linux/net/sunrpc/auth_gss/auth_gss.c
<<
>>
Prefs 
   1/*
   2 * linux/net/sunrpc/auth_gss/auth_gss.c
   3 *
   4 * RPCSEC_GSS client authentication.
   5 *
   6 *  Copyright (c) 2000 The Regents of the University of Michigan.
   7 *  All rights reserved.
   8 *
   9 *  Dug Song       <dugsong@monkey.org>
  10 *  Andy Adamson   <andros@umich.edu>
  11 *
  12 *  Redistribution and use in source and binary forms, with or without
  13 *  modification, are permitted provided that the following conditions
  14 *  are met:
  15 *
  16 *  1. Redistributions of source code must retain the above copyright
  17 *     notice, this list of conditions and the following disclaimer.
  18 *  2. Redistributions in binary form must reproduce the above copyright
  19 *     notice, this list of conditions and the following disclaimer in the
  20 *     documentation and/or other materials provided with the distribution.
  21 *  3. Neither the name of the University nor the names of its
  22 *     contributors may be used to endorse or promote products derived
  23 *     from this software without specific prior written permission.
  24 *
  25 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  26 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  27 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  28 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  29 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  30 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  31 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  32 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  33 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  34 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  35 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36 */
  37
  38
  39#include <linux/module.h>
  40#include <linux/init.h>
  41#include <linux/types.h>
  42#include <linux/slab.h>
  43#include <linux/sched.h>
  44#include <linux/pagemap.h>
  45#include <linux/sunrpc/clnt.h>
  46#include <linux/sunrpc/auth.h>
  47#include <linux/sunrpc/auth_gss.h>
  48#include <linux/sunrpc/gss_krb5.h>
  49#include <linux/sunrpc/svcauth_gss.h>
  50#include <linux/sunrpc/gss_err.h>
  51#include <linux/workqueue.h>
  52#include <linux/sunrpc/rpc_pipe_fs.h>
  53#include <linux/sunrpc/gss_api.h>
  54#include <linux/uaccess.h>
  55#include <linux/hashtable.h>
  56
  57#include "auth_gss_internal.h"
  58#include "../netns.h"
  59
  60#include <trace/events/rpcgss.h>
  61
  62static const struct rpc_authops authgss_ops;
  63
  64static const struct rpc_credops gss_credops;
  65static const struct rpc_credops gss_nullops;
  66
  67#define GSS_RETRY_EXPIRED 5
  68static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
  69
  70#define GSS_KEY_EXPIRE_TIMEO 240
  71static unsigned int gss_key_expire_timeo = GSS_KEY_EXPIRE_TIMEO;
  72
  73#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
  74# define RPCDBG_FACILITY        RPCDBG_AUTH
  75#endif
  76
  77#define GSS_CRED_SLACK          (RPC_MAX_AUTH_SIZE * 2)
  78/* length of a krb5 verifier (48), plus data added before arguments when
  79 * using integrity (two 4-byte integers): */
  80#define GSS_VERF_SLACK          100
  81
  82static DEFINE_HASHTABLE(gss_auth_hash_table, 4);
  83static DEFINE_SPINLOCK(gss_auth_hash_lock);
  84
  85struct gss_pipe {
  86        struct rpc_pipe_dir_object pdo;
  87        struct rpc_pipe *pipe;
  88        struct rpc_clnt *clnt;
  89        const char *name;
  90        struct kref kref;
  91};
  92
  93struct gss_auth {
  94        struct kref kref;
  95        struct hlist_node hash;
  96        struct rpc_auth rpc_auth;
  97        struct gss_api_mech *mech;
  98        enum rpc_gss_svc service;
  99        struct rpc_clnt *client;
 100        struct net *net;
 101        /*
 102         * There are two upcall pipes; dentry[1], named "gssd", is used
 103         * for the new text-based upcall; dentry[0] is named after the
 104         * mechanism (for example, "krb5") and exists for
 105         * backwards-compatibility with older gssd's.
 106         */
 107        struct gss_pipe *gss_pipe[2];
 108        const char *target_name;
 109};
 110
 111/* pipe_version >= 0 if and only if someone has a pipe open. */
 112static DEFINE_SPINLOCK(pipe_version_lock);
 113static struct rpc_wait_queue pipe_version_rpc_waitqueue;
 114static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
 115static void gss_put_auth(struct gss_auth *gss_auth);
 116
 117static void gss_free_ctx(struct gss_cl_ctx *);
 118static const struct rpc_pipe_ops gss_upcall_ops_v0;
 119static const struct rpc_pipe_ops gss_upcall_ops_v1;
 120
 121static inline struct gss_cl_ctx *
 122gss_get_ctx(struct gss_cl_ctx *ctx)
 123{
 124        refcount_inc(&ctx->count);
 125        return ctx;
 126}
 127
 128static inline void
 129gss_put_ctx(struct gss_cl_ctx *ctx)
 130{
 131        if (refcount_dec_and_test(&ctx->count))
 132                gss_free_ctx(ctx);
 133}
 134
 135/* gss_cred_set_ctx:
 136 * called by gss_upcall_callback and gss_create_upcall in order
 137 * to set the gss context. The actual exchange of an old context
 138 * and a new one is protected by the pipe->lock.
 139 */
 140static void
 141gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
 142{
 143        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
 144
 145        if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
 146                return;
 147        gss_get_ctx(ctx);
 148        rcu_assign_pointer(gss_cred->gc_ctx, ctx);
 149        set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
 150        smp_mb__before_atomic();
 151        clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
 152}
 153
 154static struct gss_cl_ctx *
 155gss_cred_get_ctx(struct rpc_cred *cred)
 156{
 157        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
 158        struct gss_cl_ctx *ctx = NULL;
 159
 160        rcu_read_lock();
 161        ctx = rcu_dereference(gss_cred->gc_ctx);
 162        if (ctx)
 163                gss_get_ctx(ctx);
 164        rcu_read_unlock();
 165        return ctx;
 166}
 167
 168static struct gss_cl_ctx *
 169gss_alloc_context(void)
 170{
 171        struct gss_cl_ctx *ctx;
 172
 173        ctx = kzalloc(sizeof(*ctx), GFP_NOFS);
 174        if (ctx != NULL) {
 175                ctx->gc_proc = RPC_GSS_PROC_DATA;
 176                ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
 177                spin_lock_init(&ctx->gc_seq_lock);
 178                refcount_set(&ctx->count,1);
 179        }
 180        return ctx;
 181}
 182
 183#define GSSD_MIN_TIMEOUT (60 * 60)
 184static const void *
 185gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
 186{
 187        const void *q;
 188        unsigned int seclen;
 189        unsigned int timeout;
 190        unsigned long now = jiffies;
 191        u32 window_size;
 192        int ret;
 193
 194        /* First unsigned int gives the remaining lifetime in seconds of the
 195         * credential - e.g. the remaining TGT lifetime for Kerberos or
 196         * the -t value passed to GSSD.
 197         */
 198        p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
 199        if (IS_ERR(p))
 200                goto err;
 201        if (timeout == 0)
 202                timeout = GSSD_MIN_TIMEOUT;
 203        ctx->gc_expiry = now + ((unsigned long)timeout * HZ);
 204        /* Sequence number window. Determines the maximum number of
 205         * simultaneous requests
 206         */
 207        p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
 208        if (IS_ERR(p))
 209                goto err;
 210        ctx->gc_win = window_size;
 211        /* gssd signals an error by passing ctx->gc_win = 0: */
 212        if (ctx->gc_win == 0) {
 213                /*
 214                 * in which case, p points to an error code. Anything other
 215                 * than -EKEYEXPIRED gets converted to -EACCES.
 216                 */
 217                p = simple_get_bytes(p, end, &ret, sizeof(ret));
 218                if (!IS_ERR(p))
 219                        p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
 220                                                    ERR_PTR(-EACCES);
 221                goto err;
 222        }
 223        /* copy the opaque wire context */
 224        p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
 225        if (IS_ERR(p))
 226                goto err;
 227        /* import the opaque security context */
 228        p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
 229        if (IS_ERR(p))
 230                goto err;
 231        q = (const void *)((const char *)p + seclen);
 232        if (unlikely(q > end || q < p)) {
 233                p = ERR_PTR(-EFAULT);
 234                goto err;
 235        }
 236        ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, NULL, GFP_NOFS);
 237        if (ret < 0) {
 238                trace_rpcgss_import_ctx(ret);
 239                p = ERR_PTR(ret);
 240                goto err;
 241        }
 242
 243        /* is there any trailing data? */
 244        if (q == end) {
 245                p = q;
 246                goto done;
 247        }
 248
 249        /* pull in acceptor name (if there is one) */
 250        p = simple_get_netobj(q, end, &ctx->gc_acceptor);
 251        if (IS_ERR(p))
 252                goto err;
 253done:
 254        trace_rpcgss_context(window_size, ctx->gc_expiry, now, timeout,
 255                             ctx->gc_acceptor.len, ctx->gc_acceptor.data);
 256err:
 257        return p;
 258}
 259
 260/* XXX: Need some documentation about why UPCALL_BUF_LEN is so small.
 261 *      Is user space expecting no more than UPCALL_BUF_LEN bytes?
 262 *      Note that there are now _two_ NI_MAXHOST sized data items
 263 *      being passed in this string.
 264 */
 265#define UPCALL_BUF_LEN  256
 266
 267struct gss_upcall_msg {
 268        refcount_t count;
 269        kuid_t  uid;
 270        const char *service_name;
 271        struct rpc_pipe_msg msg;
 272        struct list_head list;
 273        struct gss_auth *auth;
 274        struct rpc_pipe *pipe;
 275        struct rpc_wait_queue rpc_waitqueue;
 276        wait_queue_head_t waitqueue;
 277        struct gss_cl_ctx *ctx;
 278        char databuf[UPCALL_BUF_LEN];
 279};
 280
 281static int get_pipe_version(struct net *net)
 282{
 283        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 284        int ret;
 285
 286        spin_lock(&pipe_version_lock);
 287        if (sn->pipe_version >= 0) {
 288                atomic_inc(&sn->pipe_users);
 289                ret = sn->pipe_version;
 290        } else
 291                ret = -EAGAIN;
 292        spin_unlock(&pipe_version_lock);
 293        return ret;
 294}
 295
 296static void put_pipe_version(struct net *net)
 297{
 298        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 299
 300        if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
 301                sn->pipe_version = -1;
 302                spin_unlock(&pipe_version_lock);
 303        }
 304}
 305
 306static void
 307gss_release_msg(struct gss_upcall_msg *gss_msg)
 308{
 309        struct net *net = gss_msg->auth->net;
 310        if (!refcount_dec_and_test(&gss_msg->count))
 311                return;
 312        put_pipe_version(net);
 313        BUG_ON(!list_empty(&gss_msg->list));
 314        if (gss_msg->ctx != NULL)
 315                gss_put_ctx(gss_msg->ctx);
 316        rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
 317        gss_put_auth(gss_msg->auth);
 318        kfree_const(gss_msg->service_name);
 319        kfree(gss_msg);
 320}
 321
 322static struct gss_upcall_msg *
 323__gss_find_upcall(struct rpc_pipe *pipe, kuid_t uid, const struct gss_auth *auth)
 324{
 325        struct gss_upcall_msg *pos;
 326        list_for_each_entry(pos, &pipe->in_downcall, list) {
 327                if (!uid_eq(pos->uid, uid))
 328                        continue;
 329                if (auth && pos->auth->service != auth->service)
 330                        continue;
 331                refcount_inc(&pos->count);
 332                return pos;
 333        }
 334        return NULL;
 335}
 336
 337/* Try to add an upcall to the pipefs queue.
 338 * If an upcall owned by our uid already exists, then we return a reference
 339 * to that upcall instead of adding the new upcall.
 340 */
 341static inline struct gss_upcall_msg *
 342gss_add_msg(struct gss_upcall_msg *gss_msg)
 343{
 344        struct rpc_pipe *pipe = gss_msg->pipe;
 345        struct gss_upcall_msg *old;
 346
 347        spin_lock(&pipe->lock);
 348        old = __gss_find_upcall(pipe, gss_msg->uid, gss_msg->auth);
 349        if (old == NULL) {
 350                refcount_inc(&gss_msg->count);
 351                list_add(&gss_msg->list, &pipe->in_downcall);
 352        } else
 353                gss_msg = old;
 354        spin_unlock(&pipe->lock);
 355        return gss_msg;
 356}
 357
 358static void
 359__gss_unhash_msg(struct gss_upcall_msg *gss_msg)
 360{
 361        list_del_init(&gss_msg->list);
 362        rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
 363        wake_up_all(&gss_msg->waitqueue);
 364        refcount_dec(&gss_msg->count);
 365}
 366
 367static void
 368gss_unhash_msg(struct gss_upcall_msg *gss_msg)
 369{
 370        struct rpc_pipe *pipe = gss_msg->pipe;
 371
 372        if (list_empty(&gss_msg->list))
 373                return;
 374        spin_lock(&pipe->lock);
 375        if (!list_empty(&gss_msg->list))
 376                __gss_unhash_msg(gss_msg);
 377        spin_unlock(&pipe->lock);
 378}
 379
 380static void
 381gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss_msg)
 382{
 383        switch (gss_msg->msg.errno) {
 384        case 0:
 385                if (gss_msg->ctx == NULL)
 386                        break;
 387                clear_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
 388                gss_cred_set_ctx(&gss_cred->gc_base, gss_msg->ctx);
 389                break;
 390        case -EKEYEXPIRED:
 391                set_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
 392        }
 393        gss_cred->gc_upcall_timestamp = jiffies;
 394        gss_cred->gc_upcall = NULL;
 395        rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
 396}
 397
 398static void
 399gss_upcall_callback(struct rpc_task *task)
 400{
 401        struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
 402                        struct gss_cred, gc_base);
 403        struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
 404        struct rpc_pipe *pipe = gss_msg->pipe;
 405
 406        spin_lock(&pipe->lock);
 407        gss_handle_downcall_result(gss_cred, gss_msg);
 408        spin_unlock(&pipe->lock);
 409        task->tk_status = gss_msg->msg.errno;
 410        gss_release_msg(gss_msg);
 411}
 412
 413static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
 414                              const struct cred *cred)
 415{
 416        struct user_namespace *userns = cred->user_ns;
 417
 418        uid_t uid = from_kuid_munged(userns, gss_msg->uid);
 419        memcpy(gss_msg->databuf, &uid, sizeof(uid));
 420        gss_msg->msg.data = gss_msg->databuf;
 421        gss_msg->msg.len = sizeof(uid);
 422
 423        BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
 424}
 425
 426static ssize_t
 427gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
 428                char __user *buf, size_t buflen)
 429{
 430        struct gss_upcall_msg *gss_msg = container_of(msg,
 431                                                      struct gss_upcall_msg,
 432                                                      msg);
 433        if (msg->copied == 0)
 434                gss_encode_v0_msg(gss_msg, file->f_cred);
 435        return rpc_pipe_generic_upcall(file, msg, buf, buflen);
 436}
 437
 438static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
 439                                const char *service_name,
 440                                const char *target_name,
 441                                const struct cred *cred)
 442{
 443        struct user_namespace *userns = cred->user_ns;
 444        struct gss_api_mech *mech = gss_msg->auth->mech;
 445        char *p = gss_msg->databuf;
 446        size_t buflen = sizeof(gss_msg->databuf);
 447        int len;
 448
 449        len = scnprintf(p, buflen, "mech=%s uid=%d", mech->gm_name,
 450                        from_kuid_munged(userns, gss_msg->uid));
 451        buflen -= len;
 452        p += len;
 453        gss_msg->msg.len = len;
 454
 455        /*
 456         * target= is a full service principal that names the remote
 457         * identity that we are authenticating to.
 458         */
 459        if (target_name) {
 460                len = scnprintf(p, buflen, " target=%s", target_name);
 461                buflen -= len;
 462                p += len;
 463                gss_msg->msg.len += len;
 464        }
 465
 466        /*
 467         * gssd uses service= and srchost= to select a matching key from
 468         * the system's keytab to use as the source principal.
 469         *
 470         * service= is the service name part of the source principal,
 471         * or "*" (meaning choose any).
 472         *
 473         * srchost= is the hostname part of the source principal. When
 474         * not provided, gssd uses the local hostname.
 475         */
 476        if (service_name) {
 477                char *c = strchr(service_name, '@');
 478
 479                if (!c)
 480                        len = scnprintf(p, buflen, " service=%s",
 481                                        service_name);
 482                else
 483                        len = scnprintf(p, buflen,
 484                                        " service=%.*s srchost=%s",
 485                                        (int)(c - service_name),
 486                                        service_name, c + 1);
 487                buflen -= len;
 488                p += len;
 489                gss_msg->msg.len += len;
 490        }
 491
 492        if (mech->gm_upcall_enctypes) {
 493                len = scnprintf(p, buflen, " enctypes=%s",
 494                                mech->gm_upcall_enctypes);
 495                buflen -= len;
 496                p += len;
 497                gss_msg->msg.len += len;
 498        }
 499        trace_rpcgss_upcall_msg(gss_msg->databuf);
 500        len = scnprintf(p, buflen, "\n");
 501        if (len == 0)
 502                goto out_overflow;
 503        gss_msg->msg.len += len;
 504        gss_msg->msg.data = gss_msg->databuf;
 505        return 0;
 506out_overflow:
 507        WARN_ON_ONCE(1);
 508        return -ENOMEM;
 509}
 510
 511static ssize_t
 512gss_v1_upcall(struct file *file, struct rpc_pipe_msg *msg,
 513                char __user *buf, size_t buflen)
 514{
 515        struct gss_upcall_msg *gss_msg = container_of(msg,
 516                                                      struct gss_upcall_msg,
 517                                                      msg);
 518        int err;
 519        if (msg->copied == 0) {
 520                err = gss_encode_v1_msg(gss_msg,
 521                                        gss_msg->service_name,
 522                                        gss_msg->auth->target_name,
 523                                        file->f_cred);
 524                if (err)
 525                        return err;
 526        }
 527        return rpc_pipe_generic_upcall(file, msg, buf, buflen);
 528}
 529
 530static struct gss_upcall_msg *
 531gss_alloc_msg(struct gss_auth *gss_auth,
 532                kuid_t uid, const char *service_name)
 533{
 534        struct gss_upcall_msg *gss_msg;
 535        int vers;
 536        int err = -ENOMEM;
 537
 538        gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
 539        if (gss_msg == NULL)
 540                goto err;
 541        vers = get_pipe_version(gss_auth->net);
 542        err = vers;
 543        if (err < 0)
 544                goto err_free_msg;
 545        gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
 546        INIT_LIST_HEAD(&gss_msg->list);
 547        rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
 548        init_waitqueue_head(&gss_msg->waitqueue);
 549        refcount_set(&gss_msg->count, 1);
 550        gss_msg->uid = uid;
 551        gss_msg->auth = gss_auth;
 552        kref_get(&gss_auth->kref);
 553        if (service_name) {
 554                gss_msg->service_name = kstrdup_const(service_name, GFP_NOFS);
 555                if (!gss_msg->service_name) {
 556                        err = -ENOMEM;
 557                        goto err_put_pipe_version;
 558                }
 559        }
 560        return gss_msg;
 561err_put_pipe_version:
 562        put_pipe_version(gss_auth->net);
 563err_free_msg:
 564        kfree(gss_msg);
 565err:
 566        return ERR_PTR(err);
 567}
 568
 569static struct gss_upcall_msg *
 570gss_setup_upcall(struct gss_auth *gss_auth, struct rpc_cred *cred)
 571{
 572        struct gss_cred *gss_cred = container_of(cred,
 573                        struct gss_cred, gc_base);
 574        struct gss_upcall_msg *gss_new, *gss_msg;
 575        kuid_t uid = cred->cr_cred->fsuid;
 576
 577        gss_new = gss_alloc_msg(gss_auth, uid, gss_cred->gc_principal);
 578        if (IS_ERR(gss_new))
 579                return gss_new;
 580        gss_msg = gss_add_msg(gss_new);
 581        if (gss_msg == gss_new) {
 582                int res;
 583                refcount_inc(&gss_msg->count);
 584                res = rpc_queue_upcall(gss_new->pipe, &gss_new->msg);
 585                if (res) {
 586                        gss_unhash_msg(gss_new);
 587                        refcount_dec(&gss_msg->count);
 588                        gss_release_msg(gss_new);
 589                        gss_msg = ERR_PTR(res);
 590                }
 591        } else
 592                gss_release_msg(gss_new);
 593        return gss_msg;
 594}
 595
 596static void warn_gssd(void)
 597{
 598        dprintk("AUTH_GSS upcall failed. Please check user daemon is running.\n");
 599}
 600
 601static inline int
 602gss_refresh_upcall(struct rpc_task *task)
 603{
 604        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
 605        struct gss_auth *gss_auth = container_of(cred->cr_auth,
 606                        struct gss_auth, rpc_auth);
 607        struct gss_cred *gss_cred = container_of(cred,
 608                        struct gss_cred, gc_base);
 609        struct gss_upcall_msg *gss_msg;
 610        struct rpc_pipe *pipe;
 611        int err = 0;
 612
 613        gss_msg = gss_setup_upcall(gss_auth, cred);
 614        if (PTR_ERR(gss_msg) == -EAGAIN) {
 615                /* XXX: warning on the first, under the assumption we
 616                 * shouldn't normally hit this case on a refresh. */
 617                warn_gssd();
 618                rpc_sleep_on_timeout(&pipe_version_rpc_waitqueue,
 619                                task, NULL, jiffies + (15 * HZ));
 620                err = -EAGAIN;
 621                goto out;
 622        }
 623        if (IS_ERR(gss_msg)) {
 624                err = PTR_ERR(gss_msg);
 625                goto out;
 626        }
 627        pipe = gss_msg->pipe;
 628        spin_lock(&pipe->lock);
 629        if (gss_cred->gc_upcall != NULL)
 630                rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
 631        else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
 632                gss_cred->gc_upcall = gss_msg;
 633                /* gss_upcall_callback will release the reference to gss_upcall_msg */
 634                refcount_inc(&gss_msg->count);
 635                rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
 636        } else {
 637                gss_handle_downcall_result(gss_cred, gss_msg);
 638                err = gss_msg->msg.errno;
 639        }
 640        spin_unlock(&pipe->lock);
 641        gss_release_msg(gss_msg);
 642out:
 643        trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
 644                                             cred->cr_cred->fsuid), err);
 645        return err;
 646}
 647
 648static inline int
 649gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
 650{
 651        struct net *net = gss_auth->net;
 652        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 653        struct rpc_pipe *pipe;
 654        struct rpc_cred *cred = &gss_cred->gc_base;
 655        struct gss_upcall_msg *gss_msg;
 656        DEFINE_WAIT(wait);
 657        int err;
 658
 659retry:
 660        err = 0;
 661        /* if gssd is down, just skip upcalling altogether */
 662        if (!gssd_running(net)) {
 663                warn_gssd();
 664                err = -EACCES;
 665                goto out;
 666        }
 667        gss_msg = gss_setup_upcall(gss_auth, cred);
 668        if (PTR_ERR(gss_msg) == -EAGAIN) {
 669                err = wait_event_interruptible_timeout(pipe_version_waitqueue,
 670                                sn->pipe_version >= 0, 15 * HZ);
 671                if (sn->pipe_version < 0) {
 672                        warn_gssd();
 673                        err = -EACCES;
 674                }
 675                if (err < 0)
 676                        goto out;
 677                goto retry;
 678        }
 679        if (IS_ERR(gss_msg)) {
 680                err = PTR_ERR(gss_msg);
 681                goto out;
 682        }
 683        pipe = gss_msg->pipe;
 684        for (;;) {
 685                prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
 686                spin_lock(&pipe->lock);
 687                if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
 688                        break;
 689                }
 690                spin_unlock(&pipe->lock);
 691                if (fatal_signal_pending(current)) {
 692                        err = -ERESTARTSYS;
 693                        goto out_intr;
 694                }
 695                schedule();
 696        }
 697        if (gss_msg->ctx) {
 698                trace_rpcgss_ctx_init(gss_cred);
 699                gss_cred_set_ctx(cred, gss_msg->ctx);
 700        } else {
 701                err = gss_msg->msg.errno;
 702        }
 703        spin_unlock(&pipe->lock);
 704out_intr:
 705        finish_wait(&gss_msg->waitqueue, &wait);
 706        gss_release_msg(gss_msg);
 707out:
 708        trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
 709                                             cred->cr_cred->fsuid), err);
 710        return err;
 711}
 712
 713#define MSG_BUF_MAXSIZE 1024
 714
 715static ssize_t
 716gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
 717{
 718        const void *p, *end;
 719        void *buf;
 720        struct gss_upcall_msg *gss_msg;
 721        struct rpc_pipe *pipe = RPC_I(file_inode(filp))->pipe;
 722        struct gss_cl_ctx *ctx;
 723        uid_t id;
 724        kuid_t uid;
 725        ssize_t err = -EFBIG;
 726
 727        if (mlen > MSG_BUF_MAXSIZE)
 728                goto out;
 729        err = -ENOMEM;
 730        buf = kmalloc(mlen, GFP_NOFS);
 731        if (!buf)
 732                goto out;
 733
 734        err = -EFAULT;
 735        if (copy_from_user(buf, src, mlen))
 736                goto err;
 737
 738        end = (const void *)((char *)buf + mlen);
 739        p = simple_get_bytes(buf, end, &id, sizeof(id));
 740        if (IS_ERR(p)) {
 741                err = PTR_ERR(p);
 742                goto err;
 743        }
 744
 745        uid = make_kuid(current_user_ns(), id);
 746        if (!uid_valid(uid)) {
 747                err = -EINVAL;
 748                goto err;
 749        }
 750
 751        err = -ENOMEM;
 752        ctx = gss_alloc_context();
 753        if (ctx == NULL)
 754                goto err;
 755
 756        err = -ENOENT;
 757        /* Find a matching upcall */
 758        spin_lock(&pipe->lock);
 759        gss_msg = __gss_find_upcall(pipe, uid, NULL);
 760        if (gss_msg == NULL) {
 761                spin_unlock(&pipe->lock);
 762                goto err_put_ctx;
 763        }
 764        list_del_init(&gss_msg->list);
 765        spin_unlock(&pipe->lock);
 766
 767        p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
 768        if (IS_ERR(p)) {
 769                err = PTR_ERR(p);
 770                switch (err) {
 771                case -EACCES:
 772                case -EKEYEXPIRED:
 773                        gss_msg->msg.errno = err;
 774                        err = mlen;
 775                        break;
 776                case -EFAULT:
 777                case -ENOMEM:
 778                case -EINVAL:
 779                case -ENOSYS:
 780                        gss_msg->msg.errno = -EAGAIN;
 781                        break;
 782                default:
 783                        printk(KERN_CRIT "%s: bad return from "
 784                                "gss_fill_context: %zd\n", __func__, err);
 785                        gss_msg->msg.errno = -EIO;
 786                }
 787                goto err_release_msg;
 788        }
 789        gss_msg->ctx = gss_get_ctx(ctx);
 790        err = mlen;
 791
 792err_release_msg:
 793        spin_lock(&pipe->lock);
 794        __gss_unhash_msg(gss_msg);
 795        spin_unlock(&pipe->lock);
 796        gss_release_msg(gss_msg);
 797err_put_ctx:
 798        gss_put_ctx(ctx);
 799err:
 800        kfree(buf);
 801out:
 802        return err;
 803}
 804
 805static int gss_pipe_open(struct inode *inode, int new_version)
 806{
 807        struct net *net = inode->i_sb->s_fs_info;
 808        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 809        int ret = 0;
 810
 811        spin_lock(&pipe_version_lock);
 812        if (sn->pipe_version < 0) {
 813                /* First open of any gss pipe determines the version: */
 814                sn->pipe_version = new_version;
 815                rpc_wake_up(&pipe_version_rpc_waitqueue);
 816                wake_up(&pipe_version_waitqueue);
 817        } else if (sn->pipe_version != new_version) {
 818                /* Trying to open a pipe of a different version */
 819                ret = -EBUSY;
 820                goto out;
 821        }
 822        atomic_inc(&sn->pipe_users);
 823out:
 824        spin_unlock(&pipe_version_lock);
 825        return ret;
 826
 827}
 828
 829static int gss_pipe_open_v0(struct inode *inode)
 830{
 831        return gss_pipe_open(inode, 0);
 832}
 833
 834static int gss_pipe_open_v1(struct inode *inode)
 835{
 836        return gss_pipe_open(inode, 1);
 837}
 838
 839static void
 840gss_pipe_release(struct inode *inode)
 841{
 842        struct net *net = inode->i_sb->s_fs_info;
 843        struct rpc_pipe *pipe = RPC_I(inode)->pipe;
 844        struct gss_upcall_msg *gss_msg;
 845
 846restart:
 847        spin_lock(&pipe->lock);
