,
1392              kxdreproc_t encode, void *rqstp, __be32 *p, void *obj)
1393 {
1394         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1395         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1396                         gc_base);
1397         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1398         int             status = -EIO;
1399 
1400         dprintk("RPC: %5u gss_wrap_req\n", task->tk_pid);
1401         if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1402                 /* The spec seems a little ambiguous here, but I think that not
1403                  * wrapping context destruction requests makes the most sense.
1404                  */
1405                 gss_wrap_req_encode(encode, rqstp, p, obj);
1406                 status = 0;
1407                 goto out;
1408         }
1409         switch (gss_cred->gc_service) {
1410         case RPC_GSS_SVC_NONE:
1411                 gss_wrap_req_encode(encode, rqstp, p, obj);
1412                 status = 0;
1413                 break;
1414         case RPC_GSS_SVC_INTEGRITY:
1415                 status = gss_wrap_req_integ(cred, ctx, encode, rqstp, p, obj);
1416                 break;
1417         case RPC_GSS_SVC_PRIVACY:
1418                 status = gss_wrap_req_priv(cred, ctx, encode, rqstp, p, obj);
1419                 break;
1420         }
1421 out:
1422         gss_put_ctx(ctx);
1423         dprintk("RPC: %5u gss_wrap_req returning %d\n", task->tk_pid, status);
1424         return status;
1425 }
1426 
1427 static inline int
1428 gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1429                 struct rpc_rqst *rqstp, __be32 **p)
1430 {
1431         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1432         struct xdr_buf integ_buf;
1433         struct xdr_netobj mic;
1434         u32 data_offset, mic_offset;
1435         u32 integ_len;
1436         u32 maj_stat;
1437         int status = -EIO;
1438 
1439         integ_len = ntohl(*(*p)++);
1440         if (integ_len & 3)
1441                 return status;
1442         data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1443         mic_offset = integ_len + data_offset;
1444         if (mic_offset > rcv_buf->len)
1445                 return status;
1446         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1447                 return status;
1448 
1449         if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1450                                 mic_offset - data_offset))
1451                 return status;
1452 
1453         if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1454                 return status;
1455 
1456         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1457         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1458                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1459         if (maj_stat != GSS_S_COMPLETE)
1460                 return status;
1461         return 0;
1462 }
1463 
1464 static inline int
1465 gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1466                 struct rpc_rqst *rqstp, __be32 **p)
1467 {
1468         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1469         u32 offset;
1470         u32 opaque_len;
1471         u32 maj_stat;
1472         int status = -EIO;
1473 
1474         opaque_len = ntohl(*(*p)++);
1475         offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1476         if (offset + opaque_len > rcv_buf->len)
1477                 return status;
1478         /* remove padding: */
1479         rcv_buf->len = offset + opaque_len;
1480 
1481         maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1482         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1483                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1484         if (maj_stat != GSS_S_COMPLETE)
1485                 return status;
1486         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1487                 return status;
1488 
1489         return 0;
1490 }
1491 
1492 static int
1493 gss_unwrap_req_decode(kxdrdproc_t decode, struct rpc_rqst *rqstp,
1494                       __be32 *p, void *obj)
1495 {
1496         struct xdr_stream xdr;
1497 
1498         xdr_init_decode(&xdr, &rqstp->rq_rcv_buf, p);
1499         return decode(rqstp, &xdr, obj);
1500 }
1501 
1502 static int
1503 gss_unwrap_resp(struct rpc_task *task,
1504                 kxdrdproc_t decode, void *rqstp, __be32 *p, void *obj)
1505 {
1506         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1507         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1508                         gc_base);
1509         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1510         __be32          *savedp = p;
