Commit | Line | Data |
---|---|---|
2573a464 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1da177e4 LT |
2 | /* |
3 | * Neil Brown <neilb@cse.unsw.edu.au> | |
4 | * J. Bruce Fields <bfields@umich.edu> | |
5 | * Andy Adamson <andros@umich.edu> | |
6 | * Dug Song <dugsong@monkey.org> | |
7 | * | |
8 | * RPCSEC_GSS server authentication. | |
9 | * This implements RPCSEC_GSS as defined in rfc2203 (rpcsec_gss) and rfc2078 | |
10 | * (gssapi) | |
11 | * | |
12 | * The RPCSEC_GSS involves three stages: | |
13 | * 1/ context creation | |
14 | * 2/ data exchange | |
15 | * 3/ context destruction | |
16 | * | |
17 | * Context creation is handled largely by upcalls to user-space. | |
18 | * In particular, GSS_Accept_sec_context is handled by an upcall | |
19 | * Data exchange is handled entirely within the kernel | |
20 | * In particular, GSS_GetMIC, GSS_VerifyMIC, GSS_Seal, GSS_Unseal are in-kernel. | |
21 | * Context destruction is handled in-kernel | |
22 | * GSS_Delete_sec_context is in-kernel | |
23 | * | |
24 | * Context creation is initiated by a RPCSEC_GSS_INIT request arriving. | |
25 | * The context handle and gss_token are used as a key into the rpcsec_init cache. | |
26 | * The content of this cache includes some of the outputs of GSS_Accept_sec_context, | |
27 | * being major_status, minor_status, context_handle, reply_token. | |
28 | * These are sent back to the client. | |
29 | * Sequence window management is handled by the kernel. The window size if currently | |
30 | * a compile time constant. | |
31 | * | |
32 | * When user-space is happy that a context is established, it places an entry | |
33 | * in the rpcsec_context cache. The key for this cache is the context_handle. | |
34 | * The content includes: | |
35 | * uid/gidlist - for determining access rights | |
36 | * mechanism type | |
37 | * mechanism specific information, such as a key | |
38 | * | |
39 | */ | |
40 | ||
5a0e3ad6 | 41 | #include <linux/slab.h> |
1da177e4 LT |
42 | #include <linux/types.h> |
43 | #include <linux/module.h> | |
44 | #include <linux/pagemap.h> | |
ae2975bc | 45 | #include <linux/user_namespace.h> |
1da177e4 LT |
46 | |
47 | #include <linux/sunrpc/auth_gss.h> | |
1da177e4 LT |
48 | #include <linux/sunrpc/gss_err.h> |
49 | #include <linux/sunrpc/svcauth.h> | |
50 | #include <linux/sunrpc/svcauth_gss.h> | |
51 | #include <linux/sunrpc/cache.h> | |
4dd9daa9 | 52 | #include <linux/sunrpc/gss_krb5.h> |
ff27e9f7 CL |
53 | |
54 | #include <trace/events/rpcgss.h> | |
55 | ||
030d794b | 56 | #include "gss_rpc_upcall.h" |
1da177e4 | 57 | |
4dd9daa9 CL |
58 | /* |
59 | * Unfortunately there isn't a maximum checksum size exported via the | |
60 | * GSS API. Manufacture one based on GSS mechanisms supported by this | |
61 | * implementation. | |
62 | */ | |
63 | #define GSS_MAX_CKSUMSIZE (GSS_KRB5_TOK_HDR_LEN + GSS_KRB5_MAX_CKSUM_LEN) | |
64 | ||
65 | /* | |
66 | * This value may be increased in the future to accommodate other | |
67 | * usage of the scratch buffer. | |
68 | */ | |
69 | #define GSS_SCRATCH_SIZE GSS_MAX_CKSUMSIZE | |
70 | ||
71 | struct gss_svc_data { | |
72 | /* decoded gss client cred: */ | |
73 | struct rpc_gss_wire_cred clcred; | |
db1d6165 | 74 | u32 gsd_databody_offset; |
4dd9daa9 CL |
75 | struct rsc *rsci; |
76 | ||
77 | /* for temporary results */ | |
b2f42f1d | 78 | __be32 gsd_seq_num; |
4dd9daa9 CL |
79 | u8 gsd_scratch[GSS_SCRATCH_SIZE]; |
80 | }; | |
a1db410d | 81 | |
1da177e4 LT |
82 | /* The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests |
83 | * into replies. | |
84 | * | |
85 | * Key is context handle (\x if empty) and gss_token. | |
86 | * Content is major_status minor_status (integers) context_handle, reply_token. | |
87 | * | |
88 | */ | |
89 | ||
90 | static int netobj_equal(struct xdr_netobj *a, struct xdr_netobj *b) | |
91 | { | |
92 | return a->len == b->len && 0 == memcmp(a->data, b->data, a->len); | |
93 | } | |
94 | ||
95 | #define RSI_HASHBITS 6 | |
96 | #define RSI_HASHMAX (1<<RSI_HASHBITS) | |
1da177e4 LT |
97 | |
98 | struct rsi { | |
99 | struct cache_head h; | |
100 | struct xdr_netobj in_handle, in_token; | |
101 | struct xdr_netobj out_handle, out_token; | |
102 | int major_status, minor_status; | |
6d1616b2 | 103 | struct rcu_head rcu_head; |
1da177e4 LT |
104 | }; |
105 | ||
a1db410d SK |
106 | static struct rsi *rsi_update(struct cache_detail *cd, struct rsi *new, struct rsi *old); |
107 | static struct rsi *rsi_lookup(struct cache_detail *cd, struct rsi *item); | |
1da177e4 LT |
108 | |
109 | static void rsi_free(struct rsi *rsii) | |
110 | { | |
111 | kfree(rsii->in_handle.data); | |
112 | kfree(rsii->in_token.data); | |
113 | kfree(rsii->out_handle.data); | |
114 | kfree(rsii->out_token.data); | |
115 | } | |
116 | ||
6d1616b2 | 117 | static void rsi_free_rcu(struct rcu_head *head) |
1da177e4 | 118 | { |
6d1616b2 TM |
119 | struct rsi *rsii = container_of(head, struct rsi, rcu_head); |
120 | ||
baab935f N |
121 | rsi_free(rsii); |
122 | kfree(rsii); | |
1da177e4 LT |
123 | } |
124 | ||
6d1616b2 TM |
125 | static void rsi_put(struct kref *ref) |
126 | { | |
127 | struct rsi *rsii = container_of(ref, struct rsi, h.ref); | |
128 | ||
129 | call_rcu(&rsii->rcu_head, rsi_free_rcu); | |
130 | } | |
131 | ||
1da177e4 LT |
132 | static inline int rsi_hash(struct rsi *item) |
133 | { | |
134 | return hash_mem(item->in_handle.data, item->in_handle.len, RSI_HASHBITS) | |
135 | ^ hash_mem(item->in_token.data, item->in_token.len, RSI_HASHBITS); | |
136 | } | |
137 | ||
d4d11ea9 | 138 | static int rsi_match(struct cache_head *a, struct cache_head *b) |
1da177e4 | 139 | { |
d4d11ea9 N |
140 | struct rsi *item = container_of(a, struct rsi, h); |
141 | struct rsi *tmp = container_of(b, struct rsi, h); | |
f64f9e71 JP |
142 | return netobj_equal(&item->in_handle, &tmp->in_handle) && |
143 | netobj_equal(&item->in_token, &tmp->in_token); | |
1da177e4 LT |
144 | } |
145 | ||
146 | static int dup_to_netobj(struct xdr_netobj *dst, char *src, int len) | |
147 | { | |
148 | dst->len = len; | |
e69062b4 | 149 | dst->data = (len ? kmemdup(src, len, GFP_KERNEL) : NULL); |
1da177e4 LT |
150 | if (len && !dst->data) |
151 | return -ENOMEM; | |
152 | return 0; | |
153 | } | |
154 | ||
155 | static inline int dup_netobj(struct xdr_netobj *dst, struct xdr_netobj *src) | |
156 | { | |
157 | return dup_to_netobj(dst, src->data, src->len); | |
158 | } | |
159 | ||
d4d11ea9 | 160 | static void rsi_init(struct cache_head *cnew, struct cache_head *citem) |
1da177e4 | 161 | { |
d4d11ea9 N |
162 | struct rsi *new = container_of(cnew, struct rsi, h); |
163 | struct rsi *item = container_of(citem, struct rsi, h); | |
164 | ||
1da177e4 LT |
165 | new->out_handle.data = NULL; |
166 | new->out_handle.len = 0; | |
167 | new->out_token.data = NULL; | |
168 | new->out_token.len = 0; | |
169 | new->in_handle.len = item->in_handle.len; | |
170 | item->in_handle.len = 0; | |
171 | new->in_token.len = item->in_token.len; | |
172 | item->in_token.len = 0; | |
173 | new->in_handle.data = item->in_handle.data; | |
174 | item->in_handle.data = NULL; | |
175 | new->in_token.data = item->in_token.data; | |
176 | item->in_token.data = NULL; | |
177 | } | |
178 | ||
d4d11ea9 | 179 | static void update_rsi(struct cache_head *cnew, struct cache_head *citem) |
1da177e4 | 180 | { |
d4d11ea9 N |
181 | struct rsi *new = container_of(cnew, struct rsi, h); |
182 | struct rsi *item = container_of(citem, struct rsi, h); | |
183 | ||
1da177e4 LT |
184 | BUG_ON(new->out_handle.data || new->out_token.data); |
185 | new->out_handle.len = item->out_handle.len; | |
186 | item->out_handle.len = 0; | |
187 | new->out_token.len = item->out_token.len; | |
188 | item->out_token.len = 0; | |
189 | new->out_handle.data = item->out_handle.data; | |
190 | item->out_handle.data = NULL; | |
191 | new->out_token.data = item->out_token.data; | |
192 | item->out_token.data = NULL; | |
193 | ||
194 | new->major_status = item->major_status; | |
195 | new->minor_status = item->minor_status; | |
196 | } | |
197 | ||
d4d11ea9 N |
198 | static struct cache_head *rsi_alloc(void) |
199 | { | |
200 | struct rsi *rsii = kmalloc(sizeof(*rsii), GFP_KERNEL); | |
201 | if (rsii) | |
202 | return &rsii->h; | |
203 | else | |
204 | return NULL; | |
205 | } | |
206 | ||
65286b88 TM |
207 | static int rsi_upcall(struct cache_detail *cd, struct cache_head *h) |
208 | { | |
209 | return sunrpc_cache_pipe_upcall_timeout(cd, h); | |
210 | } | |
211 | ||
1da177e4 | 212 | static void rsi_request(struct cache_detail *cd, |
cca5172a YH |
213 | struct cache_head *h, |
214 | char **bpp, int *blen) | |
1da177e4 LT |
215 | { |
216 | struct rsi *rsii = container_of(h, struct rsi, h); | |
217 | ||
218 | qword_addhex(bpp, blen, rsii->in_handle.data, rsii->in_handle.len); | |
219 | qword_addhex(bpp, blen, rsii->in_token.data, rsii->in_token.len); | |
220 | (*bpp)[-1] = '\n'; | |
0c217d50 N |
221 | WARN_ONCE(*blen < 0, |
222 | "RPCSEC/GSS credential too large - please use gssproxy\n"); | |
1da177e4 LT |
223 | } |
224 | ||
1da177e4 | 225 | static int rsi_parse(struct cache_detail *cd, |
cca5172a | 226 | char *mesg, int mlen) |
1da177e4 LT |
227 | { |
228 | /* context token expiry major minor context token */ | |
229 | char *buf = mesg; | |
230 | char *ep; | |
231 | int len; | |
232 | struct rsi rsii, *rsip = NULL; | |
f559935e | 233 | time64_t expiry; |
1da177e4 LT |
234 | int status = -EINVAL; |
235 | ||
236 | memset(&rsii, 0, sizeof(rsii)); | |
237 | /* handle */ | |
238 | len = qword_get(&mesg, buf, mlen); | |
239 | if (len < 0) | |
240 | goto out; | |
241 | status = -ENOMEM; | |
242 | if (dup_to_netobj(&rsii.in_handle, buf, len)) | |
243 | goto out; | |
244 | ||
245 | /* token */ | |
246 | len = qword_get(&mesg, buf, mlen); | |
247 | status = -EINVAL; | |
248 | if (len < 0) | |
249 | goto out; | |
250 | status = -ENOMEM; | |
251 | if (dup_to_netobj(&rsii.in_token, buf, len)) | |
252 | goto out; | |
253 | ||
a1db410d | 254 | rsip = rsi_lookup(cd, &rsii); |
d4d11ea9 N |
255 | if (!rsip) |
256 | goto out; | |
257 | ||
1da177e4 LT |
258 | rsii.h.flags = 0; |
259 | /* expiry */ | |
cf64b9bc N |
260 | status = get_expiry(&mesg, &expiry); |
261 | if (status) | |
1da177e4 LT |
262 | goto out; |
263 | ||
cf64b9bc | 264 | status = -EINVAL; |
1da177e4 LT |
265 | /* major/minor */ |
266 | len = qword_get(&mesg, buf, mlen); | |
b39c18fc BF |
267 | if (len <= 0) |
268 | goto out; | |
269 | rsii.major_status = simple_strtoul(buf, &ep, 10); | |
270 | if (*ep) | |
271 | goto out; | |
272 | len = qword_get(&mesg, buf, mlen); | |
273 | if (len <= 0) | |
1da177e4 | 274 | goto out; |
b39c18fc BF |
275 | rsii.minor_status = simple_strtoul(buf, &ep, 10); |
276 | if (*ep) | |
1da177e4 | 277 | goto out; |
1da177e4 | 278 | |
b39c18fc BF |
279 | /* out_handle */ |
280 | len = qword_get(&mesg, buf, mlen); | |
281 | if (len < 0) | |
282 | goto out; | |
283 | status = -ENOMEM; | |
284 | if (dup_to_netobj(&rsii.out_handle, buf, len)) | |
285 | goto out; | |
1da177e4 | 286 | |
b39c18fc BF |
287 | /* out_token */ |
288 | len = qword_get(&mesg, buf, mlen); | |
289 | status = -EINVAL; | |
290 | if (len < 0) | |
291 | goto out; | |
292 | status = -ENOMEM; | |
293 | if (dup_to_netobj(&rsii.out_token, buf, len)) | |
294 | goto out; | |
1da177e4 | 295 | rsii.h.expiry_time = expiry; |
a1db410d | 296 | rsip = rsi_update(cd, &rsii, rsip); |
1da177e4 LT |
297 | status = 0; |
298 | out: | |
299 | rsi_free(&rsii); | |
300 | if (rsip) | |
a1db410d | 301 | cache_put(&rsip->h, cd); |
d4d11ea9 N |
302 | else |
303 | status = -ENOMEM; | |
1da177e4 LT |
304 | return status; |
305 | } | |
306 | ||
ee24eac3 | 307 | static const struct cache_detail rsi_cache_template = { |
f35279d3 | 308 | .owner = THIS_MODULE, |
1da177e4 | 309 | .hash_size = RSI_HASHMAX, |
1da177e4 LT |
310 | .name = "auth.rpcsec.init", |
311 | .cache_put = rsi_put, | |
65286b88 | 312 | .cache_upcall = rsi_upcall, |
73fb847a | 313 | .cache_request = rsi_request, |
1da177e4 | 314 | .cache_parse = rsi_parse, |
d4d11ea9 N |
315 | .match = rsi_match, |
316 | .init = rsi_init, | |
317 | .update = update_rsi, | |
318 | .alloc = rsi_alloc, | |
1da177e4 LT |
319 | }; |
320 | ||
a1db410d | 321 | static struct rsi *rsi_lookup(struct cache_detail *cd, struct rsi *item) |
d4d11ea9 N |
322 | { |
323 | struct cache_head *ch; | |
324 | int hash = rsi_hash(item); | |
325 | ||
6d1616b2 | 326 | ch = sunrpc_cache_lookup_rcu(cd, &item->h, hash); |
d4d11ea9 N |
327 | if (ch) |
328 | return container_of(ch, struct rsi, h); | |
329 | else | |
330 | return NULL; | |
331 | } | |
332 | ||
a1db410d | 333 | static struct rsi *rsi_update(struct cache_detail *cd, struct rsi *new, struct rsi *old) |
d4d11ea9 N |
334 | { |
335 | struct cache_head *ch; | |
336 | int hash = rsi_hash(new); | |
337 | ||
a1db410d | 338 | ch = sunrpc_cache_update(cd, &new->h, |
d4d11ea9 N |
339 | &old->h, hash); |
340 | if (ch) | |
341 | return container_of(ch, struct rsi, h); | |
342 | else | |
343 | return NULL; | |
344 | } | |
345 | ||
1da177e4 LT |
346 | |
347 | /* | |
348 | * The rpcsec_context cache is used to store a context that is | |
349 | * used in data exchange. | |
350 | * The key is a context handle. The content is: | |
351 | * uid, gidlist, mechanism, service-set, mech-specific-data | |
352 | */ | |
353 | ||
354 | #define RSC_HASHBITS 10 | |
355 | #define RSC_HASHMAX (1<<RSC_HASHBITS) | |
1da177e4 LT |
356 | |
357 | #define GSS_SEQ_WIN 128 | |
358 | ||
359 | struct gss_svc_seq_data { | |
360 | /* highest seq number seen so far: */ | |
10b9d99a | 361 | u32 sd_max; |
1da177e4 LT |
362 | /* for i such that sd_max-GSS_SEQ_WIN < i <= sd_max, the i-th bit of |
363 | * sd_win is nonzero iff sequence number i has been seen already: */ | |
364 | unsigned long sd_win[GSS_SEQ_WIN/BITS_PER_LONG]; | |
365 | spinlock_t sd_lock; | |
366 | }; | |
367 | ||
368 | struct rsc { | |
369 | struct cache_head h; | |
370 | struct xdr_netobj handle; | |
371 | struct svc_cred cred; | |
372 | struct gss_svc_seq_data seqdata; | |
373 | struct gss_ctx *mechctx; | |
6d1616b2 | 374 | struct rcu_head rcu_head; |
1da177e4 LT |
375 | }; |
376 | ||
a1db410d SK |
377 | static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct rsc *old); |
378 | static struct rsc *rsc_lookup(struct cache_detail *cd, struct rsc *item); | |
1da177e4 LT |
379 | |
380 | static void rsc_free(struct rsc *rsci) | |
381 | { | |
382 | kfree(rsci->handle.data); | |
383 | if (rsci->mechctx) | |
384 | gss_delete_sec_context(&rsci->mechctx); | |
03a4e1f6 | 385 | free_svc_cred(&rsci->cred); |
1da177e4 LT |
386 | } |
387 | ||
6d1616b2 TM |
388 | static void rsc_free_rcu(struct rcu_head *head) |
389 | { | |
390 | struct rsc *rsci = container_of(head, struct rsc, rcu_head); | |
391 | ||
392 | kfree(rsci->handle.data); | |
393 | kfree(rsci); | |
394 | } | |
395 | ||
baab935f | 396 | static void rsc_put(struct kref *ref) |
1da177e4 | 397 | { |
baab935f | 398 | struct rsc *rsci = container_of(ref, struct rsc, h.ref); |
1da177e4 | 399 | |
6d1616b2 TM |
400 | if (rsci->mechctx) |
401 | gss_delete_sec_context(&rsci->mechctx); | |
402 | free_svc_cred(&rsci->cred); | |
403 | call_rcu(&rsci->rcu_head, rsc_free_rcu); | |
1da177e4 LT |
404 | } |
405 | ||
406 | static inline int | |
407 | rsc_hash(struct rsc *rsci) | |
408 | { | |
409 | return hash_mem(rsci->handle.data, rsci->handle.len, RSC_HASHBITS); | |
410 | } | |
411 | ||
17f834b6 N |
412 | static int |
413 | rsc_match(struct cache_head *a, struct cache_head *b) | |
1da177e4 | 414 | { |
17f834b6 N |
415 | struct rsc *new = container_of(a, struct rsc, h); |
416 | struct rsc *tmp = container_of(b, struct rsc, h); | |
417 | ||
1da177e4 LT |
418 | return netobj_equal(&new->handle, &tmp->handle); |
419 | } | |
420 | ||
17f834b6 N |
421 | static void |
422 | rsc_init(struct cache_head *cnew, struct cache_head *ctmp) | |
1da177e4 | 423 | { |
17f834b6 N |
424 | struct rsc *new = container_of(cnew, struct rsc, h); |
425 | struct rsc *tmp = container_of(ctmp, struct rsc, h); | |
426 | ||
1da177e4 LT |
427 | new->handle.len = tmp->handle.len; |
428 | tmp->handle.len = 0; | |
429 | new->handle.data = tmp->handle.data; | |
430 | tmp->handle.data = NULL; | |
431 | new->mechctx = NULL; | |
44234063 | 432 | init_svc_cred(&new->cred); |
1da177e4 LT |
433 | } |
434 | ||
17f834b6 N |
435 | static void |
436 | update_rsc(struct cache_head *cnew, struct cache_head *ctmp) | |
1da177e4 | 437 | { |
17f834b6 N |
438 | struct rsc *new = container_of(cnew, struct rsc, h); |
439 | struct rsc *tmp = container_of(ctmp, struct rsc, h); | |
440 | ||
1da177e4 LT |
441 | new->mechctx = tmp->mechctx; |
442 | tmp->mechctx = NULL; | |
443 | memset(&new->seqdata, 0, sizeof(new->seqdata)); | |
444 | spin_lock_init(&new->seqdata.sd_lock); | |
445 | new->cred = tmp->cred; | |
44234063 | 446 | init_svc_cred(&tmp->cred); |
1da177e4 LT |
447 | } |
448 | ||
17f834b6 N |
449 | static struct cache_head * |
450 | rsc_alloc(void) | |
451 | { | |
452 | struct rsc *rsci = kmalloc(sizeof(*rsci), GFP_KERNEL); | |
453 | if (rsci) | |
454 | return &rsci->h; | |
455 | else | |
456 | return NULL; | |
457 | } | |
458 | ||
65286b88 TM |
459 | static int rsc_upcall(struct cache_detail *cd, struct cache_head *h) |
460 | { | |
461 | return -EINVAL; | |
462 | } | |
463 | ||
1da177e4 LT |
464 | static int rsc_parse(struct cache_detail *cd, |
465 | char *mesg, int mlen) | |
466 | { | |
467 | /* contexthandle expiry [ uid gid N <n gids> mechname ...mechdata... ] */ | |
468 | char *buf = mesg; | |
683428fa | 469 | int id; |
1da177e4 LT |
470 | int len, rv; |
471 | struct rsc rsci, *rscp = NULL; | |
294ec5b8 | 472 | time64_t expiry; |
1da177e4 | 473 | int status = -EINVAL; |
1df0cada | 474 | struct gss_api_mech *gm = NULL; |
1da177e4 LT |
475 | |
476 | memset(&rsci, 0, sizeof(rsci)); | |
477 | /* context handle */ | |
478 | len = qword_get(&mesg, buf, mlen); | |
479 | if (len < 0) goto out; | |
480 | status = -ENOMEM; | |
481 | if (dup_to_netobj(&rsci.handle, buf, len)) | |
482 | goto out; | |
483 | ||
484 | rsci.h.flags = 0; | |
485 | /* expiry */ | |
cf64b9bc N |
486 | status = get_expiry(&mesg, &expiry); |
487 | if (status) | |
1da177e4 LT |
488 | goto out; |
489 | ||
cf64b9bc | 490 | status = -EINVAL; |
a1db410d | 491 | rscp = rsc_lookup(cd, &rsci); |
17f834b6 N |
492 | if (!rscp) |
493 | goto out; | |
494 | ||
1da177e4 | 495 | /* uid, or NEGATIVE */ |
683428fa | 496 | rv = get_int(&mesg, &id); |
1da177e4 LT |
497 | if (rv == -EINVAL) |
498 | goto out; | |
499 | if (rv == -ENOENT) | |
500 | set_bit(CACHE_NEGATIVE, &rsci.h.flags); | |
501 | else { | |
502 | int N, i; | |
1da177e4 | 503 | |
3c34ae11 BF |
504 | /* |
505 | * NOTE: we skip uid_valid()/gid_valid() checks here: | |
506 | * instead, * -1 id's are later mapped to the | |
507 | * (export-specific) anonymous id by nfsd_setuser. | |
508 | * | |
509 | * (But supplementary gid's get no such special | |
510 | * treatment so are checked for validity here.) | |
511 | */ | |
683428fa | 512 | /* uid */ |
e6667c73 | 513 | rsci.cred.cr_uid = make_kuid(current_user_ns(), id); |
683428fa | 514 | |
1da177e4 | 515 | /* gid */ |
683428fa EB |
516 | if (get_int(&mesg, &id)) |
517 | goto out; | |
e6667c73 | 518 | rsci.cred.cr_gid = make_kgid(current_user_ns(), id); |
1da177e4 LT |
519 | |
520 | /* number of additional gid's */ | |
521 | if (get_int(&mesg, &N)) | |
522 | goto out; | |
76cb4be9 DC |
523 | if (N < 0 || N > NGROUPS_MAX) |
524 | goto out; | |
1da177e4 LT |
525 | status = -ENOMEM; |
526 | rsci.cred.cr_group_info = groups_alloc(N); | |
527 | if (rsci.cred.cr_group_info == NULL) | |
528 | goto out; | |
529 | ||
530 | /* gid's */ | |
531 | status = -EINVAL; | |
532 | for (i=0; i<N; i++) { | |
ae2975bc | 533 | kgid_t kgid; |
683428fa | 534 | if (get_int(&mesg, &id)) |
1da177e4 | 535 | goto out; |
e6667c73 | 536 | kgid = make_kgid(current_user_ns(), id); |
ae2975bc EB |
537 | if (!gid_valid(kgid)) |
538 | goto out; | |
81243eac | 539 | rsci.cred.cr_group_info->gid[i] = kgid; |
1da177e4 | 540 | } |
bdcf0a42 | 541 | groups_sort(rsci.cred.cr_group_info); |
1da177e4 LT |
542 | |
543 | /* mech name */ | |
544 | len = qword_get(&mesg, buf, mlen); | |
545 | if (len < 0) | |
546 | goto out; | |
0dc1531a | 547 | gm = rsci.cred.cr_gss_mech = gss_mech_get_by_name(buf); |
1da177e4 LT |
548 | status = -EOPNOTSUPP; |
549 | if (!gm) | |
550 | goto out; | |
551 | ||
552 | status = -EINVAL; | |
553 | /* mech-specific data: */ | |
554 | len = qword_get(&mesg, buf, mlen); | |
1df0cada | 555 | if (len < 0) |
1da177e4 | 556 | goto out; |
400f26b5 SS |
557 | status = gss_import_sec_context(buf, len, gm, &rsci.mechctx, |
558 | NULL, GFP_KERNEL); | |
1df0cada | 559 | if (status) |
1da177e4 | 560 | goto out; |
68e76ad0 OK |
561 | |
562 | /* get client name */ | |
563 | len = qword_get(&mesg, buf, mlen); | |
564 | if (len > 0) { | |
03a4e1f6 | 565 | rsci.cred.cr_principal = kstrdup(buf, GFP_KERNEL); |
1eb6d622 WY |
566 | if (!rsci.cred.cr_principal) { |
567 | status = -ENOMEM; | |
68e76ad0 | 568 | goto out; |
1eb6d622 | 569 | } |
68e76ad0 OK |
570 | } |
571 | ||
1da177e4 LT |
572 | } |
573 | rsci.h.expiry_time = expiry; | |
a1db410d | 574 | rscp = rsc_update(cd, &rsci, rscp); |
1da177e4 LT |
575 | status = 0; |
576 | out: | |
577 | rsc_free(&rsci); | |
578 | if (rscp) | |
a1db410d | 579 | cache_put(&rscp->h, cd); |
17f834b6 N |
580 | else |
581 | status = -ENOMEM; | |
1da177e4 LT |
582 | return status; |
583 | } | |
584 | ||
ee24eac3 | 585 | static const struct cache_detail rsc_cache_template = { |
f35279d3 | 586 | .owner = THIS_MODULE, |
1da177e4 | 587 | .hash_size = RSC_HASHMAX, |
1da177e4 LT |
588 | .name = "auth.rpcsec.context", |
589 | .cache_put = rsc_put, | |
65286b88 | 590 | .cache_upcall = rsc_upcall, |
1da177e4 | 591 | .cache_parse = rsc_parse, |
17f834b6 N |
592 | .match = rsc_match, |
593 | .init = rsc_init, | |
594 | .update = update_rsc, | |
595 | .alloc = rsc_alloc, | |
1da177e4 LT |
596 | }; |
597 | ||
a1db410d | 598 | static struct rsc *rsc_lookup(struct cache_detail *cd, struct rsc *item) |
17f834b6 N |
599 | { |
600 | struct cache_head *ch; | |
601 | int hash = rsc_hash(item); | |
602 | ||
6d1616b2 | 603 | ch = sunrpc_cache_lookup_rcu(cd, &item->h, hash); |
17f834b6 N |
604 | if (ch) |
605 | return container_of(ch, struct rsc, h); | |
606 | else | |
607 | return NULL; | |
608 | } | |
609 | ||
a1db410d | 610 | static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct rsc *old) |
17f834b6 N |
611 | { |
612 | struct cache_head *ch; | |
613 | int hash = rsc_hash(new); | |
614 | ||
a1db410d | 615 | ch = sunrpc_cache_update(cd, &new->h, |
17f834b6 N |
616 | &old->h, hash); |
617 | if (ch) | |
618 | return container_of(ch, struct rsc, h); | |
619 | else | |
620 | return NULL; | |
621 | } | |
622 | ||
1da177e4 LT |
623 | |
624 | static struct rsc * | |
a1db410d | 625 | gss_svc_searchbyctx(struct cache_detail *cd, struct xdr_netobj *handle) |
1da177e4 LT |
626 | { |
627 | struct rsc rsci; | |
628 | struct rsc *found; | |
629 | ||
630 | memset(&rsci, 0, sizeof(rsci)); | |
bf2c4b6f CL |
631 | if (dup_to_netobj(&rsci.handle, handle->data, handle->len)) |
632 | return NULL; | |
a1db410d | 633 | found = rsc_lookup(cd, &rsci); |
bf2c4b6f | 634 | rsc_free(&rsci); |
1da177e4 LT |
635 | if (!found) |
636 | return NULL; | |
a1db410d | 637 | if (cache_check(cd, &found->h, NULL)) |
1da177e4 LT |
638 | return NULL; |
639 | return found; | |
640 | } | |
641 | ||
10b9d99a CL |
642 | /** |
643 | * gss_check_seq_num - GSS sequence number window check | |
644 | * @rqstp: RPC Call to use when reporting errors | |
645 | * @rsci: cached GSS context state (updated on return) | |
646 | * @seq_num: sequence number to check | |
647 | * | |
648 | * Implements sequence number algorithm as specified in | |
649 | * RFC 2203, Section 5.3.3.1. "Context Management". | |
650 | * | |
651 | * Return values: | |
652 | * %true: @rqstp's GSS sequence number is inside the window | |
653 | * %false: @rqstp's GSS sequence number is outside the window | |
654 | */ | |
655 | static bool gss_check_seq_num(const struct svc_rqst *rqstp, struct rsc *rsci, | |
656 | u32 seq_num) | |
1da177e4 LT |
657 | { |
658 | struct gss_svc_seq_data *sd = &rsci->seqdata; | |
10b9d99a | 659 | bool result = false; |
1da177e4 LT |
660 | |
661 | spin_lock(&sd->sd_lock); | |
662 | if (seq_num > sd->sd_max) { | |
663 | if (seq_num >= sd->sd_max + GSS_SEQ_WIN) { | |
10b9d99a | 664 | memset(sd->sd_win, 0, sizeof(sd->sd_win)); |
1da177e4 LT |
665 | sd->sd_max = seq_num; |
666 | } else while (sd->sd_max < seq_num) { | |
667 | sd->sd_max++; | |
668 | __clear_bit(sd->sd_max % GSS_SEQ_WIN, sd->sd_win); | |
669 | } | |
670 | __set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win); | |
671 | goto ok; | |
2ba5acfb | 672 | } else if (seq_num + GSS_SEQ_WIN <= sd->sd_max) { |
10b9d99a | 673 | goto toolow; |
1da177e4 | 674 | } |
1da177e4 | 675 | if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win)) |
10b9d99a CL |
676 | goto alreadyseen; |
677 | ||
1da177e4 | 678 | ok: |
10b9d99a CL |
679 | result = true; |
680 | out: | |
1da177e4 | 681 | spin_unlock(&sd->sd_lock); |
10b9d99a CL |
682 | return result; |
683 | ||
684 | toolow: | |
685 | trace_rpcgss_svc_seqno_low(rqstp, seq_num, | |
686 | sd->sd_max - GSS_SEQ_WIN, | |
687 | sd->sd_max); | |
688 | goto out; | |
689 | alreadyseen: | |
690 | trace_rpcgss_svc_seqno_seen(rqstp, seq_num); | |
691 | goto out; | |
1da177e4 LT |
692 | } |
693 | ||
21fcd02b | 694 | /* |
0653028e CL |
695 | * Decode and verify a Call's verifier field. For RPC_AUTH_GSS Calls, |
696 | * the body of this field contains a variable length checksum. | |
697 | * | |
698 | * GSS-specific auth_stat values are mandated by RFC 2203 Section | |
699 | * 5.3.3.3. | |
1da177e4 LT |
700 | */ |
701 | static int | |
0653028e CL |
702 | svcauth_gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci, |
703 | __be32 *rpcstart, struct rpc_gss_wire_cred *gc) | |
1da177e4 | 704 | { |
0653028e | 705 | struct xdr_stream *xdr = &rqstp->rq_arg_stream; |
1da177e4 | 706 | struct gss_ctx *ctx_id = rsci->mechctx; |
0653028e | 707 | u32 flavor, maj_stat; |
1da177e4 LT |
708 | struct xdr_buf rpchdr; |
709 | struct xdr_netobj checksum; | |
1da177e4 LT |
710 | struct kvec iov; |
711 | ||
0653028e CL |
712 | /* |
713 | * Compute the checksum of the incoming Call from the | |
714 | * XID field to credential field: | |
715 | */ | |
1da177e4 | 716 | iov.iov_base = rpcstart; |
0653028e | 717 | iov.iov_len = (u8 *)xdr->p - (u8 *)rpcstart; |
1da177e4 LT |
718 | xdr_buf_from_iov(&iov, &rpchdr); |
719 | ||
0653028e CL |
720 | /* Call's verf field: */ |
721 | if (xdr_stream_decode_opaque_auth(xdr, &flavor, | |
722 | (void **)&checksum.data, | |
723 | &checksum.len) < 0) { | |
724 | rqstp->rq_auth_stat = rpc_autherr_badverf; | |
1da177e4 | 725 | return SVC_DENIED; |
0653028e CL |
726 | } |
727 | if (flavor != RPC_AUTH_GSS) { | |
728 | rqstp->rq_auth_stat = rpc_autherr_badverf; | |
1da177e4 | 729 | return SVC_DENIED; |
0653028e | 730 | } |
1da177e4 | 731 | |
0653028e | 732 | if (rqstp->rq_deferred) |
1da177e4 | 733 | return SVC_OK; |
0653028e CL |
734 | maj_stat = gss_verify_mic(ctx_id, &rpchdr, &checksum); |
735 | if (maj_stat != GSS_S_COMPLETE) { | |
736 | trace_rpcgss_svc_mic(rqstp, maj_stat); | |
438623a0 | 737 | rqstp->rq_auth_stat = rpcsec_gsserr_credproblem; |
1da177e4 LT |
738 | return SVC_DENIED; |
739 | } | |
740 | ||
741 | if (gc->gc_seq > MAXSEQ) { | |
10b9d99a | 742 | trace_rpcgss_svc_seqno_large(rqstp, gc->gc_seq); |
438623a0 | 743 | rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem; |
1da177e4 LT |
744 | return SVC_DENIED; |
745 | } | |
10b9d99a | 746 | if (!gss_check_seq_num(rqstp, rsci, gc->gc_seq)) |
1da177e4 | 747 | return SVC_DROP; |
1da177e4 LT |
748 | return SVC_OK; |
749 | } | |
750 | ||
b2f42f1d CL |
751 | /* |
752 | * Construct and encode a Reply's verifier field. The verifier's body | |
753 | * field contains a variable-length checksum of the GSS sequence | |
754 | * number. | |
755 | */ | |
756 | static bool | |
757 | svcauth_gss_encode_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq) | |
758 | { | |
759 | struct gss_svc_data *gsd = rqstp->rq_auth_data; | |
760 | u32 maj_stat; | |
761 | struct xdr_buf verf_data; | |
762 | struct xdr_netobj checksum; | |
763 | struct kvec iov; | |
764 | ||
765 | gsd->gsd_seq_num = cpu_to_be32(seq); | |
766 | iov.iov_base = &gsd->gsd_seq_num; | |
767 | iov.iov_len = XDR_UNIT; | |
768 | xdr_buf_from_iov(&iov, &verf_data); | |
769 | ||
770 | checksum.data = gsd->gsd_scratch; | |
771 | maj_stat = gss_get_mic(ctx_id, &verf_data, &checksum); | |
772 | if (maj_stat != GSS_S_COMPLETE) | |
773 | goto bad_mic; | |
774 | ||
775 | return xdr_stream_encode_opaque_auth(&rqstp->rq_res_stream, RPC_AUTH_GSS, | |
776 | checksum.data, checksum.len) > 0; | |
777 | ||
778 | bad_mic: | |
779 | trace_rpcgss_svc_get_mic(rqstp, maj_stat); | |
780 | return false; | |
781 | } | |
782 | ||
1da177e4 LT |
783 | struct gss_domain { |
784 | struct auth_domain h; | |
785 | u32 pseudoflavor; | |
786 | }; | |
787 | ||
788 | static struct auth_domain * | |
789 | find_gss_auth_domain(struct gss_ctx *ctx, u32 svc) | |
790 | { | |
791 | char *name; | |
792 | ||
793 | name = gss_service_to_auth_domain_name(ctx->mech_type, svc); | |
794 | if (!name) | |
795 | return NULL; | |
796 | return auth_domain_find(name); | |
797 | } | |
798 | ||
efc36aa5 N |
799 | static struct auth_ops svcauthops_gss; |
800 | ||
4796f457 BF |
801 | u32 svcauth_gss_flavor(struct auth_domain *dom) |
802 | { | |
803 | struct gss_domain *gd = container_of(dom, struct gss_domain, h); | |
804 | ||
805 | return gd->pseudoflavor; | |
806 | } | |
807 | ||
7bd88269 | 808 | EXPORT_SYMBOL_GPL(svcauth_gss_flavor); |
4796f457 | 809 | |
24c5efe4 | 810 | struct auth_domain * |
1da177e4 LT |
811 | svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name) |
812 | { | |
813 | struct gss_domain *new; | |
814 | struct auth_domain *test; | |
815 | int stat = -ENOMEM; | |
816 | ||
817 | new = kmalloc(sizeof(*new), GFP_KERNEL); | |
818 | if (!new) | |
819 | goto out; | |
efc36aa5 | 820 | kref_init(&new->h.ref); |
e69062b4 | 821 | new->h.name = kstrdup(name, GFP_KERNEL); |
1da177e4 LT |
822 | if (!new->h.name) |
823 | goto out_free_dom; | |
efc36aa5 | 824 | new->h.flavour = &svcauthops_gss; |
1da177e4 | 825 | new->pseudoflavor = pseudoflavor; |
1da177e4 | 826 | |
efc36aa5 | 827 | test = auth_domain_lookup(name, &new->h); |
d47a5dc2 N |
828 | if (test != &new->h) { |
829 | pr_warn("svc: duplicate registration of gss pseudo flavour %s.\n", | |
830 | name); | |
831 | stat = -EADDRINUSE; | |
cb276805 | 832 | auth_domain_put(test); |
24c5efe4 | 833 | goto out_free_name; |
1da177e4 | 834 | } |
24c5efe4 | 835 | return test; |
1da177e4 | 836 | |
24c5efe4 N |
837 | out_free_name: |
838 | kfree(new->h.name); | |
1da177e4 LT |
839 | out_free_dom: |
840 | kfree(new); | |
841 | out: | |
24c5efe4 | 842 | return ERR_PTR(stat); |
1da177e4 | 843 | } |
7bd88269 | 844 | EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor); |
1da177e4 | 845 | |
e14673c9 CL |
846 | /* |
847 | * RFC 2203, Section 5.3.2.2 | |
848 | * | |
849 | * struct rpc_gss_integ_data { | |
850 | * opaque databody_integ<>; | |
851 | * opaque checksum<>; | |
852 | * }; | |
853 | * | |
854 | * struct rpc_gss_data_t { | |
855 | * unsigned int seq_num; | |
856 | * proc_req_arg_t arg; | |
857 | * }; | |
858 | */ | |
b68e4c5c CL |
859 | static noinline_for_stack int |
860 | svcauth_gss_unwrap_integ(struct svc_rqst *rqstp, u32 seq, struct gss_ctx *ctx) | |
1da177e4 | 861 | { |
4dd9daa9 | 862 | struct gss_svc_data *gsd = rqstp->rq_auth_data; |
b68e4c5c CL |
863 | struct xdr_stream *xdr = &rqstp->rq_arg_stream; |
864 | u32 len, offset, seq_num, maj_stat; | |
865 | struct xdr_buf *buf = xdr->buf; | |
e14673c9 | 866 | struct xdr_buf databody_integ; |
e14673c9 | 867 | struct xdr_netobj checksum; |
1da177e4 | 868 | |
4c190e2f JL |
869 | /* Did we already verify the signature on the original pass through? */ |
870 | if (rqstp->rq_deferred) | |
871 | return 0; | |
872 | ||
b68e4c5c | 873 | if (xdr_stream_decode_u32(xdr, &len) < 0) |
10b9d99a | 874 | goto unwrap_failed; |
b68e4c5c | 875 | if (len & 3) |
10b9d99a | 876 | goto unwrap_failed; |
b68e4c5c CL |
877 | offset = xdr_stream_pos(xdr); |
878 | if (xdr_buf_subsegment(buf, &databody_integ, offset, len)) | |
10b9d99a CL |
879 | goto unwrap_failed; |
880 | ||
b68e4c5c CL |
881 | /* |
882 | * The xdr_stream now points to the @seq_num field. The next | |
883 | * XDR data item is the @arg field, which contains the clear | |
884 | * text RPC program payload. The checksum, which follows the | |
885 | * @arg field, is located and decoded without updating the | |
886 | * xdr_stream. | |
887 | */ | |
888 | ||
889 | offset += len; | |
890 | if (xdr_decode_word(buf, offset, &checksum.len)) | |
10b9d99a | 891 | goto unwrap_failed; |
e14673c9 | 892 | if (checksum.len > sizeof(gsd->gsd_scratch)) |
10b9d99a | 893 | goto unwrap_failed; |
e14673c9 | 894 | checksum.data = gsd->gsd_scratch; |
b68e4c5c CL |
895 | if (read_bytes_from_xdr_buf(buf, offset + XDR_UNIT, checksum.data, |
896 | checksum.len)) | |
10b9d99a | 897 | goto unwrap_failed; |
b68e4c5c | 898 | |
e14673c9 | 899 | maj_stat = gss_verify_mic(ctx, &databody_integ, &checksum); |
1da177e4 | 900 | if (maj_stat != GSS_S_COMPLETE) |
10b9d99a | 901 | goto bad_mic; |
b68e4c5c CL |
902 | |
903 | /* The received seqno is protected by the checksum. */ | |
904 | if (xdr_stream_decode_u32(xdr, &seq_num) < 0) | |
905 | goto unwrap_failed; | |
e14673c9 | 906 | if (seq_num != seq) |
10b9d99a | 907 | goto bad_seqno; |
b68e4c5c CL |
908 | |
909 | xdr_truncate_decode(xdr, XDR_UNIT + checksum.len); | |
4dd9daa9 | 910 | return 0; |
10b9d99a CL |
911 | |
912 | unwrap_failed: | |
913 | trace_rpcgss_svc_unwrap_failed(rqstp); | |
4dd9daa9 | 914 | return -EINVAL; |
10b9d99a | 915 | bad_seqno: |
e14673c9 | 916 | trace_rpcgss_svc_seqno_bad(rqstp, seq, seq_num); |
4dd9daa9 | 917 | return -EINVAL; |
10b9d99a CL |
918 | bad_mic: |
919 | trace_rpcgss_svc_mic(rqstp, maj_stat); | |
4dd9daa9 | 920 | return -EINVAL; |
1da177e4 LT |
921 | } |
922 | ||
f4a59e82 CL |
923 | /* |
924 | * RFC 2203, Section 5.3.2.3 | |
925 | * | |
926 | * struct rpc_gss_priv_data { | |
927 | * opaque databody_priv<> | |
928 | * }; | |
929 | * | |
930 | * struct rpc_gss_data_t { | |
931 | * unsigned int seq_num; | |
932 | * proc_req_arg_t arg; | |
933 | * }; | |
934 | */ | |
42140718 CL |
935 | static noinline_for_stack int |
936 | svcauth_gss_unwrap_priv(struct svc_rqst *rqstp, u32 seq, struct gss_ctx *ctx) | |
7c9fdcfb | 937 | { |
42140718 CL |
938 | struct xdr_stream *xdr = &rqstp->rq_arg_stream; |
939 | u32 len, maj_stat, seq_num, offset; | |
940 | struct xdr_buf *buf = xdr->buf; | |
941 | unsigned int saved_len; | |
7c9fdcfb | 942 | |
42140718 CL |
943 | if (xdr_stream_decode_u32(xdr, &len) < 0) |
944 | goto unwrap_failed; | |
7c9fdcfb BF |
945 | if (rqstp->rq_deferred) { |
946 | /* Already decrypted last time through! The sequence number | |
947 | * check at out_seq is unnecessary but harmless: */ | |
948 | goto out_seq; | |
949 | } | |
42140718 | 950 | if (len > xdr_stream_remaining(xdr)) |
10b9d99a | 951 | goto unwrap_failed; |
42140718 CL |
952 | offset = xdr_stream_pos(xdr); |
953 | ||
954 | saved_len = buf->len; | |
955 | maj_stat = gss_unwrap(ctx, offset, offset + len, buf); | |
7c9fdcfb | 956 | if (maj_stat != GSS_S_COMPLETE) |
10b9d99a | 957 | goto bad_unwrap; |
42140718 CL |
958 | xdr->nwords -= XDR_QUADLEN(saved_len - buf->len); |
959 | ||
7c9fdcfb | 960 | out_seq: |
42140718 CL |
961 | /* gss_unwrap() decrypted the sequence number. */ |
962 | if (xdr_stream_decode_u32(xdr, &seq_num) < 0) | |
963 | goto unwrap_failed; | |
f4a59e82 | 964 | if (seq_num != seq) |
10b9d99a | 965 | goto bad_seqno; |
7c9fdcfb | 966 | return 0; |
10b9d99a CL |
967 | |
968 | unwrap_failed: | |
969 | trace_rpcgss_svc_unwrap_failed(rqstp); | |
970 | return -EINVAL; | |
971 | bad_seqno: | |
f4a59e82 | 972 | trace_rpcgss_svc_seqno_bad(rqstp, seq, seq_num); |
10b9d99a CL |
973 | return -EINVAL; |
974 | bad_unwrap: | |
975 | trace_rpcgss_svc_unwrap(rqstp, maj_stat); | |
976 | return -EINVAL; | |
7c9fdcfb BF |
977 | } |
978 | ||
78c542f9 | 979 | static enum svc_auth_status |
1da177e4 LT |
980 | svcauth_gss_set_client(struct svc_rqst *rqstp) |
981 | { | |
982 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; | |
983 | struct rsc *rsci = svcdata->rsci; | |
984 | struct rpc_gss_wire_cred *gc = &svcdata->clcred; | |
3ab4d8b1 | 985 | int stat; |
1da177e4 | 986 | |
5c2465df CL |
987 | rqstp->rq_auth_stat = rpc_autherr_badcred; |
988 | ||
3ab4d8b1 BF |
989 | /* |
990 | * A gss export can be specified either by: | |
991 | * export *(sec=krb5,rw) | |
992 | * or by | |
993 | * export gss/krb5(rw) | |
994 | * The latter is deprecated; but for backwards compatibility reasons | |
995 | * the nfsd code will still fall back on trying it if the former | |
996 | * doesn't work; so we try to make both available to nfsd, below. | |
997 | */ | |
998 | rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc); | |
999 | if (rqstp->rq_gssclient == NULL) | |
1da177e4 | 1000 | return SVC_DENIED; |
3ab4d8b1 | 1001 | stat = svcauth_unix_set_client(rqstp); |
1ebede86 | 1002 | if (stat == SVC_DROP || stat == SVC_CLOSE) |
3ab4d8b1 | 1003 | return stat; |
5c2465df CL |
1004 | |
1005 | rqstp->rq_auth_stat = rpc_auth_ok; | |
1da177e4 LT |
1006 | return SVC_OK; |
1007 | } | |
1008 | ||
b2f42f1d CL |
1009 | static bool |
1010 | svcauth_gss_proc_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp, | |
1011 | struct xdr_netobj *out_handle, int *major_status, | |
1012 | u32 seq_num) | |
91a4762e | 1013 | { |
b2f42f1d | 1014 | struct xdr_stream *xdr = &rqstp->rq_res_stream; |
91a4762e | 1015 | struct rsc *rsci; |
b2f42f1d | 1016 | bool rc; |
91a4762e | 1017 | |
fc2952a2 | 1018 | if (*major_status != GSS_S_COMPLETE) |
b2f42f1d | 1019 | goto null_verifier; |
fc2952a2 | 1020 | rsci = gss_svc_searchbyctx(cd, out_handle); |
91a4762e | 1021 | if (rsci == NULL) { |
fc2952a2 | 1022 | *major_status = GSS_S_NO_CONTEXT; |
b2f42f1d | 1023 | goto null_verifier; |
91a4762e | 1024 | } |
b2f42f1d CL |
1025 | |
1026 | rc = svcauth_gss_encode_verf(rqstp, rsci->mechctx, seq_num); | |
a1db410d | 1027 | cache_put(&rsci->h, cd); |
54f9247b | 1028 | return rc; |
b2f42f1d CL |
1029 | |
1030 | null_verifier: | |
1031 | return xdr_stream_encode_opaque_auth(xdr, RPC_AUTH_NULL, NULL, 0) > 0; | |
91a4762e KC |
1032 | } |
1033 | ||
5866efa8 | 1034 | static void gss_free_in_token_pages(struct gssp_in_token *in_token) |
030d794b | 1035 | { |
5866efa8 CL |
1036 | int i; |
1037 | ||
1038 | i = 0; | |
bafa6b4d CL |
1039 | while (in_token->pages[i]) |
1040 | put_page(in_token->pages[i++]); | |
5866efa8 CL |
1041 | kfree(in_token->pages); |
1042 | in_token->pages = NULL; | |
1043 | } | |
1044 | ||
1045 | static int gss_read_proxy_verf(struct svc_rqst *rqstp, | |
438623a0 | 1046 | struct rpc_gss_wire_cred *gc, |
5866efa8 CL |
1047 | struct xdr_netobj *in_handle, |
1048 | struct gssp_in_token *in_token) | |
1049 | { | |
c020fa69 | 1050 | struct xdr_stream *xdr = &rqstp->rq_arg_stream; |
d48c8124 | 1051 | unsigned int length, pgto_offs, pgfrom_offs; |
4d51366d | 1052 | int pages, i, pgto, pgfrom; |
c020fa69 CL |
1053 | size_t to_offs, from_offs; |
1054 | u32 inlen; | |
030d794b | 1055 | |
4d51366d CL |
1056 | if (dup_netobj(in_handle, &gc->gc_ctx)) |
1057 | return SVC_CLOSE; | |
030d794b | 1058 | |
c020fa69 CL |
1059 | /* |
1060 | * RFC 2203 Section 5.2.2 | |
1061 | * | |
1062 | * struct rpc_gss_init_arg { | |
1063 | * opaque gss_token<>; | |
1064 | * }; | |
1065 | */ | |
1066 | if (xdr_stream_decode_u32(xdr, &inlen) < 0) | |
