linux/net/sunrpc/auth_gss/auth_gss.c
<<
>>
Prefs 
   1// SPDX-License-Identifier: BSD-3-Clause
   2/*
   3 * linux/net/sunrpc/auth_gss/auth_gss.c
   4 *
   5 * RPCSEC_GSS client authentication.
   6 *
   7 *  Copyright (c) 2000 The Regents of the University of Michigan.
   8 *  All rights reserved.
   9 *
  10 *  Dug Song       <dugsong@monkey.org>
  11 *  Andy Adamson   <andros@umich.edu>
  12 */
  13
  14#include <linux/module.h>
  15#include <linux/init.h>
  16#include <linux/types.h>
  17#include <linux/slab.h>
  18#include <linux/sched.h>
  19#include <linux/pagemap.h>
  20#include <linux/sunrpc/clnt.h>
  21#include <linux/sunrpc/auth.h>
  22#include <linux/sunrpc/auth_gss.h>
  23#include <linux/sunrpc/gss_krb5.h>
  24#include <linux/sunrpc/svcauth_gss.h>
  25#include <linux/sunrpc/gss_err.h>
  26#include <linux/workqueue.h>
  27#include <linux/sunrpc/rpc_pipe_fs.h>
  28#include <linux/sunrpc/gss_api.h>
  29#include <linux/uaccess.h>
  30#include <linux/hashtable.h>
  31
  32#include "auth_gss_internal.h"
  33#include "../netns.h"
  34
  35#include <trace/events/rpcgss.h>
  36
  37static const struct rpc_authops authgss_ops;
  38
  39static const struct rpc_credops gss_credops;
  40static const struct rpc_credops gss_nullops;
  41
  42#define GSS_RETRY_EXPIRED 5
  43static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
  44
  45#define GSS_KEY_EXPIRE_TIMEO 240
  46static unsigned int gss_key_expire_timeo = GSS_KEY_EXPIRE_TIMEO;
  47
  48#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
  49# define RPCDBG_FACILITY        RPCDBG_AUTH
  50#endif
  51
  52#define GSS_CRED_SLACK          (RPC_MAX_AUTH_SIZE * 2)
  53/* length of a krb5 verifier (48), plus data added before arguments when
  54 * using integrity (two 4-byte integers): */
  55#define GSS_VERF_SLACK          100
  56
  57static DEFINE_HASHTABLE(gss_auth_hash_table, 4);
  58static DEFINE_SPINLOCK(gss_auth_hash_lock);
  59
  60struct gss_pipe {
  61        struct rpc_pipe_dir_object pdo;
  62        struct rpc_pipe *pipe;
  63        struct rpc_clnt *clnt;
  64        const char *name;
  65        struct kref kref;
  66};
  67
  68struct gss_auth {
  69        struct kref kref;
  70        struct hlist_node hash;
  71        struct rpc_auth rpc_auth;
  72        struct gss_api_mech *mech;
  73        enum rpc_gss_svc service;
  74        struct rpc_clnt *client;
  75        struct net      *net;
  76        netns_tracker   ns_tracker;
  77        /*
  78         * There are two upcall pipes; dentry[1], named "gssd", is used
  79         * for the new text-based upcall; dentry[0] is named after the
  80         * mechanism (for example, "krb5") and exists for
  81         * backwards-compatibility with older gssd's.
  82         */
  83        struct gss_pipe *gss_pipe[2];
  84        const char *target_name;
  85};
  86
  87/* pipe_version >= 0 if and only if someone has a pipe open. */
  88static DEFINE_SPINLOCK(pipe_version_lock);
  89static struct rpc_wait_queue pipe_version_rpc_waitqueue;
  90static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
  91static void gss_put_auth(struct gss_auth *gss_auth);
  92
  93static void gss_free_ctx(struct gss_cl_ctx *);
  94static const struct rpc_pipe_ops gss_upcall_ops_v0;
  95static const struct rpc_pipe_ops gss_upcall_ops_v1;
  96
  97static inline struct gss_cl_ctx *
  98gss_get_ctx(struct gss_cl_ctx *ctx)
  99{
 100        refcount_inc(&ctx->count);
 101        return ctx;
 102}
 103
 104static inline void
 105gss_put_ctx(struct gss_cl_ctx *ctx)
 106{
 107        if (refcount_dec_and_test(&ctx->count))
 108                gss_free_ctx(ctx);
 109}
 110
 111/* gss_cred_set_ctx:
 112 * called by gss_upcall_callback and gss_create_upcall in order
 113 * to set the gss context. The actual exchange of an old context
 114 * and a new one is protected by the pipe->lock.
 115 */
 116static void
 117gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
 118{
 119        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
 120
 121        if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
 122                return;
 123        gss_get_ctx(ctx);
 124        rcu_assign_pointer(gss_cred->gc_ctx, ctx);
 125        set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
 126        smp_mb__before_atomic();
 127        clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
 128}
 129
 130static struct gss_cl_ctx *
 131gss_cred_get_ctx(struct rpc_cred *cred)
 132{
 133        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
 134        struct gss_cl_ctx *ctx = NULL;
 135
 136        rcu_read_lock();
 137        ctx = rcu_dereference(gss_cred->gc_ctx);
 138        if (ctx)
 139                gss_get_ctx(ctx);
 140        rcu_read_unlock();
 141        return ctx;
 142}
 143
 144static struct gss_cl_ctx *
 145gss_alloc_context(void)
 146{
 147        struct gss_cl_ctx *ctx;
 148
 149        ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
 150        if (ctx != NULL) {
 151                ctx->gc_proc = RPC_GSS_PROC_DATA;
 152                ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
 153                spin_lock_init(&ctx->gc_seq_lock);
 154                refcount_set(&ctx->count,1);
 155        }
 156        return ctx;
 157}
 158
 159#define GSSD_MIN_TIMEOUT (60 * 60)
 160static const void *
 161gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
 162{
 163        const void *q;
 164        unsigned int seclen;
 165        unsigned int timeout;
 166        unsigned long now = jiffies;
 167        u32 window_size;
 168        int ret;
 169
 170        /* First unsigned int gives the remaining lifetime in seconds of the
 171         * credential - e.g. the remaining TGT lifetime for Kerberos or
 172         * the -t value passed to GSSD.
 173         */
 174        p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
 175        if (IS_ERR(p))
 176                goto err;
 177        if (timeout == 0)
 178                timeout = GSSD_MIN_TIMEOUT;
 179        ctx->gc_expiry = now + ((unsigned long)timeout * HZ);
 180        /* Sequence number window. Determines the maximum number of
 181         * simultaneous requests
 182         */
 183        p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
 184        if (IS_ERR(p))
 185                goto err;
 186        ctx->gc_win = window_size;
 187        /* gssd signals an error by passing ctx->gc_win = 0: */
 188        if (ctx->gc_win == 0) {
 189                /*
 190                 * in which case, p points to an error code. Anything other
 191                 * than -EKEYEXPIRED gets converted to -EACCES.
 192                 */
 193                p = simple_get_bytes(p, end, &ret, sizeof(ret));
 194                if (!IS_ERR(p))
 195                        p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
 196                                                    ERR_PTR(-EACCES);
 197                goto err;
 198        }
 199        /* copy the opaque wire context */
 200        p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
 201        if (IS_ERR(p))
 202                goto err;
 203        /* import the opaque security context */
 204        p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
 205        if (IS_ERR(p))
 206                goto err;
 207        q = (const void *)((const char *)p + seclen);
 208        if (unlikely(q > end || q < p)) {
 209                p = ERR_PTR(-EFAULT);
 210                goto err;
 211        }
 212        ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, NULL, GFP_KERNEL);
 213        if (ret < 0) {
 214                trace_rpcgss_import_ctx(ret);
 215                p = ERR_PTR(ret);
 216                goto err;
 217        }
 218
 219        /* is there any trailing data? */
 220        if (q == end) {
 221                p = q;
 222                goto done;
 223        }
 224
 225        /* pull in acceptor name (if there is one) */
 226        p = simple_get_netobj(q, end, &ctx->gc_acceptor);
 227        if (IS_ERR(p))
 228                goto err;
 229done:
 230        trace_rpcgss_context(window_size, ctx->gc_expiry, now, timeout,
 231                             ctx->gc_acceptor.len, ctx->gc_acceptor.data);
 232err:
 233        return p;
 234}
 235
 236/* XXX: Need some documentation about why UPCALL_BUF_LEN is so small.
 237 *      Is user space expecting no more than UPCALL_BUF_LEN bytes?
 238 *      Note that there are now _two_ NI_MAXHOST sized data items
 239 *      being passed in this string.
 240 */
 241#define UPCALL_BUF_LEN  256
 242
 243struct gss_upcall_msg {
 244        refcount_t count;
 245        kuid_t  uid;
 246        const char *service_name;
 247        struct rpc_pipe_msg msg;
 248        struct list_head list;
 249        struct gss_auth *auth;
 250        struct rpc_pipe *pipe;
 251        struct rpc_wait_queue rpc_waitqueue;
 252        wait_queue_head_t waitqueue;
 253        struct gss_cl_ctx *ctx;
 254        char databuf[UPCALL_BUF_LEN];
 255};
 256
 257static int get_pipe_version(struct net *net)
 258{
 259        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 260        int ret;
 261
 262        spin_lock(&pipe_version_lock);
 263        if (sn->pipe_version >= 0) {
 264                atomic_inc(&sn->pipe_users);
 265                ret = sn->pipe_version;
 266        } else
 267                ret = -EAGAIN;
 268        spin_unlock(&pipe_version_lock);
 269        return ret;
 270}
 271
 272static void put_pipe_version(struct net *net)
 273{
 274        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 275
 276        if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
 277                sn->pipe_version = -1;
 278                spin_unlock(&pipe_version_lock);
 279        }
 280}
 281
 282static void
 283gss_release_msg(struct gss_upcall_msg *gss_msg)
 284{
 285        struct net *net = gss_msg->auth->net;
 286        if (!refcount_dec_and_test(&gss_msg->count))
 287                return;
 288        put_pipe_version(net);
 289        BUG_ON(!list_empty(&gss_msg->list));
 290        if (gss_msg->ctx != NULL)
 291                gss_put_ctx(gss_msg->ctx);
 292        rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
 293        gss_put_auth(gss_msg->auth);
 294        kfree_const(gss_msg->service_name);
 295        kfree(gss_msg);
 296}
 297
 298static struct gss_upcall_msg *
 299__gss_find_upcall(struct rpc_pipe *pipe, kuid_t uid, const struct gss_auth *auth)
 300{
 301        struct gss_upcall_msg *pos;
 302        list_for_each_entry(pos, &pipe->in_downcall, list) {
 303                if (!uid_eq(pos->uid, uid))
 304                        continue;
 305                if (auth && pos->auth->service != auth->service)
 306                        continue;
 307                refcount_inc(&pos->count);
 308                return pos;
 309        }
 310        return NULL;
 311}
 312
 313/* Try to add an upcall to the pipefs queue.