1511         struct kvec     *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1512         int             savedlen = head->iov_len;
1513         int             status = -EIO;
1514 
1515         if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1516                 goto out_decode;
1517         switch (gss_cred->gc_service) {
1518         case RPC_GSS_SVC_NONE:
1519                 break;
1520         case RPC_GSS_SVC_INTEGRITY:
1521                 status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1522                 if (status)
1523                         goto out;
1524                 break;
1525         case RPC_GSS_SVC_PRIVACY:
1526                 status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1527                 if (status)
1528                         goto out;
1529                 break;
1530         }
1531         /* take into account extra slack for integrity and privacy cases: */
1532         cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1533                                                 + (savedlen - head->iov_len);
1534 out_decode:
1535         status = gss_unwrap_req_decode(decode, rqstp, p, obj);
1536 out:
1537         gss_put_ctx(ctx);
1538         dprintk("RPC: %5u gss_unwrap_resp returning %d\n", task->tk_pid,
1539                         status);
1540         return status;
1541 }
1542 
1543 static const struct rpc_authops authgss_ops = {
1544         .owner          = THIS_MODULE,
1545         .au_flavor      = RPC_AUTH_GSS,
1546         .au_name        = "RPCSEC_GSS",
1547         .create         = gss_create,
1548         .destroy        = gss_destroy,
1549         .lookup_cred    = gss_lookup_cred,
1550         .crcreate       = gss_create_cred
1551 };
1552 
1553 static const struct rpc_credops gss_credops = {
1554         .cr_name        = "AUTH_GSS",
1555         .crdestroy      = gss_destroy_cred,
1556         .cr_init        = gss_cred_init,
1557         .crbind         = rpcauth_generic_bind_cred,
1558         .crmatch        = gss_match,
1559         .crmarshal      = gss_marshal,
1560         .crrefresh      = gss_refresh,
1561         .crvalidate     = gss_validate,
1562         .crwrap_req     = gss_wrap_req,
1563         .crunwrap_resp  = gss_unwrap_resp,
1564 };
1565 
1566 static const struct rpc_credops gss_nullops = {
1567         .cr_name        = "AUTH_GSS",
1568         .crdestroy      = gss_destroy_nullcred,
1569         .crbind         = rpcauth_generic_bind_cred,
1570         .crmatch        = gss_match,
1571         .crmarshal      = gss_marshal,
1572         .crrefresh      = gss_refresh_null,
1573         .crvalidate     = gss_validate,
1574         .crwrap_req     = gss_wrap_req,
1575         .crunwrap_resp  = gss_unwrap_resp,
1576 };
1577 
1578 static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
1579         .upcall         = rpc_pipe_generic_upcall,
1580         .downcall       = gss_pipe_downcall,
1581         .destroy_msg    = gss_pipe_destroy_msg,
1582         .open_pipe      = gss_pipe_open_v0,
1583         .release_pipe   = gss_pipe_release,
1584 };
1585 
1586 static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
1587         .upcall         = rpc_pipe_generic_upcall,
1588         .downcall       = gss_pipe_downcall,
1589         .destroy_msg    = gss_pipe_destroy_msg,
1590         .open_pipe      = gss_pipe_open_v1,
1591         .release_pipe   = gss_pipe_release,
1592 };
1593 
1594 /*
1595  * Initialize RPCSEC_GSS module
1596  */
1597 static int __init init_rpcsec_gss(void)
1598 {
1599         int err = 0;
1600 
1601         err = rpcauth_register(&authgss_ops);
1602         if (err)
1603                 goto out;
1604         err = gss_svc_init();
1605         if (err)
1606                 goto out_unregister;
1607         rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
1608         return 0;
1609 out_unregister:
1610         rpcauth_unregister(&authgss_ops);
1611 out:
1612         return err;
1613 }
1614 
1615 static void __exit exit_rpcsec_gss(void)
1616 {
1617         gss_svc_shutdown();
1618         rpcauth_unregister(&authgss_ops);
1619         rcu_barrier(); /* Wait for completion of call_rcu()'s */
1620 }
1621 
1622 MODULE_LICENSE("GPL");
1623 module_param_named(expired_cred_retry_delay,
1624                    gss_expired_cred_retry_delay,
1625                    uint, 0644);
1626 MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
1627                 "the RPC engine retries an expired credential");
1628 
1629 module_init(init_rpcsec_gss)
1630 module_exit(exit_rpcsec_gss)
1631 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp