LXR linux/net/sunrpc/auth_gss/gss_rpc

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * GSS Proxy upcall module
   4 *
   5 *  Copyright (C) 2012 Simo Sorce <simo@redhat.com>
   6 */
   7
   8#include <linux/sunrpc/svcauth.h>
   9#include "gss_rpc_xdr.h"
  10
  11static int gssx_enc_bool(struct xdr_stream *xdr, int v)
  12{
  13        __be32 *p;
  14
  15        p = xdr_reserve_space(xdr, 4);
  16        if (unlikely(p == NULL))
  17                return -ENOSPC;
  18        *p = v ? xdr_one : xdr_zero;
  19        return 0;
  20}
  21
  22static int gssx_dec_bool(struct xdr_stream *xdr, u32 *v)
  23{
  24        __be32 *p;
  25
  26        p = xdr_inline_decode(xdr, 4);
  27        if (unlikely(p == NULL))
  28                return -ENOSPC;
  29        *v = be32_to_cpu(*p);
  30        return 0;
  31}
  32
  33static int gssx_enc_buffer(struct xdr_stream *xdr,
  34                           const gssx_buffer *buf)
  35{
  36        __be32 *p;
  37
  38        p = xdr_reserve_space(xdr, sizeof(u32) + buf->len);
  39        if (!p)
  40                return -ENOSPC;
  41        xdr_encode_opaque(p, buf->data, buf->len);
  42        return 0;
  43}
  44
  45static int gssx_enc_in_token(struct xdr_stream *xdr,
  46                             const struct gssp_in_token *in)
  47{
  48        __be32 *p;
  49
  50        p = xdr_reserve_space(xdr, 4);
  51        if (!p)
  52                return -ENOSPC;
  53        *p = cpu_to_be32(in->page_len);
  54
  55        /* all we need to do is to write pages */
  56        xdr_write_pages(xdr, in->pages, in->page_base, in->page_len);
  57
  58        return 0;
  59}
  60
  61
  62static int gssx_dec_buffer(struct xdr_stream *xdr,
  63                           gssx_buffer *buf)
  64{
  65        u32 length;
  66        __be32 *p;
  67
  68        p = xdr_inline_decode(xdr, 4);
  69        if (unlikely(p == NULL))
  70                return -ENOSPC;
  71
  72        length = be32_to_cpup(p);
  73        p = xdr_inline_decode(xdr, length);
  74        if (unlikely(p == NULL))
  75                return -ENOSPC;
  76
  77        if (buf->len == 0) {
  78                /* we intentionally are not interested in this buffer */
  79                return 0;
  80        }
  81        if (length > buf->len)
  82                return -ENOSPC;
  83
  84        if (!buf->data) {
  85                buf->data = kmemdup(p, length, GFP_KERNEL);
  86                if (!buf->data)
  87                        return -ENOMEM;
  88        } else {
  89                memcpy(buf->data, p, length);
  90        }
  91        buf->len = length;
  92        return 0;
  93}
  94
  95static int gssx_enc_option(struct xdr_stream *xdr,
  96                           struct gssx_option *opt)
  97{
  98        int err;
  99
 100        err = gssx_enc_buffer(xdr, &opt->option);
 101        if (err)
 102                return err;
 103        err = gssx_enc_buffer(xdr, &opt->value);
 104        return err;
 105}
 106
 107static int gssx_dec_option(struct xdr_stream *xdr,
 108                           struct gssx_option *opt)
 109{
 110        int err;
 111
 112        err = gssx_dec_buffer(xdr, &opt->option);
 113        if (err)
 114                return err;
 115        err = gssx_dec_buffer(xdr, &opt->value);
 116        return err;
 117}
 118
 119static int dummy_enc_opt_array(struct xdr_stream *xdr,
 120                                const struct gssx_option_array *oa)
 121{
 122        __be32 *p;
 123
 124        if (oa->count != 0)
 125                return -EINVAL;
 126
 127        p = xdr_reserve_space(xdr, 4);
 128        if (!p)
 129                return -ENOSPC;
 130        *p = 0;
 131
 132        return 0;
 133}
 134
 135static int dummy_dec_opt_array(struct xdr_stream *xdr,
 136                                struct gssx_option_array *oa)
 137{
 138        struct gssx_option dummy;
 139        u32 count, i;
 140        __be32 *p;
 141
 142        p = xdr_inline_decode(xdr, 4);
 143        if (unlikely(p == NULL))
 144                return -ENOSPC;
 145        count = be32_to_cpup(p++);
 146        memset(&dummy, 0, sizeof(dummy));
 147        for (i = 0; i < count; i++) {
 148                gssx_dec_option(xdr, &dummy);
 149        }
 150
 151        oa->count = 0;
 152        oa->data = NULL;
 153        return 0;
 154}
 155
 156static int get_host_u32(struct xdr_stream *xdr, u32 *res)
 157{
 158        __be32 *p;
 159
 160        p = xdr_inline_decode(xdr, 4);
 161        if (!p)
 162                return -EINVAL;
 163        /* Contents of linux creds are all host-endian: */
 164        memcpy(res, p, sizeof(u32));
 165        return 0;
 166}
 167
 168static int gssx_dec_linux_creds(struct xdr_stream *xdr,
 169                                struct svc_cred *creds)
 170{
 171        u32 length;
 172        __be32 *p;
 173        u32 tmp;
 174        u32 N;
 175        int i, err;
 176
 177        p = xdr_inline_decode(xdr, 4);
 178        if (unlikely(p == NULL))
 179                return -ENOSPC;
 180
 181        length = be32_to_cpup(p);
 182
 183        if (length > (3 + NGROUPS_MAX) * sizeof(u32))
 184                return -ENOSPC;
 185
 186        /* uid */
 187        err = get_host_u32(xdr, &tmp);
 188        if (err)
 189                return err;
 190        creds->cr_uid = make_kuid(&init_user_ns, tmp);
 191
 192        /* gid */
 193        err = get_host_u32(xdr, &tmp);
 194        if (err)
 195                return err;
 196        creds->cr_gid = make_kgid(&init_user_ns, tmp);
 197
 198        /* number of additional gid's */
 199        err = get_host_u32(xdr, &tmp);
 200        if (err)
 201                return err;
 202        N = tmp;
 203        if ((3 + N) * sizeof(u32) != length)
 204                return -EINVAL;
 205        creds->cr_group_info = groups_alloc(N);
 206        if (creds->cr_group_info == NULL)
 207                return -ENOMEM;
 208
 209        /* gid's */
 210        for (i = 0; i < N; i++) {
 211                kgid_t kgid;
 212                err = get_host_u32(xdr, &tmp);
 213                if (err)
 214                        goto out_free_groups;
 215                err = -EINVAL;
 216                kgid = make_kgid(&init_user_ns, tmp);
 217                if (!gid_valid(kgid))
 218                        goto out_free_groups;
 219                creds->cr_group_info->gid[i] = kgid;
 220        }
 221        groups_sort(creds->cr_group_info);
 222
 223        return 0;
 224out_free_groups:
 225        groups_free(creds->cr_group_info);
 226        return err;
 227}
 228
 229static int gssx_dec_option_array(struct xdr_stream *xdr,
 230                                 struct gssx_option_array *oa)
 231{
 232        struct svc_cred *creds;
 233        u32 count, i;
 234        __be32 *p;
 235        int err;
 236
 237        p = xdr_inline_decode(xdr, 4);
 238        if (unlikely(p == NULL))
 239                return -ENOSPC;
 240        count = be32_to_cpup(p++);
 241        if (!count)
 242                return 0;
 243
 244        /* we recognize only 1 currently: CREDS_VALUE */
 245        oa->count = 1;
 246
 247        oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL);
 248        if (!oa->data)
 249                return -ENOMEM;
 250
 251        creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL);
 252        if (!creds) {
 253                kfree(oa->data);
 254                return -ENOMEM;
 255        }
 256
 257        oa->data[0].option.data = CREDS_VALUE;
 258        oa->data[0].option.len = sizeof(CREDS_VALUE);
 259        oa->data[0].value.data = (void *)creds;
 260        oa->data[0].value.len = 0;
 261
 262        for (i = 0; i < count; i++) {
 263                gssx_buffer dummy = { 0, NULL };
 264                u32 length;
 265
 266                /* option buffer */
 267                p = xdr_inline_decode(xdr, 4);
 268                if (unlikely(p == NULL))
 269                        return -ENOSPC;
 270
 271                length = be32_to_cpup(p);
 272                p = xdr_inline_decode(xdr, length);
 273                if (unlikely(p == NULL))
 274                        return -ENOSPC;
 275
 276                if (length == sizeof(CREDS_VALUE) &&
 277                    memcmp(p, CREDS_VALUE, sizeof(CREDS_VALUE)) == 0) {
 278                        /* We have creds here. parse them */
 279                        err = gssx_dec_linux_creds(xdr, creds);
 280                        if (err)
 281                                return err;
 282                        oa->data[0].value.len = 1; /* presence */
 283                } else {