 314 * If an upcall owned by our uid already exists, then we return a reference
 315 * to that upcall instead of adding the new upcall.
 316 */
 317static inline struct gss_upcall_msg *
 318gss_add_msg(struct gss_upcall_msg *gss_msg)
 319{
 320        struct rpc_pipe *pipe = gss_msg->pipe;
 321        struct gss_upcall_msg *old;
 322
 323        spin_lock(&pipe->lock);
 324        old = __gss_find_upcall(pipe, gss_msg->uid, gss_msg->auth);
 325        if (old == NULL) {
 326                refcount_inc(&gss_msg->count);
 327                list_add(&gss_msg->list, &pipe->in_downcall);
 328        } else
 329                gss_msg = old;
 330        spin_unlock(&pipe->lock);
 331        return gss_msg;
 332}
 333
 334static void
 335__gss_unhash_msg(struct gss_upcall_msg *gss_msg)
 336{
 337        list_del_init(&gss_msg->list);
 338        rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
 339        wake_up_all(&gss_msg->waitqueue);
 340        refcount_dec(&gss_msg->count);
 341}
 342
 343static void
 344gss_unhash_msg(struct gss_upcall_msg *gss_msg)
 345{
 346        struct rpc_pipe *pipe = gss_msg->pipe;
 347
 348        if (list_empty(&gss_msg->list))
 349                return;
 350        spin_lock(&pipe->lock);
 351        if (!list_empty(&gss_msg->list))
 352                __gss_unhash_msg(gss_msg);
 353        spin_unlock(&pipe->lock);
 354}
 355
 356static void
 357gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss_msg)
 358{
 359        switch (gss_msg->msg.errno) {
 360        case 0:
 361                if (gss_msg->ctx == NULL)
 362                        break;
 363                clear_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
 364                gss_cred_set_ctx(&gss_cred->gc_base, gss_msg->ctx);
 365                break;
 366        case -EKEYEXPIRED:
 367                set_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
 368        }
 369        gss_cred->gc_upcall_timestamp = jiffies;
 370        gss_cred->gc_upcall = NULL;
 371        rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
 372}
 373
 374static void
 375gss_upcall_callback(struct rpc_task *task)
 376{
 377        struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
 378                        struct gss_cred, gc_base);
 379        struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
 380        struct rpc_pipe *pipe = gss_msg->pipe;
 381
 382        spin_lock(&pipe->lock);
 383        gss_handle_downcall_result(gss_cred, gss_msg);
 384        spin_unlock(&pipe->lock);
 385        task->tk_status = gss_msg->msg.errno;
 386        gss_release_msg(gss_msg);
 387}
 388
 389static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
 390                              const struct cred *cred)
 391{
 392        struct user_namespace *userns = cred->user_ns;
 393
 394        uid_t uid = from_kuid_munged(userns, gss_msg->uid);
 395        memcpy(gss_msg->databuf, &uid, sizeof(uid));
 396        gss_msg->msg.data = gss_msg->databuf;
 397        gss_msg->msg.len = sizeof(uid);
 398
 399        BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
 400}
 401
 402static ssize_t
 403gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
 404                char __user *buf, size_t buflen)
 405{
 406        struct gss_upcall_msg *gss_msg = container_of(msg,
 407                                                      struct gss_upcall_msg,
 408                                                      msg);
 409        if (msg->copied == 0)
 410                gss_encode_v0_msg(gss_msg, file->f_cred);
 411        return rpc_pipe_generic_upcall(file, msg, buf, buflen);
 412}
 413
 414static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
 415                                const char *service_name,
 416                                const char *target_name,
 417                                const struct cred *cred)
 418{
 419        struct user_namespace *userns = cred->user_ns;
 420        struct gss_api_mech *mech = gss_msg->auth->mech;
 421        char *p = gss_msg->databuf;
 422        size_t buflen = sizeof(gss_msg->databuf);
 423        int len;
 424
 425        len = scnprintf(p, buflen, "mech=%s uid=%d", mech->gm_name,
 426                        from_kuid_munged(userns, gss_msg->uid));
 427        buflen -= len;
 428        p += len;
 429        gss_msg->msg.len = len;
 430
 431        /*
 432         * target= is a full service principal that names the remote
 433         * identity that we are authenticating to.
 434         */
 435        if (target_name) {
 436                len = scnprintf(p, buflen, " target=%s", target_name);
 437                buflen -= len;
 438                p += len;
 439                gss_msg->msg.len += len;
 440        }
 441
 442        /*
 443         * gssd uses service= and srchost= to select a matching key from
 444         * the system's keytab to use as the source principal.
 445         *
 446         * service= is the service name part of the source principal,
 447         * or "*" (meaning choose any).
 448         *
 449         * srchost= is the hostname part of the source principal. When
 450         * not provided, gssd uses the local hostname.
 451         */
 452        if (service_name) {
 453                char *c = strchr(service_name, '@');
 454
 455                if (!c)
 456                        len = scnprintf(p, buflen, " service=%s",
 457                                        service_name);
 458                else
 459                        len = scnprintf(p, buflen,
 460                                        " service=%.*s srchost=%s",
 461                                        (int)(c - service_name),
 462                                        service_name, c + 1);
 463                buflen -= len;
 464                p += len;
 465                gss_msg->msg.len += len;
 466        }
 467
 468        if (mech->gm_upcall_enctypes) {
 469                len = scnprintf(p, buflen, " enctypes=%s",
 470                                mech->gm_upcall_enctypes);
 471                buflen -= len;
 472                p += len;
 473                gss_msg->msg.len += len;
 474        }
 475        trace_rpcgss_upcall_msg(gss_msg->databuf);
 476        len = scnprintf(p, buflen, "\n");
 477        if (len == 0)
 478                goto out_overflow;
 479        gss_msg->msg.len += len;
 480        gss_msg->msg.data = gss_msg->databuf;
 481        return 0;
 482out_overflow:
 483        WARN_ON_ONCE(1);
 484        return -ENOMEM;
 485}
 486
 487static ssize_t
 488gss_v1_upcall(struct file *file, struct rpc_pipe_msg *msg,
 489                char __user *buf, size_t buflen)
 490{
 491        struct gss_upcall_msg *gss_msg = container_of(msg,
 492                                                      struct gss_upcall_msg,
 493                                                      msg);
 494        int err;
 495        if (msg->copied == 0) {
 496                err = gss_encode_v1_msg(gss_msg,
 497                                        gss_msg->service_name,
 498                                        gss_msg->auth->target_name,
 499                                        file->f_cred);
 500                if (err)
 501                        return err;
 502        }
 503        return rpc_pipe_generic_upcall(file, msg, buf, buflen);
 504}
 505
 506static struct gss_upcall_msg *
 507gss_alloc_msg(struct gss_auth *gss_auth,
 508                kuid_t uid, const char *service_name)
 509{
 510        struct gss_upcall_msg *gss_msg;
 511        int vers;
 512        int err = -ENOMEM;
 513
 514        gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL);
 515        if (gss_msg == NULL)
 516                goto err;
 517        vers = get_pipe_version(gss_auth->net);
 518        err = vers;
 519        if (err < 0)
 520                goto err_free_msg;
 521        gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
 522        INIT_LIST_HEAD(&gss_msg->list);
 523        rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
 524        init_waitqueue_head(&gss_msg->waitqueue);
 525        refcount_set(&gss_msg->count, 1);
 526        gss_msg->uid = uid;
 527        gss_msg->auth = gss_auth;
 528        kref_get(&gss_auth->kref);
 529        if (service_name) {
 530                gss_msg->service_name = kstrdup_const(service_name, GFP_KERNEL);
 531                if (!gss_msg->service_name) {
 532                        err = -ENOMEM;
 533                        goto err_put_pipe_version;
 534                }
 535        }
 536        return gss_msg;
 537err_put_pipe_version:
 538        put_pipe_version(gss_auth->net);
 539err_free_msg:
 540        kfree(gss_msg);
 541err:
 542        return ERR_PTR(err);
 543}
 544
 545static struct gss_upcall_msg *
 546gss_setup_upcall(struct gss_auth *gss_auth, struct rpc_cred *cred)
 547{
 548        struct gss_cred *gss_cred = container_of(cred,
 549                        struct gss_cred, gc_base);
 550        struct gss_upcall_msg *gss_new, *gss_msg;
 551        kuid_t uid = cred->cr_cred->fsuid;
 552
 553        gss_new = gss_alloc_msg(gss_auth, uid, gss_cred->gc_principal);
 554        if (IS_ERR(gss_new))
 555                return gss_new;
 556        gss_msg = gss_add_msg(gss_new);
 557        if (gss_msg == gss_new) {
 558                int res;
 559                refcount_inc(&gss_msg->count);
 560                res = rpc_queue_upcall(gss_new->pipe, &gss_new->msg);
 561                if (res) {
 562                        gss_unhash_msg(gss_new);
 563                        refcount_dec(&gss_msg->count);
 564                        gss_release_msg(gss_new);
 565                        gss_msg = ERR_PTR(res);
 566                }
 567        } else
 568                gss_release_msg(gss_new);
 569        return gss_msg;
 570}
 571
 572static void warn_gssd(void)
 573{
 574        dprintk("AUTH_GSS upcall failed. Please check user daemon is running.\n");
 575}
 576
 577static inline int
 578gss_refresh_upcall(struct rpc_task *task)
 579{
 580        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
 581        struct gss_auth *gss_auth = container_of(cred->cr_auth,
 582                        struct gss_auth, rpc_auth);
 583        struct gss_cred *gss_cred = container_of(cred,
 584                        struct gss_cred, gc_base);
 585        struct gss_upcall_msg *gss_msg;
 586        struct rpc_pipe *pipe;
 587        int err = 0;
 588
 589        gss_msg = gss_setup_upcall(gss_auth, cred);
 590        if (PTR_ERR(gss_msg) == -EAGAIN) {
 591                /* XXX: warning on the first, under the assumption we
 592                 * shouldn't normally hit this case on a refresh. */
 593                warn_gssd();
 594                rpc_sleep_on_timeout(&pipe_version_rpc_waitqueue,
 595                                task, NULL, jiffies + (15 * HZ));
 596                err = -EAGAIN;
 597                goto out;
 598        }
 599        if (IS_ERR(gss_msg)) {
 600                err = PTR_ERR(gss_msg);
 601                goto out;
 602        }
 603        pipe = gss_msg->pipe;
 604        spin_lock(&pipe->lock);
 605        if (gss_cred->gc_upcall != NULL)
 606                rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
 607        else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
 608                gss_cred->gc_upcall = gss_msg;
 609                /* gss_upcall_callback will release the reference to gss_upcall_msg */
 610                refcount_inc(&gss_msg->count);
 611                rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
 612        } else {
 613                gss_handle_downcall_result(gss_cred, gss_msg);
 614                err = gss_msg->msg.errno;
 615        }
 616        spin_unlock(&pipe->lock);
 617        gss_release_msg(gss_msg);
 618out:
 619        trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
 620                                             cred->cr_cred->fsuid), err);
 621        return err;
 622}
 623
 624static inline int
 625gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
 626{
 627        struct net *net = gss_auth->net;
 628        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 629        struct rpc_pipe *pipe;
 630        struct rpc_cred *cred = &gss_cred->gc_base;
 631        struct gss_upcall_msg *gss_msg;
 632        DEFINE_WAIT(wait);
 633        int err;
 634
 635retry:
 636        err = 0;
 637        /* if gssd is down, just skip upcalling altogether */
 638        if (!gssd_running(net)) {
 639                warn_gssd();
 640                err = -EACCES;
 641                goto out;
 642        }
 643        gss_msg = gss_setup_upcall(gss_auth, cred);
 644        if (PTR_ERR(gss_msg) == -EAGAIN) {
 645                err = wait_event_interruptible_timeout(pipe_version_waitqueue,
 646                                sn->pipe_version >= 0, 15 * HZ);
 647                if (sn->pipe_version < 0) {
 648                        warn_gssd();
 649                        err = -EACCES;
 650                }
 651                if (err < 0)
 652                        goto out;
 653                goto retry;
 654        }
 655        if (IS_ERR(gss_msg)) {
 656                err = PTR_ERR(gss_msg);
 657                goto out;
 658        }
 659        pipe = gss_msg->pipe;
 660        for (;;) {
 661                prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
 662                spin_lock(&pipe->lock);
 663                if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
 664                        break;
 665                }
 666                spin_unlock(&pipe->lock);
 667                if (fatal_signal_pending(current)) {
 668                        err = -ERESTARTSYS;
 669                        goto out_intr;
 670                }
 671                schedule();
 672        }
 673        if (gss_msg->ctx) {
 674                trace_rpcgss_ctx_init(gss_cred);
 675                gss_cred_set_ctx(cred, gss_msg->ctx);
 676        } else {
 677                err = gss_msg->msg.errno;
 678        }
 679        spin_unlock(&pipe->lock);
 680out_intr:
 681        finish_wait(&gss_msg->waitqueue, &wait);
 682        gss_release_msg(gss_msg);
 683out:
 684        trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
 685                                             cred->cr_cred->fsuid), err);
 686        return err;
 687}
 688
 689#define MSG_BUF_MAXSIZE 1024
 690
 691static ssize_t
 692gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
 693{
 694        const void *p, *end;
 695        void *buf;
 696        struct gss_upcall_msg *gss_msg;
 697        struct rpc_pipe *pipe = RPC_I(file_inode(filp))->pipe;
 698        struct gss_cl_ctx *ctx;
 699        uid_t id;
 700        kuid_t uid;
 701        ssize_t err = -EFBIG;
 702
 703        if (mlen > MSG_BUF_MAXSIZE)
 704                goto out;
 705        err = -ENOMEM;
 706        buf = kmalloc(mlen, GFP_KERNEL);
 707        if (!buf)
 708                goto out;
 709
 710        err = -EFAULT;
 711        if (copy_from_user(buf, src, mlen))
 712                goto err;
 713
 714        end = (const void *)((char *)buf + mlen);
 715        p = simple_get_bytes(buf, end, &id, sizeof(id));
 716        if (IS_ERR(p)) {
 717                err = PTR_ERR(p);
 718                goto err;
 719        }
 720
 721        uid = make_kuid(current_user_ns(), id);
 722        if (!uid_valid(uid)) {
 723                err = -EINVAL;
 724                goto err;
 725        }
 726
 727        err = -ENOMEM;
 728        ctx = gss_alloc_context();
 729        if (ctx == NULL)
 730                goto err;
 731
 732        err = -ENOENT;
 733        /* Find a matching upcall */
 734        spin_lock(&pipe->lock);
 735        gss_msg = __gss_find_upcall(pipe, uid, NULL);
 736        if (gss_msg == NULL) {
 737                spin_unlock(&pipe->lock);
 738                goto err_put_ctx;
 739        }
 740        list_del_init(&gss_msg->list);
 741        spin_unlock(&pipe->lock);
 742
 743        p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
 744        if (IS_ERR(p)) {
 745                err = PTR_ERR(p);
 746                switch (err) {
 747                case -EACCES:
 748                case -EKEYEXPIRED:
 749                        gss_msg->msg.errno = err;
 750                        err = mlen;
 751                        break;
 752                case -EFAULT:
 753                case -ENOMEM:
 754                case -EINVAL:
 755                case -ENOSYS:
 756                        gss_msg->msg.errno = -EAGAIN;
 757                        break;
 758                default:
 759                        printk(KERN_CRIT "%s: bad return from "
 760                                "gss_fill_context: %zd\n", __func__, err);
 761                        gss_msg->msg.errno = -EIO;
 762                }
 763                goto err_release_msg;
 764        }
 765        gss_msg->ctx = gss_get_ctx(ctx);
 766        err = mlen;
 767
 768err_release_msg:
 769        spin_lock(&pipe->lock);
 770        __gss_unhash_msg(gss_msg);
 771        spin_unlock(&pipe->lock);
 772        gss_release_msg(gss_msg);
 773err_put_ctx:
 774        gss_put_ctx(ctx);
 775err:
 776        kfree(buf);
 777out:
 778        return err;
 779}
 780
 781static int gss_pipe_open(struct inode *inode, int new_version)
 782{
 783        struct net *net = inode->i_sb->s_fs_info;
 784        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 785        int ret = 0;
 786
 787        spin_lock(&pipe_version_lock);
 788        if (sn->pipe_version < 0) {
 789                /* First open of any gss pipe determines the version: */
 790                sn->pipe_version = new_version;
 791                rpc_wake_up(&pipe_version_rpc_waitqueue);
 792                wake_up(&pipe_version_waitqueue);
 793        } else if (sn->pipe_version != new_version) {
 794                /* Trying to open a pipe of a different version */
 795                ret = -EBUSY;
 796                goto out;
 797        }
 798        atomic_inc(&sn->pipe_users);
 799out:
 800        spin_unlock(&pipe_version_lock);
 801        return ret;
 802
 803}
 804
 805static int gss_pipe_open_v0(struct inode *inode)
 806{
 807        return gss_pipe_open(inode, 0);
 808}
 809
 810static int gss_pipe_open_v1(struct inode *inode)
 811{
 812        return gss_pipe_open(inode, 1);
 813}
 814
 815static void
 816gss_pipe_release(struct inode *inode)
 817{
 818        struct net *net = inode->i_sb->s_fs_info;
 819        struct rpc_pipe *pipe = RPC_I(inode)->pipe;
 820        struct gss_upcall_msg *gss_msg;
 821
 822restart:
 823        spin_lock(&pipe->lock);
 824        list_for_each_entry(gss_msg, &pipe->in_downcall, list) {
 825
 826                if (!list_empty(&gss_msg->msg.list))
 827                        continue;
 828                gss_msg->msg.errno = -EPIPE;
 829                refcount_inc(&gss_msg->count);
 830                __gss_unhash_msg(gss_msg);
 831                spin_unlock(&pipe->lock);
 832                gss_release_msg(gss_msg);
 833                goto restart;
 834        }
 835        spin_unlock(&pipe->lock);
 836
 837        put_pipe_version(net);
 838}
 839
 840static void
 841gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
 842{
 843        struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
 844
 845        if (msg->errno < 0) {
 846                refcount_inc(&gss_msg->count);
 847                gss_unhash_msg(gss_msg);
 848                if (msg->errno == -ETIMEDOUT)
 849                        warn_gssd();
 850                gss_release_msg(gss_msg);
 851        }
 852        gss_release_msg(gss_msg);
 853}
 854
 855static void gss_pipe_dentry_destroy(struct dentry *dir,
 856                struct rpc_pipe_dir_object *pdo)
 857{
 858        struct gss_pipe *gss_pipe = pdo->pdo_data;
 859        struct rpc_pipe *pipe = gss_pipe->pipe;
 860
 861        if (pipe->dentry != NULL) {
 862                rpc_unlink(pipe->dentry);
 863                pipe->dentry = NULL;
 864        }
 865}
 866
 867static int gss_pipe_dentry_create(struct dentry *dir,
 868                struct rpc_pipe_dir_object *pdo)
 869{
 870        struct gss_pipe *p = pdo->pdo_data;
 871        struct dentry *dentry;
 872
 873        dentry = rpc_mkpipe_dentry(dir, p->name, p->clnt, p->pipe);
 874        if (IS_ERR(dentry))
 875                return PTR_ERR(dentry);
 876        p->pipe->dentry = dentry;
 877        return 0;
 878}
 879
 880static const struct rpc_pipe_dir_object_ops gss_pipe_dir_object_ops = {
 881        .create = gss_pipe_dentry_create,
 882        .destroy = gss_pipe_dentry_destroy,
 883};
 884
 885static struct gss_pipe *gss_pipe_alloc(struct rpc_clnt *clnt,
 886                const char *name,
 887                const struct rpc_pipe_ops *upcall_ops)
 888{
 889        struct gss_pipe *p;
 890        int err = -ENOMEM;
 891
 892        p = kmalloc(sizeof(*p), GFP_KERNEL);
 893        if (p == NULL)
 894                goto err;
 895        p->pipe = rpc_mkpipe_data(upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
 896        if (IS_ERR(p->pipe)) {
 897                err = PTR_ERR(p->pipe);
 898                goto err_free_gss_pipe;
 899        }
 900        p->name = name;
 901        p->clnt = clnt;
 902        kref_init(&p->kref);
 903        rpc_init_pipe_dir_object(&p->pdo,
 904                        &gss_pipe_dir_object_ops,
 905                        p);
 906        return p;
 907err_free_gss_pipe:
 908        kfree(p);
 909err:
 910        return ERR_PTR(err);
 911}
 912
 913struct gss_alloc_pdo {
 914        struct rpc_clnt *clnt;
 915        const char *name;
 916        const struct rpc_pipe_ops *upcall_ops;
 917};
 918
 919static int gss_pipe_match_pdo(struct rpc_pipe_dir_object *pdo, void *data)
 920{
 921        struct gss_pipe *gss_pipe;
 922        struct gss_alloc_pdo *args = data;
 923
 924        if (pdo->pdo_ops != &gss_pipe_dir_object_ops)
 925                return 0;
 926        gss_pipe = container_of(pdo, struct gss_pipe, pdo);
 927        if (strcmp(gss_pipe->name, args->name) != 0)
 928                return 0;
 929        if (!kref_get_unless_zero(&gss_pipe->kref))
 930                return 0;
 931        return 1;
 932}
 933
 934static struct rpc_pipe_dir_object *gss_pipe_alloc_pdo(void *data)
 935{
 936        struct gss_pipe *gss_pipe;
 937        struct gss_alloc_pdo *args = data;
 938
 939        gss_pipe = gss_pipe_alloc(args->clnt, args->name, args->upcall_ops);
 940        if (!IS_ERR(gss_pipe))
 941                return &gss_pipe->pdo;
 942        return NULL;
 943}
 944
 945static struct gss_pipe *gss_pipe_get(struct rpc_clnt *clnt,
 946                const char *name,
 947                const struct rpc_pipe_ops *upcall_ops)
 948{
 949        struct net *net = rpc_net_ns(clnt);
 950        struct rpc_pipe_dir_object *pdo;
 951        struct gss_alloc_pdo args = {
 952                .clnt = clnt,
 953                .name = name,
 954                .upcall_ops = upcall_ops,
 955        };
 956
 957        pdo = rpc_find_or_alloc_pipe_dir_object(net,
 958                        &clnt->cl_pipedir_objects,
 959                        gss_pipe_match_pdo,
 960                        gss_pipe_alloc_pdo,
 961                        &args);
 962        if (pdo != NULL)
 963                return container_of(pdo, struct gss_pipe, pdo);
 964        return ERR_PTR(-ENOMEM);
 965}
 966
 967static void __gss_pipe_free(struct gss_pipe *p)
 968{
 969        struct rpc_clnt *clnt = p->clnt;
 970        struct net *net = rpc_net_ns(clnt);
 971
 972        rpc_remove_pipe_dir_object(net,
 973                        &clnt->cl_pipedir_objects,
 974                        &p->pdo);
 975        rpc_destroy_pipe_data(p->pipe);
 976        kfree(p);
 977}
 978
 979static void __gss_pipe_release(struct kref *kref)
 980{
 981        struct gss_pipe *p = container_of(kref, struct gss_pipe, kref);
 982
 983        __gss_pipe_free(p);
 984}
 985
 986static void gss_pipe_free(struct gss_pipe *p)
 987{
 988        if (p != NULL)
 989                kref_put(&p->kref, __gss_pipe_release);
 990}
 991
 992/*
 993 * NOTE: we have the opportunity to use different
 994 * parameters based on the input flavor (which must be a pseudoflavor)
 995 */
 996static struct gss_auth *
 997gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
 998{
 999        rpc_authflavor_t flavor = args->pseudoflavor;
1000        struct gss_auth *gss_auth;

1001        struct gss_pipe *gss_pipe;
1002        struct rpc_auth * auth;
1003        int err = -ENOMEM; /* XXX? */
1004
1005        if (!try_module_get(THIS_MODULE))
1006                return ERR_PTR(err);
1007        if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
1008                goto out_dec;
1009        INIT_HLIST_NODE(&gss_auth->hash);
1010        gss_auth->target_name = NULL;
1011        if (args->target_name) {
1012                gss_auth->target_name = kstrdup(args->target_name, GFP_KERNEL);
1013                if (gss_auth->target_name == NULL)
1014                        goto err_free;
1015        }
1016        gss_auth->client = clnt;
1017        gss_auth->net = get_net_track(rpc_net_ns(clnt), &gss_auth->ns_tracker,
1018                                      GFP_KERNEL);
1019        err = -EINVAL;
1020        gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
1021        if (!gss_auth->mech)
1022                goto err_put_net;
1023        gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
1024        if (gss_auth->service == 0)
1025                goto err_put_mech;
1026        if (!gssd_running(gss_auth->net))
1027                goto err_put_mech;
1028        auth = &gss_auth->rpc_auth;
1029        auth->au_cslack = GSS_CRED_SLACK >> 2;
1030        auth->au_rslack = GSS_KRB5_MAX_SLACK_NEEDED >> 2;
1031        auth->au_verfsize = GSS_VERF_SLACK >> 2;
1032        auth->au_ralign = GSS_VERF_SLACK >> 2;
1033        __set_bit(RPCAUTH_AUTH_UPDATE_SLACK, &auth->au_flags);
1034        auth->au_ops = &authgss_ops;
1035        auth->au_flavor = flavor;
1036        if (gss_pseudoflavor_to_datatouch(gss_auth->mech, flavor))
1037                __set_bit(RPCAUTH_AUTH_DATATOUCH, &auth->au_flags);
1038        refcount_set(&auth->au_count, 1);
1039        kref_init(&gss_auth->kref);
1040
1041        err = rpcauth_init_credcache(auth);
1042        if (err)
1043                goto err_put_mech;
1044        /*
1045         * Note: if we created the old pipe first, then someone who
1046         * examined the directory at the right moment might conclude
1047         * that we supported only the old pipe.  So we instead create
1048         * the new pipe first.
1049         */
1050        gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
1051        if (IS_ERR(gss_pipe)) {
1052                err = PTR_ERR(gss_pipe);
1053                goto err_destroy_credcache;
1054        }
1055        gss_auth->gss_pipe[1] = gss_pipe;
1056
1057        gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
1058                        &gss_upcall_ops_v0);
1059        if (IS_ERR(gss_pipe)) {
1060                err = PTR_ERR(gss_pipe);
1061                goto err_destroy_pipe_1;
1062        }
1063        gss_auth->gss_pipe[0] = gss_pipe;
1064
1065        return gss_auth;
1066err_destroy_pipe_1:
1067        gss_pipe_free(gss_auth->gss_pipe[1]);
1068err_destroy_credcache:
1069        rpcauth_destroy_credcache(auth);
1070err_put_mech:
1071        gss_mech_put(gss_auth->mech);
1072err_put_net:
1073        put_net_track(gss_auth->net, &gss_auth->ns_tracker);
1074err_free:
1075        kfree(gss_auth->target_name);
1076        kfree(gss_auth);
1077out_dec:
1078        module_put(THIS_MODULE);
1079        trace_rpcgss_createauth(flavor, err);
1080        return ERR_PTR(err);
1081}
1082
1083static void
1084gss_free(struct gss_auth *gss_auth)
1085{
1086        gss_pipe_free(gss_auth->gss_pipe[0]);
1087        gss_pipe_free(gss_auth->gss_pipe[1]);
1088        gss_mech_put(gss_auth->mech);
1089        put_net_track(gss_auth->net, &gss_auth->ns_tracker);
1090        kfree(gss_auth->target_name);
1091
1092        kfree(gss_auth);
1093        module_put(THIS_MODULE);
1094}
1095
1096static void
1097gss_free_callback(struct kref *kref)
1098{
1099        struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
1100
1101        gss_free(gss_auth);
1102}
1103
1104static void
1105gss_put_auth(struct gss_auth *gss_auth)
1106{
1107        kref_put(&gss_auth->kref, gss_free_callback);
1108}
1109
1110static void
1111gss_destroy(struct rpc_auth *auth)
1112{
1113        struct gss_auth *gss_auth = container_of(auth,
1114                        struct gss_auth, rpc_auth);
1115
1116        if (hash_hashed(&gss_auth->hash)) {
1117                spin_lock(&gss_auth_hash_lock);
1118                hash_del(&gss_auth->hash);
1119                spin_unlock(&gss_auth_hash_lock);
1120        }
1121
1122        gss_pipe_free(gss_auth->gss_pipe[0]);
1123        gss_auth->gss_pipe[0] = NULL;
1124        gss_pipe_free(gss_auth->gss_pipe[1]);
1125        gss_auth->gss_pipe[1] = NULL;
1126        rpcauth_destroy_credcache(auth);
1127
1128        gss_put_auth(gss_auth);
1129}
1130
1131/*
1132 * Auths may be shared between rpc clients that were cloned from a
1133 * common client with the same xprt, if they also share the flavor and
1134 * target_name.