 848        list_for_each_entry(gss_msg, &pipe->in_downcall, list) {
 849
 850                if (!list_empty(&gss_msg->msg.list))
 851                        continue;
 852                gss_msg->msg.errno = -EPIPE;
 853                refcount_inc(&gss_msg->count);
 854                __gss_unhash_msg(gss_msg);
 855                spin_unlock(&pipe->lock);
 856                gss_release_msg(gss_msg);
 857                goto restart;
 858        }
 859        spin_unlock(&pipe->lock);
 860
 861        put_pipe_version(net);
 862}
 863
 864static void
 865gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
 866{
 867        struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
 868
 869        if (msg->errno < 0) {
 870                refcount_inc(&gss_msg->count);
 871                gss_unhash_msg(gss_msg);
 872                if (msg->errno == -ETIMEDOUT)
 873                        warn_gssd();
 874                gss_release_msg(gss_msg);
 875        }
 876        gss_release_msg(gss_msg);
 877}
 878
 879static void gss_pipe_dentry_destroy(struct dentry *dir,
 880                struct rpc_pipe_dir_object *pdo)
 881{
 882        struct gss_pipe *gss_pipe = pdo->pdo_data;
 883        struct rpc_pipe *pipe = gss_pipe->pipe;
 884
 885        if (pipe->dentry != NULL) {
 886                rpc_unlink(pipe->dentry);
 887                pipe->dentry = NULL;
 888        }
 889}
 890
 891static int gss_pipe_dentry_create(struct dentry *dir,
 892                struct rpc_pipe_dir_object *pdo)
 893{
 894        struct gss_pipe *p = pdo->pdo_data;
 895        struct dentry *dentry;
 896
 897        dentry = rpc_mkpipe_dentry(dir, p->name, p->clnt, p->pipe);
 898        if (IS_ERR(dentry))
 899                return PTR_ERR(dentry);
 900        p->pipe->dentry = dentry;
 901        return 0;
 902}
 903
 904static const struct rpc_pipe_dir_object_ops gss_pipe_dir_object_ops = {
 905        .create = gss_pipe_dentry_create,
 906        .destroy = gss_pipe_dentry_destroy,
 907};
 908
 909static struct gss_pipe *gss_pipe_alloc(struct rpc_clnt *clnt,
 910                const char *name,
 911                const struct rpc_pipe_ops *upcall_ops)
 912{
 913        struct gss_pipe *p;
 914        int err = -ENOMEM;
 915
 916        p = kmalloc(sizeof(*p), GFP_KERNEL);
 917        if (p == NULL)
 918                goto err;
 919        p->pipe = rpc_mkpipe_data(upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
 920        if (IS_ERR(p->pipe)) {
 921                err = PTR_ERR(p->pipe);
 922                goto err_free_gss_pipe;
 923        }
 924        p->name = name;
 925        p->clnt = clnt;
 926        kref_init(&p->kref);
 927        rpc_init_pipe_dir_object(&p->pdo,
 928                        &gss_pipe_dir_object_ops,
 929                        p);
 930        return p;
 931err_free_gss_pipe:
 932        kfree(p);
 933err:
 934        return ERR_PTR(err);
 935}
 936
 937struct gss_alloc_pdo {
 938        struct rpc_clnt *clnt;
 939        const char *name;
 940        const struct rpc_pipe_ops *upcall_ops;
 941};
 942
 943static int gss_pipe_match_pdo(struct rpc_pipe_dir_object *pdo, void *data)
 944{
 945        struct gss_pipe *gss_pipe;
 946        struct gss_alloc_pdo *args = data;
 947
 948        if (pdo->pdo_ops != &gss_pipe_dir_object_ops)
 949                return 0;
 950        gss_pipe = container_of(pdo, struct gss_pipe, pdo);
 951        if (strcmp(gss_pipe->name, args->name) != 0)
 952                return 0;
 953        if (!kref_get_unless_zero(&gss_pipe->kref))
 954                return 0;
 955        return 1;
 956}
 957
 958static struct rpc_pipe_dir_object *gss_pipe_alloc_pdo(void *data)
 959{
 960        struct gss_pipe *gss_pipe;
 961        struct gss_alloc_pdo *args = data;
 962
 963        gss_pipe = gss_pipe_alloc(args->clnt, args->name, args->upcall_ops);
 964        if (!IS_ERR(gss_pipe))
 965                return &gss_pipe->pdo;
 966        return NULL;
 967}
 968
 969static struct gss_pipe *gss_pipe_get(struct rpc_clnt *clnt,
 970                const char *name,
 971                const struct rpc_pipe_ops *upcall_ops)
 972{
 973        struct net *net = rpc_net_ns(clnt);
 974        struct rpc_pipe_dir_object *pdo;
 975        struct gss_alloc_pdo args = {
 976                .clnt = clnt,
 977                .name = name,
 978                .upcall_ops = upcall_ops,
 979        };
 980
 981        pdo = rpc_find_or_alloc_pipe_dir_object(net,
 982                        &clnt->cl_pipedir_objects,
 983                        gss_pipe_match_pdo,
 984                        gss_pipe_alloc_pdo,
 985                        &args);
 986        if (pdo != NULL)
 987                return container_of(pdo, struct gss_pipe, pdo);
 988        return ERR_PTR(-ENOMEM);
 989}
 990
 991static void __gss_pipe_free(struct gss_pipe *p)
 992{
 993        struct rpc_clnt *clnt = p->clnt;
 994        struct net *net = rpc_net_ns(clnt);
 995
 996        rpc_remove_pipe_dir_object(net,
 997                        &clnt->cl_pipedir_objects,
 998                        &p->pdo);
 999        rpc_destroy_pipe_data(p->pipe);
1000        kfree(p);

1001}
1002
1003static void __gss_pipe_release(struct kref *kref)
1004{
1005        struct gss_pipe *p = container_of(kref, struct gss_pipe, kref);
1006
1007        __gss_pipe_free(p);
1008}
1009
1010static void gss_pipe_free(struct gss_pipe *p)
1011{
1012        if (p != NULL)
1013                kref_put(&p->kref, __gss_pipe_release);
1014}
1015
1016/*
1017 * NOTE: we have the opportunity to use different
1018 * parameters based on the input flavor (which must be a pseudoflavor)
1019 */
1020static struct gss_auth *
1021gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
1022{
1023        rpc_authflavor_t flavor = args->pseudoflavor;
1024        struct gss_auth *gss_auth;
1025        struct gss_pipe *gss_pipe;
1026        struct rpc_auth * auth;
1027        int err = -ENOMEM; /* XXX? */
1028
1029        if (!try_module_get(THIS_MODULE))
1030                return ERR_PTR(err);
1031        if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
1032                goto out_dec;
1033        INIT_HLIST_NODE(&gss_auth->hash);
1034        gss_auth->target_name = NULL;
1035        if (args->target_name) {
1036                gss_auth->target_name = kstrdup(args->target_name, GFP_KERNEL);
1037                if (gss_auth->target_name == NULL)
1038                        goto err_free;
1039        }
1040        gss_auth->client = clnt;
1041        gss_auth->net = get_net(rpc_net_ns(clnt));
1042        err = -EINVAL;
1043        gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
1044        if (!gss_auth->mech)
1045                goto err_put_net;
1046        gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
1047        if (gss_auth->service == 0)
1048                goto err_put_mech;
1049        if (!gssd_running(gss_auth->net))
1050                goto err_put_mech;
1051        auth = &gss_auth->rpc_auth;
1052        auth->au_cslack = GSS_CRED_SLACK >> 2;
1053        auth->au_rslack = GSS_KRB5_MAX_SLACK_NEEDED >> 2;
1054        auth->au_verfsize = GSS_VERF_SLACK >> 2;
1055        auth->au_ralign = GSS_VERF_SLACK >> 2;
1056        __set_bit(RPCAUTH_AUTH_UPDATE_SLACK, &auth->au_flags);
1057        auth->au_ops = &authgss_ops;
1058        auth->au_flavor = flavor;
1059        if (gss_pseudoflavor_to_datatouch(gss_auth->mech, flavor))
1060                __set_bit(RPCAUTH_AUTH_DATATOUCH, &auth->au_flags);
1061        refcount_set(&auth->au_count, 1);
1062        kref_init(&gss_auth->kref);
1063
1064        err = rpcauth_init_credcache(auth);
1065        if (err)
1066                goto err_put_mech;
1067        /*
1068         * Note: if we created the old pipe first, then someone who
1069         * examined the directory at the right moment might conclude
1070         * that we supported only the old pipe.  So we instead create
1071         * the new pipe first.
1072         */
1073        gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
1074        if (IS_ERR(gss_pipe)) {
1075                err = PTR_ERR(gss_pipe);
1076                goto err_destroy_credcache;
1077        }
1078        gss_auth->gss_pipe[1] = gss_pipe;
1079
1080        gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
1081                        &gss_upcall_ops_v0);
1082        if (IS_ERR(gss_pipe)) {
1083                err = PTR_ERR(gss_pipe);
1084                goto err_destroy_pipe_1;
1085        }
1086        gss_auth->gss_pipe[0] = gss_pipe;
1087
1088        return gss_auth;
1089err_destroy_pipe_1:
1090        gss_pipe_free(gss_auth->gss_pipe[1]);
1091err_destroy_credcache:
1092        rpcauth_destroy_credcache(auth);
1093err_put_mech:
1094        gss_mech_put(gss_auth->mech);
1095err_put_net:
1096        put_net(gss_auth->net);
1097err_free:
1098        kfree(gss_auth->target_name);
1099        kfree(gss_auth);
1100out_dec:
1101        module_put(THIS_MODULE);
1102        trace_rpcgss_createauth(flavor, err);
1103        return ERR_PTR(err);
1104}
1105
1106static void
1107gss_free(struct gss_auth *gss_auth)
1108{
1109        gss_pipe_free(gss_auth->gss_pipe[0]);
1110        gss_pipe_free(gss_auth->gss_pipe[1]);
1111        gss_mech_put(gss_auth->mech);
1112        put_net(gss_auth->net);
1113        kfree(gss_auth->target_name);
1114
1115        kfree(gss_auth);
1116        module_put(THIS_MODULE);
1117}
1118
1119static void
1120gss_free_callback(struct kref *kref)
1121{
1122        struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
1123
1124        gss_free(gss_auth);
1125}
1126
1127static void
1128gss_put_auth(struct gss_auth *gss_auth)
1129{
1130        kref_put(&gss_auth->kref, gss_free_callback);
1131}
1132
1133static void
1134gss_destroy(struct rpc_auth *auth)
1135{
1136        struct gss_auth *gss_auth = container_of(auth,
1137                        struct gss_auth, rpc_auth);
1138
1139        if (hash_hashed(&gss_auth->hash)) {
1140                spin_lock(&gss_auth_hash_lock);
1141                hash_del(&gss_auth->hash);
1142                spin_unlock(&gss_auth_hash_lock);
1143        }
1144
1145        gss_pipe_free(gss_auth->gss_pipe[0]);
1146        gss_auth->gss_pipe[0] = NULL;
1147        gss_pipe_free(gss_auth->gss_pipe[1]);
1148        gss_auth->gss_pipe[1] = NULL;
1149        rpcauth_destroy_credcache(auth);
1150
1151        gss_put_auth(gss_auth);
1152}
1153
1154/*
1155 * Auths may be shared between rpc clients that were cloned from a
1156 * common client with the same xprt, if they also share the flavor and
1157 * target_name.