 284                        /* consume uninteresting buffer */
 285                        err = gssx_dec_buffer(xdr, &dummy);
 286                        if (err)
 287                                return err;
 288                }
 289        }
 290        return 0;
 291}
 292
 293static int gssx_dec_status(struct xdr_stream *xdr,
 294                           struct gssx_status *status)
 295{
 296        __be32 *p;
 297        int err;
 298
 299        /* status->major_status */
 300        p = xdr_inline_decode(xdr, 8);
 301        if (unlikely(p == NULL))
 302                return -ENOSPC;
 303        p = xdr_decode_hyper(p, &status->major_status);
 304
 305        /* status->mech */
 306        err = gssx_dec_buffer(xdr, &status->mech);
 307        if (err)
 308                return err;
 309
 310        /* status->minor_status */
 311        p = xdr_inline_decode(xdr, 8);
 312        if (unlikely(p == NULL))
 313                return -ENOSPC;
 314        p = xdr_decode_hyper(p, &status->minor_status);
 315
 316        /* status->major_status_string */
 317        err = gssx_dec_buffer(xdr, &status->major_status_string);
 318        if (err)
 319                return err;
 320
 321        /* status->minor_status_string */
 322        err = gssx_dec_buffer(xdr, &status->minor_status_string);
 323        if (err)
 324                return err;
 325
 326        /* status->server_ctx */
 327        err = gssx_dec_buffer(xdr, &status->server_ctx);
 328        if (err)
 329                return err;
 330
 331        /* we assume we have no options for now, so simply consume them */
 332        /* status->options */
 333        err = dummy_dec_opt_array(xdr, &status->options);
 334
 335        return err;
 336}
 337
 338static int gssx_enc_call_ctx(struct xdr_stream *xdr,
 339                             const struct gssx_call_ctx *ctx)
 340{
 341        struct gssx_option opt;
 342        __be32 *p;
 343        int err;
 344
 345        /* ctx->locale */
 346        err = gssx_enc_buffer(xdr, &ctx->locale);
 347        if (err)
 348                return err;
 349
 350        /* ctx->server_ctx */
 351        err = gssx_enc_buffer(xdr, &ctx->server_ctx);
 352        if (err)
 353                return err;
 354
 355        /* we always want to ask for lucid contexts */
 356        /* ctx->options */
 357        p = xdr_reserve_space(xdr, 4);
 358        *p = cpu_to_be32(2);
 359
 360        /* we want a lucid_v1 context */
 361        opt.option.data = LUCID_OPTION;
 362        opt.option.len = sizeof(LUCID_OPTION);
 363        opt.value.data = LUCID_VALUE;
 364        opt.value.len = sizeof(LUCID_VALUE);
 365        err = gssx_enc_option(xdr, &opt);
 366
 367        /* ..and user creds */
 368        opt.option.data = CREDS_OPTION;
 369        opt.option.len = sizeof(CREDS_OPTION);
 370        opt.value.data = CREDS_VALUE;
 371        opt.value.len = sizeof(CREDS_VALUE);
 372        err = gssx_enc_option(xdr, &opt);
 373
 374        return err;
 375}
 376
 377static int gssx_dec_name_attr(struct xdr_stream *xdr,
 378                             struct gssx_name_attr *attr)
 379{
 380        int err;
 381
 382        /* attr->attr */
 383        err = gssx_dec_buffer(xdr, &attr->attr);
 384        if (err)
 385                return err;
 386
 387        /* attr->value */
 388        err = gssx_dec_buffer(xdr, &attr->value);
 389        if (err)
 390                return err;
 391
 392        /* attr->extensions */
 393        err = dummy_dec_opt_array(xdr, &attr->extensions);
 394
 395        return err;
 396}
 397
 398static int dummy_enc_nameattr_array(struct xdr_stream *xdr,
 399                                    struct gssx_name_attr_array *naa)
 400{
 401        __be32 *p;
 402
 403        if (naa->count != 0)
 404                return -EINVAL;
 405
 406        p = xdr_reserve_space(xdr, 4);
 407        if (!p)
 408                return -ENOSPC;
 409        *p = 0;
 410
 411        return 0;
 412}
 413
 414static int dummy_dec_nameattr_array(struct xdr_stream *xdr,
 415                                    struct gssx_name_attr_array *naa)
 416{
 417        struct gssx_name_attr dummy = { .attr = {.len = 0} };
 418        u32 count, i;
 419        __be32 *p;
 420
 421        p = xdr_inline_decode(xdr, 4);
 422        if (unlikely(p == NULL))