1135 *
1136 * The auth is looked up from the oldest parent sharing the same
1137 * cl_xprt, and the auth itself references only that common parent
1138 * (which is guaranteed to last as long as any of its descendants).
1139 */
1140static struct gss_auth *
1141gss_auth_find_or_add_hashed(const struct rpc_auth_create_args *args,
1142                struct rpc_clnt *clnt,
1143                struct gss_auth *new)
1144{
1145        struct gss_auth *gss_auth;
1146        unsigned long hashval = (unsigned long)clnt;
1147
1148        spin_lock(&gss_auth_hash_lock);
1149        hash_for_each_possible(gss_auth_hash_table,
1150                        gss_auth,
1151                        hash,
1152                        hashval) {
1153                if (gss_auth->client != clnt)
1154                        continue;
1155                if (gss_auth->rpc_auth.au_flavor != args->pseudoflavor)
1156                        continue;
1157                if (gss_auth->target_name != args->target_name) {
1158                        if (gss_auth->target_name == NULL)
1159                                continue;
1160                        if (args->target_name == NULL)
1161                                continue;
1162                        if (strcmp(gss_auth->target_name, args->target_name))
1163                                continue;
1164                }
1165                if (!refcount_inc_not_zero(&gss_auth->rpc_auth.au_count))
1166                        continue;
1167                goto out;
1168        }
1169        if (new)
1170                hash_add(gss_auth_hash_table, &new->hash, hashval);
1171        gss_auth = new;
1172out:
1173        spin_unlock(&gss_auth_hash_lock);
1174        return gss_auth;
1175}
1176
1177static struct gss_auth *
1178gss_create_hashed(const struct rpc_auth_create_args *args,
1179                  struct rpc_clnt *clnt)
1180{
1181        struct gss_auth *gss_auth;
1182        struct gss_auth *new;
1183
1184        gss_auth = gss_auth_find_or_add_hashed(args, clnt, NULL);
1185        if (gss_auth != NULL)
1186                goto out;
1187        new = gss_create_new(args, clnt);
1188        if (IS_ERR(new))
1189                return new;
1190        gss_auth = gss_auth_find_or_add_hashed(args, clnt, new);
1191        if (gss_auth != new)
1192                gss_destroy(&new->rpc_auth);
1193out:
1194        return gss_auth;
1195}
1196
1197static struct rpc_auth *
1198gss_create(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
1199{
1200        struct gss_auth *gss_auth;
1201        struct rpc_xprt_switch *xps = rcu_access_pointer(clnt->cl_xpi.xpi_xpswitch);
1202
1203        while (clnt != clnt->cl_parent) {
1204                struct rpc_clnt *parent = clnt->cl_parent;
1205                /* Find the original parent for this transport */
1206                if (rcu_access_pointer(parent->cl_xpi.xpi_xpswitch) != xps)
1207                        break;
1208                clnt = parent;
1209        }
1210
1211        gss_auth = gss_create_hashed(args, clnt);
1212        if (IS_ERR(gss_auth))
1213                return ERR_CAST(gss_auth);
1214        return &gss_auth->rpc_auth;
1215}
1216
1217static struct gss_cred *
1218gss_dup_cred(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
1219{
1220        struct gss_cred *new;
1221
1222        /* Make a copy of the cred so that we can reference count it */
1223        new = kzalloc(sizeof(*gss_cred), GFP_KERNEL);
1224        if (new) {
1225                struct auth_cred acred = {
1226                        .cred = gss_cred->gc_base.cr_cred,
1227                };
1228                struct gss_cl_ctx *ctx =
1229                        rcu_dereference_protected(gss_cred->gc_ctx, 1);
1230
1231                rpcauth_init_cred(&new->gc_base, &acred,
1232                                &gss_auth->rpc_auth,
1233                                &gss_nullops);
1234                new->gc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;
1235                new->gc_service = gss_cred->gc_service;
1236                new->gc_principal = gss_cred->gc_principal;
1237                kref_get(&gss_auth->kref);
1238                rcu_assign_pointer(new->gc_ctx, ctx);
1239                gss_get_ctx(ctx);
1240        }
1241        return new;
1242}
1243
1244/*
1245 * gss_send_destroy_context will cause the RPCSEC_GSS to send a NULL RPC call
1246 * to the server with the GSS control procedure field set to
1247 * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
1248 * all RPCSEC_GSS state associated with that context.
1249 */
1250static void
1251gss_send_destroy_context(struct rpc_cred *cred)
1252{
1253        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1254        struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1255        struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1256        struct gss_cred *new;
1257        struct rpc_task *task;
1258
1259        new = gss_dup_cred(gss_auth, gss_cred);
1260        if (new) {
1261                ctx->gc_proc = RPC_GSS_PROC_DESTROY;
1262
1263                trace_rpcgss_ctx_destroy(gss_cred);
1264                task = rpc_call_null(gss_auth->client, &new->gc_base,
1265                                     RPC_TASK_ASYNC);
1266                if (!IS_ERR(task))
1267                        rpc_put_task(task);
1268
1269                put_rpccred(&new->gc_base);
1270        }
1271}
1272
1273/* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
1274 * to create a new cred or context, so they check that things have been
1275 * allocated before freeing them. */
1276static void
1277gss_do_free_ctx(struct gss_cl_ctx *ctx)
1278{
1279        gss_delete_sec_context(&ctx->gc_gss_ctx);
1280        kfree(ctx->gc_wire_ctx.data);
1281        kfree(ctx->gc_acceptor.data);
1282        kfree(ctx);
1283}
1284
1285static void
1286gss_free_ctx_callback(struct rcu_head *head)
1287{
1288        struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
1289        gss_do_free_ctx(ctx);
1290}
1291
1292static void
1293gss_free_ctx(struct gss_cl_ctx *ctx)
1294{
1295        call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
1296}
1297
1298static void
1299gss_free_cred(struct gss_cred *gss_cred)
1300{
1301        kfree(gss_cred);
1302}
1303
1304static void
1305gss_free_cred_callback(struct rcu_head *head)
1306{
1307        struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
1308        gss_free_cred(gss_cred);
1309}
1310
1311static void
1312gss_destroy_nullcred(struct rpc_cred *cred)
1313{
1314        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1315        struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1316        struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
1317
1318        RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
1319        put_cred(cred->cr_cred);
1320        call_rcu(&cred->cr_rcu, gss_free_cred_callback);
1321        if (ctx)
1322                gss_put_ctx(ctx);
1323        gss_put_auth(gss_auth);
1324}
1325
1326static void
1327gss_destroy_cred(struct rpc_cred *cred)
1328{
1329        if (test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0)
1330                gss_send_destroy_context(cred);
1331        gss_destroy_nullcred(cred);
1332}
1333
1334static int
1335gss_hash_cred(struct auth_cred *acred, unsigned int hashbits)
1336{
1337        return hash_64(from_kuid(&init_user_ns, acred->cred->fsuid), hashbits);
1338}
1339
1340/*
1341 * Lookup RPCSEC_GSS cred for the current process
1342 */
1343static struct rpc_cred *
1344gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
1345{
1346        gfp_t gfp = GFP_KERNEL;
1347
1348        if (flags & RPCAUTH_LOOKUP_ASYNC)
1349                gfp = GFP_NOWAIT | __GFP_NOWARN;
1350        return rpcauth_lookup_credcache(auth, acred, flags, gfp);
1351}
1352
1353static struct rpc_cred *
1354gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags, gfp_t gfp)
1355{
1356        struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1357        struct gss_cred *cred = NULL;
1358        int err = -ENOMEM;
1359
1360        if (!(cred = kzalloc(sizeof(*cred), gfp)))
1361                goto out_err;
1362
1363        rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
1364        /*
1365         * Note: in order to force a call to call_refresh(), we deliberately
1366         * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
1367         */
1368        cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
1369        cred->gc_service = gss_auth->service;
1370        cred->gc_principal = acred->principal;
1371        kref_get(&gss_auth->kref);
1372        return &cred->gc_base;
1373
1374out_err:
1375        return ERR_PTR(err);
1376}
1377
1378static int
1379gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
1380{
1381        struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1382        struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
1383        int err;
1384
1385        do {
1386                err = gss_create_upcall(gss_auth, gss_cred);
1387        } while (err == -EAGAIN);
1388        return err;
1389}
1390
1391static char *
1392gss_stringify_acceptor(struct rpc_cred *cred)
1393{
1394        char *string = NULL;
1395        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1396        struct gss_cl_ctx *ctx;
1397        unsigned int len;
1398        struct xdr_netobj *acceptor;
1399
1400        rcu_read_lock();
1401        ctx = rcu_dereference(gss_cred->gc_ctx);
1402        if (!ctx)
1403                goto out;
1404
1405        len = ctx->gc_acceptor.len;
1406        rcu_read_unlock();
1407
1408        /* no point if there's no string */
1409        if (!len)
1410                return NULL;
1411realloc:
1412        string = kmalloc(len + 1, GFP_KERNEL);
1413        if (!string)
1414                return NULL;
1415
1416        rcu_read_lock();
1417        ctx = rcu_dereference(gss_cred->gc_ctx);
1418
1419        /* did the ctx disappear or was it replaced by one with no acceptor? */
1420        if (!ctx || !ctx->gc_acceptor.len) {
1421                kfree(string);
1422                string = NULL;
1423                goto out;
1424        }
1425
1426        acceptor = &ctx->gc_acceptor;
1427
1428        /*
1429         * Did we find a new acceptor that's longer than the original? Allocate
1430         * a longer buffer and try again.
