~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/sunrpc/auth_gss/auth_gss.c

Version: ~ [ linux-5.16 ] ~ [ linux-5.15.13 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.90 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.170 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.224 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.261 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.296 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.298 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: BSD-3-Clause
  2 /*
  3  * linux/net/sunrpc/auth_gss/auth_gss.c
  4  *
  5  * RPCSEC_GSS client authentication.
  6  *
  7  *  Copyright (c) 2000 The Regents of the University of Michigan.
  8  *  All rights reserved.
  9  *
 10  *  Dug Song       <dugsong@monkey.org>
 11  *  Andy Adamson   <andros@umich.edu>
 12  */
 13 
 14 #include <linux/module.h>
 15 #include <linux/init.h>
 16 #include <linux/types.h>
 17 #include <linux/slab.h>
 18 #include <linux/sched.h>
 19 #include <linux/pagemap.h>
 20 #include <linux/sunrpc/clnt.h>
 21 #include <linux/sunrpc/auth.h>
 22 #include <linux/sunrpc/auth_gss.h>
 23 #include <linux/sunrpc/svcauth_gss.h>
 24 #include <linux/sunrpc/gss_err.h>
 25 #include <linux/workqueue.h>
 26 #include <linux/sunrpc/rpc_pipe_fs.h>
 27 #include <linux/sunrpc/gss_api.h>
 28 #include <linux/uaccess.h>
 29 #include <linux/hashtable.h>
 30 
 31 #include "../netns.h"
 32 
 33 #include <trace/events/rpcgss.h>
 34 
 35 static const struct rpc_authops authgss_ops;
 36 
 37 static const struct rpc_credops gss_credops;
 38 static const struct rpc_credops gss_nullops;
 39 
 40 #define GSS_RETRY_EXPIRED 5
 41 static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
 42 
 43 #define GSS_KEY_EXPIRE_TIMEO 240
 44 static unsigned int gss_key_expire_timeo = GSS_KEY_EXPIRE_TIMEO;
 45 
 46 #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
 47 # define RPCDBG_FACILITY        RPCDBG_AUTH
 48 #endif
 49 
 50 #define GSS_CRED_SLACK          (RPC_MAX_AUTH_SIZE * 2)
 51 /* length of a krb5 verifier (48), plus data added before arguments when
 52  * using integrity (two 4-byte integers): */
 53 #define GSS_VERF_SLACK          100
 54 
 55 static DEFINE_HASHTABLE(gss_auth_hash_table, 4);
 56 static DEFINE_SPINLOCK(gss_auth_hash_lock);
 57 
 58 struct gss_pipe {
 59         struct rpc_pipe_dir_object pdo;
 60         struct rpc_pipe *pipe;
 61         struct rpc_clnt *clnt;
 62         const char *name;
 63         struct kref kref;
 64 };
 65 
 66 struct gss_auth {
 67         struct kref kref;
 68         struct hlist_node hash;
 69         struct rpc_auth rpc_auth;
 70         struct gss_api_mech *mech;
 71         enum rpc_gss_svc service;
 72         struct rpc_clnt *client;
 73         struct net *net;
 74         /*
 75          * There are two upcall pipes; dentry[1], named "gssd", is used
 76          * for the new text-based upcall; dentry[0] is named after the
 77          * mechanism (for example, "krb5") and exists for
 78          * backwards-compatibility with older gssd's.
 79          */
 80         struct gss_pipe *gss_pipe[2];
 81         const char *target_name;
 82 };
 83 
 84 /* pipe_version >= 0 if and only if someone has a pipe open. */
 85 static DEFINE_SPINLOCK(pipe_version_lock);
 86 static struct rpc_wait_queue pipe_version_rpc_waitqueue;
 87 static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
 88 static void gss_put_auth(struct gss_auth *gss_auth);
 89 
 90 static void gss_free_ctx(struct gss_cl_ctx *);
 91 static const struct rpc_pipe_ops gss_upcall_ops_v0;
 92 static const struct rpc_pipe_ops gss_upcall_ops_v1;
 93 
 94 static inline struct gss_cl_ctx *
 95 gss_get_ctx(struct gss_cl_ctx *ctx)
 96 {
 97         refcount_inc(&ctx->count);
 98         return ctx;
 99 }
100 
101 static inline void
102 gss_put_ctx(struct gss_cl_ctx *ctx)
103 {
104         if (refcount_dec_and_test(&ctx->count))
105                 gss_free_ctx(ctx);
106 }
107 
108 /* gss_cred_set_ctx:
109  * called by gss_upcall_callback and gss_create_upcall in order
110  * to set the gss context. The actual exchange of an old context
111  * and a new one is protected by the pipe->lock.
112  */
113 static void
114 gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
115 {
116         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
117 
118         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
119                 return;
120         gss_get_ctx(ctx);
121         rcu_assign_pointer(gss_cred->gc_ctx, ctx);
122         set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
123         smp_mb__before_atomic();
124         clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
125 }
126 
127 static const void *
128 simple_get_bytes(const void *p, const void *end, void *res, size_t len)
129 {
130         const void *q = (const void *)((const char *)p + len);
131         if (unlikely(q > end || q < p))
132                 return ERR_PTR(-EFAULT);
133         memcpy(res, p, len);
134         return q;
135 }
136 
137 static inline const void *
138 simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
139 {
140         const void *q;
141         unsigned int len;
142 
143         p = simple_get_bytes(p, end, &len, sizeof(len));
144         if (IS_ERR(p))
145                 return p;
146         q = (const void *)((const char *)p + len);
147         if (unlikely(q > end || q < p))
148                 return ERR_PTR(-EFAULT);
149         dest->data = kmemdup(p, len, GFP_NOFS);
150         if (unlikely(dest->data == NULL))
151                 return ERR_PTR(-ENOMEM);
152         dest->len = len;
153         return q;
154 }
155 
156 static struct gss_cl_ctx *
157 gss_cred_get_ctx(struct rpc_cred *cred)
158 {
159         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
160         struct gss_cl_ctx *ctx = NULL;
161 
162         rcu_read_lock();
163         ctx = rcu_dereference(gss_cred->gc_ctx);
164         if (ctx)
165                 gss_get_ctx(ctx);
166         rcu_read_unlock();
167         return ctx;
168 }
169 
170 static struct gss_cl_ctx *
171 gss_alloc_context(void)
172 {
173         struct gss_cl_ctx *ctx;
174 
175         ctx = kzalloc(sizeof(*ctx), GFP_NOFS);
176         if (ctx != NULL) {
177                 ctx->gc_proc = RPC_GSS_PROC_DATA;
178                 ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
179                 spin_lock_init(&ctx->gc_seq_lock);
180                 refcount_set(&ctx->count,1);
181         }
182         return ctx;
183 }
184 
185 #define GSSD_MIN_TIMEOUT (60 * 60)
186 static const void *
187 gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
188 {
189         const void *q;
190         unsigned int seclen;
191         unsigned int timeout;
192         unsigned long now = jiffies;
193         u32 window_size;
194         int ret;
195 
196         /* First unsigned int gives the remaining lifetime in seconds of the
197          * credential - e.g. the remaining TGT lifetime for Kerberos or
198          * the -t value passed to GSSD.
199          */
200         p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
201         if (IS_ERR(p))
202                 goto err;
203         if (timeout == 0)
204                 timeout = GSSD_MIN_TIMEOUT;
205         ctx->gc_expiry = now + ((unsigned long)timeout * HZ);
206         /* Sequence number window. Determines the maximum number of
207          * simultaneous requests
208          */
209         p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
210         if (IS_ERR(p))
211                 goto err;
212         ctx->gc_win = window_size;
213         /* gssd signals an error by passing ctx->gc_win = 0: */
214         if (ctx->gc_win == 0) {
215                 /*
216                  * in which case, p points to an error code. Anything other
217                  * than -EKEYEXPIRED gets converted to -EACCES.
218                  */
219                 p = simple_get_bytes(p, end, &ret, sizeof(ret));
220                 if (!IS_ERR(p))
221                         p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
222                                                     ERR_PTR(-EACCES);
223                 goto err;
224         }
225         /* copy the opaque wire context */
226         p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
227         if (IS_ERR(p))
228                 goto err;
229         /* import the opaque security context */
230         p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
231         if (IS_ERR(p))
232                 goto err;
233         q = (const void *)((const char *)p + seclen);
234         if (unlikely(q > end || q < p)) {
235                 p = ERR_PTR(-EFAULT);
236                 goto err;
237         }
238         ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, NULL, GFP_NOFS);
239         if (ret < 0) {
240                 trace_rpcgss_import_ctx(ret);
241                 p = ERR_PTR(ret);
242                 goto err;
243         }
244 
245         /* is there any trailing data? */
246         if (q == end) {
247                 p = q;
248                 goto done;
249         }
250 
251         /* pull in acceptor name (if there is one) */
252         p = simple_get_netobj(q, end, &ctx->gc_acceptor);
253         if (IS_ERR(p))
254                 goto err;
255 done:
256         trace_rpcgss_context(ctx->gc_expiry, now, timeout,
257                              ctx->gc_acceptor.len, ctx->gc_acceptor.data);
258 err:
259         return p;
260 }
261 
262 /* XXX: Need some documentation about why UPCALL_BUF_LEN is so small.
263  *      Is user space expecting no more than UPCALL_BUF_LEN bytes?
264  *      Note that there are now _two_ NI_MAXHOST sized data items
265  *      being passed in this string.
266  */
267 #define UPCALL_BUF_LEN  256
268 
269 struct gss_upcall_msg {
270         refcount_t count;
271         kuid_t  uid;
272         struct rpc_pipe_msg msg;
273         struct list_head list;
274         struct gss_auth *auth;
275         struct rpc_pipe *pipe;
276         struct rpc_wait_queue rpc_waitqueue;
277         wait_queue_head_t waitqueue;
278         struct gss_cl_ctx *ctx;
279         char databuf[UPCALL_BUF_LEN];
280 };
281 
282 static int get_pipe_version(struct net *net)
283 {
284         struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
285         int ret;
286 
287         spin_lock(&pipe_version_lock);
288         if (sn->pipe_version >= 0) {
289                 atomic_inc(&sn->pipe_users);
290                 ret = sn->pipe_version;
291         } else
292                 ret = -EAGAIN;
293         spin_unlock(&pipe_version_lock);
294         return ret;
295 }
296 
297 static void put_pipe_version(struct net *net)
298 {
299         struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
300 
301         if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
302                 sn->pipe_version = -1;
303                 spin_unlock(&pipe_version_lock);
304         }
305 }
306 
307 static void
308 gss_release_msg(struct gss_upcall_msg *gss_msg)
309 {
310         struct net *net = gss_msg->auth->net;
311         if (!refcount_dec_and_test(&gss_msg->count))
312                 return;
313         put_pipe_version(net);
314         BUG_ON(!list_empty(&gss_msg->list));
315         if (gss_msg->ctx != NULL)
316                 gss_put_ctx(gss_msg->ctx);
317         rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
318         gss_put_auth(gss_msg->auth);
319         kfree(gss_msg);
320 }
321 
322 static struct gss_upcall_msg *
323 __gss_find_upcall(struct rpc_pipe *pipe, kuid_t uid, const struct gss_auth *auth)
324 {
325         struct gss_upcall_msg *pos;
326         list_for_each_entry(pos, &pipe->in_downcall, list) {
327                 if (!uid_eq(pos->uid, uid))
328                         continue;
329                 if (auth && pos->auth->service != auth->service)
330                         continue;
331                 refcount_inc(&pos->count);
332                 return pos;
333         }
334         return NULL;
335 }
336 
337 /* Try to add an upcall to the pipefs queue.
338  * If an upcall owned by our uid already exists, then we return a reference
339  * to that upcall instead of adding the new upcall.
340  */
341 static inline struct gss_upcall_msg *
342 gss_add_msg(struct gss_upcall_msg *gss_msg)
343 {
344         struct rpc_pipe *pipe = gss_msg->pipe;
345         struct gss_upcall_msg *old;
346 
347         spin_lock(&pipe->lock);
348         old = __gss_find_upcall(pipe, gss_msg->uid, gss_msg->auth);
349         if (old == NULL) {
350                 refcount_inc(&gss_msg->count);
351                 list_add(&gss_msg->list, &pipe->in_downcall);
352         } else
353                 gss_msg = old;
354         spin_unlock(&pipe->lock);
355         return gss_msg;
356 }
357 
358 static void
359 __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
360 {
361         list_del_init(&gss_msg->list);
362         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
363         wake_up_all(&gss_msg->waitqueue);
364         refcount_dec(&gss_msg->count);
365 }
366 
367 static void
368 gss_unhash_msg(struct gss_upcall_msg *gss_msg)
369 {
370         struct rpc_pipe *pipe = gss_msg->pipe;
371 
372         if (list_empty(&gss_msg->list))
373                 return;
374         spin_lock(&pipe->lock);
375         if (!list_empty(&gss_msg->list))
376                 __gss_unhash_msg(gss_msg);
377         spin_unlock(&pipe->lock);
378 }
379 
380 static void
381 gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss_msg)
382 {
383         switch (gss_msg->msg.errno) {
384         case 0:
385                 if (gss_msg->ctx == NULL)
386                         break;
387                 clear_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
388                 gss_cred_set_ctx(&gss_cred->gc_base, gss_msg->ctx);
389                 break;
390         case -EKEYEXPIRED:
391                 set_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
392         }
393         gss_cred->gc_upcall_timestamp = jiffies;
394         gss_cred->gc_upcall = NULL;
395         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
396 }
397 
398 static void
399 gss_upcall_callback(struct rpc_task *task)
400 {
401         struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
402                         struct gss_cred, gc_base);
403         struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
404         struct rpc_pipe *pipe = gss_msg->pipe;
405 
406         spin_lock(&pipe->lock);
407         gss_handle_downcall_result(gss_cred, gss_msg);
408         spin_unlock(&pipe->lock);
409         task->tk_status = gss_msg->msg.errno;
410         gss_release_msg(gss_msg);
411 }
412 
413 static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
414 {
415         uid_t uid = from_kuid(&init_user_ns, gss_msg->uid);
416         memcpy(gss_msg->databuf, &uid, sizeof(uid));
417         gss_msg->msg.data = gss_msg->databuf;
418         gss_msg->msg.len = sizeof(uid);
419 
420         BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
421 }
422 
423 static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
424                                 const char *service_name,
425                                 const char *target_name)
426 {
427         struct gss_api_mech *mech = gss_msg->auth->mech;
428         char *p = gss_msg->databuf;
429         size_t buflen = sizeof(gss_msg->databuf);
430         int len;
431 
432         len = scnprintf(p, buflen, "mech=%s uid=%d", mech->gm_name,
433                         from_kuid(&init_user_ns, gss_msg->uid));
434         buflen -= len;
435         p += len;
436         gss_msg->msg.len = len;
437 
438         /*
439          * target= is a full service principal that names the remote
440          * identity that we are authenticating to.
441          */
442         if (target_name) {
443                 len = scnprintf(p, buflen, " target=%s", target_name);
444                 buflen -= len;
445                 p += len;
446                 gss_msg->msg.len += len;
447         }
448 
449         /*
450          * gssd uses service= and srchost= to select a matching key from
451          * the system's keytab to use as the source principal.
452          *
453          * service= is the service name part of the source principal,
454          * or "*" (meaning choose any).
455          *
456          * srchost= is the hostname part of the source principal. When
457          * not provided, gssd uses the local hostname.
458          */
459         if (service_name) {
460                 char *c = strchr(service_name, '@');
461 
462                 if (!c)
463                         len = scnprintf(p, buflen, " service=%s",
464                                         service_name);
465                 else
466                         len = scnprintf(p, buflen,
467                                         " service=%.*s srchost=%s",
468                                         (int)(c - service_name),
469                                         service_name, c + 1);
470                 buflen -= len;
471                 p += len;
472                 gss_msg->msg.len += len;
473         }
474 
475         if (mech->gm_upcall_enctypes) {
476                 len = scnprintf(p, buflen, " enctypes=%s",
477                                 mech->gm_upcall_enctypes);
478                 buflen -= len;
479                 p += len;
480                 gss_msg->msg.len += len;
481         }
482         trace_rpcgss_upcall_msg(gss_msg->databuf);
483         len = scnprintf(p, buflen, "\n");
484         if (len == 0)
485                 goto out_overflow;
486         gss_msg->msg.len += len;
487         gss_msg->msg.data = gss_msg->databuf;
488         return 0;
489 out_overflow:
490         WARN_ON_ONCE(1);
491         return -ENOMEM;
492 }
493 
494 static struct gss_upcall_msg *
495 gss_alloc_msg(struct gss_auth *gss_auth,
496                 kuid_t uid, const char *service_name)
497 {
498         struct gss_upcall_msg *gss_msg;
499         int vers;
500         int err = -ENOMEM;
501 
502         gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
503         if (gss_msg == NULL)
504                 goto err;
505         vers = get_pipe_version(gss_auth->net);
506         err = vers;
507         if (err < 0)
508                 goto err_free_msg;
509         gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
510         INIT_LIST_HEAD(&gss_msg->list);
511         rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
512         init_waitqueue_head(&gss_msg->waitqueue);
513         refcount_set(&gss_msg->count, 1);
514         gss_msg->uid = uid;
515         gss_msg->auth = gss_auth;
516         switch (vers) {
517         case 0:
518                 gss_encode_v0_msg(gss_msg);
519                 break;
520         default:
521                 err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name);
522                 if (err)
523                         goto err_put_pipe_version;
524         }
525         kref_get(&gss_auth->kref);
526         return gss_msg;
527 err_put_pipe_version:
528         put_pipe_version(gss_auth->net);
529 err_free_msg:
530         kfree(gss_msg);
531 err:
532         return ERR_PTR(err);
533 }
534 
535 static struct gss_upcall_msg *
536 gss_setup_upcall(struct gss_auth *gss_auth, struct rpc_cred *cred)
537 {
538         struct gss_cred *gss_cred = container_of(cred,
539                         struct gss_cred, gc_base);
540         struct gss_upcall_msg *gss_new, *gss_msg;
541         kuid_t uid = cred->cr_cred->fsuid;
542 
543         gss_new = gss_alloc_msg(gss_auth, uid, gss_cred->gc_principal);
544         if (IS_ERR(gss_new))
545                 return gss_new;
546         gss_msg = gss_add_msg(gss_new);
547         if (gss_msg == gss_new) {
548                 int res;
549                 refcount_inc(&gss_msg->count);
550                 res = rpc_queue_upcall(gss_new->pipe, &gss_new->msg);
551                 if (res) {
552                         gss_unhash_msg(gss_new);
553                         refcount_dec(&gss_msg->count);
554                         gss_release_msg(gss_new);
555                         gss_msg = ERR_PTR(res);
556                 }
557         } else
558                 gss_release_msg(gss_new);
559         return gss_msg;
560 }
561 
562 static void warn_gssd(void)
563 {
564         dprintk("AUTH_GSS upcall failed. Please check user daemon is running.\n");
565 }
566 
567 static inline int
568 gss_refresh_upcall(struct rpc_task *task)
569 {
570         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
571         struct gss_auth *gss_auth = container_of(cred->cr_auth,
572                         struct gss_auth, rpc_auth);
573         struct gss_cred *gss_cred = container_of(cred,
574                         struct gss_cred, gc_base);
575         struct gss_upcall_msg *gss_msg;
576         struct rpc_pipe *pipe;
577         int err = 0;
578 
579         gss_msg = gss_setup_upcall(gss_auth, cred);
580         if (PTR_ERR(gss_msg) == -EAGAIN) {
581                 /* XXX: warning on the first, under the assumption we
582                  * shouldn't normally hit this case on a refresh. */
583                 warn_gssd();
584                 task->tk_timeout = 15*HZ;
585                 rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL);
586                 err = -EAGAIN;
587                 goto out;
588         }
589         if (IS_ERR(gss_msg)) {
590                 err = PTR_ERR(gss_msg);
591                 goto out;
592         }
593         pipe = gss_msg->pipe;
594         spin_lock(&pipe->lock);
595         if (gss_cred->gc_upcall != NULL)
596                 rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
597         else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
598                 task->tk_timeout = 0;
599                 gss_cred->gc_upcall = gss_msg;
600                 /* gss_upcall_callback will release the reference to gss_upcall_msg */
601                 refcount_inc(&gss_msg->count);
602                 rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
603         } else {
604                 gss_handle_downcall_result(gss_cred, gss_msg);
605                 err = gss_msg->msg.errno;
606         }
607         spin_unlock(&pipe->lock);
608         gss_release_msg(gss_msg);
609 out:
610         trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
611                                              cred->cr_cred->fsuid), err);
612         return err;
613 }
614 
615 static inline int
616 gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
617 {
618         struct net *net = gss_auth->net;
619         struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
620         struct rpc_pipe *pipe;
621         struct rpc_cred *cred = &gss_cred->gc_base;
622         struct gss_upcall_msg *gss_msg;
623         DEFINE_WAIT(wait);
624         int err;
625 
626 retry:
627         err = 0;
628         /* if gssd is down, just skip upcalling altogether */
629         if (!gssd_running(net)) {
630                 warn_gssd();
631                 err = -EACCES;
632                 goto out;
633         }
634         gss_msg = gss_setup_upcall(gss_auth, cred);
635         if (PTR_ERR(gss_msg) == -EAGAIN) {
636                 err = wait_event_interruptible_timeout(pipe_version_waitqueue,
637                                 sn->pipe_version >= 0, 15 * HZ);
638                 if (sn->pipe_version < 0) {
639                         warn_gssd();
640                         err = -EACCES;
641                 }
642                 if (err < 0)
643                         goto out;
644                 goto retry;
645         }
646         if (IS_ERR(gss_msg)) {
647                 err = PTR_ERR(gss_msg);
648                 goto out;
649         }
650         pipe = gss_msg->pipe;
651         for (;;) {
652                 prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
653                 spin_lock(&pipe->lock);
654                 if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
655                         break;
656                 }
657                 spin_unlock(&pipe->lock);
658                 if (fatal_signal_pending(current)) {
659                         err = -ERESTARTSYS;
660                         goto out_intr;
661                 }
662                 schedule();
663         }
664         if (gss_msg->ctx)
665                 gss_cred_set_ctx(cred, gss_msg->ctx);
666         else
667                 err = gss_msg->msg.errno;
668         spin_unlock(&pipe->lock);
669 out_intr:
670         finish_wait(&gss_msg->waitqueue, &wait);
671         gss_release_msg(gss_msg);
672 out:
673         trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
674                                              cred->cr_cred->fsuid), err);
675         return err;
676 }
677 
678 #define MSG_BUF_MAXSIZE 1024
679 
680 static ssize_t
681 gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
682 {
683         const void *p, *end;
684         void *buf;
685         struct gss_upcall_msg *gss_msg;
686         struct rpc_pipe *pipe = RPC_I(file_inode(filp))->pipe;
687         struct gss_cl_ctx *ctx;
688         uid_t id;
689         kuid_t uid;
690         ssize_t err = -EFBIG;
691 
692         if (mlen > MSG_BUF_MAXSIZE)
693                 goto out;
694         err = -ENOMEM;
695         buf = kmalloc(mlen, GFP_NOFS);
696         if (!buf)
697                 goto out;
698 
699         err = -EFAULT;
700         if (copy_from_user(buf, src, mlen))
701                 goto err;
702 
703         end = (const void *)((char *)buf + mlen);
704         p = simple_get_bytes(buf, end, &id, sizeof(id));
705         if (IS_ERR(p)) {
706                 err = PTR_ERR(p);
707                 goto err;
708         }
709 
710         uid = make_kuid(&init_user_ns, id);
711         if (!uid_valid(uid)) {
712                 err = -EINVAL;
713                 goto err;
714         }
715 
716         err = -ENOMEM;
717         ctx = gss_alloc_context();
718         if (ctx == NULL)
719                 goto err;
720 
721         err = -ENOENT;
722         /* Find a matching upcall */
723         spin_lock(&pipe->lock);
724         gss_msg = __gss_find_upcall(pipe, uid, NULL);
725         if (gss_msg == NULL) {
726                 spin_unlock(&pipe->lock);
727                 goto err_put_ctx;
728         }
729         list_del_init(&gss_msg->list);
730         spin_unlock(&pipe->lock);
731 
732         p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
733         if (IS_ERR(p)) {
734                 err = PTR_ERR(p);
735                 switch (err) {
736                 case -EACCES:
737                 case -EKEYEXPIRED:
738                         gss_msg->msg.errno = err;
739                         err = mlen;
740                         break;
741                 case -EFAULT:
742                 case -ENOMEM:
743                 case -EINVAL:
744                 case -ENOSYS:
745                         gss_msg->msg.errno = -EAGAIN;
746                         break;
747                 default:
748                         printk(KERN_CRIT "%s: bad return from "
749                                 "gss_fill_context: %zd\n", __func__, err);
750                         gss_msg->msg.errno = -EIO;
751                 }
752                 goto err_release_msg;
753         }
754         gss_msg->ctx = gss_get_ctx(ctx);
755         err = mlen;
756 
757 err_release_msg:
758         spin_lock(&pipe->lock);
759         __gss_unhash_msg(gss_msg);
760         spin_unlock(&pipe->lock);
761         gss_release_msg(gss_msg);
762 err_put_ctx:
763         gss_put_ctx(ctx);
764 err:
765         kfree(buf);
766 out:
767         return err;
768 }
769 
770 static int gss_pipe_open(struct inode *inode, int new_version)
771 {
772         struct net *net = inode->i_sb->s_fs_info;
773         struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
774         int ret = 0;
775 
776         spin_lock(&pipe_version_lock);
777         if (sn->pipe_version < 0) {
778                 /* First open of any gss pipe determines the version: */
779                 sn->pipe_version = new_version;
780                 rpc_wake_up(&pipe_version_rpc_waitqueue);
781                 wake_up(&pipe_version_waitqueue);
782         } else if (sn->pipe_version != new_version) {
783                 /* Trying to open a pipe of a different version */
784                 ret = -EBUSY;
785                 goto out;
786         }
787         atomic_inc(&sn->pipe_users);
788 out:
789         spin_unlock(&pipe_version_lock);
790         return ret;
791 
792 }
793 
794 static int gss_pipe_open_v0(struct inode *inode)
795 {
796         return gss_pipe_open(inode, 0);
797 }
798 
799 static int gss_pipe_open_v1(struct inode *inode)
800 {
801         return gss_pipe_open(inode, 1);
802 }
803 
804 static void
805 gss_pipe_release(struct inode *inode)
806 {
807         struct net *net = inode->i_sb->s_fs_info;
808         struct rpc_pipe *pipe = RPC_I(inode)->pipe;
809         struct gss_upcall_msg *gss_msg;
810 
811 restart:
812         spin_lock(&pipe->lock);
813         list_for_each_entry(gss_msg, &pipe->in_downcall, list) {
814 
815                 if (!list_empty(&gss_msg->msg.list))
816                         continue;
817                 gss_msg->msg.errno = -EPIPE;
818                 refcount_inc(&gss_msg->count);
819                 __gss_unhash_msg(gss_msg);
820                 spin_unlock(&pipe->lock);
821                 gss_release_msg(gss_msg);
822                 goto restart;
823         }
824         spin_unlock(&pipe->lock);
825 
826         put_pipe_version(net);
827 }
828 
829 static void
830 gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
831 {
832         struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
833 
834         if (msg->errno < 0) {
835                 refcount_inc(&gss_msg->count);
836                 gss_unhash_msg(gss_msg);
837                 if (msg->errno == -ETIMEDOUT)
838                         warn_gssd();
839                 gss_release_msg(gss_msg);
840         }
841         gss_release_msg(gss_msg);
842 }
843 
844 static void gss_pipe_dentry_destroy(struct dentry *dir,
845                 struct rpc_pipe_dir_object *pdo)
846 {
847         struct gss_pipe *gss_pipe = pdo->pdo_data;
848         struct rpc_pipe *pipe = gss_pipe->pipe;
849 
850         if (pipe->dentry != NULL) {
851                 rpc_unlink(pipe->dentry);
852                 pipe->dentry = NULL;
853         }
854 }
855 
856 static int gss_pipe_dentry_create(struct dentry *dir,
857                 struct rpc_pipe_dir_object *pdo)
858 {
859         struct gss_pipe *p = pdo->pdo_data;
860         struct dentry *dentry;
861 
862         dentry = rpc_mkpipe_dentry(dir, p->name, p->clnt, p->pipe);
863         if (IS_ERR(dentry))
864                 return PTR_ERR(dentry);
865         p->pipe->dentry = dentry;
866         return 0;
867 }
868 
869 static const struct rpc_pipe_dir_object_ops gss_pipe_dir_object_ops = {
870         .create = gss_pipe_dentry_create,
871         .destroy = gss_pipe_dentry_destroy,
872 };
873 
874 static struct gss_pipe *gss_pipe_alloc(struct rpc_clnt *clnt,
875                 const char *name,
876                 const struct rpc_pipe_ops *upcall_ops)
877 {
878         struct gss_pipe *p;
879         int err = -ENOMEM;
880 
881         p = kmalloc(sizeof(*p), GFP_KERNEL);
882         if (p == NULL)
883                 goto err;
884         p->pipe = rpc_mkpipe_data(upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
885         if (IS_ERR(p->pipe)) {
886                 err = PTR_ERR(p->pipe);
887                 goto err_free_gss_pipe;
888         }
889         p->name = name;
890         p->clnt = clnt;
891         kref_init(&p->kref);
892         rpc_init_pipe_dir_object(&p->pdo,
893                         &gss_pipe_dir_object_ops,
894                         p);
895         return p;
896 err_free_gss_pipe:
897         kfree(p);
898 err:
899         return ERR_PTR(err);
900 }
901 
902 struct gss_alloc_pdo {
903         struct rpc_clnt *clnt;
904         const char *name;
905         const struct rpc_pipe_ops *upcall_ops;
906 };
907 
908 static int gss_pipe_match_pdo(struct rpc_pipe_dir_object *pdo, void *data)
909 {
910         struct gss_pipe *gss_pipe;
911         struct gss_alloc_pdo *args = data;
912 
913         if (pdo->pdo_ops != &gss_pipe_dir_object_ops)
914                 return 0;
915         gss_pipe = container_of(pdo, struct gss_pipe, pdo);
916         if (strcmp(gss_pipe->name, args->name) != 0)
917                 return 0;
918         if (!kref_get_unless_zero(&gss_pipe->kref))
919                 return 0;
920         return 1;
921 }
922 
923 static struct rpc_pipe_dir_object *gss_pipe_alloc_pdo(void *data)
924 {
925         struct gss_pipe *gss_pipe;
926         struct gss_alloc_pdo *args = data;
927 
928         gss_pipe = gss_pipe_alloc(args->clnt, args->name, args->upcall_ops);
929         if (!IS_ERR(gss_pipe))
930                 return &gss_pipe->pdo;
931         return NULL;
932 }
933 
934 static struct gss_pipe *gss_pipe_get(struct rpc_clnt *clnt,
935                 const char *name,
936                 const struct rpc_pipe_ops *upcall_ops)
937 {
938         struct net *net = rpc_net_ns(clnt);
939         struct rpc_pipe_dir_object *pdo;
940         struct gss_alloc_pdo args = {
941                 .clnt = clnt,
942                 .name = name,
943                 .upcall_ops = upcall_ops,
944         };
945 
946         pdo = rpc_find_or_alloc_pipe_dir_object(net,
947                         &clnt->cl_pipedir_objects,
948                         gss_pipe_match_pdo,
949                         gss_pipe_alloc_pdo,
950                         &args);
951         if (pdo != NULL)
952                 return container_of(pdo, struct gss_pipe, pdo);
953         return ERR_PTR(-ENOMEM);
954 }
955 
956 static void __gss_pipe_free(struct gss_pipe *p)
957 {
958         struct rpc_clnt *clnt = p->clnt;
959         struct net *net = rpc_net_ns(clnt);
960 
961         rpc_remove_pipe_dir_object(net,
962                         &clnt->cl_pipedir_objects,
963                         &p->pdo);
964         rpc_destroy_pipe_data(p->pipe);
965         kfree(p);
966 }
967 
968 static void __gss_pipe_release(struct kref *kref)
969 {
970         struct gss_pipe *p = container_of(kref, struct gss_pipe, kref);
971 
972         __gss_pipe_free(p);
973 }
974 
975 static void gss_pipe_free(struct gss_pipe *p)
976 {
977         if (p != NULL)
978                 kref_put(&p->kref, __gss_pipe_release);
979 }
980 
981 /*
982  * NOTE: we have the opportunity to use different
983  * parameters based on the input flavor (which must be a pseudoflavor)
984  */
985 static struct gss_auth *
986 gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
987 {
988         rpc_authflavor_t flavor = args->pseudoflavor;
989         struct gss_auth *gss_auth;
990         struct gss_pipe *gss_pipe;
991         struct rpc_auth * auth;
992         int err = -ENOMEM; /* XXX? */
993 
994         if (!try_module_get(THIS_MODULE))
995                 return ERR_PTR(err);
996         if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
997                 goto out_dec;
998         INIT_HLIST_NODE(&gss_auth->hash);
999         gss_auth->target_name = NULL;
1000         if (args->target_name) {
1001                 gss_auth->target_name = kstrdup(args->target_name, GFP_KERNEL);
1002                 if (gss_auth->target_name == NULL)
1003                         goto err_free;
1004         }
1005         gss_auth->client = clnt;
1006         gss_auth->net = get_net(rpc_net_ns(clnt));
1007         err = -EINVAL;
1008         gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
1009         if (!gss_auth->mech)
1010                 goto err_put_net;
1011         gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
1012         if (gss_auth->service == 0)
1013                 goto err_put_mech;
1014         if (!gssd_running(gss_auth->net))
1015                 goto err_put_mech;
1016         auth = &gss_auth->rpc_auth;
1017         auth->au_cslack = GSS_CRED_SLACK >> 2;
1018         auth->au_rslack = GSS_VERF_SLACK >> 2;
1019         auth->au_verfsize = GSS_VERF_SLACK >> 2;
1020         auth->au_ralign = GSS_VERF_SLACK >> 2;
1021         auth->au_flags = 0;
1022         auth->au_ops = &authgss_ops;
1023         auth->au_flavor = flavor;
1024         if (gss_pseudoflavor_to_datatouch(gss_auth->mech, flavor))
1025                 auth->au_flags |= RPCAUTH_AUTH_DATATOUCH;
1026         refcount_set(&auth->au_count, 1);
1027         kref_init(&gss_auth->kref);
1028 
1029         err = rpcauth_init_credcache(auth);
1030         if (err)
1031                 goto err_put_mech;
1032         /*
1033          * Note: if we created the old pipe first, then someone who
1034          * examined the directory at the right moment might conclude
1035          * that we supported only the old pipe.  So we instead create
1036          * the new pipe first.
1037          */
1038         gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
1039         if (IS_ERR(gss_pipe)) {
1040                 err = PTR_ERR(gss_pipe);
1041                 goto err_destroy_credcache;
1042         }
1043         gss_auth->gss_pipe[1] = gss_pipe;
1044 
1045         gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
1046                         &gss_upcall_ops_v0);
1047         if (IS_ERR(gss_pipe)) {
1048                 err = PTR_ERR(gss_pipe);
1049                 goto err_destroy_pipe_1;
1050         }
1051         gss_auth->gss_pipe[0] = gss_pipe;
1052 
1053         return gss_auth;
1054 err_destroy_pipe_1:
1055         gss_pipe_free(gss_auth->gss_pipe[1]);
1056 err_destroy_credcache:
1057         rpcauth_destroy_credcache(auth);
1058 err_put_mech:
1059         gss_mech_put(gss_auth->mech);
1060 err_put_net:
1061         put_net(gss_auth->net);
1062 err_free:
1063         kfree(gss_auth->target_name);
1064         kfree(gss_auth);
1065 out_dec:
1066         module_put(THIS_MODULE);
1067         trace_rpcgss_createauth(flavor, err);
1068         return ERR_PTR(err);
1069 }
1070 
1071 static void
1072 gss_free(struct gss_auth *gss_auth)
1073 {
1074         gss_pipe_free(gss_auth->gss_pipe[0]);
1075         gss_pipe_free(gss_auth->gss_pipe[1]);
1076         gss_mech_put(gss_auth->mech);
1077         put_net(gss_auth->net);
1078         kfree(gss_auth->target_name);
1079 
1080         kfree(gss_auth);
1081         module_put(THIS_MODULE);
1082 }
1083 
1084 static void
1085 gss_free_callback(struct kref *kref)
1086 {
1087         struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
1088 
1089         gss_free(gss_auth);
1090 }
1091 
1092 static void
1093 gss_put_auth(struct gss_auth *gss_auth)
1094 {
1095         kref_put(&gss_auth->kref, gss_free_callback);
1096 }
1097 
1098 static void
1099 gss_destroy(struct rpc_auth *auth)
1100 {
1101         struct gss_auth *gss_auth = container_of(auth,
1102                         struct gss_auth, rpc_auth);
1103 
1104         if (hash_hashed(&gss_auth->hash)) {
1105                 spin_lock(&gss_auth_hash_lock);
1106                 hash_del(&gss_auth->hash);
1107                 spin_unlock(&gss_auth_hash_lock);
1108         }
1109 
1110         gss_pipe_free(gss_auth->gss_pipe[0]);
1111         gss_auth->gss_pipe[0] = NULL;
1112         gss_pipe_free(gss_auth->gss_pipe[1]);
1113         gss_auth->gss_pipe[1] = NULL;
1114         rpcauth_destroy_credcache(auth);
1115 
1116         gss_put_auth(gss_auth);
1117 }
1118 
1119 /*
1120  * Auths may be shared between rpc clients that were cloned from a
1121  * common client with the same xprt, if they also share the flavor and
1122  * target_name.
