1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39#include <linux/module.h>
40#include <linux/init.h>
41#include <linux/types.h>
42#include <linux/slab.h>
43#include <linux/sched.h>
44#include <linux/pagemap.h>
45#include <linux/sunrpc/clnt.h>
46#include <linux/sunrpc/auth.h>
47#include <linux/sunrpc/auth_gss.h>
48#include <linux/sunrpc/svcauth_gss.h>
49#include <linux/sunrpc/gss_err.h>
50#include <linux/workqueue.h>
51#include <linux/sunrpc/rpc_pipe_fs.h>
52#include <linux/sunrpc/gss_api.h>
53#include <asm/uaccess.h>
54
55#include "../netns.h"
56
57static const struct rpc_authops authgss_ops;
58
59static const struct rpc_credops gss_credops;
60static const struct rpc_credops gss_nullops;
61
62#define GSS_RETRY_EXPIRED 5
63static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
64
65#ifdef RPC_DEBUG
66# define RPCDBG_FACILITY RPCDBG_AUTH
67#endif
68
69#define GSS_CRED_SLACK (RPC_MAX_AUTH_SIZE * 2)
70
71
72#define GSS_VERF_SLACK 100
73
74struct gss_auth {
75 struct kref kref;
76 struct rpc_auth rpc_auth;
77 struct gss_api_mech *mech;
78 enum rpc_gss_svc service;
79 struct rpc_clnt *client;
80
81
82
83
84
85
86 struct rpc_pipe *pipe[2];
87};
88
89
90static DEFINE_SPINLOCK(pipe_version_lock);
91static struct rpc_wait_queue pipe_version_rpc_waitqueue;
92static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
93
94static void gss_free_ctx(struct gss_cl_ctx *);
95static const struct rpc_pipe_ops gss_upcall_ops_v0;
96static const struct rpc_pipe_ops gss_upcall_ops_v1;
97
98static inline struct gss_cl_ctx *
99gss_get_ctx(struct gss_cl_ctx *ctx)
100{
101 atomic_inc(&ctx->count);
102 return ctx;
103}
104
105static inline void
106gss_put_ctx(struct gss_cl_ctx *ctx)
107{
108 if (atomic_dec_and_test(&ctx->count))
109 gss_free_ctx(ctx);
110}
111
112
113
114
115
116
117static void
118gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
119{
120 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
121
122 if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
123 return;
124 gss_get_ctx(ctx);
125 rcu_assign_pointer(gss_cred->gc_ctx, ctx);
126 set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
127 smp_mb__before_clear_bit();
128 clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
129}
130
131static const void *
132simple_get_bytes(const void *p, const void *end, void *res, size_t len)
133{
134 const void *q = (const void *)((const char *)p + len);
135 if (unlikely(q > end || q < p))
136 return ERR_PTR(-EFAULT);
137 memcpy(res, p, len);
138 return q;
139}
140
141static inline const void *
142simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
143{
144 const void *q;
145 unsigned int len;
146
147 p = simple_get_bytes(p, end, &len, sizeof(len));
148 if (IS_ERR(p))
149 return p;
150 q = (const void *)((const char *)p + len);
151 if (unlikely(q > end || q < p))
152 return ERR_PTR(-EFAULT);
153 dest->data = kmemdup(p, len, GFP_NOFS);
154 if (unlikely(dest->data == NULL))
155 return ERR_PTR(-ENOMEM);
156 dest->len = len;
157 return q;
158}
159
160static struct gss_cl_ctx *
161gss_cred_get_ctx(struct rpc_cred *cred)
162{
163 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
164 struct gss_cl_ctx *ctx = NULL;
165
166 rcu_read_lock();
167 if (gss_cred->gc_ctx)
168 ctx = gss_get_ctx(gss_cred->gc_ctx);
169 rcu_read_unlock();
170 return ctx;
171}
172
173static struct gss_cl_ctx *
174gss_alloc_context(void)
175{
176 struct gss_cl_ctx *ctx;
177
178 ctx = kzalloc(sizeof(*ctx), GFP_NOFS);
179 if (ctx != NULL) {
180 ctx->gc_proc = RPC_GSS_PROC_DATA;
181 ctx->gc_seq = 1;
182 spin_lock_init(&ctx->gc_seq_lock);
183 atomic_set(&ctx->count,1);
184 }
185 return ctx;
186}
187
188#define GSSD_MIN_TIMEOUT (60 * 60)
189static const void *
190gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
191{
192 const void *q;
193 unsigned int seclen;
194 unsigned int timeout;
195 unsigned long now = jiffies;
196 u32 window_size;
197 int ret;
198
199
200
201
202
203 p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
204 if (IS_ERR(p))
205 goto err;
206 if (timeout == 0)
207 timeout = GSSD_MIN_TIMEOUT;
208 ctx->gc_expiry = now + ((unsigned long)timeout * HZ);
209
210
211
212 p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
213 if (IS_ERR(p))
214 goto err;
215 ctx->gc_win = window_size;
216
217 if (ctx->gc_win == 0) {
218
219
220
221
222 p = simple_get_bytes(p, end, &ret, sizeof(ret));
223 if (!IS_ERR(p))
224 p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
225 ERR_PTR(-EACCES);
226 goto err;
227 }
228
229 p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
230 if (IS_ERR(p))
231 goto err;
232
233 p = simple_get_bytes(p, end, &seclen, sizeof(seclen));
234 if (IS_ERR(p))
235 goto err;
236 q = (const void *)((const char *)p + seclen);
237 if (unlikely(q > end || q < p)) {
238 p = ERR_PTR(-EFAULT);
239 goto err;
240 }
241 ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, NULL, GFP_NOFS);
242 if (ret < 0) {
243 p = ERR_PTR(ret);
244 goto err;
245 }
246 dprintk("RPC: %s Success. gc_expiry %lu now %lu timeout %u\n",
247 __func__, ctx->gc_expiry, now, timeout);
248 return q;
249err:
250 dprintk("RPC: %s returns error %ld\n", __func__, -PTR_ERR(p));
251 return p;
252}
253
254#define UPCALL_BUF_LEN 128
255
256struct gss_upcall_msg {
257 atomic_t count;
258 kuid_t uid;
259 struct rpc_pipe_msg msg;
260 struct list_head list;
261 struct gss_auth *auth;
262 struct rpc_pipe *pipe;
263 struct rpc_wait_queue rpc_waitqueue;
264 wait_queue_head_t waitqueue;
265 struct gss_cl_ctx *ctx;
266 char databuf[UPCALL_BUF_LEN];
267};
268
269static int get_pipe_version(struct net *net)
270{
271 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
272 int ret;
273
274 spin_lock(&pipe_version_lock);
275 if (sn->pipe_version >= 0) {
276 atomic_inc(&sn->pipe_users);
277 ret = sn->pipe_version;
278 } else
279 ret = -EAGAIN;
280 spin_unlock(&pipe_version_lock);
281 return ret;
282}
283
284static void put_pipe_version(struct net *net)
285{
286 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
287
288 if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
289 sn->pipe_version = -1;
290 spin_unlock(&pipe_version_lock);
291 }
292}
293
294static void
295gss_release_msg(struct gss_upcall_msg *gss_msg)
296{
297 struct net *net = rpc_net_ns(gss_msg->auth->client);
298 if (!atomic_dec_and_test(&gss_msg->count))
299 return;
300 put_pipe_version(net);
301 BUG_ON(!list_empty(&gss_msg->list));
302 if (gss_msg->ctx != NULL)
303 gss_put_ctx(gss_msg->ctx);
304 rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
305 kfree(gss_msg);
306}
307
308static struct gss_upcall_msg *
309__gss_find_upcall(struct rpc_pipe *pipe, kuid_t uid)
310{
311 struct gss_upcall_msg *pos;
312 list_for_each_entry(pos, &pipe->in_downcall, list) {
313 if (!uid_eq(pos->uid, uid))
314 continue;
315 atomic_inc(&pos->count);
316 dprintk("RPC: %s found msg %p\n", __func__, pos);
317 return pos;
318 }
319 dprintk("RPC: %s found nothing\n", __func__);
320 return NULL;
321}
322
323
324
325
326
327static inline struct gss_upcall_msg *
328gss_add_msg(struct gss_upcall_msg *gss_msg)
329{
330 struct rpc_pipe *pipe = gss_msg->pipe;
331 struct gss_upcall_msg *old;
332
333 spin_lock(&pipe->lock);
334 old = __gss_find_upcall(pipe, gss_msg->uid);
335 if (old == NULL) {
336 atomic_inc(&gss_msg->count);
337 list_add(&gss_msg->list, &pipe->in_downcall);
338 } else
339 gss_msg = old;
340 spin_unlock(&pipe->lock);
341 return gss_msg;
342}
343
344static void
345__gss_unhash_msg(struct gss_upcall_msg *gss_msg)
346{
347 list_del_init(&gss_msg->list);
348 rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
349 wake_up_all(&gss_msg->waitqueue);
350 atomic_dec(&gss_msg->count);
351}
352
353static void
354gss_unhash_msg(struct gss_upcall_msg *gss_msg)
355{
356 struct rpc_pipe *pipe = gss_msg->pipe;
357
358 if (list_empty(&gss_msg->list))
359 return;
360 spin_lock(&pipe->lock);
361 if (!list_empty(&gss_msg->list))
362 __gss_unhash_msg(gss_msg);
363 spin_unlock(&pipe->lock);
364}
365
366static void
367gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss_msg)
368{
369 switch (gss_msg->msg.errno) {
370 case 0:
371 if (gss_msg->ctx == NULL)
372 break;
373 clear_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
374 gss_cred_set_ctx(&gss_cred->gc_base, gss_msg->ctx);
375 break;
376 case -EKEYEXPIRED:
377 set_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
378 }
379 gss_cred->gc_upcall_timestamp = jiffies;
380 gss_cred->gc_upcall = NULL;
381 rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
382}
383
384static void
385gss_upcall_callback(struct rpc_task *task)
386{
387 struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
388 struct gss_cred, gc_base);
389 struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
390 struct rpc_pipe *pipe = gss_msg->pipe;
391
392 spin_lock(&pipe->lock);
393 gss_handle_downcall_result(gss_cred, gss_msg);
394 spin_unlock(&pipe->lock);
395 task->tk_status = gss_msg->msg.errno;
396 gss_release_msg(gss_msg);
397}
398
399static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
400{
401 uid_t uid = from_kuid(&init_user_ns, gss_msg->uid);
402 memcpy(gss_msg->databuf, &uid, sizeof(uid));
403 gss_msg->msg.data = gss_msg->databuf;
404 gss_msg->msg.len = sizeof(uid);
405 BUG_ON(sizeof(uid) > UPCALL_BUF_LEN);
406}
407
408static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
409 struct rpc_clnt *clnt,
410 const char *service_name)
411{
412 struct gss_api_mech *mech = gss_msg->auth->mech;
413 char *p = gss_msg->databuf;
414 int len = 0;
415
416 gss_msg->msg.len = sprintf(gss_msg->databuf, "mech=%s uid=%d ",
417 mech->gm_name,
418 from_kuid(&init_user_ns, gss_msg->uid));
419 p += gss_msg->msg.len;
420 if (clnt->cl_principal) {
421 len = sprintf(p, "target=%s ", clnt->cl_principal);
422 p += len;
423 gss_msg->msg.len += len;
424 }
425 if (service_name != NULL) {
426 len = sprintf(p, "service=%s ", service_name);
427 p += len;
428 gss_msg->msg.len += len;
429 }
430 if (mech->gm_upcall_enctypes) {
431 len = sprintf(p, "enctypes=%s ", mech->gm_upcall_enctypes);
432 p += len;
433 gss_msg->msg.len += len;
434 }
435 len = sprintf(p, "\n");
436 gss_msg->msg.len += len;
437
438 gss_msg->msg.data = gss_msg->databuf;
439 BUG_ON(gss_msg->msg.len > UPCALL_BUF_LEN);
440}
441
442static void gss_encode_msg(struct gss_upcall_msg *gss_msg,
443 struct rpc_clnt *clnt,
444 const char *service_name)
445{
446 struct net *net = rpc_net_ns(clnt);
447 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
448
449 if (sn->pipe_version == 0)
450 gss_encode_v0_msg(gss_msg);
451 else
452 gss_encode_v1_msg(gss_msg, clnt, service_name);
453}
454
455static struct gss_upcall_msg *
456gss_alloc_msg(struct gss_auth *gss_auth, struct rpc_clnt *clnt,
457 kuid_t uid, const char *service_name)
458{
459 struct gss_upcall_msg *gss_msg;
460 int vers;
461
462 gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
463 if (gss_msg == NULL)
464 return ERR_PTR(-ENOMEM);
465 vers = get_pipe_version(rpc_net_ns(clnt));
466 if (vers < 0) {
467 kfree(gss_msg);
468 return ERR_PTR(vers);
469 }
470 gss_msg->pipe = gss_auth->pipe[vers];
471 INIT_LIST_HEAD(&gss_msg->list);
472 rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
473 init_waitqueue_head(&gss_msg->waitqueue);
474 atomic_set(&gss_msg->count, 1);
475 gss_msg->uid = uid;
476 gss_msg->auth = gss_auth;
477 gss_encode_msg(gss_msg, clnt, service_name);
478 return gss_msg;
479}
480
481static struct gss_upcall_msg *
482gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
483{
484 struct gss_cred *gss_cred = container_of(cred,
485 struct gss_cred, gc_base);
486 struct gss_upcall_msg *gss_new, *gss_msg;
487 kuid_t uid = cred->cr_uid;
488
489 gss_new = gss_alloc_msg(gss_auth, clnt, uid, gss_cred->gc_principal);
490 if (IS_ERR(gss_new))
491 return gss_new;
492 gss_msg = gss_add_msg(gss_new);
493 if (gss_msg == gss_new) {
494 int res = rpc_queue_upcall(gss_new->pipe, &gss_new->msg);
495 if (res) {
496 gss_unhash_msg(gss_new);
497 gss_msg = ERR_PTR(res);
498 }
499 } else
500 gss_release_msg(gss_new);
501 return gss_msg;
502}
503
504static void warn_gssd(void)
505{
506 static unsigned long ratelimit;
507 unsigned long now = jiffies;
508
509 if (time_after(now, ratelimit)) {
510 printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
511 "Please check user daemon is running.\n");
512 ratelimit = now + 15*HZ;
513 }
514}
515
516static inline int
517gss_refresh_upcall(struct rpc_task *task)
518{
519 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
520 struct gss_auth *gss_auth = container_of(cred->cr_auth,
521 struct gss_auth, rpc_auth);
522 struct gss_cred *gss_cred = container_of(cred,
523 struct gss_cred, gc_base);
524 struct gss_upcall_msg *gss_msg;
525 struct rpc_pipe *pipe;
526 int err = 0;
527
528 dprintk("RPC: %5u %s for uid %u\n",
529 task->tk_pid, __func__, from_kuid(&init_user_ns, cred->cr_uid));
530 gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
531 if (PTR_ERR(gss_msg) == -EAGAIN) {
532
533
534 warn_gssd();
535 task->tk_timeout = 15*HZ;
536 rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL);
537 return -EAGAIN;
538 }
539 if (IS_ERR(gss_msg)) {
540 err = PTR_ERR(gss_msg);
541 goto out;
542 }
543 pipe = gss_msg->pipe;
544 spin_lock(&pipe->lock);
545 if (gss_cred->gc_upcall != NULL)
546 rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
547 else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
548 task->tk_timeout = 0;
549 gss_cred->gc_upcall = gss_msg;
550
551 atomic_inc(&gss_msg->count);
552 rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
553 } else {
554 gss_handle_downcall_result(gss_cred, gss_msg);
555 err = gss_msg->msg.errno;
556 }
557 spin_unlock(&pipe->lock);
558 gss_release_msg(gss_msg);
559out:
560 dprintk("RPC: %5u %s for uid %u result %d\n",
561 task->tk_pid, __func__,
562 from_kuid(&init_user_ns, cred->cr_uid), err);
563 return err;
564}
565
566static inline int
567gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
568{
569 struct net *net = rpc_net_ns(gss_auth->client);
570 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
571 struct rpc_pipe *pipe;
572 struct rpc_cred *cred = &gss_cred->gc_base;
573 struct gss_upcall_msg *gss_msg;
574 unsigned long timeout;
575 DEFINE_WAIT(wait);
576 int err;
577
578 dprintk("RPC: %s for uid %u\n",
579 __func__, from_kuid(&init_user_ns, cred->cr_uid));
580retry:
581 err = 0;
582
583 timeout = 15 * HZ;
584 if (!sn->gssd_running)
585 timeout = HZ >> 2;
586 gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
587 if (PTR_ERR(gss_msg) == -EAGAIN) {
588 err = wait_event_interruptible_timeout(pipe_version_waitqueue,
589 sn->pipe_version >= 0, timeout);
590 if (sn->pipe_version < 0) {
591 if (err == 0)
592 sn->gssd_running = 0;
593 warn_gssd();
594 err = -EACCES;
595 }
596 if (err < 0)
597 goto out;
598 goto retry;
599 }
600 if (IS_ERR(gss_msg)) {
601 err = PTR_ERR(gss_msg);
602 goto out;
603 }
604 pipe = gss_msg->pipe;
605 for (;;) {
606 prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
607 spin_lock(&pipe->lock);
608 if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
609 break;
610 }
611 spin_unlock(&pipe->lock);
612 if (fatal_signal_pending(current)) {
613 err = -ERESTARTSYS;
614 goto out_intr;
615 }
616 schedule();
617 }
618 if (gss_msg->ctx)
619 gss_cred_set_ctx(cred, gss_msg->ctx);
620 else
621 err = gss_msg->msg.errno;
622 spin_unlock(&pipe->lock);
623out_intr:
624 finish_wait(&gss_msg->waitqueue, &wait);
625 gss_release_msg(gss_msg);
626out:
627 dprintk("RPC: %s for uid %u result %d\n",
628 __func__, from_kuid(&init_user_ns, cred->cr_uid), err);
629 return err;
630}
631
632#define MSG_BUF_MAXSIZE 1024
633
634static ssize_t
635gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
636{
637 const void *p, *end;
638 void *buf;
639 struct gss_upcall_msg *gss_msg;
640 struct rpc_pipe *pipe = RPC_I(file_inode(filp))->pipe;
641 struct gss_cl_ctx *ctx;
642 uid_t id;
643 kuid_t uid;
644 ssize_t err = -EFBIG;
645
646 if (mlen > MSG_BUF_MAXSIZE)
647 goto out;
648 err = -ENOMEM;
649 buf = kmalloc(mlen, GFP_NOFS);
650 if (!buf)
651 goto out;
652
653 err = -EFAULT;
654 if (copy_from_user(buf, src, mlen))
655 goto err;
656
657 end = (const void *)((char *)buf + mlen);
658 p = simple_get_bytes(buf, end, &id, sizeof(id));
659 if (IS_ERR(p)) {
660 err = PTR_ERR(p);
661 goto err;
662 }
663
664 uid = make_kuid(&init_user_ns, id);
665 if (!uid_valid(uid)) {
666 err = -EINVAL;
667 goto err;
668 }
669
670 err = -ENOMEM;
671 ctx = gss_alloc_context();
672 if (ctx == NULL)
673 goto err;
674
675 err = -ENOENT;
676
677 spin_lock(&pipe->lock);
678 gss_msg = __gss_find_upcall(pipe, uid);
679 if (gss_msg == NULL) {
680 spin_unlock(&pipe->lock);
681 goto err_put_ctx;
682 }
683 list_del_init(&gss_msg->list);
684 spin_unlock(&pipe->lock);
685
686 p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
687 if (IS_ERR(p)) {
688 err = PTR_ERR(p);
689 switch (err) {
690 case -EACCES:
691 case -EKEYEXPIRED:
692 gss_msg->msg.errno = err;
693 err = mlen;
694 break;
695 case -EFAULT:
696 case -ENOMEM:
697 case -EINVAL:
698 case -ENOSYS:
699 gss_msg->msg.errno = -EAGAIN;
700 break;
701 default:
702 printk(KERN_CRIT "%s: bad return from "