1158 *
1159 * The auth is looked up from the oldest parent sharing the same
1160 * cl_xprt, and the auth itself references only that common parent
1161 * (which is guaranteed to last as long as any of its descendants).
1162 */
1163static struct gss_auth *
1164gss_auth_find_or_add_hashed(const struct rpc_auth_create_args *args,
1165                struct rpc_clnt *clnt,
1166                struct gss_auth *new)
1167{
1168        struct gss_auth *gss_auth;
1169        unsigned long hashval = (unsigned long)clnt;
1170
1171        spin_lock(&gss_auth_hash_lock);
1172        hash_for_each_possible(gss_auth_hash_table,
1173                        gss_auth,
1174                        hash,
1175                        hashval) {
1176                if (gss_auth->client != clnt)
1177                        continue;
1178                if (gss_auth->rpc_auth.au_flavor != args->pseudoflavor)
1179                        continue;
1180                if (gss_auth->target_name != args->target_name) {
1181                        if (gss_auth->target_name == NULL)
1182                                continue;
1183                        if (args->target_name == NULL)
1184                                continue;
1185                        if (strcmp(gss_auth->target_name, args->target_name))
1186                                continue;
1187                }
1188                if (!refcount_inc_not_zero(&gss_auth->rpc_auth.au_count))
1189                        continue;
1190                goto out;
1191        }
1192        if (new)
1193                hash_add(gss_auth_hash_table, &new->hash, hashval);
1194        gss_auth = new;
1195out:
1196        spin_unlock(&gss_auth_hash_lock);
1197        return gss_auth;
1198}
1199
1200static struct gss_auth *
1201gss_create_hashed(const struct rpc_auth_create_args *args,
1202                  struct rpc_clnt *clnt)
1203{
1204        struct gss_auth *gss_auth;
1205        struct gss_auth *new;
1206
1207        gss_auth = gss_auth_find_or_add_hashed(args, clnt, NULL);
1208        if (gss_auth != NULL)
1209                goto out;
1210        new = gss_create_new(args, clnt);
1211        if (IS_ERR(new))
1212                return new;
1213        gss_auth = gss_auth_find_or_add_hashed(args, clnt, new);
1214        if (gss_auth != new)
1215                gss_destroy(&new->rpc_auth);
1216out:
1217        return gss_auth;
1218}
1219
1220static struct rpc_auth *
1221gss_create(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
1222{
1223        struct gss_auth *gss_auth;
1224        struct rpc_xprt_switch *xps = rcu_access_pointer(clnt->cl_xpi.xpi_xpswitch);
1225
1226        while (clnt != clnt->cl_parent) {
1227                struct rpc_clnt *parent = clnt->cl_parent;
1228                /* Find the original parent for this transport */
1229                if (rcu_access_pointer(parent->cl_xpi.xpi_xpswitch) != xps)
1230                        break;
1231                clnt = parent;
1232        }
1233
1234        gss_auth = gss_create_hashed(args, clnt);
1235        if (IS_ERR(gss_auth))
1236                return ERR_CAST(gss_auth);
1237        return &gss_auth->rpc_auth;
1238}
1239
1240static struct gss_cred *
1241gss_dup_cred(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
1242{
1243        struct gss_cred *new;
1244
1245        /* Make a copy of the cred so that we can reference count it */
1246        new = kzalloc(sizeof(*gss_cred), GFP_NOFS);
1247        if (new) {
1248                struct auth_cred acred = {
1249                        .cred = gss_cred->gc_base.cr_cred,
1250                };
1251                struct gss_cl_ctx *ctx =
1252                        rcu_dereference_protected(gss_cred->gc_ctx, 1);
1253
1254                rpcauth_init_cred(&new->gc_base, &acred,
1255                                &gss_auth->rpc_auth,
1256                                &gss_nullops);
1257                new->gc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;
1258                new->gc_service = gss_cred->gc_service;
1259                new->gc_principal = gss_cred->gc_principal;
1260                kref_get(&gss_auth->kref);
1261                rcu_assign_pointer(new->gc_ctx, ctx);
1262                gss_get_ctx(ctx);
1263        }
1264        return new;
1265}
1266
1267/*
1268 * gss_send_destroy_context will cause the RPCSEC_GSS to send a NULL RPC call
1269 * to the server with the GSS control procedure field set to
1270 * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
1271 * all RPCSEC_GSS state associated with that context.
1272 */
1273static void
1274gss_send_destroy_context(struct rpc_cred *cred)
1275{
1276        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1277        struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1278        struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1279        struct gss_cred *new;
1280        struct rpc_task *task;
1281
1282        new = gss_dup_cred(gss_auth, gss_cred);
1283        if (new) {
1284                ctx->gc_proc = RPC_GSS_PROC_DESTROY;
1285
1286                trace_rpcgss_ctx_destroy(gss_cred);
1287                task = rpc_call_null(gss_auth->client, &new->gc_base,
1288                                     RPC_TASK_ASYNC);
1289                if (!IS_ERR(task))
1290                        rpc_put_task(task);
1291
1292                put_rpccred(&new->gc_base);
1293        }
1294}
1295
1296/* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
1297 * to create a new cred or context, so they check that things have been
1298 * allocated before freeing them. */
1299static void
1300gss_do_free_ctx(struct gss_cl_ctx *ctx)
1301{
1302        gss_delete_sec_context(&ctx->gc_gss_ctx);
1303        kfree(ctx->gc_wire_ctx.data);
1304        kfree(ctx->gc_acceptor.data);
1305        kfree(ctx);
1306}
1307
1308static void
1309gss_free_ctx_callback(struct rcu_head *head)
1310{
1311        struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
1312        gss_do_free_ctx(ctx);
1313}
1314
1315static void
1316gss_free_ctx(struct gss_cl_ctx *ctx)
1317{
1318        call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
1319}
1320
1321static void
1322gss_free_cred(struct gss_cred *gss_cred)
1323{
1324        kfree(gss_cred);
1325}
1326
1327static void
1328gss_free_cred_callback(struct rcu_head *head)
1329{
1330        struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
1331        gss_free_cred(gss_cred);
1332}
1333
1334static void
1335gss_destroy_nullcred(struct rpc_cred *cred)
1336{
1337        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1338        struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1339        struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1340
1341        RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
1342        put_cred(cred->cr_cred);
1343        call_rcu(&cred->cr_rcu, gss_free_cred_callback);
1344        if (ctx)
1345                gss_put_ctx(ctx);
1346        gss_put_auth(gss_auth);
1347}
1348
1349static void
1350gss_destroy_cred(struct rpc_cred *cred)
1351{
1352        if (test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0)
1353                gss_send_destroy_context(cred);
1354        gss_destroy_nullcred(cred);
1355}
1356
1357static int
1358gss_hash_cred(struct auth_cred *acred, unsigned int hashbits)
1359{
1360        return hash_64(from_kuid(&init_user_ns, acred->cred->fsuid), hashbits);
1361}
1362
1363/*
1364 * Lookup RPCSEC_GSS cred for the current process
1365 */
1366static struct rpc_cred *
1367gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
1368{
1369        return rpcauth_lookup_credcache(auth, acred, flags, GFP_NOFS);
1370}
1371
1372static struct rpc_cred *
1373gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags, gfp_t gfp)
1374{
1375        struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1376        struct gss_cred *cred = NULL;
1377        int err = -ENOMEM;
1378
1379        if (!(cred = kzalloc(sizeof(*cred), gfp)))
1380                goto out_err;
1381
1382        rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
1383        /*
1384         * Note: in order to force a call to call_refresh(), we deliberately
1385         * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
1386         */
1387        cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
1388        cred->gc_service = gss_auth->service;
1389        cred->gc_principal = acred->principal;
1390        kref_get(&gss_auth->kref);
1391        return &cred->gc_base;
1392
1393out_err:
1394        return ERR_PTR(err);
1395}
1396
1397static int
1398gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
1399{
1400        struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1401        struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
1402        int err;
1403
1404        do {
1405                err = gss_create_upcall(gss_auth, gss_cred);
1406        } while (err == -EAGAIN);
1407        return err;
1408}
1409
1410static char *
1411gss_stringify_acceptor(struct rpc_cred *cred)
1412{
1413        char *string = NULL;
1414        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1415        struct gss_cl_ctx *ctx;
1416        unsigned int len;
1417        struct xdr_netobj *acceptor;
1418
1419        rcu_read_lock();
1420        ctx = rcu_dereference(gss_cred->gc_ctx);
1421        if (!ctx)
1422                goto out;
1423
1424        len = ctx->gc_acceptor.len;
1425        rcu_read_unlock();
1426
1427        /* no point if there's no string */
1428        if (!len)
1429                return NULL;
1430realloc:
1431        string = kmalloc(len + 1, GFP_KERNEL);
1432        if (!string)
1433                return NULL;
1434
1435        rcu_read_lock();
1436        ctx = rcu_dereference(gss_cred->gc_ctx);
1437
1438        /* did the ctx disappear or was it replaced by one with no acceptor? */
1439        if (!ctx || !ctx->gc_acceptor.len) {
1440                kfree(string);
1441                string = NULL;
1442                goto out;
1443        }
1444
1445        acceptor = &ctx->gc_acceptor;
1446
1447        /*
1448         * Did we find a new acceptor that's longer than the original? Allocate
1449         * a longer buffer and try again.