1067 | goto out_denied_free; | |
1068 | if (inlen > xdr_stream_remaining(xdr)) | |
1069 | goto out_denied_free; | |
030d794b | 1070 | |
5866efa8 CL |
1071 | pages = DIV_ROUND_UP(inlen, PAGE_SIZE); |
1072 | in_token->pages = kcalloc(pages, sizeof(struct page *), GFP_KERNEL); | |
c020fa69 CL |
1073 | if (!in_token->pages) |
1074 | goto out_denied_free; | |
5866efa8 | 1075 | in_token->page_base = 0; |
030d794b | 1076 | in_token->page_len = inlen; |
5866efa8 CL |
1077 | for (i = 0; i < pages; i++) { |
1078 | in_token->pages[i] = alloc_page(GFP_KERNEL); | |
1079 | if (!in_token->pages[i]) { | |
1080 | gss_free_in_token_pages(in_token); | |
c020fa69 | 1081 | goto out_denied_free; |
5866efa8 CL |
1082 | } |
1083 | } | |
030d794b | 1084 | |
c020fa69 CL |
1085 | length = min_t(unsigned int, inlen, (char *)xdr->end - (char *)xdr->p); |
1086 | memcpy(page_address(in_token->pages[0]), xdr->p, length); | |
5866efa8 CL |
1087 | inlen -= length; |
1088 | ||
d48c8124 MG |
1089 | to_offs = length; |
1090 | from_offs = rqstp->rq_arg.page_base; | |
5866efa8 | 1091 | while (inlen) { |
d48c8124 MG |
1092 | pgto = to_offs >> PAGE_SHIFT; |
1093 | pgfrom = from_offs >> PAGE_SHIFT; | |
1094 | pgto_offs = to_offs & ~PAGE_MASK; | |
1095 | pgfrom_offs = from_offs & ~PAGE_MASK; | |
1096 | ||
1097 | length = min_t(unsigned int, inlen, | |
1098 | min_t(unsigned int, PAGE_SIZE - pgto_offs, | |
1099 | PAGE_SIZE - pgfrom_offs)); | |
1100 | memcpy(page_address(in_token->pages[pgto]) + pgto_offs, | |
1101 | page_address(rqstp->rq_arg.pages[pgfrom]) + pgfrom_offs, | |
5866efa8 CL |
1102 | length); |
1103 | ||
d48c8124 MG |
1104 | to_offs += length; |
1105 | from_offs += length; | |
5866efa8 | 1106 | inlen -= length; |
5866efa8 | 1107 | } |
030d794b | 1108 | return 0; |
c020fa69 CL |
1109 | |
1110 | out_denied_free: | |
1111 | kfree(in_handle->data); | |
1112 | return SVC_DENIED; | |
030d794b SS |
1113 | } |
1114 | ||
b2f42f1d CL |
1115 | /* |
1116 | * RFC 2203, Section 5.2.3.1. | |
1117 | * | |
1118 | * struct rpc_gss_init_res { | |
1119 | * opaque handle<>; | |
1120 | * unsigned int gss_major; | |
1121 | * unsigned int gss_minor; | |
1122 | * unsigned int seq_window; | |
1123 | * opaque gss_token<>; | |
1124 | * }; | |
1125 | */ | |
1126 | static bool | |
1127 | svcxdr_encode_gss_init_res(struct xdr_stream *xdr, | |
1128 | struct xdr_netobj *handle, | |
1129 | struct xdr_netobj *gss_token, | |
1130 | unsigned int major_status, | |
1131 | unsigned int minor_status, u32 seq_num) | |
fc2952a2 | 1132 | { |
b2f42f1d CL |
1133 | if (xdr_stream_encode_opaque(xdr, handle->data, handle->len) < 0) |
1134 | return false; | |
1135 | if (xdr_stream_encode_u32(xdr, major_status) < 0) | |
1136 | return false; | |
1137 | if (xdr_stream_encode_u32(xdr, minor_status) < 0) | |
1138 | return false; | |
1139 | if (xdr_stream_encode_u32(xdr, seq_num) < 0) | |
1140 | return false; | |
1141 | if (xdr_stream_encode_opaque(xdr, gss_token->data, gss_token->len) < 0) | |
1142 | return false; | |
1143 | return true; | |
fc2952a2 SS |
1144 | } |
1145 | ||
1146 | /* | |
1147 | * Having read the cred already and found we're in the context | |
1148 | * initiation case, read the verifier and initiate (or check the results | |
1149 | * of) upcalls to userspace for help with context initiation. If | |
1150 | * the upcall results are available, write the verifier and result. | |
1151 | * Otherwise, drop the request pending an answer to the upcall. | |
1152 | */ | |
c020fa69 CL |
1153 | static int |
1154 | svcauth_gss_legacy_init(struct svc_rqst *rqstp, | |
1155 | struct rpc_gss_wire_cred *gc) | |
fc2952a2 | 1156 | { |
c020fa69 | 1157 | struct xdr_stream *xdr = &rqstp->rq_arg_stream; |
fc2952a2 | 1158 | struct rsi *rsip, rsikey; |
c020fa69 CL |
1159 | __be32 *p; |
1160 | u32 len; | |
fc2952a2 | 1161 | int ret; |
b8be5674 | 1162 | struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); |
fc2952a2 SS |
1163 | |
1164 | memset(&rsikey, 0, sizeof(rsikey)); | |
1cbfb921 CL |
1165 | if (dup_netobj(&rsikey.in_handle, &gc->gc_ctx)) |
1166 | return SVC_CLOSE; | |
c020fa69 CL |
1167 | |
1168 | /* | |
1169 | * RFC 2203 Section 5.2.2 | |
1170 | * | |
1171 | * struct rpc_gss_init_arg { | |
1172 | * opaque gss_token<>; | |
1173 | * }; | |
1174 | */ | |
1175 | if (xdr_stream_decode_u32(xdr, &len) < 0) { | |
1176 | kfree(rsikey.in_handle.data); | |
1177 | return SVC_DENIED; | |
1178 | } | |
1179 | p = xdr_inline_decode(xdr, len); | |
1180 | if (!p) { | |
1cbfb921 CL |
1181 | kfree(rsikey.in_handle.data); |
1182 | return SVC_DENIED; | |
1183 | } | |
c020fa69 CL |
1184 | rsikey.in_token.data = kmalloc(len, GFP_KERNEL); |
1185 | if (ZERO_OR_NULL_PTR(rsikey.in_token.data)) { | |
1cbfb921 CL |
1186 | kfree(rsikey.in_handle.data); |
1187 | return SVC_CLOSE; | |
1188 | } | |
c020fa69 CL |
1189 | memcpy(rsikey.in_token.data, p, len); |
1190 | rsikey.in_token.len = len; | |
fc2952a2 | 1191 | |
21fcd02b | 1192 | /* Perform upcall, or find upcall result: */ |
a1db410d | 1193 | rsip = rsi_lookup(sn->rsi_cache, &rsikey); |
21fcd02b BF |
1194 | rsi_free(&rsikey); |
1195 | if (!rsip) | |
1ebede86 | 1196 | return SVC_CLOSE; |
a1db410d | 1197 | if (cache_check(sn->rsi_cache, &rsip->h, &rqstp->rq_chandle) < 0) |
21fcd02b | 1198 | /* No upcall result: */ |
1ebede86 | 1199 | return SVC_CLOSE; |
2ed5282c N |
1200 | |
1201 | ret = SVC_CLOSE; | |
b2f42f1d CL |
1202 | if (!svcauth_gss_proc_init_verf(sn->rsc_cache, rqstp, &rsip->out_handle, |
1203 | &rsip->major_status, GSS_SEQ_WIN)) | |
1204 | goto out; | |
4bcf0343 | 1205 | if (!svcxdr_set_accept_stat(rqstp)) |
2ed5282c | 1206 | goto out; |
b2f42f1d CL |
1207 | if (!svcxdr_encode_gss_init_res(&rqstp->rq_res_stream, &rsip->out_handle, |
1208 | &rsip->out_token, rsip->major_status, | |
1209 | rsip->minor_status, GSS_SEQ_WIN)) | |
2ed5282c N |
1210 | goto out; |
1211 | ||
980e5a40 BF |
1212 | ret = SVC_COMPLETE; |
1213 | out: | |
a1db410d | 1214 | cache_put(&rsip->h, sn->rsi_cache); |
980e5a40 | 1215 | return ret; |
21fcd02b BF |
1216 | } |
1217 | ||
030d794b SS |
1218 | static int gss_proxy_save_rsc(struct cache_detail *cd, |
1219 | struct gssp_upcall_data *ud, | |
1220 | uint64_t *handle) | |
1221 | { | |
1222 | struct rsc rsci, *rscp = NULL; | |
1223 | static atomic64_t ctxhctr; | |
1224 | long long ctxh; | |
1225 | struct gss_api_mech *gm = NULL; | |
294ec5b8 | 1226 | time64_t expiry; |
f6260b98 | 1227 | int status; |
030d794b SS |
1228 | |
1229 | memset(&rsci, 0, sizeof(rsci)); | |
1230 | /* context handle */ | |
1231 | status = -ENOMEM; | |
1232 | /* the handle needs to be just a unique id, | |
1233 | * use a static counter */ | |
1234 | ctxh = atomic64_inc_return(&ctxhctr); | |
1235 | ||
1236 | /* make a copy for the caller */ | |
1237 | *handle = ctxh; | |
1238 | ||
1239 | /* make a copy for the rsc cache */ | |
1240 | if (dup_to_netobj(&rsci.handle, (char *)handle, sizeof(uint64_t))) | |
1241 | goto out; | |
1242 | rscp = rsc_lookup(cd, &rsci); | |
1243 | if (!rscp) | |
1244 | goto out; | |
1245 | ||
1246 | /* creds */ | |
1247 | if (!ud->found_creds) { | |
1248 | /* userspace seem buggy, we should always get at least a | |
1249 | * mapping to nobody */ | |
3be34555 | 1250 | goto out; |
030d794b | 1251 | } else { |
3d96208c | 1252 | struct timespec64 boot; |
030d794b SS |
1253 | |
1254 | /* steal creds */ | |
1255 | rsci.cred = ud->creds; | |
1256 | memset(&ud->creds, 0, sizeof(struct svc_cred)); | |
1257 | ||
1258 | status = -EOPNOTSUPP; | |
1259 | /* get mech handle from OID */ | |
1260 | gm = gss_mech_get_by_OID(&ud->mech_oid); | |
1261 | if (!gm) | |
1262 | goto out; | |
7193bd17 | 1263 | rsci.cred.cr_gss_mech = gm; |
030d794b SS |
1264 | |
1265 | status = -EINVAL; | |
1266 | /* mech-specific data: */ | |
1267 | status = gss_import_sec_context(ud->out_handle.data, | |
1268 | ud->out_handle.len, | |
1269 | gm, &rsci.mechctx, | |
1270 | &expiry, GFP_KERNEL); | |
1271 | if (status) | |
1272 | goto out; | |
3d96208c RBC |
1273 | |
1274 | getboottime64(&boot); | |
1275 | expiry -= boot.tv_sec; | |
030d794b SS |
1276 | } |
1277 | ||
1278 | rsci.h.expiry_time = expiry; | |
1279 | rscp = rsc_update(cd, &rsci, rscp); | |
1280 | status = 0; | |
1281 | out: | |
030d794b SS |
1282 | rsc_free(&rsci); |
1283 | if (rscp) | |
1284 | cache_put(&rscp->h, cd); | |
1285 | else | |
1286 | status = -ENOMEM; | |
1287 | return status; | |
1288 | } | |
1289 | ||
1290 | static int svcauth_gss_proxy_init(struct svc_rqst *rqstp, | |
438623a0 | 1291 | struct rpc_gss_wire_cred *gc) |
030d794b | 1292 | { |
030d794b SS |
1293 | struct xdr_netobj cli_handle; |
1294 | struct gssp_upcall_data ud; | |
1295 | uint64_t handle; | |
1296 | int status; | |
1297 | int ret; | |
b8be5674 | 1298 | struct net *net = SVC_NET(rqstp); |
030d794b SS |
1299 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); |
1300 | ||
1301 | memset(&ud, 0, sizeof(ud)); | |
438623a0 | 1302 | ret = gss_read_proxy_verf(rqstp, gc, &ud.in_handle, &ud.in_token); |
030d794b SS |
1303 | if (ret) |
1304 | return ret; | |
1305 | ||
1306 | ret = SVC_CLOSE; | |
1307 | ||
1308 | /* Perform synchronous upcall to gss-proxy */ | |
1309 | status = gssp_accept_sec_context_upcall(net, &ud); | |
1310 | if (status) | |
1311 | goto out; | |
1312 | ||
10b9d99a | 1313 | trace_rpcgss_svc_accept_upcall(rqstp, ud.major_status, ud.minor_status); |
030d794b SS |
1314 | |
1315 | switch (ud.major_status) { | |
1316 | case GSS_S_CONTINUE_NEEDED: | |
1317 | cli_handle = ud.out_handle; | |
1318 | break; | |
1319 | case GSS_S_COMPLETE: | |
1320 | status = gss_proxy_save_rsc(sn->rsc_cache, &ud, &handle); | |
28155524 | 1321 | if (status) |
030d794b SS |
1322 | goto out; |
1323 | cli_handle.data = (u8 *)&handle; | |
1324 | cli_handle.len = sizeof(handle); | |
1325 | break; | |
1326 | default: | |
030d794b SS |
1327 | goto out; |
1328 | } | |
1329 | ||
b2f42f1d CL |
1330 | if (!svcauth_gss_proc_init_verf(sn->rsc_cache, rqstp, &cli_handle, |
1331 | &ud.major_status, GSS_SEQ_WIN)) | |
1332 | goto out; | |
4bcf0343 | 1333 | if (!svcxdr_set_accept_stat(rqstp)) |
030d794b | 1334 | goto out; |
b2f42f1d CL |
1335 | if (!svcxdr_encode_gss_init_res(&rqstp->rq_res_stream, &cli_handle, |
1336 | &ud.out_token, ud.major_status, | |
1337 | ud.minor_status, GSS_SEQ_WIN)) | |
030d794b SS |
1338 | goto out; |
1339 | ||
1340 | ret = SVC_COMPLETE; | |
1341 | out: | |
5866efa8 | 1342 | gss_free_in_token_pages(&ud.in_token); |
030d794b SS |
1343 | gssp_free_upcall_data(&ud); |
1344 | return ret; | |
1345 | } | |
1346 | ||
0fdc2678 JL |
1347 | /* |
1348 | * Try to set the sn->use_gss_proxy variable to a new value. We only allow | |
1349 | * it to be changed if it's currently undefined (-1). If it's any other value | |
1350 | * then return -EBUSY unless the type wouldn't have changed anyway. | |
1351 | */ | |
1352 | static int set_gss_proxy(struct net *net, int type) | |
030d794b SS |
1353 | { |
1354 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
0fdc2678 | 1355 | int ret; |
030d794b | 1356 | |
0fdc2678 JL |
1357 | WARN_ON_ONCE(type != 0 && type != 1); |
1358 | ret = cmpxchg(&sn->use_gss_proxy, -1, type); | |
1359 | if (ret != -1 && ret != type) | |
1360 | return -EBUSY; | |
030d794b SS |
1361 | return 0; |
1362 | } | |
1363 | ||
0fdc2678 | 1364 | static bool use_gss_proxy(struct net *net) |
030d794b SS |
1365 | { |
1366 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
030d794b | 1367 | |
0fdc2678 JL |
1368 | /* If use_gss_proxy is still undefined, then try to disable it */ |
1369 | if (sn->use_gss_proxy == -1) | |
1370 | set_gss_proxy(net, 0); | |
1371 | return sn->use_gss_proxy; | |
030d794b SS |
1372 | } |
1373 | ||
4ac5e7a6 CL |
1374 | static noinline_for_stack int |
1375 | svcauth_gss_proc_init(struct svc_rqst *rqstp, struct rpc_gss_wire_cred *gc) | |
1376 | { | |
c020fa69 CL |
1377 | struct xdr_stream *xdr = &rqstp->rq_arg_stream; |
1378 | u32 flavor, len; | |
1379 | void *body; | |
20ebe927 | 1380 | |
c020fa69 CL |
1381 | /* Call's verf field: */ |
1382 | if (xdr_stream_decode_opaque_auth(xdr, &flavor, &body, &len) < 0) | |
1383 | return SVC_GARBAGE; | |
1384 | if (flavor != RPC_AUTH_NULL || len != 0) { | |
1385 | rqstp->rq_auth_stat = rpc_autherr_badverf; | |
20ebe927 | 1386 | return SVC_DENIED; |
c020fa69 | 1387 | } |
20ebe927 CL |
1388 | |
1389 | if (gc->gc_proc == RPC_GSS_PROC_INIT && gc->gc_ctx.len != 0) { | |
1390 | rqstp->rq_auth_stat = rpc_autherr_badcred; | |
1391 | return SVC_DENIED; | |
1392 | } | |
1393 | ||
4ac5e7a6 CL |
1394 | if (!use_gss_proxy(SVC_NET(rqstp))) |
1395 | return svcauth_gss_legacy_init(rqstp, gc); | |
1396 | return svcauth_gss_proxy_init(rqstp, gc); | |
1397 | } | |
1398 | ||
0fdc2678 JL |
1399 | #ifdef CONFIG_PROC_FS |
1400 | ||
030d794b SS |
1401 | static ssize_t write_gssp(struct file *file, const char __user *buf, |
1402 | size_t count, loff_t *ppos) | |
1403 | { | |
359745d7 | 1404 | struct net *net = pde_data(file_inode(file)); |
030d794b SS |
1405 | char tbuf[20]; |
1406 | unsigned long i; | |
1407 | int res; | |
1408 | ||
1409 | if (*ppos || count > sizeof(tbuf)-1) | |
1410 | return -EINVAL; | |
1411 | if (copy_from_user(tbuf, buf, count)) | |
1412 | return -EFAULT; | |
1413 | ||
1414 | tbuf[count] = 0; | |
1415 | res = kstrtoul(tbuf, 0, &i); | |
1416 | if (res) | |
1417 | return res; | |
1418 | if (i != 1) | |
1419 | return -EINVAL; | |
a92e5eb1 | 1420 | res = set_gssp_clnt(net); |
030d794b SS |
1421 | if (res) |
1422 | return res; | |
a92e5eb1 | 1423 | res = set_gss_proxy(net, 1); |
030d794b SS |
1424 | if (res) |
1425 | return res; | |
1426 | return count; | |
1427 | } | |
1428 | ||
1429 | static ssize_t read_gssp(struct file *file, char __user *buf, | |
1430 | size_t count, loff_t *ppos) | |
1431 | { | |
359745d7 | 1432 | struct net *net = pde_data(file_inode(file)); |
1654a04c | 1433 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); |
030d794b SS |
1434 | unsigned long p = *ppos; |
1435 | char tbuf[10]; | |
1436 | size_t len; | |
030d794b | 1437 | |
1654a04c | 1438 | snprintf(tbuf, sizeof(tbuf), "%d\n", sn->use_gss_proxy); |
030d794b SS |
1439 | len = strlen(tbuf); |
1440 | if (p >= len) | |
1441 | return 0; | |
1442 | len -= p; | |
1443 | if (len > count) | |
1444 | len = count; | |
1445 | if (copy_to_user(buf, (void *)(tbuf+p), len)) | |
1446 | return -EFAULT; | |
1447 | *ppos += len; | |
1448 | return len; | |
1449 | } | |
1450 | ||
97a32539 AD |
1451 | static const struct proc_ops use_gss_proxy_proc_ops = { |
1452 | .proc_open = nonseekable_open, | |
1453 | .proc_write = write_gssp, | |
1454 | .proc_read = read_gssp, | |
030d794b SS |
1455 | }; |
1456 | ||
1457 | static int create_use_gss_proxy_proc_entry(struct net *net) | |
1458 | { | |
1459 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1460 | struct proc_dir_entry **p = &sn->use_gssp_proc; | |
1461 | ||
1462 | sn->use_gss_proxy = -1; | |
d6444062 | 1463 | *p = proc_create_data("use-gss-proxy", S_IFREG | 0600, |
030d794b | 1464 | sn->proc_net_rpc, |
97a32539 | 1465 | &use_gss_proxy_proc_ops, net); |
030d794b SS |
1466 | if (!*p) |
1467 | return -ENOMEM; | |
1468 | init_gssp_clnt(sn); | |
1469 | return 0; | |
1470 | } | |
1471 | ||
1472 | static void destroy_use_gss_proxy_proc_entry(struct net *net) | |
1473 | { | |
1474 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1475 | ||
1476 | if (sn->use_gssp_proc) { | |
8fdee4cc | 1477 | remove_proc_entry("use-gss-proxy", sn->proc_net_rpc); |
030d794b SS |
1478 | clear_gssp_clnt(sn); |
1479 | } | |
1480 | } | |
bdb12fb1 CL |
1481 | |
1482 | static ssize_t read_gss_krb5_enctypes(struct file *file, char __user *buf, | |
1483 | size_t count, loff_t *ppos) | |
1484 | { | |
1485 | struct rpcsec_gss_oid oid = { | |
1486 | .len = 9, | |
1487 | .data = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02", | |
1488 | }; | |
1489 | struct gss_api_mech *mech; | |
1490 | ssize_t ret; | |
1491 | ||
1492 | mech = gss_mech_get_by_OID(&oid); | |
1493 | if (!mech) | |
1494 | return 0; | |
1495 | if (!mech->gm_upcall_enctypes) { | |
1496 | gss_mech_put(mech); | |
1497 | return 0; | |
1498 | } | |
1499 | ||
1500 | ret = simple_read_from_buffer(buf, count, ppos, | |
1501 | mech->gm_upcall_enctypes, | |
1502 | strlen(mech->gm_upcall_enctypes)); | |
1503 | gss_mech_put(mech); | |
1504 | return ret; | |
1505 | } | |
1506 | ||
1507 | static const struct proc_ops gss_krb5_enctypes_proc_ops = { | |
1508 | .proc_open = nonseekable_open, | |
1509 | .proc_read = read_gss_krb5_enctypes, | |
1510 | }; | |
1511 | ||
1512 | static int create_krb5_enctypes_proc_entry(struct net *net) | |
1513 | { | |
1514 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1515 | ||
2172e84e CL |
1516 | sn->gss_krb5_enctypes = |
1517 | proc_create_data("gss_krb5_enctypes", S_IFREG | 0444, | |
1518 | sn->proc_net_rpc, &gss_krb5_enctypes_proc_ops, | |
1519 | net); | |
1520 | return sn->gss_krb5_enctypes ? 0 : -ENOMEM; | |
bdb12fb1 CL |
1521 | } |
1522 | ||
1523 | static void destroy_krb5_enctypes_proc_entry(struct net *net) | |
1524 | { | |
1525 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1526 | ||
2172e84e CL |
1527 | if (sn->gss_krb5_enctypes) |
1528 | remove_proc_entry("gss_krb5_enctypes", sn->proc_net_rpc); | |
bdb12fb1 CL |
1529 | } |
1530 | ||
0ff3bab5 BF |
1531 | #else /* CONFIG_PROC_FS */ |
1532 | ||
1533 | static int create_use_gss_proxy_proc_entry(struct net *net) | |
1534 | { | |
1535 | return 0; | |
1536 | } | |
1537 | ||
1538 | static void destroy_use_gss_proxy_proc_entry(struct net *net) {} | |
030d794b | 1539 | |
bdb12fb1 CL |
1540 | static int create_krb5_enctypes_proc_entry(struct net *net) |
1541 | { | |
1542 | return 0; | |
1543 | } | |
1544 | ||
1545 | static void destroy_krb5_enctypes_proc_entry(struct net *net) {} | |
1546 | ||
030d794b SS |
1547 | #endif /* CONFIG_PROC_FS */ |
1548 | ||
1da177e4 | 1549 | /* |
b0bc5347 CL |
1550 | * The Call's credential body should contain a struct rpc_gss_cred_t. |
1551 | * | |
1552 | * RFC 2203 Section 5 | |
1553 | * | |
1554 | * struct rpc_gss_cred_t { | |
1555 | * union switch (unsigned int version) { | |
1556 | * case RPCSEC_GSS_VERS_1: | |
1557 | * struct { | |
1558 | * rpc_gss_proc_t gss_proc; | |
1559 | * unsigned int seq_num; | |
1560 | * rpc_gss_service_t service; | |
1561 | * opaque handle<>; | |
1562 | * } rpc_gss_cred_vers_1_t; | |
1563 | * } | |
1564 | * }; | |
1565 | */ | |
1566 | static bool | |
1567 | svcauth_gss_decode_credbody(struct xdr_stream *xdr, | |
1568 | struct rpc_gss_wire_cred *gc, | |
1569 | __be32 **rpcstart) | |
1570 | { | |
1571 | ssize_t handle_len; | |
1572 | u32 body_len; | |
1573 | __be32 *p; | |
1574 | ||
1575 | p = xdr_inline_decode(xdr, XDR_UNIT); | |
1576 | if (!p) | |
1577 | return false; | |
1578 | /* | |
1579 | * start of rpc packet is 7 u32's back from here: | |
1580 | * xid direction rpcversion prog vers proc flavour | |
1581 | */ | |
1582 | *rpcstart = p - 7; | |
1583 | body_len = be32_to_cpup(p); | |
1584 | if (body_len > RPC_MAX_AUTH_SIZE) | |
1585 | return false; | |
1586 | ||
1587 | /* struct rpc_gss_cred_t */ | |
1588 | if (xdr_stream_decode_u32(xdr, &gc->gc_v) < 0) | |
1589 | return false; | |
1590 | if (xdr_stream_decode_u32(xdr, &gc->gc_proc) < 0) | |
1591 | return false; | |
1592 | if (xdr_stream_decode_u32(xdr, &gc->gc_seq) < 0) | |
1593 | return false; | |
1594 | if (xdr_stream_decode_u32(xdr, &gc->gc_svc) < 0) | |
1595 | return false; | |
1596 | handle_len = xdr_stream_decode_opaque_inline(xdr, | |
1597 | (void **)&gc->gc_ctx.data, | |
1598 | body_len); | |
1599 | if (handle_len < 0) | |
1600 | return false; | |
1601 | if (body_len != XDR_UNIT * 5 + xdr_align_size(handle_len)) | |
1602 | return false; | |
1603 | ||
1604 | gc->gc_ctx.len = handle_len; | |
1605 | return true; | |
1606 | } | |
1607 | ||
1608 | /** | |
1609 | * svcauth_gss_accept - Decode and validate incoming RPC_AUTH_GSS credential | |
1610 | * @rqstp: RPC transaction | |
1611 | * | |
1612 | * Return values: | |
1613 | * %SVC_OK: Success | |
1614 | * %SVC_COMPLETE: GSS context lifetime event | |
1615 | * %SVC_DENIED: Credential or verifier is not valid | |
1616 | * %SVC_GARBAGE: Failed to decode credential or verifier | |
1617 | * %SVC_CLOSE: Temporary failure | |
1618 | * | |
1619 | * The rqstp->rq_auth_stat field is also set (see RFCs 2203 and 5531). | |
1da177e4 | 1620 | */ |
78c542f9 | 1621 | static enum svc_auth_status |
438623a0 | 1622 | svcauth_gss_accept(struct svc_rqst *rqstp) |
1da177e4 | 1623 | { |
1da177e4 | 1624 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; |
b0bc5347 | 1625 | __be32 *rpcstart; |
1da177e4 LT |
1626 | struct rpc_gss_wire_cred *gc; |
1627 | struct rsc *rsci = NULL; | |
1da177e4 | 1628 | int ret; |
b8be5674 | 1629 | struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); |
1da177e4 | 1630 | |
438623a0 | 1631 | rqstp->rq_auth_stat = rpc_autherr_badcred; |
1da177e4 LT |
1632 | if (!svcdata) |
1633 | svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL); | |
1634 | if (!svcdata) | |
1635 | goto auth_err; | |
1636 | rqstp->rq_auth_data = svcdata; | |
db1d6165 | 1637 | svcdata->gsd_databody_offset = 0; |
1da177e4 LT |
1638 | svcdata->rsci = NULL; |
1639 | gc = &svcdata->clcred; | |
1640 | ||
b0bc5347 | 1641 | if (!svcauth_gss_decode_credbody(&rqstp->rq_arg_stream, gc, &rpcstart)) |
1da177e4 | 1642 | goto auth_err; |
b0bc5347 | 1643 | if (gc->gc_v != RPC_GSS_VERSION) |
1da177e4 | 1644 | goto auth_err; |
6734706b | 1645 | |
1da177e4 LT |
1646 | switch (gc->gc_proc) { |
1647 | case RPC_GSS_PROC_INIT: | |
1648 | case RPC_GSS_PROC_CONTINUE_INIT: | |
6734706b CL |
1649 | if (rqstp->rq_proc != 0) |
1650 | goto auth_err; | |
4ac5e7a6 | 1651 | return svcauth_gss_proc_init(rqstp, gc); |
1da177e4 | 1652 | case RPC_GSS_PROC_DESTROY: |
6734706b CL |
1653 | if (rqstp->rq_proc != 0) |
1654 | goto auth_err; | |
1655 | fallthrough; | |
1656 | case RPC_GSS_PROC_DATA: | |
438623a0 | 1657 | rqstp->rq_auth_stat = rpcsec_gsserr_credproblem; |
a1db410d | 1658 | rsci = gss_svc_searchbyctx(sn->rsc_cache, &gc->gc_ctx); |
1da177e4 LT |
1659 | if (!rsci) |
1660 | goto auth_err; | |
0653028e | 1661 | switch (svcauth_gss_verify_header(rqstp, rsci, rpcstart, gc)) { |
1da177e4 LT |
1662 | case SVC_OK: |
1663 | break; | |
1664 | case SVC_DENIED: | |
1665 | goto auth_err; | |
1666 | case SVC_DROP: | |
1667 | goto drop; | |
1668 | } | |
1669 | break; | |
1670 | default: | |
6734706b CL |
1671 | if (rqstp->rq_proc != 0) |
1672 | goto auth_err; | |
438623a0 | 1673 | rqstp->rq_auth_stat = rpc_autherr_rejectedcred; |
1da177e4 LT |
1674 | goto auth_err; |
1675 | } | |
1676 | ||
1677 | /* now act upon the command: */ | |
1678 | switch (gc->gc_proc) { | |
1da177e4 | 1679 | case RPC_GSS_PROC_DESTROY: |
72a1e53a | 1680 | if (!svcauth_gss_encode_verf(rqstp, rsci->mechctx, gc->gc_seq)) |
c5e434c9 | 1681 | goto auth_err; |
4bcf0343 CL |
1682 | if (!svcxdr_set_accept_stat(rqstp)) |
1683 | goto auth_err; | |
2b477c00 NB |
1684 | /* Delete the entry from the cache_list and call cache_put */ |
1685 | sunrpc_cache_unhash(sn->rsc_cache, &rsci->h); | |
1da177e4 LT |
1686 | goto complete; |
1687 | case RPC_GSS_PROC_DATA: | |
438623a0 | 1688 | rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem; |
72a1e53a | 1689 | if (!svcauth_gss_encode_verf(rqstp, rsci->mechctx, gc->gc_seq)) |
1da177e4 | 1690 | goto auth_err; |
4bcf0343 CL |
1691 | if (!svcxdr_set_accept_stat(rqstp)) |
1692 | goto auth_err; | |
db1d6165 | 1693 | svcdata->gsd_databody_offset = xdr_stream_pos(&rqstp->rq_res_stream); |
1da177e4 LT |
1694 | rqstp->rq_cred = rsci->cred; |
1695 | get_group_info(rsci->cred.cr_group_info); | |
438623a0 | 1696 | rqstp->rq_auth_stat = rpc_autherr_badcred; |
1da177e4 LT |
1697 | switch (gc->gc_svc) { |
1698 | case RPC_GSS_SVC_NONE: | |
1699 | break; | |
1700 | case RPC_GSS_SVC_INTEGRITY: | |
7bb0dfb2 CL |
1701 | /* placeholders for body length and seq. number: */ |
1702 | xdr_reserve_space(&rqstp->rq_res_stream, XDR_UNIT * 2); | |
b68e4c5c CL |
1703 | if (svcauth_gss_unwrap_integ(rqstp, gc->gc_seq, |
1704 | rsci->mechctx)) | |
dd35210e | 1705 | goto garbage_args; |
7bb0dfb2 | 1706 | svcxdr_set_auth_slack(rqstp, RPC_MAX_AUTH_SIZE); |
b620754b BF |
1707 | break; |
1708 | case RPC_GSS_SVC_PRIVACY: | |
7bb0dfb2 CL |
1709 | /* placeholders for body length and seq. number: */ |
1710 | xdr_reserve_space(&rqstp->rq_res_stream, XDR_UNIT * 2); | |
42140718 CL |
1711 | if (svcauth_gss_unwrap_priv(rqstp, gc->gc_seq, |
1712 | rsci->mechctx)) | |
dd35210e | 1713 | goto garbage_args; |
7bb0dfb2 | 1714 | svcxdr_set_auth_slack(rqstp, RPC_MAX_AUTH_SIZE * 2); |
7c9fdcfb | 1715 | break; |
1da177e4 LT |
1716 | default: |
1717 | goto auth_err; | |
1718 | } | |
1719 | svcdata->rsci = rsci; | |
1720 | cache_get(&rsci->h); | |
d5497fc6 | 1721 | rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor( |
83523d08 CL |
1722 | rsci->mechctx->mech_type, |
1723 | GSS_C_QOP_DEFAULT, | |
1724 | gc->gc_svc); | |
1da177e4 | 1725 | ret = SVC_OK; |
10b9d99a | 1726 | trace_rpcgss_svc_authenticate(rqstp, gc); |
1da177e4 LT |
1727 | goto out; |
1728 | } | |
dd35210e | 1729 | garbage_args: |
dd35210e HJ |
1730 | ret = SVC_GARBAGE; |
1731 | goto out; | |
1da177e4 | 1732 | auth_err: |
72a1e53a | 1733 | xdr_truncate_encode(&rqstp->rq_res_stream, XDR_UNIT * 2); |
1da177e4 LT |
1734 | ret = SVC_DENIED; |
1735 | goto out; | |
1736 | complete: | |
1737 | ret = SVC_COMPLETE; | |
1738 | goto out; | |
1739 | drop: | |
4d712ef1 | 1740 | ret = SVC_CLOSE; |
1da177e4 LT |
1741 | out: |
1742 | if (rsci) | |
a1db410d | 1743 | cache_put(&rsci->h, sn->rsc_cache); |
1da177e4 LT |
1744 | return ret; |
1745 | } | |
1746 | ||
db1d6165 | 1747 | static u32 |
99d074d6 | 1748 | svcauth_gss_prepare_to_wrap(struct svc_rqst *rqstp, struct gss_svc_data *gsd) |
3c15a486 | 1749 | { |
db1d6165 | 1750 | u32 offset; |
3c15a486 | 1751 | |
db1d6165 CL |
1752 | /* Release can be called twice, but we only wrap once. */ |
1753 | offset = gsd->gsd_databody_offset; | |
1754 | gsd->gsd_databody_offset = 0; | |
5b304bc5 | 1755 | |
99d074d6 CL |
1756 | /* AUTH_ERROR replies are not wrapped. */ |
1757 | if (rqstp->rq_auth_stat != rpc_auth_ok) | |
db1d6165 | 1758 | return 0; |
4bcf0343 CL |
1759 | |
1760 | /* Also don't wrap if the accept_stat is nonzero: */ | |
1761 | if (*rqstp->rq_accept_statp != rpc_success) | |
db1d6165 | 1762 | return 0; |
4bcf0343 | 1763 | |
db1d6165 | 1764 | return offset; |
3c15a486 BF |
1765 | } |
1766 | ||
0adaddd3 CL |
1767 | /* |
1768 | * RFC 2203, Section 5.3.2.2 | |
1769 | * | |
1770 | * struct rpc_gss_integ_data { | |
1771 | * opaque databody_integ<>; | |
1772 | * opaque checksum<>; | |
1773 | * }; | |
1774 | * | |
1775 | * struct rpc_gss_data_t { | |
1776 | * unsigned int seq_num; | |
1777 | * proc_req_arg_t arg; | |
1778 | * }; | |
1779 | * | |
1780 | * The RPC Reply message has already been XDR-encoded. rq_res_stream | |
1781 | * is now positioned so that the checksum can be written just past | |
1782 | * the RPC Reply message. | |
1783 | */ | |
1784 | static int svcauth_gss_wrap_integ(struct svc_rqst *rqstp) | |
1da177e4 | 1785 | { |
0adaddd3 | 1786 | struct gss_svc_data *gsd = rqstp->rq_auth_data; |
7702378a | 1787 | struct xdr_stream *xdr = &rqstp->rq_res_stream; |
1da177e4 | 1788 | struct rpc_gss_wire_cred *gc = &gsd->clcred; |
7702378a | 1789 | struct xdr_buf *buf = xdr->buf; |
0adaddd3 CL |
1790 | struct xdr_buf databody_integ; |
1791 | struct xdr_netobj checksum; | |
db1d6165 | 1792 | u32 offset, maj_stat; |
1da177e4 | 1793 | |
db1d6165 CL |
1794 | offset = svcauth_gss_prepare_to_wrap(rqstp, gsd); |
1795 | if (!offset) | |
e142ede8 | 1796 | goto out; |
7702378a | 1797 | |
db1d6165 CL |
1798 | if (xdr_buf_subsegment(buf, &databody_integ, offset + XDR_UNIT, |
1799 | buf->len - offset - XDR_UNIT)) | |
15d8f808 | 1800 | goto wrap_failed; |
7702378a CL |
1801 | /* Buffer space for these has already been reserved in |
1802 | * svcauth_gss_accept(). */ | |
db1d6165 CL |
1803 | if (xdr_encode_word(buf, offset, databody_integ.len)) |
1804 | goto wrap_failed; | |
1805 | if (xdr_encode_word(buf, offset + XDR_UNIT, gc->gc_seq)) | |
1806 | goto wrap_failed; | |
d91f0323 CL |
1807 | |
1808 | checksum.data = gsd->gsd_scratch; | |
15d8f808 CL |
1809 | maj_stat = gss_get_mic(gsd->rsci->mechctx, &databody_integ, &checksum); |
1810 | if (maj_stat != GSS_S_COMPLETE) | |
1811 | goto bad_mic; | |
7702378a CL |
1812 | |
1813 | if (xdr_stream_encode_opaque(xdr, checksum.data, checksum.len) < 0) | |
15d8f808 | 1814 | goto wrap_failed; |
7702378a CL |
1815 | xdr_commit_encode(xdr); |
1816 | ||
e142ede8 | 1817 | out: |
15d8f808 | 1818 | return 0; |
7702378a | 1819 | |
15d8f808 CL |
1820 | bad_mic: |
1821 | trace_rpcgss_svc_get_mic(rqstp, maj_stat); | |
ba8b13e5 | 1822 | return -EINVAL; |
15d8f808 | 1823 | wrap_failed: |
ba8b13e5 | 1824 | trace_rpcgss_svc_wrap_failed(rqstp); |
15d8f808 | 1825 | return -EINVAL; |
e142ede8 BF |
1826 | } |
1827 | ||
7b135c65 CL |
1828 | /* |
1829 | * RFC 2203, Section 5.3.2.3 | |
1830 | * | |
1831 | * struct rpc_gss_priv_data { | |
1832 | * opaque databody_priv<> | |
1833 | * }; | |
1834 | * | |
1835 | * struct rpc_gss_data_t { | |
1836 | * unsigned int seq_num; | |
1837 | * proc_req_arg_t arg; | |
1838 | * }; | |
eb1b780f CL |
1839 | * |
1840 | * gss_wrap() expands the size of the RPC message payload in the | |
1841 | * response buffer. The main purpose of svcauth_gss_wrap_priv() | |
1842 | * is to ensure there is adequate space in the response buffer to | |
1843 | * avoid overflow during the wrap. | |
7b135c65 CL |
1844 | */ |
1845 | static int svcauth_gss_wrap_priv(struct svc_rqst *rqstp) | |
7c9fdcfb | 1846 | { |
7b135c65 | 1847 | struct gss_svc_data *gsd = rqstp->rq_auth_data; |
7c9fdcfb | 1848 | struct rpc_gss_wire_cred *gc = &gsd->clcred; |
7b135c65 | 1849 | struct xdr_buf *buf = &rqstp->rq_res; |
a84cfbcd CL |
1850 | struct kvec *head = buf->head; |
1851 | struct kvec *tail = buf->tail; | |
ba8b13e5 | 1852 | u32 offset, pad, maj_stat; |
db1d6165 | 1853 | __be32 *p; |
7c9fdcfb | 1854 | |
db1d6165 CL |
1855 | offset = svcauth_gss_prepare_to_wrap(rqstp, gsd); |
1856 | if (!offset) | |
7c9fdcfb | 1857 | return 0; |
ba8b13e5 | 1858 | |
db1d6165 CL |
1859 | /* |
1860 | * Buffer space for this field has already been reserved | |
1861 | * in svcauth_gss_accept(). Note that the GSS sequence | |
1862 | * number is encrypted along with the RPC reply payload. | |
1863 | */ | |
1864 | if (xdr_encode_word(buf, offset + XDR_UNIT, gc->gc_seq)) | |
1865 | goto wrap_failed; | |
7561042f KC |
1866 | |
1867 | /* | |
1868 | * If there is currently tail data, make sure there is | |
1869 | * room for the head, tail, and 2 * RPC_MAX_AUTH_SIZE in | |
1870 | * the page, and move the current tail data such that | |
1871 | * there is RPC_MAX_AUTH_SIZE slack space available in | |
1872 | * both the head and tail. | |
1873 | */ | |
a84cfbcd CL |
1874 | if (tail->iov_base) { |
1875 | if (tail->iov_base >= head->iov_base + PAGE_SIZE) | |
ba8b13e5 | 1876 | goto wrap_failed; |
a84cfbcd | 1877 | if (tail->iov_base < head->iov_base) |
ba8b13e5 | 1878 | goto wrap_failed; |
a84cfbcd | 1879 | if (tail->iov_len + head->iov_len |
7c9fdcfb | 1880 | + 2 * RPC_MAX_AUTH_SIZE > PAGE_SIZE) |
ba8b13e5 | 1881 | goto wrap_failed; |
a84cfbcd CL |
1882 | memmove(tail->iov_base + RPC_MAX_AUTH_SIZE, tail->iov_base, |
1883 | tail->iov_len); | |
1884 | tail->iov_base += RPC_MAX_AUTH_SIZE; | |
7c9fdcfb | 1885 | } |
7561042f KC |
1886 | /* |
1887 | * If there is no current tail data, make sure there is | |
1888 | * room for the head data, and 2 * RPC_MAX_AUTH_SIZE in the | |
1889 | * allotted page, and set up tail information such that there | |
1890 | * is RPC_MAX_AUTH_SIZE slack space available in both the | |
1891 | * head and tail. | |
1892 | */ | |
a84cfbcd CL |
1893 | if (!tail->iov_base) { |
1894 | if (head->iov_len + 2 * RPC_MAX_AUTH_SIZE > PAGE_SIZE) | |
ba8b13e5 | 1895 | goto wrap_failed; |
a84cfbcd CL |
1896 | tail->iov_base = head->iov_base |
1897 | + head->iov_len + RPC_MAX_AUTH_SIZE; | |
1898 | tail->iov_len = 0; | |
7c9fdcfb | 1899 | } |
ba8b13e5 | 1900 | |
db1d6165 CL |
1901 | maj_stat = gss_wrap(gsd->rsci->mechctx, offset + XDR_UNIT, buf, |
1902 | buf->pages); | |
ba8b13e5 CL |
1903 | if (maj_stat != GSS_S_COMPLETE) |
1904 | goto bad_wrap; | |
1905 | ||
db1d6165 CL |
1906 | /* Wrapping can change the size of databody_priv. */ |
1907 | if (xdr_encode_word(buf, offset, buf->len - offset - XDR_UNIT)) | |
1908 | goto wrap_failed; | |
1909 | pad = xdr_pad_size(buf->len - offset - XDR_UNIT); | |
a84cfbcd | 1910 | p = (__be32 *)(tail->iov_base + tail->iov_len); |
7c9fdcfb | 1911 | memset(p, 0, pad); |
a84cfbcd | 1912 | tail->iov_len += pad; |
7b135c65 CL |
1913 | buf->len += pad; |
1914 | ||
7c9fdcfb | 1915 | return 0; |
ba8b13e5 CL |
1916 | wrap_failed: |
1917 | trace_rpcgss_svc_wrap_failed(rqstp); | |
1918 | return -EINVAL; | |
1919 | bad_wrap: | |
1920 | trace_rpcgss_svc_wrap(rqstp, maj_stat); | |
1921 | return -ENOMEM; | |
7c9fdcfb BF |
1922 | } |
1923 | ||
5a929383 CL |
1924 | /** |
1925 | * svcauth_gss_release - Wrap payload and release resources | |
1926 | * @rqstp: RPC transaction context | |
1927 | * | |
1928 | * Return values: | |
1929 | * %0: the Reply is ready to be sent | |
1930 | * %-ENOMEM: failed to allocate memory | |
1931 | * %-EINVAL: encoding error | |
5a929383 | 1932 | */ |
e142ede8 BF |
1933 | static int |
1934 | svcauth_gss_release(struct svc_rqst *rqstp) | |
1935 | { | |
b8be5674 | 1936 | struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); |
5a929383 CL |
1937 | struct gss_svc_data *gsd = rqstp->rq_auth_data; |
1938 | struct rpc_gss_wire_cred *gc; | |
1939 | int stat; | |
e142ede8 | 1940 | |
0ddc9423 BF |
1941 | if (!gsd) |
1942 | goto out; | |
1943 | gc = &gsd->clcred; | |
1da177e4 LT |
1944 | if (gc->gc_proc != RPC_GSS_PROC_DATA) |
1945 | goto out; | |
5a929383 | 1946 | |
1da177e4 LT |
1947 | switch (gc->gc_svc) { |
1948 | case RPC_GSS_SVC_NONE: | |
1949 | break; | |
1950 | case RPC_GSS_SVC_INTEGRITY: | |
0adaddd3 | 1951 | stat = svcauth_gss_wrap_integ(rqstp); |
7c9fdcfb BF |
1952 | if (stat) |
1953 | goto out_err; | |
1da177e4 LT |
1954 | break; |
1955 | case RPC_GSS_SVC_PRIVACY: | |
7b135c65 | 1956 | stat = svcauth_gss_wrap_priv(rqstp); |
7c9fdcfb BF |
1957 | if (stat) |
1958 | goto out_err; | |
1959 | break; | |
eac81736 WY |
1960 | /* |
1961 | * For any other gc_svc value, svcauth_gss_accept() already set | |
1962 | * the auth_error appropriately; just fall through: | |
1963 | */ | |
1da177e4 LT |
1964 | } |
1965 | ||
1966 | out: | |
1967 | stat = 0; | |
1968 | out_err: | |
1969 | if (rqstp->rq_client) | |
1970 | auth_domain_put(rqstp->rq_client); | |
1971 | rqstp->rq_client = NULL; | |
3ab4d8b1 BF |
1972 | if (rqstp->rq_gssclient) |
1973 | auth_domain_put(rqstp->rq_gssclient); | |
1974 | rqstp->rq_gssclient = NULL; | |
1da177e4 LT |
1975 | if (rqstp->rq_cred.cr_group_info) |
1976 | put_group_info(rqstp->rq_cred.cr_group_info); | |
1977 | rqstp->rq_cred.cr_group_info = NULL; | |
0ddc9423 | 1978 | if (gsd && gsd->rsci) { |
a1db410d | 1979 | cache_put(&gsd->rsci->h, sn->rsc_cache); |
0ddc9423 BF |
1980 | gsd->rsci = NULL; |
1981 | } | |
1da177e4 LT |
1982 | return stat; |
1983 | } | |
1984 | ||
1985 | static void | |
608a0ab2 | 1986 | svcauth_gss_domain_release_rcu(struct rcu_head *head) |
1da177e4 | 1987 | { |
608a0ab2 | 1988 | struct auth_domain *dom = container_of(head, struct auth_domain, rcu_head); |
1da177e4 LT |
1989 | struct gss_domain *gd = container_of(dom, struct gss_domain, h); |
1990 | ||
1991 | kfree(dom->name); | |
1992 | kfree(gd); | |
1993 | } | |
1994 | ||
608a0ab2 TM |
1995 | static void |
1996 | svcauth_gss_domain_release(struct auth_domain *dom) | |
1997 | { | |
1998 | call_rcu(&dom->rcu_head, svcauth_gss_domain_release_rcu); | |
1999 | } | |
2000 | ||
deb70428 CL |
2001 | static rpc_authflavor_t svcauth_gss_pseudoflavor(struct svc_rqst *rqstp) |
2002 | { | |
2003 | return svcauth_gss_flavor(rqstp->rq_gssclient); | |
2004 | } | |
2005 | ||
1da177e4 LT |
2006 | static struct auth_ops svcauthops_gss = { |
2007 | .name = "rpcsec_gss", | |
2008 | .owner = THIS_MODULE, | |
2009 | .flavour = RPC_AUTH_GSS, | |
2010 | .accept = svcauth_gss_accept, | |
2011 | .release = svcauth_gss_release, | |
2012 | .domain_release = svcauth_gss_domain_release, | |
2013 | .set_client = svcauth_gss_set_client, | |
deb70428 | 2014 | .pseudoflavor = svcauth_gss_pseudoflavor, |
1da177e4 LT |
2015 | }; |
2016 | ||
a1db410d SK |
2017 | static int rsi_cache_create_net(struct net *net) |
2018 | { | |
2019 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
2020 | struct cache_detail *cd; | |
2021 | int err; | |
2022 | ||
2023 | cd = cache_create_net(&rsi_cache_template, net); | |
2024 | if (IS_ERR(cd)) | |
2025 | return PTR_ERR(cd); | |
2026 | err = cache_register_net(cd, net); | |
2027 | if (err) { | |
2028 | cache_destroy_net(cd, net); | |
2029 | return err; | |
2030 | } | |
2031 | sn->rsi_cache = cd; | |
2032 | return 0; | |
2033 | } | |
2034 | ||
2035 | static void rsi_cache_destroy_net(struct net *net) | |
2036 | { | |
2037 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
2038 | struct cache_detail *cd = sn->rsi_cache; | |
2039 | ||
2040 | sn->rsi_cache = NULL; | |
2041 | cache_purge(cd); | |
2042 | cache_unregister_net(cd, net); | |
2043 | cache_destroy_net(cd, net); | |
2044 | } | |
2045 | ||
2046 | static int rsc_cache_create_net(struct net *net) | |
2047 | { | |
2048 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
2049 | struct cache_detail *cd; | |
2050 | int err; | |
2051 | ||
2052 | cd = cache_create_net(&rsc_cache_template, net); | |
2053 | if (IS_ERR(cd)) | |
2054 | return PTR_ERR(cd); | |
2055 | err = cache_register_net(cd, net); | |
2056 | if (err) { | |
2057 | cache_destroy_net(cd, net); | |
2058 | return err; | |
2059 | } | |
2060 | sn->rsc_cache = cd; | |
2061 | return 0; | |
2062 | } | |
2063 | ||
2064 | static void rsc_cache_destroy_net(struct net *net) | |
2065 | { | |
2066 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
2067 | struct cache_detail *cd = sn->rsc_cache; | |
2068 | ||
2069 | sn->rsc_cache = NULL; | |
2070 | cache_purge(cd); | |
2071 | cache_unregister_net(cd, net); | |
2072 | cache_destroy_net(cd, net); | |
2073 | } | |
2074 | ||
1da177e4 | 2075 | int |
a1db410d | 2076 | gss_svc_init_net(struct net *net) |
1da177e4 | 2077 | { |
a1db410d SK |
2078 | int rv; |
2079 | ||
2080 | rv = rsc_cache_create_net(net); | |
dbf847ec BF |
2081 | if (rv) |
2082 | return rv; | |
a1db410d | 2083 | rv = rsi_cache_create_net(net); |
dbf847ec BF |
2084 | if (rv) |
2085 | goto out1; | |
030d794b SS |
2086 | rv = create_use_gss_proxy_proc_entry(net); |
2087 | if (rv) | |
2088 | goto out2; | |
bdb12fb1 CL |
2089 | |
2090 | rv = create_krb5_enctypes_proc_entry(net); | |
2091 | if (rv) | |
2092 | goto out3; | |
2093 | ||
dbf847ec | 2094 | return 0; |
bdb12fb1 CL |
2095 | |
2096 | out3: | |
2097 | destroy_use_gss_proxy_proc_entry(net); | |
030d794b | 2098 | out2: |
5a475344 | 2099 | rsi_cache_destroy_net(net); |
dbf847ec | 2100 | out1: |
a1db410d | 2101 | rsc_cache_destroy_net(net); |
1da177e4 LT |
2102 | return rv; |
2103 | } | |
2104 | ||
a1db410d SK |
2105 | void |
2106 | gss_svc_shutdown_net(struct net *net) | |
2107 | { | |
bdb12fb1 | 2108 | destroy_krb5_enctypes_proc_entry(net); |
030d794b | 2109 | destroy_use_gss_proxy_proc_entry(net); |
a1db410d SK |
2110 | rsi_cache_destroy_net(net); |
2111 | rsc_cache_destroy_net(net); | |
2112 | } | |
2113 | ||
2114 | int | |
2115 | gss_svc_init(void) | |
2116 | { | |
2117 | return svc_auth_register(RPC_AUTH_GSS, &svcauthops_gss); | |
2118 | } | |
2119 | ||
1da177e4 LT |
2120 | void |
2121 | gss_svc_shutdown(void) | |
2122 | { | |
1da177e4 LT |
2123 | svc_auth_unregister(RPC_AUTH_GSS); |
2124 | } |