1123  *
1124  * The auth is looked up from the oldest parent sharing the same
1125  * cl_xprt, and the auth itself references only that common parent
1126  * (which is guaranteed to last as long as any of its descendants).
1127  */
1128 static struct gss_auth *
1129 gss_auth_find_or_add_hashed(const struct rpc_auth_create_args *args,
1130                 struct rpc_clnt *clnt,
1131                 struct gss_auth *new)
1132 {
1133         struct gss_auth *gss_auth;
1134         unsigned long hashval = (unsigned long)clnt;
1135 
1136         spin_lock(&gss_auth_hash_lock);
1137         hash_for_each_possible(gss_auth_hash_table,
1138                         gss_auth,
1139                         hash,
1140                         hashval) {
1141                 if (gss_auth->client != clnt)
1142                         continue;
1143                 if (gss_auth->rpc_auth.au_flavor != args->pseudoflavor)
1144                         continue;
1145                 if (gss_auth->target_name != args->target_name) {
1146                         if (gss_auth->target_name == NULL)
1147                                 continue;
1148                         if (args->target_name == NULL)
1149                                 continue;
1150                         if (strcmp(gss_auth->target_name, args->target_name))
1151                                 continue;
1152                 }
1153                 if (!refcount_inc_not_zero(&gss_auth->rpc_auth.au_count))
1154                         continue;
1155                 goto out;
1156         }
1157         if (new)
1158                 hash_add(gss_auth_hash_table, &new->hash, hashval);
1159         gss_auth = new;
1160 out:
1161         spin_unlock(&gss_auth_hash_lock);
1162         return gss_auth;
1163 }
1164 
1165 static struct gss_auth *
1166 gss_create_hashed(const struct rpc_auth_create_args *args,
1167                   struct rpc_clnt *clnt)
1168 {
1169         struct gss_auth *gss_auth;
1170         struct gss_auth *new;
1171 
1172         gss_auth = gss_auth_find_or_add_hashed(args, clnt, NULL);
1173         if (gss_auth != NULL)
1174                 goto out;
1175         new = gss_create_new(args, clnt);
1176         if (IS_ERR(new))
1177                 return new;
1178         gss_auth = gss_auth_find_or_add_hashed(args, clnt, new);
1179         if (gss_auth != new)
1180                 gss_destroy(&new->rpc_auth);
1181 out:
1182         return gss_auth;
1183 }
1184 
1185 static struct rpc_auth *
1186 gss_create(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
1187 {
1188         struct gss_auth *gss_auth;
1189         struct rpc_xprt_switch *xps = rcu_access_pointer(clnt->cl_xpi.xpi_xpswitch);
1190 
1191         while (clnt != clnt->cl_parent) {
1192                 struct rpc_clnt *parent = clnt->cl_parent;
1193                 /* Find the original parent for this transport */
1194                 if (rcu_access_pointer(parent->cl_xpi.xpi_xpswitch) != xps)
1195                         break;
1196                 clnt = parent;
1197         }
1198 
1199         gss_auth = gss_create_hashed(args, clnt);
1200         if (IS_ERR(gss_auth))
1201                 return ERR_CAST(gss_auth);
1202         return &gss_auth->rpc_auth;
1203 }
1204 
1205 static struct gss_cred *
1206 gss_dup_cred(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
1207 {
1208         struct gss_cred *new;
1209 
1210         /* Make a copy of the cred so that we can reference count it */
1211         new = kzalloc(sizeof(*gss_cred), GFP_NOFS);
1212         if (new) {
1213                 struct auth_cred acred = {
1214                         .cred = gss_cred->gc_base.cr_cred,
1215                 };
1216                 struct gss_cl_ctx *ctx =
1217                         rcu_dereference_protected(gss_cred->gc_ctx, 1);
1218 
1219                 rpcauth_init_cred(&new->gc_base, &acred,
1220                                 &gss_auth->rpc_auth,
1221                                 &gss_nullops);
1222                 new->gc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;
1223                 new->gc_service = gss_cred->gc_service;
1224                 new->gc_principal = gss_cred->gc_principal;
1225                 kref_get(&gss_auth->kref);
1226                 rcu_assign_pointer(new->gc_ctx, ctx);
1227                 gss_get_ctx(ctx);
1228         }
1229         return new;
1230 }
1231 
1232 /*
1233  * gss_send_destroy_context will cause the RPCSEC_GSS to send a NULL RPC call
1234  * to the server with the GSS control procedure field set to
1235  * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
1236  * all RPCSEC_GSS state associated with that context.
1237  */
1238 static void
1239 gss_send_destroy_context(struct rpc_cred *cred)
1240 {
1241         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1242         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1243         struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1244         struct gss_cred *new;
1245         struct rpc_task *task;
1246 
1247         new = gss_dup_cred(gss_auth, gss_cred);
1248         if (new) {
1249                 ctx->gc_proc = RPC_GSS_PROC_DESTROY;
1250 
1251                 task = rpc_call_null(gss_auth->client, &new->gc_base,
1252                                 RPC_TASK_ASYNC|RPC_TASK_SOFT);
1253                 if (!IS_ERR(task))
1254                         rpc_put_task(task);
1255 
1256                 put_rpccred(&new->gc_base);
1257         }
1258 }
1259 
1260 /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
1261  * to create a new cred or context, so they check that things have been
1262  * allocated before freeing them. */
1263 static void
1264 gss_do_free_ctx(struct gss_cl_ctx *ctx)
1265 {
1266         gss_delete_sec_context(&ctx->gc_gss_ctx);
1267         kfree(ctx->gc_wire_ctx.data);
1268         kfree(ctx->gc_acceptor.data);
1269         kfree(ctx);
1270 }
1271 
1272 static void
1273 gss_free_ctx_callback(struct rcu_head *head)
1274 {
1275         struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
1276         gss_do_free_ctx(ctx);
1277 }
1278 
1279 static void
1280 gss_free_ctx(struct gss_cl_ctx *ctx)
1281 {
1282         call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
1283 }
1284 
1285 static void
1286 gss_free_cred(struct gss_cred *gss_cred)
1287 {
1288         kfree(gss_cred);
1289 }
1290 
1291 static void
1292 gss_free_cred_callback(struct rcu_head *head)
1293 {
1294         struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
1295         gss_free_cred(gss_cred);
1296 }
1297 
1298 static void
1299 gss_destroy_nullcred(struct rpc_cred *cred)
1300 {
1301         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1302         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1303         struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1304 
1305         RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
1306         put_cred(cred->cr_cred);
1307         call_rcu(&cred->cr_rcu, gss_free_cred_callback);
1308         if (ctx)
1309                 gss_put_ctx(ctx);
1310         gss_put_auth(gss_auth);
1311 }
1312 
1313 static void
1314 gss_destroy_cred(struct rpc_cred *cred)
1315 {
1316 
1317         if (test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0)
1318                 gss_send_destroy_context(cred);
1319         gss_destroy_nullcred(cred);
1320 }
1321 
1322 static int
1323 gss_hash_cred(struct auth_cred *acred, unsigned int hashbits)
1324 {
1325         return hash_64(from_kuid(&init_user_ns, acred->cred->fsuid), hashbits);
1326 }
1327 
1328 /*
1329  * Lookup RPCSEC_GSS cred for the current process
1330  */
1331 static struct rpc_cred *
1332 gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
1333 {
1334         return rpcauth_lookup_credcache(auth, acred, flags, GFP_NOFS);
1335 }
1336 
1337 static struct rpc_cred *
1338 gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags, gfp_t gfp)
1339 {
1340         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1341         struct gss_cred *cred = NULL;
1342         int err = -ENOMEM;
1343 
1344         if (!(cred = kzalloc(sizeof(*cred), gfp)))
1345                 goto out_err;
1346 
1347         rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
1348         /*
1349          * Note: in order to force a call to call_refresh(), we deliberately
1350          * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
1351          */
1352         cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
1353         cred->gc_service = gss_auth->service;
1354         cred->gc_principal = acred->principal;
1355         kref_get(&gss_auth->kref);
1356         return &cred->gc_base;
1357 
1358 out_err:
1359         return ERR_PTR(err);
1360 }
1361 
1362 static int
1363 gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
1364 {
1365         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1366         struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
1367         int err;
1368 
1369         do {
1370                 err = gss_create_upcall(gss_auth, gss_cred);
1371         } while (err == -EAGAIN);
1372         return err;
1373 }
1374 
1375 static char *
1376 gss_stringify_acceptor(struct rpc_cred *cred)
1377 {
1378         char *string = NULL;
1379         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1380         struct gss_cl_ctx *ctx;
1381         unsigned int len;
1382         struct xdr_netobj *acceptor;
1383 
1384         rcu_read_lock();
1385         ctx = rcu_dereference(gss_cred->gc_ctx);
1386         if (!ctx)
1387                 goto out;
1388 
1389         len = ctx->gc_acceptor.len;
1390         rcu_read_unlock();
1391 
1392         /* no point if there's no string */
1393         if (!len)
1394                 return NULL;
1395 realloc:
1396         string = kmalloc(len + 1, GFP_KERNEL);
1397         if (!string)
1398                 return NULL;
1399 
1400         rcu_read_lock();
1401         ctx = rcu_dereference(gss_cred->gc_ctx);
1402 
1403         /* did the ctx disappear or was it replaced by one with no acceptor? */
1404         if (!ctx || !ctx->gc_acceptor.len) {
1405                 kfree(string);
1406                 string = NULL;
1407                 goto out;
1408         }
1409 
1410         acceptor = &ctx->gc_acceptor;
1411 
1412         /*
1413          * Did we find a new acceptor that's longer than the original? Allocate
1414          * a longer buffer and try again.