703 "gss_fill_context: %zd\n", __func__, err);
704 BUG();
705 }
706 goto err_release_msg;
707 }
708 gss_msg->ctx = gss_get_ctx(ctx);
709 err = mlen;
710
711err_release_msg:
712 spin_lock(&pipe->lock);
713 __gss_unhash_msg(gss_msg);
714 spin_unlock(&pipe->lock);
715 gss_release_msg(gss_msg);
716err_put_ctx:
717 gss_put_ctx(ctx);
718err:
719 kfree(buf);
720out:
721 dprintk("RPC: %s returning %Zd\n", __func__, err);
722 return err;
723}
724
725static int gss_pipe_open(struct inode *inode, int new_version)
726{
727 struct net *net = inode->i_sb->s_fs_info;
728 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
729 int ret = 0;
730
731 spin_lock(&pipe_version_lock);
732 if (sn->pipe_version < 0) {
733
734 sn->pipe_version = new_version;
735 rpc_wake_up(&pipe_version_rpc_waitqueue);
736 wake_up(&pipe_version_waitqueue);
737 } else if (sn->pipe_version != new_version) {
738
739 ret = -EBUSY;
740 goto out;
741 }
742 atomic_inc(&sn->pipe_users);
743out:
744 spin_unlock(&pipe_version_lock);
745 return ret;
746
747}
748
749static int gss_pipe_open_v0(struct inode *inode)
750{
751 return gss_pipe_open(inode, 0);
752}
753
754static int gss_pipe_open_v1(struct inode *inode)
755{
756 return gss_pipe_open(inode, 1);
757}
758
759static void
760gss_pipe_release(struct inode *inode)
761{
762 struct net *net = inode->i_sb->s_fs_info;
763 struct rpc_pipe *pipe = RPC_I(inode)->pipe;
764 struct gss_upcall_msg *gss_msg;
765
766restart:
767 spin_lock(&pipe->lock);
768 list_for_each_entry(gss_msg, &pipe->in_downcall, list) {
769
770 if (!list_empty(&gss_msg->msg.list))
771 continue;
772 gss_msg->msg.errno = -EPIPE;
773 atomic_inc(&gss_msg->count);
774 __gss_unhash_msg(gss_msg);
775 spin_unlock(&pipe->lock);
776 gss_release_msg(gss_msg);
777 goto restart;
778 }
779 spin_unlock(&pipe->lock);
780
781 put_pipe_version(net);
782}
783
784static void
785gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
786{
787 struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
788
789 if (msg->errno < 0) {
790 dprintk("RPC: %s releasing msg %p\n",
791 __func__, gss_msg);
792 atomic_inc(&gss_msg->count);
793 gss_unhash_msg(gss_msg);
794 if (msg->errno == -ETIMEDOUT)
795 warn_gssd();
796 gss_release_msg(gss_msg);
797 }
798}
799
800static void gss_pipes_dentries_destroy(struct rpc_auth *auth)
801{
802 struct gss_auth *gss_auth;
803
804 gss_auth = container_of(auth, struct gss_auth, rpc_auth);
805 if (gss_auth->pipe[0]->dentry)
806 rpc_unlink(gss_auth->pipe[0]->dentry);
807 if (gss_auth->pipe[1]->dentry)
808 rpc_unlink(gss_auth->pipe[1]->dentry);
809}
810
811static int gss_pipes_dentries_create(struct rpc_auth *auth)
812{
813 int err;
814 struct gss_auth *gss_auth;
815 struct rpc_clnt *clnt;
816
817 gss_auth = container_of(auth, struct gss_auth, rpc_auth);
818 clnt = gss_auth->client;
819
820 gss_auth->pipe[1]->dentry = rpc_mkpipe_dentry(clnt->cl_dentry,
821 "gssd",
822 clnt, gss_auth->pipe[1]);
823 if (IS_ERR(gss_auth->pipe[1]->dentry))
824 return PTR_ERR(gss_auth->pipe[1]->dentry);
825 gss_auth->pipe[0]->dentry = rpc_mkpipe_dentry(clnt->cl_dentry,
826 gss_auth->mech->gm_name,
827 clnt, gss_auth->pipe[0]);
828 if (IS_ERR(gss_auth->pipe[0]->dentry)) {
829 err = PTR_ERR(gss_auth->pipe[0]->dentry);
830 goto err_unlink_pipe_1;
831 }
832 return 0;
833
834err_unlink_pipe_1:
835 rpc_unlink(gss_auth->pipe[1]->dentry);
836 return err;
837}
838
839static void gss_pipes_dentries_destroy_net(struct rpc_clnt *clnt,
840 struct rpc_auth *auth)
841{
842 struct net *net = rpc_net_ns(clnt);
843 struct super_block *sb;
844
845 sb = rpc_get_sb_net(net);
846 if (sb) {
847 if (clnt->cl_dentry)
848 gss_pipes_dentries_destroy(auth);
849 rpc_put_sb_net(net);
850 }
851}
852
853static int gss_pipes_dentries_create_net(struct rpc_clnt *clnt,
854 struct rpc_auth *auth)
855{
856 struct net *net = rpc_net_ns(clnt);
857 struct super_block *sb;
858 int err = 0;
859
860 sb = rpc_get_sb_net(net);
861 if (sb) {
862 if (clnt->cl_dentry)
863 err = gss_pipes_dentries_create(auth);
864 rpc_put_sb_net(net);
865 }
866 return err;
867}
868
869
870
871
872
873static struct rpc_auth *
874gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
875{
876 struct gss_auth *gss_auth;
877 struct rpc_auth * auth;
878 int err = -ENOMEM;
879
880 dprintk("RPC: creating GSS authenticator for client %p\n", clnt);
881
882 if (!try_module_get(THIS_MODULE))
883 return ERR_PTR(err);
884 if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
885 goto out_dec;
886 gss_auth->client = clnt;
887 err = -EINVAL;
888 gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
889 if (!gss_auth->mech) {
890 dprintk("RPC: Pseudoflavor %d not found!\n", flavor);
891 goto err_free;
892 }
893 gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
894 if (gss_auth->service == 0)
895 goto err_put_mech;
896 auth = &gss_auth->rpc_auth;
897 auth->au_cslack = GSS_CRED_SLACK >> 2;
898 auth->au_rslack = GSS_VERF_SLACK >> 2;
899 auth->au_ops = &authgss_ops;
900 auth->au_flavor = flavor;
901 atomic_set(&auth->au_count, 1);
902 kref_init(&gss_auth->kref);
903
904
905
906
907
908
909
910 gss_auth->pipe[1] = rpc_mkpipe_data(&gss_upcall_ops_v1,
911 RPC_PIPE_WAIT_FOR_OPEN);
912 if (IS_ERR(gss_auth->pipe[1])) {
913 err = PTR_ERR(gss_auth->pipe[1]);
914 goto err_put_mech;
915 }
916
917 gss_auth->pipe[0] = rpc_mkpipe_data(&gss_upcall_ops_v0,
918 RPC_PIPE_WAIT_FOR_OPEN);
919 if (IS_ERR(gss_auth->pipe[0])) {
920 err = PTR_ERR(gss_auth->pipe[0]);
921 goto err_destroy_pipe_1;
922 }
923 err = gss_pipes_dentries_create_net(clnt, auth);
924 if (err)
925 goto err_destroy_pipe_0;
926 err = rpcauth_init_credcache(auth);
927 if (err)
928 goto err_unlink_pipes;
929
930 return auth;
931err_unlink_pipes:
932 gss_pipes_dentries_destroy_net(clnt, auth);
933err_destroy_pipe_0:
934 rpc_destroy_pipe_data(gss_auth->pipe[0]);
935err_destroy_pipe_1:
936 rpc_destroy_pipe_data(gss_auth->pipe[1]);
937err_put_mech:
938 gss_mech_put(gss_auth->mech);
939err_free:
940 kfree(gss_auth);
941out_dec:
942 module_put(THIS_MODULE);
943 return ERR_PTR(err);
944}
945
946static void
947gss_free(struct gss_auth *gss_auth)
948{
949 gss_pipes_dentries_destroy_net(gss_auth->client, &gss_auth->rpc_auth);
950 rpc_destroy_pipe_data(gss_auth->pipe[0]);
951 rpc_destroy_pipe_data(gss_auth->pipe[1]);
952 gss_mech_put(gss_auth->mech);
953
954 kfree(gss_auth);
955 module_put(THIS_MODULE);
956}
957
958static void
959gss_free_callback(struct kref *kref)
960{
961 struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
962
963 gss_free(gss_auth);
964}
965
966static void
967gss_destroy(struct rpc_auth *auth)
968{
969 struct gss_auth *gss_auth;
970
971 dprintk("RPC: destroying GSS authenticator %p flavor %d\n",
972 auth, auth->au_flavor);
973
974 rpcauth_destroy_credcache(auth);
975
976 gss_auth = container_of(auth, struct gss_auth, rpc_auth);
977 kref_put(&gss_auth->kref, gss_free_callback);
978}
979
980
981
982
983
984
985
986static int
987gss_destroying_context(struct rpc_cred *cred)
988{
989 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
990 struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
991 struct rpc_task *task;
992
993 if (gss_cred->gc_ctx == NULL ||
994 test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
995 return 0;
996
997 gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
998 cred->cr_ops = &gss_nullops;
999
1000
1001
1002 get_rpccred(cred);
1003
1004 task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
1005 if (!IS_ERR(task))
1006 rpc_put_task(task);
1007
1008 put_rpccred(cred);
1009 return 1;
1010}
1011
1012
1013
1014
1015static void
1016gss_do_free_ctx(struct gss_cl_ctx *ctx)
1017{
1018 dprintk("RPC: %s\n", __func__);
1019
1020 gss_delete_sec_context(&ctx->gc_gss_ctx);
1021 kfree(ctx->gc_wire_ctx.data);
1022 kfree(ctx);
1023}
1024
1025static void
1026gss_free_ctx_callback(struct rcu_head *head)
1027{
1028 struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
1029 gss_do_free_ctx(ctx);
1030}
1031
1032static void
1033gss_free_ctx(struct gss_cl_ctx *ctx)
1034{
1035 call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
1036}
1037
1038static void
1039gss_free_cred(struct gss_cred *gss_cred)
1040{
1041 dprintk("RPC: %s cred=%p\n", __func__, gss_cred);
1042 kfree(gss_cred);
1043}
1044
1045static void
1046gss_free_cred_callback(struct rcu_head *head)
1047{
1048 struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
1049 gss_free_cred(gss_cred);
1050}
1051
1052static void
1053gss_destroy_nullcred(struct rpc_cred *cred)
1054{
1055 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1056 struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1057 struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
1058
1059 RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
1060 call_rcu(&cred->cr_rcu, gss_free_cred_callback);
1061 if (ctx)
1062 gss_put_ctx(ctx);
1063 kref_put(&gss_auth->kref, gss_free_callback);
1064}
1065
1066static void
1067gss_destroy_cred(struct rpc_cred *cred)
1068{
1069
1070 if (gss_destroying_context(cred))
1071 return;
1072 gss_destroy_nullcred(cred);
1073}
1074
1075
1076
1077
1078static struct rpc_cred *
1079gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
1080{
1081 return rpcauth_lookup_credcache(auth, acred, flags);
1082}
1083
1084static struct rpc_cred *
1085gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
1086{
1087 struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1088 struct gss_cred *cred = NULL;
1089 int err = -ENOMEM;
1090
1091 dprintk("RPC: %s for uid %d, flavor %d\n",
1092 __func__, from_kuid(&init_user_ns, acred->uid),
1093 auth->au_flavor);
1094
1095 if (!(cred = kzalloc(sizeof(*cred), GFP_NOFS)))
1096 goto out_err;
1097
1098 rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
1099
1100
1101
1102
1103 cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
1104 cred->gc_service = gss_auth->service;
1105 cred->gc_principal = NULL;
1106 if (acred->machine_cred)
1107 cred->gc_principal = acred->principal;
1108 kref_get(&gss_auth->kref);
1109 return &cred->gc_base;
1110
1111out_err:
1112 dprintk("RPC: %s failed with error %d\n", __func__, err);
1113 return ERR_PTR(err);
1114}
1115
1116static int
1117gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
1118{
1119 struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1120 struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
1121 int err;
1122
1123 do {
1124 err = gss_create_upcall(gss_auth, gss_cred);
1125 } while (err == -EAGAIN);
1126 return err;
1127}
1128
1129static int
1130gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
1131{
1132 struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1133
1134 if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
1135 goto out;
1136
1137 if (time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
1138 return 0;
1139 if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
1140 return 0;
1141out:
1142 if (acred->principal != NULL) {
1143 if (gss_cred->gc_principal == NULL)
1144 return 0;
1145 return strcmp(acred->principal, gss_cred->gc_principal) == 0;
1146 }
1147 if (gss_cred->gc_principal != NULL)
1148 return 0;
1149 return uid_eq(rc->cr_uid, acred->uid);
1150}
1151
1152
1153
1154
1155
1156static __be32 *
1157gss_marshal(struct rpc_task *task, __be32 *p)
1158{
1159 struct rpc_rqst *req = task->tk_rqstp;
1160 struct rpc_cred *cred = req->rq_cred;
1161 struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1162 gc_base);
1163 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1164 __be32 *cred_len;
1165 u32 maj_stat = 0;
1166 struct xdr_netobj mic;
1167 struct kvec iov;
1168 struct xdr_buf verf_buf;
1169
1170 dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1171
1172 *p++ = htonl(RPC_AUTH_GSS);
1173 cred_len = p++;
1174
1175 spin_lock(&ctx->gc_seq_lock);
1176 req->rq_seqno = ctx->gc_seq++;
1177 spin_unlock(&ctx->gc_seq_lock);
1178
1179 *p++ = htonl((u32) RPC_GSS_VERSION);
1180 *p++ = htonl((u32) ctx->gc_proc);
1181 *p++ = htonl((u32) req->rq_seqno);
1182 *p++ = htonl((u32) gss_cred->gc_service);
1183 p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
1184 *cred_len = htonl((p - (cred_len + 1)) << 2);
1185
1186
1187
1188 iov.iov_base = xprt_skip_transport_header(req->rq_xprt,
1189 req->rq_snd_buf.head[0].iov_base);
1190 iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
1191 xdr_buf_from_iov(&iov, &verf_buf);
1192
1193
1194 *p++ = htonl(RPC_AUTH_GSS);
1195
1196 mic.data = (u8 *)(p + 1);
1197 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1198 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
1199 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1200 } else if (maj_stat != 0) {
1201 printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
1202 goto out_put_ctx;
1203 }
1204 p = xdr_encode_opaque(p, NULL, mic.len);
1205 gss_put_ctx(ctx);
1206 return p;
1207out_put_ctx:
1208 gss_put_ctx(ctx);
1209 return NULL;
1210}
1211
1212static int gss_renew_cred(struct rpc_task *task)
1213{
1214 struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
1215 struct gss_cred *gss_cred = container_of(oldcred,
1216 struct gss_cred,
1217 gc_base);
1218 struct rpc_auth *auth = oldcred->cr_auth;
1219 struct auth_cred acred = {
1220 .uid = oldcred->cr_uid,
1221 .principal = gss_cred->gc_principal,
1222 .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0),
1223 };
1224 struct rpc_cred *new;
1225
1226 new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
1227 if (IS_ERR(new))
1228 return PTR_ERR(new);
1229 task->tk_rqstp->rq_cred = new;
1230 put_rpccred(oldcred);
1231 return 0;
1232}
1233
1234static int gss_cred_is_negative_entry(struct rpc_cred *cred)
1235{
1236 if (test_bit(RPCAUTH_CRED_NEGATIVE, &cred->cr_flags)) {
1237 unsigned long now = jiffies;
1238 unsigned long begin, expire;
1239 struct gss_cred *gss_cred;
1240
1241 gss_cred = container_of(cred, struct gss_cred, gc_base);
1242 begin = gss_cred->gc_upcall_timestamp;
1243 expire = begin + gss_expired_cred_retry_delay * HZ;
1244
1245 if (time_in_range_open(now, begin, expire))
1246 return 1;
1247 }
1248 return 0;
1249}
1250
1251
1252
1253
1254static int
1255gss_refresh(struct rpc_task *task)
1256{
1257 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1258 int ret = 0;
1259
1260 if (gss_cred_is_negative_entry(cred))
1261 return -EKEYEXPIRED;
1262
1263 if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
1264 !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
1265 ret = gss_renew_cred(task);
1266 if (ret < 0)
1267 goto out;
1268 cred = task->tk_rqstp->rq_cred;
1269 }
1270
1271 if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
1272 ret = gss_refresh_upcall(task);
1273out:
1274 return ret;
1275}
1276
1277
1278static int
1279gss_refresh_null(struct rpc_task *task)
1280{
1281 return -EACCES;
1282}
1283
1284static __be32 *
1285gss_validate(struct rpc_task *task, __be32 *p)
1286{
1287 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1288 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1289 __be32 seq;
1290 struct kvec iov;
1291 struct xdr_buf verf_buf;
1292 struct xdr_netobj mic;
1293 u32 flav,len;
1294 u32 maj_stat;
1295
1296 dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1297
1298 flav = ntohl(*p++);
1299 if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
1300 goto out_bad;
1301 if (flav != RPC_AUTH_GSS)
1302 goto out_bad;
1303 seq = htonl(task->tk_rqstp->rq_seqno);
1304 iov.iov_base = &seq;
1305 iov.iov_len = sizeof(seq);
1306 xdr_buf_from_iov(&iov, &verf_buf);
1307 mic.data = (u8 *)p;
1308 mic.len = len;
1309
1310 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1311 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1312 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1313 if (maj_stat) {
1314 dprintk("RPC: %5u %s: gss_verify_mic returned error 0x%08x\n",
1315 task->tk_pid, __func__, maj_stat);
1316 goto out_bad;
1317 }
1318
1319
1320 cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1321 gss_put_ctx(ctx);
1322 dprintk("RPC: %5u %s: gss_verify_mic succeeded.\n",
1323 task->tk_pid, __func__);
1324 return p + XDR_QUADLEN(len);
1325out_bad:
1326 gss_put_ctx(ctx);
1327 dprintk("RPC: %5u %s failed.\n", task->tk_pid, __func__);
1328 return NULL;
1329}
1330
1331static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
1332 __be32 *p, void *obj)
1333{
1334 struct xdr_stream xdr;
1335
1336 xdr_init_encode(&xdr, &rqstp->rq_snd_buf, p);
1337 encode(rqstp, &xdr, obj);
1338}
1339
1340static inline int
1341gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1342 kxdreproc_t encode, struct rpc_rqst *rqstp,
1343 __be32 *p, void *obj)
1344{
1345 struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1346 struct xdr_buf integ_buf;
1347 __be32 *integ_len = NULL;
1348 struct xdr_netobj mic;
1349 u32 offset;
1350 __be32 *q;
1351 struct kvec *iov;
1352 u32 maj_stat = 0;
1353 int status = -EIO;
1354
1355 integ_len = p++;
1356 offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1357 *p++ = htonl(rqstp->rq_seqno);
1358
1359 gss_wrap_req_encode(encode, rqstp, p, obj);
1360
1361 if (xdr_buf_subsegment(snd_buf, &integ_buf,
1362 offset, snd_buf->len - offset))
1363 return status;
1364 *integ_len = htonl(integ_buf.len);
1365
1366
1367 if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1368 iov = snd_buf->tail;
1369 else
1370 iov = snd_buf->head;
1371 p = iov->iov_base + iov->iov_len;
1372 mic.data = (u8 *)(p + 1);
1373
1374 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1375 status = -EIO;
1376 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1377 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1378 else if (maj_stat)
1379 return status;
1380 q = xdr_encode_opaque(p, NULL, mic.len);
1381
1382 offset = (u8 *)q - (u8 *)p;
1383 iov->iov_len += offset;
1384 snd_buf->len += offset;
1385 return 0;
1386}
1387
1388static void
1389priv_release_snd_buf(struct rpc_rqst *rqstp)
1390{
1391 int i;
1392
1393 for (i=0; i < rqstp->rq_enc_pages_num; i++)
1394 __free_page(rqstp->rq_enc_pages[i]);
1395 kfree(rqstp->rq_enc_pages);
1396}
1397
1398static int
1399alloc_enc_pages(struct rpc_rqst *rqstp)
1400{
1401 struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1402 int first, last, i;
1403
1404 if (snd_buf->page_len == 0) {
1405 rqstp->rq_enc_pages_num = 0;
1406 return 0;
1407 }
1408
1409 first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1410 last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
1411 rqstp->rq_enc_pages_num = last - first + 1 + 1;
1412 rqstp->rq_enc_pages
1413 = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
1414 GFP_NOFS);
1415 if (!rqstp->rq_enc_pages)
1416 goto out;
1417 for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1418 rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1419 if (rqstp->rq_enc_pages[i] == NULL)
1420 goto out_free;
1421 }
1422 rqstp->rq_release_snd_buf = priv_release_snd_buf;
1423 return 0;
1424out_free:
1425 rqstp->rq_enc_pages_num = i;
1426 priv_release_snd_buf(rqstp);
1427out:
1428 return -EAGAIN;
1429}
1430
1431static inline int
1432gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1433 kxdreproc_t encode, struct rpc_rqst *rqstp,
1434 __be32 *p, void *obj)
1435{
1436 struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1437 u32 offset;
1438 u32 maj_stat;
1439 int status;
1440 __be32 *opaque_len;
1441 struct page **inpages;
1442 int first;
1443 int pad;
1444 struct kvec *iov;
1445 char *tmp;
1446
1447 opaque_len = p++;
1448 offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1449 *p++ = htonl(rqstp->rq_seqno);
1450
1451 gss_wrap_req_encode(encode, rqstp, p, obj);
1452
1453 status = alloc_enc_pages(rqstp);
1454 if (status)
1455 return status;
1456 first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1457 inpages = snd_buf->pages + first;
1458 snd_buf->pages = rqstp->rq_enc_pages;
1459 snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1460
1461
1462
1463
1464
1465
1466
1467
1468 if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1469 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1470 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1471 snd_buf->tail[0].iov_base = tmp;
1472 }
1473 maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1474
1475 BUG_ON(snd_buf->len > snd_buf->buflen);
1476 status = -EIO;
1477
1478
1479 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1480 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1481 else if (maj_stat)
1482 return status;
1483
1484 *opaque_len = htonl(snd_buf->len - offset);
1485
1486 if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1487 iov = snd_buf->tail;
1488 else
1489 iov = snd_buf->head;
1490 p = iov->iov_base + iov->iov_len;
1491 pad = 3 - ((snd_buf->len - offset - 1) & 3);
1492 memset(p, 0, pad);
1493 iov->iov_len += pad;
1494 snd_buf->len += pad;
1495
1496 return 0;
1497}
1498
1499static int
1500gss_wrap_req(struct rpc_task *task,
1501 kxdreproc_t encode, void *rqstp, __be32 *p, void *obj)
1502{
1503 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1504 struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1505 gc_base);
1506 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1507 int status = -EIO;
1508
1509 dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1510 if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1511
1512
1513
1514 gss_wrap_req_encode(encode, rqstp, p, obj);
1515 status = 0;
1516 goto out;
1517 }
1518 switch (gss_cred->gc_service) {
1519 case RPC_GSS_SVC_NONE:
1520 gss_wrap_req_encode(encode, rqstp, p, obj);
1521 status = 0;
1522 break;
1523 case RPC_GSS_SVC_INTEGRITY:
1524 status = gss_wrap_req_integ(cred, ctx, encode, rqstp, p, obj);
1525 break;
1526 case RPC_GSS_SVC_PRIVACY:
1527 status = gss_wrap_req_priv(cred, ctx, encode, rqstp, p, obj);
1528 break;
1529 }
1530out:
1531 gss_put_ctx(ctx);
1532 dprintk("RPC: %5u %s returning %d\n", task->tk_pid, __func__, status);
1533 return status;
1534}
1535
1536static inline int
1537gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1538 struct rpc_rqst *rqstp, __be32 **p)
1539{
1540 struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
1541 struct xdr_buf integ_buf;
1542 struct xdr_netobj mic;
1543 u32 data_offset, mic_offset;
1544 u32 integ_len;
1545 u32 maj_stat;
1546 int status = -EIO;
1547
1548 integ_len = ntohl(*(*p)++);
1549 if (integ_len & 3)
1550 return status;
1551 data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1552 mic_offset = integ_len + data_offset;
1553 if (mic_offset > rcv_buf->len)
1554 return status;
1555 if (ntohl(*(*p)++) != rqstp->rq_seqno)
1556 return status;
1557
1558 if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1559 mic_offset - data_offset))
1560 return status;
1561
1562 if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1563 return status;
1564
1565 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1566 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1567 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1568 if (maj_stat != GSS_S_COMPLETE)
1569 return status;
1570 return 0;
1571}
1572
1573static inline int
1574gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1575 struct rpc_rqst *rqstp, __be32 **p)
1576{
1577 struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
1578 u32 offset;
1579 u32 opaque_len;
1580 u32 maj_stat;
1581 int status = -EIO;
1582
1583 opaque_len = ntohl(*(*p)++);
1584 offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1585 if (offset + opaque_len > rcv_buf->len)
1586 return status;
1587
1588 rcv_buf->len = offset + opaque_len;
1589
1590 maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1591 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1592 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1593 if (maj_stat != GSS_S_COMPLETE)
1594 return status;
1595 if (ntohl(*(*p)++) != rqstp->rq_seqno)
1596 return status;
1597
1598 return 0;
1599}
1600
1601static int
1602gss_unwrap_req_decode(kxdrdproc_t decode, struct rpc_rqst *rqstp,
1603 __be32 *p, void *obj)
1604{
1605 struct xdr_stream xdr;
1606
1607 xdr_init_decode(&xdr, &rqstp->rq_rcv_buf, p);
1608 return decode(rqstp, &xdr, obj);
1609}
1610
1611static int
1612gss_unwrap_resp(struct rpc_task *task,
1613 kxdrdproc_t decode, void *rqstp, __be32 *p, void *obj)
1614{
1615 struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1616 struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1617 gc_base);
1618 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1619 __be32 *savedp = p;
1620 struct kvec *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1621 int savedlen = head->iov_len;
1622 int status = -EIO;
1623
1624 if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1625 goto out_decode;
1626 switch (gss_cred->gc_service) {
1627 case RPC_GSS_SVC_NONE:
1628 break;
1629 case RPC_GSS_SVC_INTEGRITY:
1630 status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1631 if (status)
1632 goto out;
1633 break;
1634 case RPC_GSS_SVC_PRIVACY:
1635 status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1636 if (status)
1637 goto out;
1638 break;
1639 }
1640
1641 cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1642 + (savedlen - head->iov_len);
1643out_decode:
1644 status = gss_unwrap_req_decode(decode, rqstp, p, obj);
1645out:
1646 gss_put_ctx(ctx);
1647 dprintk("RPC: %5u %s returning %d\n",
1648 task->tk_pid, __func__, status);
1649 return status;
1650}
1651
1652static const struct rpc_authops authgss_ops = {
1653 .owner = THIS_MODULE,
1654 .au_flavor = RPC_AUTH_GSS,
1655 .au_name = "RPCSEC_GSS",
1656 .create = gss_create,
1657 .destroy = gss_destroy,
1658 .lookup_cred = gss_lookup_cred,
1659 .crcreate = gss_create_cred,
1660 .pipes_create = gss_pipes_dentries_create,
1661 .pipes_destroy = gss_pipes_dentries_destroy,
1662 .list_pseudoflavors = gss_mech_list_pseudoflavors,
1663 .info2flavor = gss_mech_info2flavor,
1664 .flavor2info = gss_mech_flavor2info,
1665};
1666
1667static const struct rpc_credops gss_credops = {
1668 .cr_name = "AUTH_GSS",
1669 .crdestroy = gss_destroy_cred,
1670 .cr_init = gss_cred_init,
1671 .crbind = rpcauth_generic_bind_cred,
1672 .crmatch = gss_match,
1673 .crmarshal = gss_marshal,
1674 .crrefresh = gss_refresh,
1675 .crvalidate = gss_validate,
1676 .crwrap_req = gss_wrap_req,
1677 .crunwrap_resp = gss_unwrap_resp,
1678};
1679
1680static const struct rpc_credops gss_nullops = {
1681 .cr_name = "AUTH_GSS",
1682 .crdestroy = gss_destroy_nullcred,
1683 .crbind = rpcauth_generic_bind_cred,
1684 .crmatch = gss_match,
1685 .crmarshal = gss_marshal,
1686 .crrefresh = gss_refresh_null,
1687 .crvalidate = gss_validate,
1688 .crwrap_req = gss_wrap_req,
1689 .crunwrap_resp = gss_unwrap_resp,
1690};
1691
1692static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
1693 .upcall = rpc_pipe_generic_upcall,
1694 .downcall = gss_pipe_downcall,
1695 .destroy_msg = gss_pipe_destroy_msg,
1696 .open_pipe = gss_pipe_open_v0,
1697 .release_pipe = gss_pipe_release,
1698};
1699
1700static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
1701 .upcall = rpc_pipe_generic_upcall,
1702 .downcall = gss_pipe_downcall,
1703 .destroy_msg = gss_pipe_destroy_msg,
1704 .open_pipe = gss_pipe_open_v1,
1705 .release_pipe = gss_pipe_release,
1706};
1707
1708static __net_init int rpcsec_gss_init_net(struct net *net)
1709{
1710 return gss_svc_init_net(net);
1711}
1712
1713static __net_exit void rpcsec_gss_exit_net(struct net *net)
1714{
1715 gss_svc_shutdown_net(net);
1716}
1717
1718static struct pernet_operations rpcsec_gss_net_ops = {
1719 .init = rpcsec_gss_init_net,
1720 .exit = rpcsec_gss_exit_net,
1721};
1722
1723
1724
1725
1726static int __init init_rpcsec_gss(void)
1727{
1728 int err = 0;
1729
1730 err = rpcauth_register(&authgss_ops);
1731 if (err)
1732 goto out;
1733 err = gss_svc_init();
1734 if (err)
1735 goto out_unregister;
1736 err = register_pernet_subsys(&rpcsec_gss_net_ops);
1737 if (err)
1738 goto out_svc_exit;
1739 rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
1740 return 0;
1741out_svc_exit:
1742 gss_svc_shutdown();
1743out_unregister:
1744 rpcauth_unregister(&authgss_ops);
1745out:
1746 return err;
1747}
1748
1749static void __exit exit_rpcsec_gss(void)
1750{
1751 unregister_pernet_subsys(&rpcsec_gss_net_ops);
1752 gss_svc_shutdown();
1753 rpcauth_unregister(&authgss_ops);
1754 rcu_barrier();
1755}
1756
1757MODULE_ALIAS("rpc-auth-6");
1758MODULE_LICENSE("GPL");
1759module_param_named(expired_cred_retry_delay,
1760 gss_expired_cred_retry_delay,
1761 uint, 0644);
1762MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
1763 "the RPC engine retries an expired credential");
1764
1765module_init(init_rpcsec_gss)
1766module_exit(exit_rpcsec_gss)
1767