1450         */
1451        if (len < acceptor->len) {
1452                len = acceptor->len;
1453                rcu_read_unlock();
1454                kfree(string);
1455                goto realloc;
1456        }
1457
1458        memcpy(string, acceptor->data, acceptor->len);
1459        string[acceptor->len] = '\0';
1460out:
1461        rcu_read_unlock();
1462        return string;
1463}
1464
1465/*
1466 * Returns -EACCES if GSS context is NULL or will expire within the
1467 * timeout (miliseconds)
1468 */
1469static int
1470gss_key_timeout(struct rpc_cred *rc)
1471{
1472        struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1473        struct gss_cl_ctx *ctx;
1474        unsigned long timeout = jiffies + (gss_key_expire_timeo * HZ);
1475        int ret = 0;
1476
1477        rcu_read_lock();
1478        ctx = rcu_dereference(gss_cred->gc_ctx);
1479        if (!ctx || time_after(timeout, ctx->gc_expiry))
1480                ret = -EACCES;
1481        rcu_read_unlock();
1482
1483        return ret;
1484}
1485
1486static int
1487gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
1488{
1489        struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1490        struct gss_cl_ctx *ctx;
1491        int ret;
1492
1493        if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
1494                goto out;
1495        /* Don't match with creds that have expired. */
1496        rcu_read_lock();
1497        ctx = rcu_dereference(gss_cred->gc_ctx);
1498        if (!ctx || time_after(jiffies, ctx->gc_expiry)) {
1499                rcu_read_unlock();
1500                return 0;
1501        }
1502        rcu_read_unlock();
1503        if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
1504                return 0;
1505out:
1506        if (acred->principal != NULL) {
1507                if (gss_cred->gc_principal == NULL)
1508                        return 0;
1509                ret = strcmp(acred->principal, gss_cred->gc_principal) == 0;
1510        } else {
1511                if (gss_cred->gc_principal != NULL)
1512                        return 0;
1513                ret = uid_eq(rc->cr_cred->fsuid, acred->cred->fsuid);
1514        }
1515        return ret;
1516}
1517
1518/*
1519 * Marshal credentials.
1520 *
1521 * The expensive part is computing the verifier. We can't cache a
1522 * pre-computed version of the verifier because the seqno, which
1523 * is different every time, is included in the MIC.
1524 */
1525static int gss_marshal(struct rpc_task *task, struct xdr_stream *xdr)
1526{
1527        struct rpc_rqst *req = task->tk_rqstp;
1528        struct rpc_cred *cred = req->rq_cred;
1529        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1530                                                 gc_base);
1531        struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
1532        __be32          *p, *cred_len;
1533        u32             maj_stat = 0;
1534        struct xdr_netobj mic;
1535        struct kvec     iov;
1536        struct xdr_buf  verf_buf;
1537        int status;
1538
1539        /* Credential */
1540
1541        p = xdr_reserve_space(xdr, 7 * sizeof(*p) +
1542                              ctx->gc_wire_ctx.len);
1543        if (!p)
1544                goto marshal_failed;
1545        *p++ = rpc_auth_gss;
1546        cred_len = p++;
1547
1548        spin_lock(&ctx->gc_seq_lock);
1549        req->rq_seqno = (ctx->gc_seq < MAXSEQ) ? ctx->gc_seq++ : MAXSEQ;
1550        spin_unlock(&ctx->gc_seq_lock);
1551        if (req->rq_seqno == MAXSEQ)
1552                goto expired;
1553        trace_rpcgss_seqno(task);
1554
1555        *p++ = cpu_to_be32(RPC_GSS_VERSION);
1556        *p++ = cpu_to_be32(ctx->gc_proc);
1557        *p++ = cpu_to_be32(req->rq_seqno);
1558        *p++ = cpu_to_be32(gss_cred->gc_service);
1559        p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
1560        *cred_len = cpu_to_be32((p - (cred_len + 1)) << 2);
1561
1562        /* Verifier */
1563
1564        /* We compute the checksum for the verifier over the xdr-encoded bytes
1565         * starting with the xid and ending at the end of the credential: */
1566        iov.iov_base = req->rq_snd_buf.head[0].iov_base;
1567        iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
1568        xdr_buf_from_iov(&iov, &verf_buf);
1569
1570        p = xdr_reserve_space(xdr, sizeof(*p));
1571        if (!p)
1572                goto marshal_failed;
1573        *p++ = rpc_auth_gss;
1574        mic.data = (u8 *)(p + 1);
1575        maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1576        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1577                goto expired;
1578        else if (maj_stat != 0)
1579                goto bad_mic;
1580        if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
1581                goto marshal_failed;
1582        status = 0;
1583out:
1584        gss_put_ctx(ctx);
1585        return status;
1586expired:
1587        clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1588        status = -EKEYEXPIRED;
1589        goto out;
1590marshal_failed:
1591        status = -EMSGSIZE;
1592        goto out;
1593bad_mic:
1594        trace_rpcgss_get_mic(task, maj_stat);
1595        status = -EIO;
1596        goto out;
1597}
1598
1599static int gss_renew_cred(struct rpc_task *task)
1600{
1601        struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
1602        struct gss_cred *gss_cred = container_of(oldcred,
1603                                                 struct gss_cred,
1604                                                 gc_base);
1605        struct rpc_auth *auth = oldcred->cr_auth;
1606        struct auth_cred acred = {
1607                .cred = oldcred->cr_cred,
1608                .principal = gss_cred->gc_principal,
1609        };
1610        struct rpc_cred *new;
1611
1612        new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
1613        if (IS_ERR(new))
1614                return PTR_ERR(new);
1615
1616        task->tk_rqstp->rq_cred = new;
1617        put_rpccred(oldcred);
1618        return 0;
1619}
1620
1621static int gss_cred_is_negative_entry(struct rpc_cred *cred)
1622{
1623        if (test_bit(RPCAUTH_CRED_NEGATIVE, &cred->cr_flags)) {
1624                unsigned long now = jiffies;
1625                unsigned long begin, expire;
1626                struct gss_cred *gss_cred;
1627
1628                gss_cred = container_of(cred, struct gss_cred, gc_base);
1629                begin = gss_cred->gc_upcall_timestamp;
1630                expire = begin + gss_expired_cred_retry_delay * HZ;
1631
1632                if (time_in_range_open(now, begin, expire))
1633                        return 1;
1634        }
1635        return 0;
1636}
1637
1638/*
1639* Refresh credentials. XXX - finish
1640*/
1641static int
1642gss_refresh(struct rpc_task *task)
1643{
1644        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1645        int ret = 0;
1646
1647        if (gss_cred_is_negative_entry(cred))
1648                return -EKEYEXPIRED;
1649
1650        if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
1651                        !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
1652                ret = gss_renew_cred(task);
1653                if (ret < 0)
1654                        goto out;
1655                cred = task->tk_rqstp->rq_cred;
1656        }
1657
1658        if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
1659                ret = gss_refresh_upcall(task);
1660out:
1661        return ret;
1662}
1663
1664/* Dummy refresh routine: used only when destroying the context */
1665static int
1666gss_refresh_null(struct rpc_task *task)
1667{
1668        return 0;
1669}
1670
1671static int
1672gss_validate(struct rpc_task *task, struct xdr_stream *xdr)
1673{
1674        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1675        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1676        __be32          *p, *seq = NULL;
1677        struct kvec     iov;
1678        struct xdr_buf  verf_buf;
1679        struct xdr_netobj mic;
1680        u32             len, maj_stat;
1681        int             status;
1682
1683        p = xdr_inline_decode(xdr, 2 * sizeof(*p));
1684        if (!p)
1685                goto validate_failed;
1686        if (*p++ != rpc_auth_gss)
1687                goto validate_failed;
1688        len = be32_to_cpup(p);
1689        if (len > RPC_MAX_AUTH_SIZE)
1690                goto validate_failed;
1691        p = xdr_inline_decode(xdr, len);
1692        if (!p)
1693                goto validate_failed;
1694
1695        seq = kmalloc(4, GFP_NOFS);
1696        if (!seq)
1697                goto validate_failed;
1698        *seq = cpu_to_be32(task->tk_rqstp->rq_seqno);
1699        iov.iov_base = seq;
1700        iov.iov_len = 4;
1701        xdr_buf_from_iov(&iov, &verf_buf);
1702        mic.data = (u8 *)p;
1703        mic.len = len;
1704        maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1705        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1706                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1707        if (maj_stat)
1708                goto bad_mic;
1709
1710        /* We leave it to unwrap to calculate au_rslack. For now we just
1711         * calculate the length of the verifier: */
1712        if (test_bit(RPCAUTH_AUTH_UPDATE_SLACK, &cred->cr_auth->au_flags))
1713                cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1714        status = 0;
1715out:
1716        gss_put_ctx(ctx);
1717        kfree(seq);
1718        return status;
1719
1720validate_failed:
1721        status = -EIO;
1722        goto out;
1723bad_mic:
1724        trace_rpcgss_verify_mic(task, maj_stat);
1725        status = -EACCES;
1726        goto out;
1727}
1728
1729static noinline_for_stack int
1730gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1731                   struct rpc_task *task, struct xdr_stream *xdr)
1732{
1733        struct rpc_rqst *rqstp = task->tk_rqstp;
1734        struct xdr_buf integ_buf, *snd_buf = &rqstp->rq_snd_buf;
1735        struct xdr_netobj mic;