1415          */
1416         if (len < acceptor->len) {
1417                 len = acceptor->len;
1418                 rcu_read_unlock();
1419                 kfree(string);
1420                 goto realloc;
1421         }
1422 
1423         memcpy(string, acceptor->data, acceptor->len);
1424         string[acceptor->len] = '\0';
1425 out:
1426         rcu_read_unlock();
1427         return string;
1428 }
1429 
1430 /*
1431  * Returns -EACCES if GSS context is NULL or will expire within the
1432  * timeout (miliseconds)
1433  */
1434 static int
1435 gss_key_timeout(struct rpc_cred *rc)
1436 {
1437         struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1438         struct gss_cl_ctx *ctx;
1439         unsigned long timeout = jiffies + (gss_key_expire_timeo * HZ);
1440         int ret = 0;
1441 
1442         rcu_read_lock();
1443         ctx = rcu_dereference(gss_cred->gc_ctx);
1444         if (!ctx || time_after(timeout, ctx->gc_expiry))
1445                 ret = -EACCES;
1446         rcu_read_unlock();
1447 
1448         return ret;
1449 }
1450 
1451 static int
1452 gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
1453 {
1454         struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1455         struct gss_cl_ctx *ctx;
1456         int ret;
1457 
1458         if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
1459                 goto out;
1460         /* Don't match with creds that have expired. */
1461         rcu_read_lock();
1462         ctx = rcu_dereference(gss_cred->gc_ctx);
1463         if (!ctx || time_after(jiffies, ctx->gc_expiry)) {
1464                 rcu_read_unlock();
1465                 return 0;
1466         }
1467         rcu_read_unlock();
1468         if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
1469                 return 0;
1470 out:
1471         if (acred->principal != NULL) {
1472                 if (gss_cred->gc_principal == NULL)
1473                         return 0;
1474                 ret = strcmp(acred->principal, gss_cred->gc_principal) == 0;
1475         } else {
1476                 if (gss_cred->gc_principal != NULL)
1477                         return 0;
1478                 ret = uid_eq(rc->cr_cred->fsuid, acred->cred->fsuid);
1479         }
1480         return ret;
1481 }
1482 
1483 /*
1484  * Marshal credentials.
1485  *
1486  * The expensive part is computing the verifier. We can't cache a
1487  * pre-computed version of the verifier because the seqno, which
1488  * is different every time, is included in the MIC.
1489  */
1490 static int gss_marshal(struct rpc_task *task, struct xdr_stream *xdr)
1491 {
1492         struct rpc_rqst *req = task->tk_rqstp;
1493         struct rpc_cred *cred = req->rq_cred;
1494         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1495                                                  gc_base);
1496         struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
1497         __be32          *p, *cred_len;
1498         u32             maj_stat = 0;
1499         struct xdr_netobj mic;
1500         struct kvec     iov;
1501         struct xdr_buf  verf_buf;
1502         int status;
1503 
1504         /* Credential */
1505 
1506         p = xdr_reserve_space(xdr, 7 * sizeof(*p) +
1507                               ctx->gc_wire_ctx.len);
1508         if (!p)
1509                 goto marshal_failed;
1510         *p++ = rpc_auth_gss;
1511         cred_len = p++;
1512 
1513         spin_lock(&ctx->gc_seq_lock);
1514         req->rq_seqno = (ctx->gc_seq < MAXSEQ) ? ctx->gc_seq++ : MAXSEQ;
1515         spin_unlock(&ctx->gc_seq_lock);
1516         if (req->rq_seqno == MAXSEQ)
1517                 goto expired;
1518         trace_rpcgss_seqno(task);
1519 
1520         *p++ = cpu_to_be32(RPC_GSS_VERSION);
1521         *p++ = cpu_to_be32(ctx->gc_proc);
1522         *p++ = cpu_to_be32(req->rq_seqno);
1523         *p++ = cpu_to_be32(gss_cred->gc_service);
1524         p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
1525         *cred_len = cpu_to_be32((p - (cred_len + 1)) << 2);
1526 
1527         /* Verifier */
1528 
1529         /* We compute the checksum for the verifier over the xdr-encoded bytes
1530          * starting with the xid and ending at the end of the credential: */
1531         iov.iov_base = req->rq_snd_buf.head[0].iov_base;
1532         iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
1533         xdr_buf_from_iov(&iov, &verf_buf);
1534 
1535         p = xdr_reserve_space(xdr, sizeof(*p));
1536         if (!p)
1537                 goto marshal_failed;
1538         *p++ = rpc_auth_gss;
1539         mic.data = (u8 *)(p + 1);
1540         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1541         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1542                 goto expired;
1543         else if (maj_stat != 0)
1544                 goto bad_mic;
1545         if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
1546                 goto marshal_failed;
1547         status = 0;
1548 out:
1549         gss_put_ctx(ctx);
1550         return status;
1551 expired:
1552         clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1553         status = -EKEYEXPIRED;
1554         goto out;
1555 marshal_failed:
1556         status = -EMSGSIZE;
1557         goto out;
1558 bad_mic:
1559         trace_rpcgss_get_mic(task, maj_stat);
1560         status = -EIO;
1561         goto out;
1562 }
1563 
1564 static int gss_renew_cred(struct rpc_task *task)
1565 {
1566         struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
1567         struct gss_cred *gss_cred = container_of(oldcred,
1568                                                  struct gss_cred,
1569                                                  gc_base);
1570         struct rpc_auth *auth = oldcred->cr_auth;
1571         struct auth_cred acred = {
1572                 .cred = oldcred->cr_cred,
1573                 .principal = gss_cred->gc_principal,
1574         };
1575         struct rpc_cred *new;
1576 
1577         new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
1578         if (IS_ERR(new))
1579                 return PTR_ERR(new);
1580         task->tk_rqstp->rq_cred = new;
1581         put_rpccred(oldcred);
1582         return 0;
1583 }
1584 
1585 static int gss_cred_is_negative_entry(struct rpc_cred *cred)
1586 {
1587         if (test_bit(RPCAUTH_CRED_NEGATIVE, &cred->cr_flags)) {
1588                 unsigned long now = jiffies;
1589                 unsigned long begin, expire;
1590                 struct gss_cred *gss_cred;
1591 
1592                 gss_cred = container_of(cred, struct gss_cred, gc_base);
1593                 begin = gss_cred->gc_upcall_timestamp;
1594                 expire = begin + gss_expired_cred_retry_delay * HZ;
1595 
1596                 if (time_in_range_open(now, begin, expire))
1597                         return 1;
1598         }
1599         return 0;
1600 }
1601 
1602 /*
1603 * Refresh credentials. XXX - finish
1604 */
1605 static int
1606 gss_refresh(struct rpc_task *task)
1607 {
1608         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1609         int ret = 0;
1610 
1611         if (gss_cred_is_negative_entry(cred))
1612                 return -EKEYEXPIRED;
1613 
1614         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
1615                         !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
1616                 ret = gss_renew_cred(task);
1617                 if (ret < 0)
1618                         goto out;
1619                 cred = task->tk_rqstp->rq_cred;
1620         }
1621 
1622         if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
1623                 ret = gss_refresh_upcall(task);
1624 out:
1625         return ret;
1626 }
1627 
1628 /* Dummy refresh routine: used only when destroying the context */
1629 static int
1630 gss_refresh_null(struct rpc_task *task)
1631 {
1632         return 0;
1633 }
1634 
1635 static int
1636 gss_validate(struct rpc_task *task, struct xdr_stream *xdr)
1637 {
1638         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1639         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1640         __be32          *p, *seq = NULL;
1641         struct kvec     iov;
1642         struct xdr_buf  verf_buf;
1643         struct xdr_netobj mic;
1644         u32             len, maj_stat;
1645         int             status;
1646 
1647         p = xdr_inline_decode(xdr, 2 * sizeof(*p));
1648         if (!p)
1649                 goto validate_failed;
1650         if (*p++ != rpc_auth_gss)
1651                 goto validate_failed;
1652         len = be32_to_cpup(p);
1653         if (len > RPC_MAX_AUTH_SIZE)
1654                 goto validate_failed;
1655         p = xdr_inline_decode(xdr, len);
1656         if (!p)
1657                 goto validate_failed;
1658 
1659         seq = kmalloc(4, GFP_NOFS);
1660         if (!seq)
1661                 goto validate_failed;
1662         *seq = cpu_to_be32(task->tk_rqstp->rq_seqno);
1663         iov.iov_base = seq;
1664         iov.iov_len = 4;
1665         xdr_buf_from_iov(&iov, &verf_buf);
1666         mic.data = (u8 *)p;
1667         mic.len = len;
1668         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1669         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1670                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1671         if (maj_stat)
1672                 goto bad_mic;
1673 
1674         /* We leave it to unwrap to calculate au_rslack. For now we just
1675          * calculate the length of the verifier: */
1676         cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1677         status = 0;
1678 out:
1679         gss_put_ctx(ctx);
1680         kfree(seq);
1681         return status;
1682 
1683 validate_failed:
1684         status = -EIO;
1685         goto out;
1686 bad_mic:
1687         trace_rpcgss_verify_mic(task, maj_stat);
1688         status = -EACCES;
1689         goto out;
1690 }
1691 
1692 static int gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1693                               struct rpc_task *task, struct xdr_stream *xdr)
1694 {
1695         struct rpc_rqst *rqstp = task->tk_rqstp;
1696         struct xdr_buf integ_buf, *snd_buf = &rqstp->rq_snd_buf;
1697         struct xdr_netobj mic;
1698         __be32 *p, *integ_len;
1699         u32 offset, maj_stat;
1700 
1701         p = xdr_reserve_space(xdr, 2 * sizeof(*p));
1702         if (!p)
1703                 goto wrap_failed;
1704         integ_len = p++;
1705         *p = cpu_to_be32(rqstp->rq_seqno);
1706 
1707         if (rpcauth_wrap_req_encode(task, xdr))
1708                 goto wrap_failed;
1709 
1710         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1711         if (xdr_buf_subsegment(snd_buf, &integ_buf,