 423                return -ENOSPC;
 424        count = be32_to_cpup(p++);
 425        for (i = 0; i < count; i++) {
 426                gssx_dec_name_attr(xdr, &dummy);
 427        }
 428
 429        naa->count = 0;
 430        naa->data = NULL;
 431        return 0;
 432}
 433
 434static struct xdr_netobj zero_netobj = {};
 435
 436static struct gssx_name_attr_array zero_name_attr_array = {};
 437
 438static struct gssx_option_array zero_option_array = {};
 439
 440static int gssx_enc_name(struct xdr_stream *xdr,
 441                         struct gssx_name *name)
 442{
 443        int err;
 444
 445        /* name->display_name */
 446        err = gssx_enc_buffer(xdr, &name->display_name);
 447        if (err)
 448                return err;
 449
 450        /* name->name_type */
 451        err = gssx_enc_buffer(xdr, &zero_netobj);
 452        if (err)
 453                return err;
 454
 455        /* name->exported_name */
 456        err = gssx_enc_buffer(xdr, &zero_netobj);
 457        if (err)
 458                return err;
 459
 460        /* name->exported_composite_name */
 461        err = gssx_enc_buffer(xdr, &zero_netobj);
 462        if (err)
 463                return err;
 464
 465        /* leave name_attributes empty for now, will add once we have any
 466         * to pass up at all */
 467        /* name->name_attributes */
 468        err = dummy_enc_nameattr_array(xdr, &zero_name_attr_array);
 469        if (err)
 470                return err;
 471
 472        /* leave options empty for now, will add once we have any options
 473         * to pass up at all */
 474        /* name->extensions */
 475        err = dummy_enc_opt_array(xdr, &zero_option_array);
 476
 477        return err;
 478}
 479
 480
 481static int gssx_dec_name(struct xdr_stream *xdr,
 482                         struct gssx_name *name)
 483{
 484        struct xdr_netobj dummy_netobj = { .len = 0 };
 485        struct gssx_name_attr_array dummy_name_attr_array = { .count = 0 };
 486        struct gssx_option_array dummy_option_array = { .count = 0 };
 487        int err;
 488
 489        /* name->display_name */
 490        err = gssx_dec_buffer(xdr, &name->display_name);
 491        if (err)
 492                return err;
 493
 494        /* name->name_type */
 495        err = gssx_dec_buffer(xdr, &dummy_netobj);
 496        if (err)
 497                return err;
 498
 499        /* name->exported_name */
 500        err = gssx_dec_buffer(xdr, &dummy_netobj);
 501        if (err)
 502                return err;
 503
 504        /* name->exported_composite_name */
 505        err = gssx_dec_buffer(xdr, &dummy_netobj);
 506        if (err)
 507                return err;
 508
 509        /* we assume we have no attributes for now, so simply consume them */
 510        /* name->name_attributes */
 511        err = dummy_dec_nameattr_array(xdr, &dummy_name_attr_array);
 512        if (err)
 513                return err;
 514
 515        /* we assume we have no options for now, so simply consume them */
 516        /* name->extensions */
 517        err = dummy_dec_opt_array(xdr, &dummy_option_array);
 518
 519        return err;
 520}
 521
 522static int dummy_enc_credel_array(struct xdr_stream *xdr,
 523                                  struct gssx_cred_element_array *cea)
 524{
 525        __be32 *p;
 526
 527        if (cea->count != 0)
 528                return -EINVAL;
 529
 530        p = xdr_reserve_space(xdr, 4);
 531        if (!p)
 532                return -ENOSPC;
 533        *p = 0;
 534
 535        return 0;
 536}
 537
 538static int gssx_enc_cred(struct xdr_stream *xdr,
 539                         struct gssx_cred *cred)
 540{
 541        int err;
 542
 543        /* cred->desired_name */
 544        err = gssx_enc_name(xdr, &cred->desired_name);
 545        if (err)
 546                return err;
 547
 548        /* cred->elements */
 549        err = dummy_enc_credel_array(xdr, &cred->elements);
 550        if (err)
 551                return err;
 552
 553        /* cred->cred_handle_reference */
 554        err = gssx_enc_buffer(xdr, &cred->cred_handle_reference);
 555        if (err)
 556                return err;
 557
 558        /* cred->needs_release */
 559        err = gssx_enc_bool(xdr, cred->needs_release);
 560
 561        return err;
 562}
 563
 564static int gssx_enc_ctx(struct xdr_stream *xdr,
 565                        struct gssx_ctx *ctx)
 566{
 567        __be32 *p;
 568        int err;
 569
 570        /* ctx->exported_context_token */
 571        err = gssx_enc_buffer(xdr, &ctx->exported_context_token);
 572        if (err)
 573                return err;
 574
 575        /* ctx->state */
 576        err = gssx_enc_buffer(xdr, &ctx->state);
 577        if (err)
 578                return err;
 579
 580        /* ctx->need_release */
 581        err = gssx_enc_bool(xdr, ctx->need_release);
 582        if (err)
 583                return err;
 584
 585        /* ctx->mech */
 586        err = gssx_enc_buffer(xdr, &ctx->mech);
 587        if (err)
 588                return err;
 589
 590        /* ctx->src_name */
 591        err = gssx_enc_name(xdr, &ctx->src_name);
 592        if (err)
 593                return err;
 594
 595        /* ctx->targ_name */
 596        err = gssx_enc_name(xdr, &ctx->targ_name);
 597        if (err)
 598                return err;
 599
 600        /* ctx->lifetime */
 601        p = xdr_reserve_space(xdr, 8+8);
 602        if (!p)
 603                return -ENOSPC;
 604        p = xdr_encode_hyper(p, ctx->lifetime);
 605
 606        /* ctx->ctx_flags */
 607        p = xdr_encode_hyper(p, ctx->ctx_flags);
 608
 609        /* ctx->locally_initiated */
 610        err = gssx_enc_bool(xdr, ctx->locally_initiated);
 611        if (err)
 612                return err;
 613
 614        /* ctx->open */
 615        err = gssx_enc_bool(xdr, ctx->open);
 616        if (err)
 617                return err;
 618
 619        /* leave options empty for now, will add once we have any options
 620         * to pass up at all */
 621        /* ctx->options */
 622        err = dummy_enc_opt_array(xdr, &ctx->options);
 623
 624        return err;
 625}
 626
 627static int gssx_dec_ctx(struct xdr_stream *xdr,
 628                        struct gssx_ctx *ctx)
 629{
 630        __be32 *p;
 631        int err;
 632
 633        /* ctx->exported_context_token */
 634        err = gssx_dec_buffer(xdr, &ctx->exported_context_token);
 635        if (err)
 636                return err;
 637
 638        /* ctx->state */
 639        err = gssx_dec_buffer(xdr, &ctx->state);
 640        if (err)
 641                return err;
 642
 643        /* ctx->need_release */
 644        err = gssx_dec_bool(xdr, &ctx->need_release);
 645        if (err)
 646                return err;
 647
 648        /* ctx->mech */
 649        err = gssx_dec_buffer(xdr, &ctx->mech);
 650        if (err)
 651                return err;
 652
 653        /* ctx->src_name */
 654        err = gssx_dec_name(xdr, &ctx->src_name);
 655        if (err)
 656                return err;
 657
 658        /* ctx->targ_name */
 659        err = gssx_dec_name(xdr, &ctx->targ_name);
 660        if (err)
 661                return err;
 662
 663        /* ctx->lifetime */
 664        p = xdr_inline_decode(xdr, 8+8);
 665        if (unlikely(p == NULL))
 666                return -ENOSPC;
 667        p = xdr_decode_hyper(p, &ctx->lifetime);
 668
 669        /* ctx->ctx_flags */
 670        p = xdr_decode_hyper(p, &ctx->ctx_flags);
 671
 672        /* ctx->locally_initiated */
 673        err = gssx_dec_bool(xdr, &ctx->locally_initiated);
 674        if (err)
 675                return err;
 676
 677        /* ctx->open */
 678        err = gssx_dec_bool(xdr, &ctx->open);
 679        if (err)
 680                return err;
 681
 682        /* we assume we have no options for now, so simply consume them */
 683        /* ctx->options */
 684        err = dummy_dec_opt_array(xdr, &ctx->options);
 685
 686        return err;
 687}
 688
 689static int gssx_enc_cb(struct xdr_stream *xdr, struct gssx_cb *cb)
 690{
 691        __be32 *p;
 692        int err;
 693
 694        /* cb->initiator_addrtype */
 695        p = xdr_reserve_space(xdr, 8);
 696        if (!p)
 697                return -ENOSPC;
 698        p = xdr_encode_hyper(p, cb->initiator_addrtype);
 699
 700        /* cb->initiator_address */
 701        err = gssx_enc_buffer(xdr, &cb->initiator_address);
 702        if (err)
 703                return err;
 704
 705        /* cb->acceptor_addrtype */
 706        p = xdr_reserve_space(xdr, 8);
 707        if (!p)
 708                return -ENOSPC;
 709        p = xdr_encode_hyper(p, cb->acceptor_addrtype);
 710
 711        /* cb->acceptor_address */
 712        err = gssx_enc_buffer(xdr, &cb->acceptor_address);
 713        if (err)
 714                return err;
 715
 716        /* cb->application_data */
 717        err = gssx_enc_buffer(xdr, &cb->application_data);
 718
 719        return err;
 720}
 721
 722void gssx_enc_accept_sec_context(struct rpc_rqst *req,
 723                                 struct xdr_stream *xdr,
 724                                 const void *data)
 725{
 726        const struct gssx_arg_accept_sec_context *arg = data;
 727        int err;
 728
 729        err = gssx_enc_call_ctx(xdr, &arg->call_ctx);
 730        if (err)
 731                goto done;
 732
 733        /* arg->context_handle */
 734        if (arg->context_handle)
 735                err = gssx_enc_ctx(xdr, arg->context_handle);
 736        else
 737                err = gssx_enc_bool(xdr, 0);
 738        if (err)
 739                goto done;
 740
 741        /* arg->cred_handle */
 742        if (arg->cred_handle)
 743                err = gssx_enc_cred(xdr, arg->cred_handle);
 744        else
 745                err = gssx_enc_bool(xdr, 0);
 746        if (err)
 747                goto done;
 748
 749        /* arg->input_token */
 750        err = gssx_enc_in_token(xdr, &arg->input_token);
 751        if (err)
 752                goto done;
 753
 754        /* arg->input_cb */
 755        if (arg->input_cb)
 756                err = gssx_enc_cb(xdr, arg->input_cb);
 757        else
 758                err = gssx_enc_bool(xdr, 0);
 759        if (err)
 760                goto done;
 761
 762        err = gssx_enc_bool(xdr, arg->ret_deleg_cred);
 763        if (err)
 764                goto done;
 765
 766        /* leave options empty for now, will add once we have any options
 767         * to pass up at all */
 768        /* arg->options */
 769        err = dummy_enc_opt_array(xdr, &arg->options);
 770
 771        xdr_inline_pages(&req->rq_rcv_buf,
 772                PAGE_SIZE/2 /* pretty arbitrary */,
 773                arg->pages, 0 /* page base */, arg->npages * PAGE_SIZE);
 774done:
 775        if (err)
 776                dprintk("RPC:       gssx_enc_accept_sec_context: %d\n", err);
 777}
 778
 779int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
 780                                struct xdr_stream *xdr,
 781                                void *data)
 782{
 783        struct gssx_res_accept_sec_context *res = data;
 784        u32 value_follows;
 785        int err;
 786        struct page *scratch;
 787
 788        scratch = alloc_page(GFP_KERNEL);
 789        if (!scratch)
 790                return -ENOMEM;
 791        xdr_set_scratch_page(xdr, scratch);
 792
 793        /* res->status */
 794        err = gssx_dec_status(xdr, &res->status);
 795        if (err)
 796                goto out_free;
 797
 798        /* res->context_handle */
 799        err = gssx_dec_bool(xdr, &value_follows);
 800        if (err)
 801                goto out_free;
 802        if (value_follows) {
 803                err = gssx_dec_ctx(xdr, res->context_handle);
 804                if (err)
 805                        goto out_free;
 806        } else {
 807                res->context_handle = NULL;
 808        }
 809
 810        /* res->output_token */
 811        err = gssx_dec_bool(xdr, &value_follows);
 812        if (err)
 813                goto out_free;
 814        if (value_follows) {
 815                err = gssx_dec_buffer(xdr, res->output_token);
 816                if (err)
 817                        goto out_free;
 818        } else {
 819                res->output_token = NULL;
 820        }
 821
 822        /* res->delegated_cred_handle */
 823        err = gssx_dec_bool(xdr, &value_follows);
 824        if (err)
 825                goto out_free;
 826        if (value_follows) {
 827                /* we do not support upcall servers sending this data. */
 828                err = -EINVAL;
 829                goto out_free;
 830        }
 831
 832        /* res->options */
 833        err = gssx_dec_option_array(xdr, &res->options);
 834
 835out_free:
 836        __free_page(scratch);
 837        return err;
 838}
 839