1736        __be32 *p, *integ_len;
1737        u32 offset, maj_stat;
1738
1739        p = xdr_reserve_space(xdr, 2 * sizeof(*p));
1740        if (!p)
1741                goto wrap_failed;
1742        integ_len = p++;
1743        *p = cpu_to_be32(rqstp->rq_seqno);
1744
1745        if (rpcauth_wrap_req_encode(task, xdr))
1746                goto wrap_failed;
1747
1748        offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1749        if (xdr_buf_subsegment(snd_buf, &integ_buf,
1750                                offset, snd_buf->len - offset))
1751                goto wrap_failed;
1752        *integ_len = cpu_to_be32(integ_buf.len);
1753
1754        p = xdr_reserve_space(xdr, 0);
1755        if (!p)
1756                goto wrap_failed;
1757        mic.data = (u8 *)(p + 1);
1758        maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1759        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1760                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1761        else if (maj_stat)
1762                goto bad_mic;
1763        /* Check that the trailing MIC fit in the buffer, after the fact */
1764        if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
1765                goto wrap_failed;
1766        return 0;
1767wrap_failed:
1768        return -EMSGSIZE;
1769bad_mic:
1770        trace_rpcgss_get_mic(task, maj_stat);
1771        return -EIO;
1772}
1773
1774static void
1775priv_release_snd_buf(struct rpc_rqst *rqstp)
1776{
1777        int i;
1778
1779        for (i=0; i < rqstp->rq_enc_pages_num; i++)
1780                __free_page(rqstp->rq_enc_pages[i]);
1781        kfree(rqstp->rq_enc_pages);
1782        rqstp->rq_release_snd_buf = NULL;
1783}
1784
1785static int
1786alloc_enc_pages(struct rpc_rqst *rqstp)
1787{
1788        struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1789        int first, last, i;
1790
1791        if (rqstp->rq_release_snd_buf)
1792                rqstp->rq_release_snd_buf(rqstp);
1793
1794        if (snd_buf->page_len == 0) {
1795                rqstp->rq_enc_pages_num = 0;
1796                return 0;
1797        }
1798
1799        first = snd_buf->page_base >> PAGE_SHIFT;
1800        last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_SHIFT;
1801        rqstp->rq_enc_pages_num = last - first + 1 + 1;
1802        rqstp->rq_enc_pages
1803                = kmalloc_array(rqstp->rq_enc_pages_num,
1804                                sizeof(struct page *),
1805                                GFP_NOFS);
1806        if (!rqstp->rq_enc_pages)
1807                goto out;
1808        for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1809                rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1810                if (rqstp->rq_enc_pages[i] == NULL)
1811                        goto out_free;
1812        }
1813        rqstp->rq_release_snd_buf = priv_release_snd_buf;
1814        return 0;
1815out_free:
1816        rqstp->rq_enc_pages_num = i;
1817        priv_release_snd_buf(rqstp);
1818out:
1819        return -EAGAIN;
1820}
1821
1822static noinline_for_stack int
1823gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1824                  struct rpc_task *task, struct xdr_stream *xdr)
1825{
1826        struct rpc_rqst *rqstp = task->tk_rqstp;
1827        struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1828        u32             pad, offset, maj_stat;
1829        int             status;
1830        __be32          *p, *opaque_len;
1831        struct page     **inpages;
1832        int             first;
1833        struct kvec     *iov;
1834
1835        status = -EIO;
1836        p = xdr_reserve_space(xdr, 2 * sizeof(*p));
1837        if (!p)
1838                goto wrap_failed;
1839        opaque_len = p++;
1840        *p = cpu_to_be32(rqstp->rq_seqno);
1841
1842        if (rpcauth_wrap_req_encode(task, xdr))
1843                goto wrap_failed;
1844
1845        status = alloc_enc_pages(rqstp);
1846        if (unlikely(status))
1847                goto wrap_failed;
1848        first = snd_buf->page_base >> PAGE_SHIFT;
1849        inpages = snd_buf->pages + first;
1850        snd_buf->pages = rqstp->rq_enc_pages;
1851        snd_buf->page_base -= first << PAGE_SHIFT;
1852        /*
1853         * Move the tail into its own page, in case gss_wrap needs
1854         * more space in the head when wrapping.
1855         *
1856         * Still... Why can't gss_wrap just slide the tail down?
1857         */
1858        if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1859                char *tmp;
1860
1861                tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1862                memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1863                snd_buf->tail[0].iov_base = tmp;
1864        }
1865        offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1866        maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1867        /* slack space should prevent this ever happening: */
1868        if (unlikely(snd_buf->len > snd_buf->buflen))
1869                goto wrap_failed;
1870        /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1871         * done anyway, so it's safe to put the request on the wire: */
1872        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1873                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1874        else if (maj_stat)
1875                goto bad_wrap;
1876
1877        *opaque_len = cpu_to_be32(snd_buf->len - offset);
1878        /* guess whether the pad goes into the head or the tail: */
1879        if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1880                iov = snd_buf->tail;
1881        else
1882                iov = snd_buf->head;
1883        p = iov->iov_base + iov->iov_len;
1884        pad = xdr_pad_size(snd_buf->len - offset);
1885        memset(p, 0, pad);
1886        iov->iov_len += pad;
1887        snd_buf->len += pad;
1888
1889        return 0;
1890wrap_failed:
1891        return status;
1892bad_wrap:
1893        trace_rpcgss_wrap(task, maj_stat);
1894        return -EIO;
1895}
1896
1897static int gss_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
1898{
1899        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1900        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1901                        gc_base);
1902        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1903        int status;
1904
1905        status = -EIO;
1906        if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1907                /* The spec seems a little ambiguous here, but I think that not
1908                 * wrapping context destruction requests makes the most sense.
1909                 */
1910                status = rpcauth_wrap_req_encode(task, xdr);
1911                goto out;
1912        }
1913        switch (gss_cred->gc_service) {
1914        case RPC_GSS_SVC_NONE:
1915                status = rpcauth_wrap_req_encode(task, xdr);
1916                break;
1917        case RPC_GSS_SVC_INTEGRITY:
1918                status = gss_wrap_req_integ(cred, ctx, task, xdr);
1919                break;
1920        case RPC_GSS_SVC_PRIVACY:
1921                status = gss_wrap_req_priv(cred, ctx, task, xdr);
1922                break;
1923        default:
1924                status = -EIO;
1925        }
1926out:
1927        gss_put_ctx(ctx);
1928        return status;
1929}
1930
1931/**
1932 * gss_update_rslack - Possibly update RPC receive buffer size estimates
1933 * @task: rpc_task for incoming RPC Reply being unwrapped
1934 * @cred: controlling rpc_cred for @task
1935 * @before: XDR words needed before each RPC Reply message
1936 * @after: XDR words needed following each RPC Reply message
1937 *
1938 */
1939static void gss_update_rslack(struct rpc_task *task, struct rpc_cred *cred,
1940                              unsigned int before, unsigned int after)
1941{
1942        struct rpc_auth *auth = cred->cr_auth;
1943
1944        if (test_and_clear_bit(RPCAUTH_AUTH_UPDATE_SLACK, &auth->au_flags)) {
1945                auth->au_ralign = auth->au_verfsize + before;
1946                auth->au_rslack = auth->au_verfsize + after;
1947                trace_rpcgss_update_slack(task, auth);
1948        }
1949}
1950
1951static int
1952gss_unwrap_resp_auth(struct rpc_task *task, struct rpc_cred *cred)
1953{
1954        gss_update_rslack(task, cred, 0, 0);
1955        return 0;
1956}
1957
1958/*
1959 * RFC 2203, Section 5.3.2.2
1960 *
1961 *      struct rpc_gss_integ_data {
1962 *              opaque databody_integ<>;
1963 *              opaque checksum<>;
1964 *      };
1965 *
1966 *      struct rpc_gss_data_t {
1967 *              unsigned int seq_num;
1968 *              proc_req_arg_t arg;
1969 *      };
1970 */
1971static noinline_for_stack int
1972gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred,
1973                      struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
1974                      struct xdr_stream *xdr)
1975{
1976        struct xdr_buf gss_data, *rcv_buf = &rqstp->rq_rcv_buf;
1977        u32 len, offset, seqno, maj_stat;
1978        struct xdr_netobj mic;
1979        int ret;
1980
1981        ret = -EIO;
1982        mic.data = NULL;
1983
1984        /* opaque databody_integ<>; */
1985        if (xdr_stream_decode_u32(xdr, &len))
1986                goto unwrap_failed;
1987        if (len & 3)
1988                goto unwrap_failed;
1989        offset = rcv_buf->len - xdr_stream_remaining(xdr);
1990        if (xdr_stream_decode_u32(xdr, &seqno))
1991                goto unwrap_failed;
1992        if (seqno != rqstp->rq_seqno)
1993                goto bad_seqno;
1994        if (xdr_buf_subsegment(rcv_buf, &gss_data, offset, len))
1995                goto unwrap_failed;
1996
1997        /*
1998         * The xdr_stream now points to the beginning of the
1999         * upper layer payload, to be passed below to
2000         * rpcauth_unwrap_resp_decode(). The checksum, which

2001         * follows the upper layer payload in @rcv_buf, is
2002         * located and parsed without updating the xdr_stream.
2003         */
2004
2005        /* opaque checksum<>; */
2006        offset += len;
2007        if (xdr_decode_word(rcv_buf, offset, &len))
2008                goto unwrap_failed;
2009        offset += sizeof(__be32);
2010        if (offset + len > rcv_buf->len)
2011                goto unwrap_failed;
2012        mic.len = len;
2013        mic.data = kmalloc(len, GFP_NOFS);
2014        if (!mic.data)
2015                goto unwrap_failed;
2016        if (read_bytes_from_xdr_buf(rcv_buf, offset, mic.data, mic.len))
2017                goto unwrap_failed;
2018
2019        maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &gss_data, &mic);
2020        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
2021                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
2022        if (maj_stat != GSS_S_COMPLETE)
2023                goto bad_mic;
2024
2025        gss_update_rslack(task, cred, 2, 2 + 1 + XDR_QUADLEN(mic.len));
2026        ret = 0;
2027
2028out:
2029        kfree(mic.data);
2030        return ret;
2031
2032unwrap_failed:
2033        trace_rpcgss_unwrap_failed(task);
2034        goto out;
2035bad_seqno:
2036        trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, seqno);
2037        goto out;
2038bad_mic:
2039        trace_rpcgss_verify_mic(task, maj_stat);
2040        goto out;
2041}
2042
2043static noinline_for_stack int
2044gss_unwrap_resp_priv(struct rpc_task *task, struct rpc_cred *cred,
2045                     struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
2046                     struct xdr_stream *xdr)
2047{
2048        struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
2049        struct kvec *head = rqstp->rq_rcv_buf.head;
2050        u32 offset, opaque_len, maj_stat;
2051        __be32 *p;
2052
2053        p = xdr_inline_decode(xdr, 2 * sizeof(*p));
2054        if (unlikely(!p))
2055                goto unwrap_failed;
2056        opaque_len = be32_to_cpup(p++);
2057        offset = (u8 *)(p) - (u8 *)head->iov_base;
2058        if (offset + opaque_len > rcv_buf->len)
2059                goto unwrap_failed;
2060
2061        maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset,
2062                              offset + opaque_len, rcv_buf);
2063        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
2064                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
2065        if (maj_stat != GSS_S_COMPLETE)
2066                goto bad_unwrap;
2067        /* gss_unwrap decrypted the sequence number */
2068        if (be32_to_cpup(p++) != rqstp->rq_seqno)
2069                goto bad_seqno;
2070
2071        /* gss_unwrap redacts the opaque blob from the head iovec.
2072         * rcv_buf has changed, thus the stream needs to be reset.
2073         */
2074        xdr_init_decode(xdr, rcv_buf, p, rqstp);
2075
2076        gss_update_rslack(task, cred, 2 + ctx->gc_gss_ctx->align,
2077                          2 + ctx->gc_gss_ctx->slack);
2078
2079        return 0;
2080unwrap_failed:
2081        trace_rpcgss_unwrap_failed(task);
2082        return -EIO;
2083bad_seqno:
2084        trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, be32_to_cpup(--p));
2085        return -EIO;
2086bad_unwrap:
2087        trace_rpcgss_unwrap(task, maj_stat);
2088        return -EIO;
2089}
2090
2091static bool
2092gss_seq_is_newer(u32 new, u32 old)
2093{
2094        return (s32)(new - old) > 0;
2095}
2096
2097static bool
2098gss_xmit_need_reencode(struct rpc_task *task)
2099{
2100        struct rpc_rqst *req = task->tk_rqstp;
2101        struct rpc_cred *cred = req->rq_cred;
2102        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
2103        u32 win, seq_xmit = 0;
2104        bool ret = true;
2105
2106        if (!ctx)
2107                goto out;
2108
2109        if (gss_seq_is_newer(req->rq_seqno, READ_ONCE(ctx->gc_seq)))
2110                goto out_ctx;
2111
2112        seq_xmit = READ_ONCE(ctx->gc_seq_xmit);
2113        while (gss_seq_is_newer(req->rq_seqno, seq_xmit)) {
2114                u32 tmp = seq_xmit;
2115
2116                seq_xmit = cmpxchg(&ctx->gc_seq_xmit, tmp, req->rq_seqno);
2117                if (seq_xmit == tmp) {
2118                        ret = false;
2119                        goto out_ctx;
2120                }
2121        }
2122
2123        win = ctx->gc_win;
2124        if (win > 0)
2125                ret = !gss_seq_is_newer(req->rq_seqno, seq_xmit - win);
2126
2127out_ctx:
2128        gss_put_ctx(ctx);
2129out:
2130        trace_rpcgss_need_reencode(task, seq_xmit, ret);
2131        return ret;
2132}
2133
2134static int
2135gss_unwrap_resp(struct rpc_task *task, struct xdr_stream *xdr)
2136{
2137        struct rpc_rqst *rqstp = task->tk_rqstp;
2138        struct rpc_cred *cred = rqstp->rq_cred;
2139        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
2140                        gc_base);
2141        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
2142        int status = -EIO;
2143
2144        if (ctx->gc_proc != RPC_GSS_PROC_DATA)
2145                goto out_decode;
2146        switch (gss_cred->gc_service) {
2147        case RPC_GSS_SVC_NONE:
2148                status = gss_unwrap_resp_auth(task, cred);
2149                break;
2150        case RPC_GSS_SVC_INTEGRITY:
2151                status = gss_unwrap_resp_integ(task, cred, ctx, rqstp, xdr);
2152                break;
2153        case RPC_GSS_SVC_PRIVACY:
2154                status = gss_unwrap_resp_priv(task, cred, ctx, rqstp, xdr);
2155                break;
2156        }
2157        if (status)
2158                goto out;
2159
2160out_decode:
2161        status = rpcauth_unwrap_resp_decode(task, xdr);
2162out:
2163        gss_put_ctx(ctx);
2164        return status;
2165}
2166
2167static const struct rpc_authops authgss_ops = {
2168        .owner          = THIS_MODULE,
2169        .au_flavor      = RPC_AUTH_GSS,
2170        .au_name        = "RPCSEC_GSS",
2171        .create         = gss_create,
2172        .destroy        = gss_destroy,
2173        .hash_cred      = gss_hash_cred,
2174        .lookup_cred    = gss_lookup_cred,
2175        .crcreate       = gss_create_cred,
2176        .info2flavor    = gss_mech_info2flavor,
2177        .flavor2info    = gss_mech_flavor2info,
2178};
2179
2180static const struct rpc_credops gss_credops = {
2181        .cr_name                = "AUTH_GSS",
2182        .crdestroy              = gss_destroy_cred,
2183        .cr_init                = gss_cred_init,
2184        .crmatch                = gss_match,
2185        .crmarshal              = gss_marshal,
2186        .crrefresh              = gss_refresh,
2187        .crvalidate             = gss_validate,
2188        .crwrap_req             = gss_wrap_req,
2189        .crunwrap_resp          = gss_unwrap_resp,
2190        .crkey_timeout          = gss_key_timeout,
2191        .crstringify_acceptor   = gss_stringify_acceptor,
2192        .crneed_reencode        = gss_xmit_need_reencode,
2193};
2194
2195static const struct rpc_credops gss_nullops = {
2196        .cr_name                = "AUTH_GSS",
2197        .crdestroy              = gss_destroy_nullcred,
2198        .crmatch                = gss_match,
2199        .crmarshal              = gss_marshal,
2200        .crrefresh              = gss_refresh_null,
2201        .crvalidate             = gss_validate,
2202        .crwrap_req             = gss_wrap_req,
2203        .crunwrap_resp          = gss_unwrap_resp,
2204        .crstringify_acceptor   = gss_stringify_acceptor,
2205};
2206
2207static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
2208        .upcall         = gss_v0_upcall,
2209        .downcall       = gss_pipe_downcall,
2210        .destroy_msg    = gss_pipe_destroy_msg,
2211        .open_pipe      = gss_pipe_open_v0,
2212        .release_pipe   = gss_pipe_release,
2213};
2214
2215static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
2216        .upcall         = gss_v1_upcall,
2217        .downcall       = gss_pipe_downcall,
2218        .destroy_msg    = gss_pipe_destroy_msg,
2219        .open_pipe      = gss_pipe_open_v1,
2220        .release_pipe   = gss_pipe_release,
2221};
2222
2223static __net_init int rpcsec_gss_init_net(struct net *net)
2224{
2225        return gss_svc_init_net(net);
2226}
2227
2228static __net_exit void rpcsec_gss_exit_net(struct net *net)
2229{
2230        gss_svc_shutdown_net(net);
2231}
2232
2233static struct pernet_operations rpcsec_gss_net_ops = {
2234        .init = rpcsec_gss_init_net,
2235        .exit = rpcsec_gss_exit_net,
2236};
2237
2238/*
2239 * Initialize RPCSEC_GSS module
2240 */
2241static int __init init_rpcsec_gss(void)
2242{
2243        int err = 0;
2244
2245        err = rpcauth_register(&authgss_ops);
2246        if (err)
2247                goto out;
2248        err = gss_svc_init();
2249        if (err)
2250                goto out_unregister;
2251        err = register_pernet_subsys(&rpcsec_gss_net_ops);
2252        if (err)
2253                goto out_svc_exit;
2254        rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
2255        return 0;
2256out_svc_exit:
2257        gss_svc_shutdown();
2258out_unregister:
2259        rpcauth_unregister(&authgss_ops);
2260out:
2261        return err;
2262}
2263
2264static void __exit exit_rpcsec_gss(void)
2265{
2266        unregister_pernet_subsys(&rpcsec_gss_net_ops);
2267        gss_svc_shutdown();
2268        rpcauth_unregister(&authgss_ops);
2269        rcu_barrier(); /* Wait for completion of call_rcu()'s */
2270}
2271
2272MODULE_ALIAS("rpc-auth-6");
2273MODULE_LICENSE("GPL");
2274module_param_named(expired_cred_retry_delay,
2275                   gss_expired_cred_retry_delay,
2276                   uint, 0644);
2277MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
2278                "the RPC engine retries an expired credential");
2279
2280module_param_named(key_expire_timeo,
2281                   gss_key_expire_timeo,
2282                   uint, 0644);
2283MODULE_PARM_DESC(key_expire_timeo, "Time (in seconds) at the end of a "
2284                "credential keys lifetime where the NFS layer cleans up "
2285                "prior to key expiration");
2286
2287module_init(init_rpcsec_gss)
2288module_exit(exit_rpcsec_gss)
2289
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.