1712                                 offset, snd_buf->len - offset))
1713                 goto wrap_failed;
1714         *integ_len = cpu_to_be32(integ_buf.len);
1715 
1716         p = xdr_reserve_space(xdr, 0);
1717         if (!p)
1718                 goto wrap_failed;
1719         mic.data = (u8 *)(p + 1);
1720         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1721         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1722                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1723         else if (maj_stat)
1724                 goto bad_mic;
1725         /* Check that the trailing MIC fit in the buffer, after the fact */
1726         if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
1727                 goto wrap_failed;
1728         return 0;
1729 wrap_failed:
1730         return -EMSGSIZE;
1731 bad_mic:
1732         trace_rpcgss_get_mic(task, maj_stat);
1733         return -EIO;
1734 }
1735 
1736 static void
1737 priv_release_snd_buf(struct rpc_rqst *rqstp)
1738 {
1739         int i;
1740 
1741         for (i=0; i < rqstp->rq_enc_pages_num; i++)
1742                 __free_page(rqstp->rq_enc_pages[i]);
1743         kfree(rqstp->rq_enc_pages);
1744         rqstp->rq_release_snd_buf = NULL;
1745 }
1746 
1747 static int
1748 alloc_enc_pages(struct rpc_rqst *rqstp)
1749 {
1750         struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1751         int first, last, i;
1752 
1753         if (rqstp->rq_release_snd_buf)
1754                 rqstp->rq_release_snd_buf(rqstp);
1755 
1756         if (snd_buf->page_len == 0) {
1757                 rqstp->rq_enc_pages_num = 0;
1758                 return 0;
1759         }
1760 
1761         first = snd_buf->page_base >> PAGE_SHIFT;
1762         last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_SHIFT;
1763         rqstp->rq_enc_pages_num = last - first + 1 + 1;
1764         rqstp->rq_enc_pages
1765                 = kmalloc_array(rqstp->rq_enc_pages_num,
1766                                 sizeof(struct page *),
1767                                 GFP_NOFS);
1768         if (!rqstp->rq_enc_pages)
1769                 goto out;
1770         for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1771                 rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1772                 if (rqstp->rq_enc_pages[i] == NULL)
1773                         goto out_free;
1774         }
1775         rqstp->rq_release_snd_buf = priv_release_snd_buf;
1776         return 0;
1777 out_free:
1778         rqstp->rq_enc_pages_num = i;
1779         priv_release_snd_buf(rqstp);
1780 out:
1781         return -EAGAIN;
1782 }
1783 
1784 static int gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1785                              struct rpc_task *task, struct xdr_stream *xdr)
1786 {
1787         struct rpc_rqst *rqstp = task->tk_rqstp;
1788         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1789         u32             pad, offset, maj_stat;
1790         int             status;
1791         __be32          *p, *opaque_len;
1792         struct page     **inpages;
1793         int             first;
1794         struct kvec     *iov;
1795 
1796         status = -EIO;
1797         p = xdr_reserve_space(xdr, 2 * sizeof(*p));
1798         if (!p)
1799                 goto wrap_failed;
1800         opaque_len = p++;
1801         *p = cpu_to_be32(rqstp->rq_seqno);
1802 
1803         if (rpcauth_wrap_req_encode(task, xdr))
1804                 goto wrap_failed;
1805 
1806         status = alloc_enc_pages(rqstp);
1807         if (unlikely(status))
1808                 goto wrap_failed;
1809         first = snd_buf->page_base >> PAGE_SHIFT;
1810         inpages = snd_buf->pages + first;
1811         snd_buf->pages = rqstp->rq_enc_pages;
1812         snd_buf->page_base -= first << PAGE_SHIFT;
1813         /*
1814          * Move the tail into its own page, in case gss_wrap needs
1815          * more space in the head when wrapping.
1816          *
1817          * Still... Why can't gss_wrap just slide the tail down?
1818          */
1819         if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1820                 char *tmp;
1821 
1822                 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1823                 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1824                 snd_buf->tail[0].iov_base = tmp;
1825         }
1826         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1827         maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1828         /* slack space should prevent this ever happening: */
1829         if (unlikely(snd_buf->len > snd_buf->buflen))
1830                 goto wrap_failed;
1831         /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1832          * done anyway, so it's safe to put the request on the wire: */
1833         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1834                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1835         else if (maj_stat)
1836                 goto bad_wrap;
1837 
1838         *opaque_len = cpu_to_be32(snd_buf->len - offset);
1839         /* guess whether the pad goes into the head or the tail: */
1840         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1841                 iov = snd_buf->tail;
1842         else
1843                 iov = snd_buf->head;
1844         p = iov->iov_base + iov->iov_len;
1845         pad = 3 - ((snd_buf->len - offset - 1) & 3);
1846         memset(p, 0, pad);
1847         iov->iov_len += pad;
1848         snd_buf->len += pad;
1849 
1850         return 0;
1851 wrap_failed:
1852         return status;
1853 bad_wrap:
1854         trace_rpcgss_wrap(task, maj_stat);
1855         return -EIO;
1856 }
1857 
1858 static int gss_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
1859 {
1860         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1861         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1862                         gc_base);
1863         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1864         int status;
1865 
1866         status = -EIO;
1867         if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1868                 /* The spec seems a little ambiguous here, but I think that not
1869                  * wrapping context destruction requests makes the most sense.
1870                  */
1871                 status = rpcauth_wrap_req_encode(task, xdr);
1872                 goto out;
1873         }
1874         switch (gss_cred->gc_service) {
1875         case RPC_GSS_SVC_NONE:
1876                 status = rpcauth_wrap_req_encode(task, xdr);
1877                 break;
1878         case RPC_GSS_SVC_INTEGRITY:
1879                 status = gss_wrap_req_integ(cred, ctx, task, xdr);
1880                 break;
1881         case RPC_GSS_SVC_PRIVACY:
1882                 status = gss_wrap_req_priv(cred, ctx, task, xdr);
1883                 break;
1884         default:
1885                 status = -EIO;
1886         }
1887 out:
1888         gss_put_ctx(ctx);
1889         return status;
1890 }
1891 
1892 static int
1893 gss_unwrap_resp_auth(struct rpc_cred *cred)
1894 {
1895         struct rpc_auth *auth = cred->cr_auth;
1896 
1897         auth->au_rslack = auth->au_verfsize;
1898         auth->au_ralign = auth->au_verfsize;
1899         return 0;
1900 }
1901 
1902 static int
1903 gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred,
1904                       struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
1905                       struct xdr_stream *xdr)
1906 {
1907         struct xdr_buf integ_buf, *rcv_buf = &rqstp->rq_rcv_buf;
1908         u32 data_offset, mic_offset, integ_len, maj_stat;
1909         struct rpc_auth *auth = cred->cr_auth;
1910         struct xdr_netobj mic;
1911         __be32 *p;
1912 
1913         p = xdr_inline_decode(xdr, 2 * sizeof(*p));
1914         if (unlikely(!p))
1915                 goto unwrap_failed;
1916         integ_len = be32_to_cpup(p++);
1917         if (integ_len & 3)
1918                 goto unwrap_failed;
1919         data_offset = (u8 *)(p) - (u8 *)rcv_buf->head[0].iov_base;
1920         mic_offset = integ_len + data_offset;
1921         if (mic_offset > rcv_buf->len)
1922                 goto unwrap_failed;
1923         if (be32_to_cpup(p) != rqstp->rq_seqno)
1924                 goto bad_seqno;
1925 
1926         if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset, integ_len))
1927                 goto unwrap_failed;
1928         if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1929                 goto unwrap_failed;
1930         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1931         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1932                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1933         if (maj_stat != GSS_S_COMPLETE)
1934                 goto bad_mic;
1935 
1936         auth->au_rslack = auth->au_verfsize + 2 + 1 + XDR_QUADLEN(mic.len);
1937         auth->au_ralign = auth->au_verfsize + 2;
1938         return 0;
1939 unwrap_failed:
1940         trace_rpcgss_unwrap_failed(task);
1941         return -EIO;
1942 bad_seqno:
1943         trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, be32_to_cpup(p));
1944         return -EIO;
1945 bad_mic:
1946         trace_rpcgss_verify_mic(task, maj_stat);
1947         return -EIO;
1948 }
1949 
1950 static int
1951 gss_unwrap_resp_priv(struct rpc_task *task, struct rpc_cred *cred,
1952                      struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
1953                      struct xdr_stream *xdr)
1954 {
1955         struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
1956         struct kvec *head = rqstp->rq_rcv_buf.head;
1957         struct rpc_auth *auth = cred->cr_auth;
1958         unsigned int savedlen = rcv_buf->len;
1959         u32 offset, opaque_len, maj_stat;
1960         __be32 *p;
1961 
1962         p = xdr_inline_decode(xdr, 2 * sizeof(*p));
1963         if (unlikely(!p))
1964                 goto unwrap_failed;
1965         opaque_len = be32_to_cpup(p++);
1966         offset = (u8 *)(p) - (u8 *)head->iov_base;
1967         if (offset + opaque_len > rcv_buf->len)
1968                 goto unwrap_failed;
1969         rcv_buf->len = offset + opaque_len;
1970 
1971         maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1972         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1973                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1974         if (maj_stat != GSS_S_COMPLETE)
1975                 goto bad_unwrap;
1976         /* gss_unwrap decrypted the sequence number */
1977         if (be32_to_cpup(p++) != rqstp->rq_seqno)
1978                 goto bad_seqno;
1979 
1980         /* gss_unwrap redacts the opaque blob from the head iovec.