1431         */
1432        if (len < acceptor->len) {
1433                len = acceptor->len;
1434                rcu_read_unlock();
1435                kfree(string);
1436                goto realloc;
1437        }
1438
1439        memcpy(string, acceptor->data, acceptor->len);
1440        string[acceptor->len] = '\0';
1441out:
1442        rcu_read_unlock();
1443        return string;
1444}
1445
1446/*
1447 * Returns -EACCES if GSS context is NULL or will expire within the
1448 * timeout (miliseconds)
1449 */
1450static int
1451gss_key_timeout(struct rpc_cred *rc)
1452{
1453        struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1454        struct gss_cl_ctx *ctx;
1455        unsigned long timeout = jiffies + (gss_key_expire_timeo * HZ);
1456        int ret = 0;
1457
1458        rcu_read_lock();
1459        ctx = rcu_dereference(gss_cred->gc_ctx);
1460        if (!ctx || time_after(timeout, ctx->gc_expiry))
1461                ret = -EACCES;
1462        rcu_read_unlock();
1463
1464        return ret;
1465}
1466
1467static int
1468gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
1469{
1470        struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1471        struct gss_cl_ctx *ctx;
1472        int ret;
1473
1474        if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
1475                goto out;
1476        /* Don't match with creds that have expired. */
1477        rcu_read_lock();
1478        ctx = rcu_dereference(gss_cred->gc_ctx);
1479        if (!ctx || time_after(jiffies, ctx->gc_expiry)) {
1480                rcu_read_unlock();
1481                return 0;
1482        }
1483        rcu_read_unlock();
1484        if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
1485                return 0;
1486out:
1487        if (acred->principal != NULL) {
1488                if (gss_cred->gc_principal == NULL)
1489                        return 0;
1490                ret = strcmp(acred->principal, gss_cred->gc_principal) == 0;
1491        } else {
1492                if (gss_cred->gc_principal != NULL)
1493                        return 0;
1494                ret = uid_eq(rc->cr_cred->fsuid, acred->cred->fsuid);
1495        }
1496        return ret;
1497}
1498
1499/*
1500 * Marshal credentials.
1501 *
1502 * The expensive part is computing the verifier. We can't cache a
1503 * pre-computed version of the verifier because the seqno, which
1504 * is different every time, is included in the MIC.
1505 */
1506static int gss_marshal(struct rpc_task *task, struct xdr_stream *xdr)
1507{
1508        struct rpc_rqst *req = task->tk_rqstp;
1509        struct rpc_cred *cred = req->rq_cred;
1510        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1511                                                 gc_base);
1512        struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
1513        __be32          *p, *cred_len;
1514        u32             maj_stat = 0;
1515        struct xdr_netobj mic;
1516        struct kvec     iov;
1517        struct xdr_buf  verf_buf;
1518        int status;
1519
1520        /* Credential */
1521
1522        p = xdr_reserve_space(xdr, 7 * sizeof(*p) +
1523                              ctx->gc_wire_ctx.len);
1524        if (!p)
1525                goto marshal_failed;
1526        *p++ = rpc_auth_gss;
1527        cred_len = p++;
1528
1529        spin_lock(&ctx->gc_seq_lock);
1530        req->rq_seqno = (ctx->gc_seq < MAXSEQ) ? ctx->gc_seq++ : MAXSEQ;
1531        spin_unlock(&ctx->gc_seq_lock);
1532        if (req->rq_seqno == MAXSEQ)
1533                goto expired;
1534        trace_rpcgss_seqno(task);
1535
1536        *p++ = cpu_to_be32(RPC_GSS_VERSION);
1537        *p++ = cpu_to_be32(ctx->gc_proc);
1538        *p++ = cpu_to_be32(req->rq_seqno);
1539        *p++ = cpu_to_be32(gss_cred->gc_service);
1540        p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
1541        *cred_len = cpu_to_be32((p - (cred_len + 1)) << 2);
1542
1543        /* Verifier */
1544
1545        /* We compute the checksum for the verifier over the xdr-encoded bytes
1546         * starting with the xid and ending at the end of the credential: */
1547        iov.iov_base = req->rq_snd_buf.head[0].iov_base;
1548        iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
1549        xdr_buf_from_iov(&iov, &verf_buf);
1550
1551        p = xdr_reserve_space(xdr, sizeof(*p));
1552        if (!p)
1553                goto marshal_failed;
1554        *p++ = rpc_auth_gss;
1555        mic.data = (u8 *)(p + 1);
1556        maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1557        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1558                goto expired;
1559        else if (maj_stat != 0)
1560                goto bad_mic;
1561        if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
1562                goto marshal_failed;
1563        status = 0;
1564out:
1565        gss_put_ctx(ctx);
1566        return status;
1567expired:
1568        clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1569        status = -EKEYEXPIRED;
1570        goto out;
1571marshal_failed:
1572        status = -EMSGSIZE;
1573        goto out;
1574bad_mic:
1575        trace_rpcgss_get_mic(task, maj_stat);
1576        status = -EIO;
1577        goto out;
1578}
1579
1580static int gss_renew_cred(struct rpc_task *task)
1581{
1582        struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
1583        struct gss_cred *gss_cred = container_of(oldcred,
1584                                                 struct gss_cred,
1585                                                 gc_base);
1586        struct rpc_auth *auth = oldcred->cr_auth;
1587        struct auth_cred acred = {
1588                .cred = oldcred->cr_cred,
1589                .principal = gss_cred->gc_principal,
1590        };
1591        struct rpc_cred *new;
1592
1593        new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
1594        if (IS_ERR(new))
1595                return PTR_ERR(new);
1596
1597        task->tk_rqstp->rq_cred = new;
1598        put_rpccred(oldcred);
1599        return 0;
1600}
1601
1602static int gss_cred_is_negative_entry(struct rpc_cred *cred)
1603{
1604        if (test_bit(RPCAUTH_CRED_NEGATIVE, &cred->cr_flags)) {
1605                unsigned long now = jiffies;
1606                unsigned long begin, expire;
1607                struct gss_cred *gss_cred;
1608
1609                gss_cred = container_of(cred, struct gss_cred, gc_base);
1610                begin = gss_cred->gc_upcall_timestamp;
1611                expire = begin + gss_expired_cred_retry_delay * HZ;
1612
1613                if (time_in_range_open(now, begin, expire))
1614                        return 1;
1615        }
1616        return 0;
1617}
1618
1619/*
1620* Refresh credentials. XXX - finish
1621*/
1622static int
1623gss_refresh(struct rpc_task *task)
1624{
1625        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1626        int ret = 0;
1627
1628        if (gss_cred_is_negative_entry(cred))
1629                return -EKEYEXPIRED;
1630
1631        if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
1632                        !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
1633                ret = gss_renew_cred(task);
1634                if (ret < 0)
1635                        goto out;
1636                cred = task->tk_rqstp->rq_cred;
1637        }
1638
1639        if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
1640                ret = gss_refresh_upcall(task);
1641out:
1642        return ret;
1643}
1644
1645/* Dummy refresh routine: used only when destroying the context */
1646static int
1647gss_refresh_null(struct rpc_task *task)
1648{
1649        return 0;
1650}
1651
1652static int
1653gss_validate(struct rpc_task *task, struct xdr_stream *xdr)
1654{
1655        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1656        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1657        __be32          *p, *seq = NULL;
1658        struct kvec     iov;
1659        struct xdr_buf  verf_buf;
1660        struct xdr_netobj mic;
1661        u32             len, maj_stat;
1662        int             status;
1663
1664        p = xdr_inline_decode(xdr, 2 * sizeof(*p));
1665        if (!p)
1666                goto validate_failed;
1667        if (*p++ != rpc_auth_gss)
1668                goto validate_failed;
1669        len = be32_to_cpup(p);
1670        if (len > RPC_MAX_AUTH_SIZE)
1671                goto validate_failed;
1672        p = xdr_inline_decode(xdr, len);
1673        if (!p)
1674                goto validate_failed;
1675
1676        seq = kmalloc(4, GFP_KERNEL);
1677        if (!seq)
1678                goto validate_failed;
1679        *seq = cpu_to_be32(task->tk_rqstp->rq_seqno);
1680        iov.iov_base = seq;
1681        iov.iov_len = 4;
1682        xdr_buf_from_iov(&iov, &verf_buf);
1683        mic.data = (u8 *)p;
1684        mic.len = len;
1685        maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1686        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1687                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1688        if (maj_stat)
1689                goto bad_mic;
1690
1691        /* We leave it to unwrap to calculate au_rslack. For now we just
1692         * calculate the length of the verifier: */
1693        if (test_bit(RPCAUTH_AUTH_UPDATE_SLACK, &cred->cr_auth->au_flags))
1694                cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1695        status = 0;
1696out:
1697        gss_put_ctx(ctx);
1698        kfree(seq);
1699        return status;
1700
1701validate_failed:
1702        status = -EIO;
1703        goto out;
1704bad_mic:
1705        trace_rpcgss_verify_mic(task, maj_stat);
1706        status = -EACCES;
1707        goto out;
1708}
1709
1710static noinline_for_stack int
1711gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1712                   struct rpc_task *task, struct xdr_stream *xdr)
1713{
1714        struct rpc_rqst *rqstp = task->tk_rqstp;
1715        struct xdr_buf integ_buf, *snd_buf = &rqstp->rq_snd_buf;
1716        struct xdr_netobj mic;
1717        __be32 *p, *integ_len;
1718        u32 offset, maj_stat;
1719
1720        p = xdr_reserve_space(xdr, 2 * sizeof(*p));
1721        if (!p)
1722                goto wrap_failed;
1723        integ_len = p++;
1724        *p = cpu_to_be32(rqstp->rq_seqno);
1725
1726        if (rpcauth_wrap_req_encode(task, xdr))
1727                goto wrap_failed;
1728
1729        offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1730        if (xdr_buf_subsegment(snd_buf, &integ_buf,
1731                                offset, snd_buf->len - offset))
1732                goto wrap_failed;
1733        *integ_len = cpu_to_be32(integ_buf.len);
1734
1735        p = xdr_reserve_space(xdr, 0);
1736        if (!p)
1737                goto wrap_failed;
1738        mic.data = (u8 *)(p + 1);
1739        maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1740        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1741                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1742        else if (maj_stat)
1743                goto bad_mic;
1744        /* Check that the trailing MIC fit in the buffer, after the fact */
1745        if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
1746                goto wrap_failed;
1747        return 0;
1748wrap_failed:
1749        return -EMSGSIZE;
1750bad_mic:
1751        trace_rpcgss_get_mic(task, maj_stat);
1752        return -EIO;
1753}
1754
1755static void
1756priv_release_snd_buf(struct rpc_rqst *rqstp)
1757{
1758        int i;
1759
1760        for (i=0; i < rqstp->rq_enc_pages_num; i++)
1761                __free_page(rqstp->rq_enc_pages[i]);
1762        kfree(rqstp->rq_enc_pages);
1763        rqstp->rq_release_snd_buf = NULL;
1764}
1765
1766static int
1767alloc_enc_pages(struct rpc_rqst *rqstp)
1768{
1769        struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1770        int first, last, i;
1771
1772        if (rqstp->rq_release_snd_buf)
1773                rqstp->rq_release_snd_buf(rqstp);
1774
1775        if (snd_buf->page_len == 0) {
1776                rqstp->rq_enc_pages_num = 0;
1777                return 0;
1778        }
1779
1780        first = snd_buf->page_base >> PAGE_SHIFT;
1781        last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_SHIFT;
1782        rqstp->rq_enc_pages_num = last - first + 1 + 1;
1783        rqstp->rq_enc_pages
1784                = kmalloc_array(rqstp->rq_enc_pages_num,
1785                                sizeof(struct page *),
1786                                GFP_KERNEL);
1787        if (!rqstp->rq_enc_pages)
1788                goto out;
1789        for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1790                rqstp->rq_enc_pages[i] = alloc_page(GFP_KERNEL);
1791                if (rqstp->rq_enc_pages[i] == NULL)
1792                        goto out_free;
1793        }
1794        rqstp->rq_release_snd_buf = priv_release_snd_buf;
1795        return 0;
1796out_free:
1797        rqstp->rq_enc_pages_num = i;
1798        priv_release_snd_buf(rqstp);
1799out:
1800        return -EAGAIN;
1801}
1802
1803static noinline_for_stack int
1804gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1805                  struct rpc_task *task, struct xdr_stream *xdr)
1806{
1807        struct rpc_rqst *rqstp = task->tk_rqstp;
1808        struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1809        u32             pad, offset, maj_stat;
1810        int             status;
1811        __be32          *p, *opaque_len;
1812        struct page     **inpages;
1813        int             first;
1814        struct kvec     *iov;
1815
1816        status = -EIO;
1817        p = xdr_reserve_space(xdr, 2 * sizeof(*p));
1818        if (!p)
1819                goto wrap_failed;
1820        opaque_len = p++;
1821        *p = cpu_to_be32(rqstp->rq_seqno);
1822
1823        if (rpcauth_wrap_req_encode(task, xdr))
1824                goto wrap_failed;
1825
1826        status = alloc_enc_pages(rqstp);
1827        if (unlikely(status))
1828                goto wrap_failed;
1829        first = snd_buf->page_base >> PAGE_SHIFT;
1830        inpages = snd_buf->pages + first;
1831        snd_buf->pages = rqstp->rq_enc_pages;
1832        snd_buf->page_base -= first << PAGE_SHIFT;
1833        /*
1834         * Move the tail into its own page, in case gss_wrap needs
1835         * more space in the head when wrapping.
1836         *
1837         * Still... Why can't gss_wrap just slide the tail down?
1838         */
1839        if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1840                char *tmp;
1841
1842                tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1843                memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1844                snd_buf->tail[0].iov_base = tmp;
1845        }
1846        offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1847        maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1848        /* slack space should prevent this ever happening: */
1849        if (unlikely(snd_buf->len > snd_buf->buflen))
1850                goto wrap_failed;
1851        /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1852         * done anyway, so it's safe to put the request on the wire: */
1853        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1854                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1855        else if (maj_stat)
1856                goto bad_wrap;
1857
1858        *opaque_len = cpu_to_be32(snd_buf->len - offset);
1859        /* guess whether the pad goes into the head or the tail: */
1860        if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1861                iov = snd_buf->tail;
1862        else
1863                iov = snd_buf->head;
1864        p = iov->iov_base + iov->iov_len;
1865        pad = xdr_pad_size(snd_buf->len - offset);
1866        memset(p, 0, pad);
1867        iov->iov_len += pad;
1868        snd_buf->len += pad;
1869
1870        return 0;
1871wrap_failed:
1872        return status;
1873bad_wrap:
1874        trace_rpcgss_wrap(task, maj_stat);
1875        return -EIO;
1876}
1877
1878static int gss_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
1879{
1880        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1881        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1882                        gc_base);
1883        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1884        int status;
1885
1886        status = -EIO;
1887        if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1888                /* The spec seems a little ambiguous here, but I think that not
1889                 * wrapping context destruction requests makes the most sense.
1890                 */
1891                status = rpcauth_wrap_req_encode(task, xdr);
1892                goto out;
1893        }
1894        switch (gss_cred->gc_service) {
1895        case RPC_GSS_SVC_NONE:
1896                status = rpcauth_wrap_req_encode(task, xdr);
1897                break;
1898        case RPC_GSS_SVC_INTEGRITY:
1899                status = gss_wrap_req_integ(cred, ctx, task, xdr);
1900                break;
1901        case RPC_GSS_SVC_PRIVACY:
1902                status = gss_wrap_req_priv(cred, ctx, task, xdr);
1903                break;
1904        default:
1905                status = -EIO;
1906        }
1907out:
1908        gss_put_ctx(ctx);
1909        return status;
1910}
1911
1912/**
1913 * gss_update_rslack - Possibly update RPC receive buffer size estimates
1914 * @task: rpc_task for incoming RPC Reply being unwrapped
1915 * @cred: controlling rpc_cred for @task
1916 * @before: XDR words needed before each RPC Reply message
1917 * @after: XDR words needed following each RPC Reply message
1918 *
1919 */
1920static void gss_update_rslack(struct rpc_task *task, struct rpc_cred *cred,
1921                              unsigned int before, unsigned int after)
1922{
1923        struct rpc_auth *auth = cred->cr_auth;
1924
1925        if (test_and_clear_bit(RPCAUTH_AUTH_UPDATE_SLACK, &auth->au_flags)) {
1926                auth->au_ralign = auth->au_verfsize + before;
1927                auth->au_rslack = auth->au_verfsize + after;
1928                trace_rpcgss_update_slack(task, auth);
1929        }
1930}
1931
1932static int
1933gss_unwrap_resp_auth(struct rpc_task *task, struct rpc_cred *cred)
1934{
1935        gss_update_rslack(task, cred, 0, 0);
1936        return 0;
1937}
1938
1939/*
1940 * RFC 2203, Section 5.3.2.2
1941 *
1942 *      struct rpc_gss_integ_data {
1943 *              opaque databody_integ<>;
1944 *              opaque checksum<>;
1945 *      };
1946 *
1947 *      struct rpc_gss_data_t {
1948 *              unsigned int seq_num;
1949 *              proc_req_arg_t arg;
1950 *      };
1951 */
1952static noinline_for_stack int
1953gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred,
1954                      struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
1955                      struct xdr_stream *xdr)
1956{
1957        struct xdr_buf gss_data, *rcv_buf = &rqstp->rq_rcv_buf;
1958        u32 len, offset, seqno, maj_stat;
1959        struct xdr_netobj mic;
1960        int ret;
1961
1962        ret = -EIO;
1963        mic.data = NULL;
1964
1965        /* opaque databody_integ<>; */
1966        if (xdr_stream_decode_u32(xdr, &len))
1967                goto unwrap_failed;
1968        if (len & 3)
1969                goto unwrap_failed;
1970        offset = rcv_buf->len - xdr_stream_remaining(xdr);
1971        if (xdr_stream_decode_u32(xdr, &seqno))
1972                goto unwrap_failed;
1973        if (seqno != rqstp->rq_seqno)
1974                goto bad_seqno;
1975        if (xdr_buf_subsegment(rcv_buf, &gss_data, offset, len))
1976                goto unwrap_failed;
1977
1978        /*
1979         * The xdr_stream now points to the beginning of the
1980         * upper layer payload, to be passed below to
1981         * rpcauth_unwrap_resp_decode(). The checksum, which
1982         * follows the upper layer payload in @rcv_buf, is
1983         * located and parsed without updating the xdr_stream.
1984         */
1985
1986        /* opaque checksum<>; */
1987        offset += len;
1988        if (xdr_decode_word(rcv_buf, offset, &len))
1989                goto unwrap_failed;
1990        offset += sizeof(__be32);
1991        if (offset + len > rcv_buf->len)
1992                goto unwrap_failed;
1993        mic.len = len;
1994        mic.data = kmalloc(len, GFP_KERNEL);
1995        if (!mic.data)
1996                goto unwrap_failed;
1997        if (read_bytes_from_xdr_buf(rcv_buf, offset, mic.data, mic.len))
1998                goto unwrap_failed;
1999
2000        maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &gss_data, &mic);

2001        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
2002                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
2003        if (maj_stat != GSS_S_COMPLETE)
2004                goto bad_mic;
2005
2006        gss_update_rslack(task, cred, 2, 2 + 1 + XDR_QUADLEN(mic.len));
2007        ret = 0;
2008
2009out:
2010        kfree(mic.data);
2011        return ret;
2012
2013unwrap_failed:
2014        trace_rpcgss_unwrap_failed(task);
2015        goto out;
2016bad_seqno:
2017        trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, seqno);
2018        goto out;
2019bad_mic:
2020        trace_rpcgss_verify_mic(task, maj_stat);
2021        goto out;
2022}
2023
2024static noinline_for_stack int
2025gss_unwrap_resp_priv(struct rpc_task *task, struct rpc_cred *cred,
2026                     struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
2027                     struct xdr_stream *xdr)
2028{
2029        struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
2030        struct kvec *head = rqstp->rq_rcv_buf.head;
2031        u32 offset, opaque_len, maj_stat;
2032        __be32 *p;
2033
2034        p = xdr_inline_decode(xdr, 2 * sizeof(*p));
2035        if (unlikely(!p))
2036                goto unwrap_failed;
2037        opaque_len = be32_to_cpup(p++);
2038        offset = (u8 *)(p) - (u8 *)head->iov_base;
2039        if (offset + opaque_len > rcv_buf->len)
2040                goto unwrap_failed;
2041
2042        maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset,
2043                              offset + opaque_len, rcv_buf);
2044        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
2045                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
2046        if (maj_stat != GSS_S_COMPLETE)
2047                goto bad_unwrap;
2048        /* gss_unwrap decrypted the sequence number */
2049        if (be32_to_cpup(p++) != rqstp->rq_seqno)
2050                goto bad_seqno;
2051
2052        /* gss_unwrap redacts the opaque blob from the head iovec.
2053         * rcv_buf has changed, thus the stream needs to be reset.
2054         */
2055        xdr_init_decode(xdr, rcv_buf, p, rqstp);
2056
2057        gss_update_rslack(task, cred, 2 + ctx->gc_gss_ctx->align,
2058                          2 + ctx->gc_gss_ctx->slack);
2059
2060        return 0;
2061unwrap_failed:
2062        trace_rpcgss_unwrap_failed(task);
2063        return -EIO;
2064bad_seqno:
2065        trace_rpcgss_bad_seqno(task, rqstp->rq_seqno, be32_to_cpup(--p));
2066        return -EIO;
2067bad_unwrap:
2068        trace_rpcgss_unwrap(task, maj_stat);
2069        return -EIO;
2070}
2071
2072static bool
2073gss_seq_is_newer(u32 new, u32 old)
2074{
2075        return (s32)(new - old) > 0;
2076}
2077
2078static bool
2079gss_xmit_need_reencode(struct rpc_task *task)
2080{
2081        struct rpc_rqst *req = task->tk_rqstp;
2082        struct rpc_cred *cred = req->rq_cred;
2083        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
2084        u32 win, seq_xmit = 0;
2085        bool ret = true;
2086
2087        if (!ctx)
2088                goto out;
2089
2090        if (gss_seq_is_newer(req->rq_seqno, READ_ONCE(ctx->gc_seq)))
2091                goto out_ctx;
2092
2093        seq_xmit = READ_ONCE(ctx->gc_seq_xmit);
2094        while (gss_seq_is_newer(req->rq_seqno, seq_xmit)) {
2095                u32 tmp = seq_xmit;
2096
2097                seq_xmit = cmpxchg(&ctx->gc_seq_xmit, tmp, req->rq_seqno);
2098                if (seq_xmit == tmp) {
2099                        ret = false;
2100                        goto out_ctx;
2101                }
2102        }
2103
2104        win = ctx->gc_win;
2105        if (win > 0)
2106                ret = !gss_seq_is_newer(req->rq_seqno, seq_xmit - win);
2107
2108out_ctx:
2109        gss_put_ctx(ctx);
2110out:
2111        trace_rpcgss_need_reencode(task, seq_xmit, ret);
2112        return ret;
2113}
2114
2115static int
2116gss_unwrap_resp(struct rpc_task *task, struct xdr_stream *xdr)
2117{
2118        struct rpc_rqst *rqstp = task->tk_rqstp;
2119        struct rpc_cred *cred = rqstp->rq_cred;
2120        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
2121                        gc_base);
2122        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
2123        int status = -EIO;
2124
2125        if (ctx->gc_proc != RPC_GSS_PROC_DATA)
2126                goto out_decode;
2127        switch (gss_cred->gc_service) {
2128        case RPC_GSS_SVC_NONE:
2129                status = gss_unwrap_resp_auth(task, cred);
2130                break;
2131        case RPC_GSS_SVC_INTEGRITY:
2132                status = gss_unwrap_resp_integ(task, cred, ctx, rqstp, xdr);
2133                break;
2134        case RPC_GSS_SVC_PRIVACY:
2135                status = gss_unwrap_resp_priv(task, cred, ctx, rqstp, xdr);
2136                break;
2137        }
2138        if (status)
2139                goto out;
2140
2141out_decode:
2142        status = rpcauth_unwrap_resp_decode(task, xdr);
2143out:
2144        gss_put_ctx(ctx);
2145        return status;
2146}
2147
2148static const struct rpc_authops authgss_ops = {
2149        .owner          = THIS_MODULE,
2150        .au_flavor      = RPC_AUTH_GSS,
2151        .au_name        = "RPCSEC_GSS",
2152        .create         = gss_create,
2153        .destroy        = gss_destroy,
2154        .hash_cred      = gss_hash_cred,
2155        .lookup_cred    = gss_lookup_cred,
2156        .crcreate       = gss_create_cred,
2157        .info2flavor    = gss_mech_info2flavor,
2158        .flavor2info    = gss_mech_flavor2info,
2159};
2160
2161static const struct rpc_credops gss_credops = {
2162        .cr_name                = "AUTH_GSS",
2163        .crdestroy              = gss_destroy_cred,
2164        .cr_init                = gss_cred_init,
2165        .crmatch                = gss_match,
2166        .crmarshal              = gss_marshal,
2167        .crrefresh              = gss_refresh,
2168        .crvalidate             = gss_validate,
2169        .crwrap_req             = gss_wrap_req,
2170        .crunwrap_resp          = gss_unwrap_resp,
2171        .crkey_timeout          = gss_key_timeout,
2172        .crstringify_acceptor   = gss_stringify_acceptor,
2173        .crneed_reencode        = gss_xmit_need_reencode,
2174};
2175
2176static const struct rpc_credops gss_nullops = {
2177        .cr_name                = "AUTH_GSS",
2178        .crdestroy              = gss_destroy_nullcred,
2179        .crmatch                = gss_match,
2180        .crmarshal              = gss_marshal,
2181        .crrefresh              = gss_refresh_null,
2182        .crvalidate             = gss_validate,
2183        .crwrap_req             = gss_wrap_req,
2184        .crunwrap_resp          = gss_unwrap_resp,
2185        .crstringify_acceptor   = gss_stringify_acceptor,
2186};
2187
2188static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
2189        .upcall         = gss_v0_upcall,
2190        .downcall       = gss_pipe_downcall,
2191        .destroy_msg    = gss_pipe_destroy_msg,
2192        .open_pipe      = gss_pipe_open_v0,
2193        .release_pipe   = gss_pipe_release,
2194};
2195
2196static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
2197        .upcall         = gss_v1_upcall,
2198        .downcall       = gss_pipe_downcall,
2199        .destroy_msg    = gss_pipe_destroy_msg,
2200        .open_pipe      = gss_pipe_open_v1,
2201        .release_pipe   = gss_pipe_release,
2202};
2203
2204static __net_init int rpcsec_gss_init_net(struct net *net)
2205{
2206        return gss_svc_init_net(net);
2207}
2208
2209static __net_exit void rpcsec_gss_exit_net(struct net *net)
2210{
2211        gss_svc_shutdown_net(net);
2212}
2213
2214static struct pernet_operations rpcsec_gss_net_ops = {
2215        .init = rpcsec_gss_init_net,
2216        .exit = rpcsec_gss_exit_net,
2217};
2218
2219/*
2220 * Initialize RPCSEC_GSS module
2221 */
2222static int __init init_rpcsec_gss(void)
2223{
2224        int err = 0;
2225
2226        err = rpcauth_register(&authgss_ops);
2227        if (err)
2228                goto out;
2229        err = gss_svc_init();
2230        if (err)
2231                goto out_unregister;
2232        err = register_pernet_subsys(&rpcsec_gss_net_ops);
2233        if (err)
2234                goto out_svc_exit;
2235        rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
2236        return 0;
2237out_svc_exit:
2238        gss_svc_shutdown();
2239out_unregister:
2240        rpcauth_unregister(&authgss_ops);
2241out:
2242        return err;
2243}
2244
2245static void __exit exit_rpcsec_gss(void)
2246{
2247        unregister_pernet_subsys(&rpcsec_gss_net_ops);
2248        gss_svc_shutdown();
2249        rpcauth_unregister(&authgss_ops);
2250        rcu_barrier(); /* Wait for completion of call_rcu()'s */
2251}
2252
2253MODULE_ALIAS("rpc-auth-6");
2254MODULE_LICENSE("GPL");
2255module_param_named(expired_cred_retry_delay,
2256                   gss_expired_cred_retry_delay,
2257                   uint, 0644);
2258MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
2259                "the RPC engine retries an expired credential");
2260
2261module_param_named(key_expire_timeo,
2262                   gss_key_expire_timeo,
2263                   uint, 0644);
2264MODULE_PARM_DESC(key_expire_timeo, "Time (in seconds) at the end of a "
2265                "credential keys lifetime where the NFS layer cleans up "
2266                "prior to key expiration");
2267
2268module_init(init_rpcsec_gss)
2269module_exit(exit_rpcsec_gss)
2270
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.