1981          * rcv_buf has changed, thus the stream needs to be reset.
1982          */
1983         xdr_init_decode(xdr, rcv_buf, p, rqstp);
1984 
1985         auth->au_rslack = auth->au_verfsize + 2 +
1986                           XDR_QUADLEN(savedlen - rcv_buf->len);
1987         auth->au_ralign = auth->au_verfsize + 2 +
1988                           XDR_QUADLEN(savedlen - rcv_buf->len);
1989         return 0;
1990 unwrap_failed:
1991         trace_rpcgss_unwrap_failed(task);
1992         return -EIO;
1993 bad_seqno:
1994         trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, be32_to_cpup(--p));
1995         return -EIO;
1996 bad_unwrap:
1997         trace_rpcgss_unwrap(task, maj_stat);
1998         return -EIO;
1999 }
2000 
2001 static bool
2002 gss_seq_is_newer(u32 new, u32 old)
2003 {
2004         return (s32)(new - old) > 0;
2005 }
2006 
2007 static bool
2008 gss_xmit_need_reencode(struct rpc_task *task)
2009 {
2010         struct rpc_rqst *req = task->tk_rqstp;
2011         struct rpc_cred *cred = req->rq_cred;
2012         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
2013         u32 win, seq_xmit = 0;
2014         bool ret = true;
2015 
2016         if (!ctx)
2017                 goto out;
2018 
2019         if (gss_seq_is_newer(req->rq_seqno, READ_ONCE(ctx->gc_seq)))
2020                 goto out_ctx;
2021 
2022         seq_xmit = READ_ONCE(ctx->gc_seq_xmit);
2023         while (gss_seq_is_newer(req->rq_seqno, seq_xmit)) {
2024                 u32 tmp = seq_xmit;
2025 
2026                 seq_xmit = cmpxchg(&ctx->gc_seq_xmit, tmp, req->rq_seqno);
2027                 if (seq_xmit == tmp) {
2028                         ret = false;
2029                         goto out_ctx;
2030                 }
2031         }
2032 
2033         win = ctx->gc_win;
2034         if (win > 0)
2035                 ret = !gss_seq_is_newer(req->rq_seqno, seq_xmit - win);
2036 
2037 out_ctx:
2038         gss_put_ctx(ctx);
2039 out:
2040         trace_rpcgss_need_reencode(task, seq_xmit, ret);
2041         return ret;
2042 }
2043 
2044 static int
2045 gss_unwrap_resp(struct rpc_task *task, struct xdr_stream *xdr)
2046 {
2047         struct rpc_rqst *rqstp = task->tk_rqstp;
2048         struct rpc_cred *cred = rqstp->rq_cred;
2049         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
2050                         gc_base);
2051         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
2052         int status = -EIO;
2053 
2054         if (ctx->gc_proc != RPC_GSS_PROC_DATA)
2055                 goto out_decode;
2056         switch (gss_cred->gc_service) {
2057         case RPC_GSS_SVC_NONE:
2058                 status = gss_unwrap_resp_auth(cred);
2059                 break;
2060         case RPC_GSS_SVC_INTEGRITY:
2061                 status = gss_unwrap_resp_integ(task, cred, ctx, rqstp, xdr);
2062                 break;
2063         case RPC_GSS_SVC_PRIVACY:
2064                 status = gss_unwrap_resp_priv(task, cred, ctx, rqstp, xdr);
2065                 break;
2066         }
2067         if (status)
2068                 goto out;
2069 
2070 out_decode:
2071         status = rpcauth_unwrap_resp_decode(task, xdr);
2072 out:
2073         gss_put_ctx(ctx);
2074         return status;
2075 }
2076 
2077 static const struct rpc_authops authgss_ops = {
2078         .owner          = THIS_MODULE,
2079         .au_flavor      = RPC_AUTH_GSS,
2080         .au_name        = "RPCSEC_GSS",
2081         .create         = gss_create,
2082         .destroy        = gss_destroy,
2083         .hash_cred      = gss_hash_cred,
2084         .lookup_cred    = gss_lookup_cred,
2085         .crcreate       = gss_create_cred,
2086         .list_pseudoflavors = gss_mech_list_pseudoflavors,
2087         .info2flavor    = gss_mech_info2flavor,
2088         .flavor2info    = gss_mech_flavor2info,
2089 };
2090 
2091 static const struct rpc_credops gss_credops = {
2092         .cr_name                = "AUTH_GSS",
2093         .crdestroy              = gss_destroy_cred,
2094         .cr_init                = gss_cred_init,
2095         .crmatch                = gss_match,
2096         .crmarshal              = gss_marshal,
2097         .crrefresh              = gss_refresh,
2098         .crvalidate             = gss_validate,
2099         .crwrap_req             = gss_wrap_req,
2100         .crunwrap_resp          = gss_unwrap_resp,
2101         .crkey_timeout          = gss_key_timeout,
2102         .crstringify_acceptor   = gss_stringify_acceptor,
2103         .crneed_reencode        = gss_xmit_need_reencode,
2104 };
2105 
2106 static const struct rpc_credops gss_nullops = {
2107         .cr_name                = "AUTH_GSS",
2108         .crdestroy              = gss_destroy_nullcred,
2109         .crmatch                = gss_match,
2110         .crmarshal              = gss_marshal,
2111         .crrefresh              = gss_refresh_null,
2112         .crvalidate             = gss_validate,
2113         .crwrap_req             = gss_wrap_req,
2114         .crunwrap_resp          = gss_unwrap_resp,
2115         .crstringify_acceptor   = gss_stringify_acceptor,
2116 };
2117 
2118 static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
2119         .upcall         = rpc_pipe_generic_upcall,
2120         .downcall       = gss_pipe_downcall,
2121         .destroy_msg    = gss_pipe_destroy_msg,
2122         .open_pipe      = gss_pipe_open_v0,
2123         .release_pipe   = gss_pipe_release,
2124 };
2125 
2126 static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
2127         .upcall         = rpc_pipe_generic_upcall,
2128         .downcall       = gss_pipe_downcall,
2129         .destroy_msg    = gss_pipe_destroy_msg,
2130         .open_pipe      = gss_pipe_open_v1,
2131         .release_pipe   = gss_pipe_release,
2132 };
2133 
2134 static __net_init int rpcsec_gss_init_net(struct net *net)
2135 {
2136         return gss_svc_init_net(net);
2137 }
2138 
2139 static __net_exit void rpcsec_gss_exit_net(struct net *net)
2140 {
2141         gss_svc_shutdown_net(net);
2142 }
2143 
2144 static struct pernet_operations rpcsec_gss_net_ops = {
2145         .init = rpcsec_gss_init_net,
2146         .exit = rpcsec_gss_exit_net,
2147 };
2148 
2149 /*
2150  * Initialize RPCSEC_GSS module
2151  */
2152 static int __init init_rpcsec_gss(void)
2153 {
2154         int err = 0;
2155 
2156         err = rpcauth_register(&authgss_ops);
2157         if (err)
2158                 goto out;
2159         err = gss_svc_init();
2160         if (err)
2161                 goto out_unregister;
2162         err = register_pernet_subsys(&rpcsec_gss_net_ops);
2163         if (err)
2164                 goto out_svc_exit;
2165         rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
2166         return 0;
2167 out_svc_exit:
2168         gss_svc_shutdown();
2169 out_unregister:
2170         rpcauth_unregister(&authgss_ops);
2171 out:
2172         return err;
2173 }
2174 
2175 static void __exit exit_rpcsec_gss(void)
2176 {
2177         unregister_pernet_subsys(&rpcsec_gss_net_ops);
2178         gss_svc_shutdown();
2179         rpcauth_unregister(&authgss_ops);
2180         rcu_barrier(); /* Wait for completion of call_rcu()'s */
2181 }
2182 
2183 MODULE_ALIAS("rpc-auth-6");
2184 MODULE_LICENSE("GPL");
2185 module_param_named(expired_cred_retry_delay,
2186                    gss_expired_cred_retry_delay,
2187                    uint, 0644);
2188 MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
2189                 "the RPC engine retries an expired credential");
2190 
2191 module_param_named(key_expire_timeo,
2192                    gss_key_expire_timeo,
2193                    uint, 0644);
2194 MODULE_PARM_DESC(key_expire_timeo, "Time (in seconds) at the end of a "
2195                 "credential keys lifetime where the NFS layer cleans up "
2196                 "prior to key expiration");
2197 
2198 module_init(init_rpcsec_gss)
2199 module_exit(exit_rpcsec_gss)
2200 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp