]>
Commit | Line | Data |
---|---|---|
2573a464 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1da177e4 LT |
2 | /* |
3 | * Neil Brown <neilb@cse.unsw.edu.au> | |
4 | * J. Bruce Fields <bfields@umich.edu> | |
5 | * Andy Adamson <andros@umich.edu> | |
6 | * Dug Song <dugsong@monkey.org> | |
7 | * | |
8 | * RPCSEC_GSS server authentication. | |
9 | * This implements RPCSEC_GSS as defined in rfc2203 (rpcsec_gss) and rfc2078 | |
10 | * (gssapi) | |
11 | * | |
12 | * The RPCSEC_GSS involves three stages: | |
13 | * 1/ context creation | |
14 | * 2/ data exchange | |
15 | * 3/ context destruction | |
16 | * | |
17 | * Context creation is handled largely by upcalls to user-space. | |
18 | * In particular, GSS_Accept_sec_context is handled by an upcall | |
19 | * Data exchange is handled entirely within the kernel | |
20 | * In particular, GSS_GetMIC, GSS_VerifyMIC, GSS_Seal, GSS_Unseal are in-kernel. | |
21 | * Context destruction is handled in-kernel | |
22 | * GSS_Delete_sec_context is in-kernel | |
23 | * | |
24 | * Context creation is initiated by a RPCSEC_GSS_INIT request arriving. | |
25 | * The context handle and gss_token are used as a key into the rpcsec_init cache. | |
26 | * The content of this cache includes some of the outputs of GSS_Accept_sec_context, | |
27 | * being major_status, minor_status, context_handle, reply_token. | |
28 | * These are sent back to the client. | |
29 | * Sequence window management is handled by the kernel. The window size if currently | |
30 | * a compile time constant. | |
31 | * | |
32 | * When user-space is happy that a context is established, it places an entry | |
33 | * in the rpcsec_context cache. The key for this cache is the context_handle. | |
34 | * The content includes: | |
35 | * uid/gidlist - for determining access rights | |
36 | * mechanism type | |
37 | * mechanism specific information, such as a key | |
38 | * | |
39 | */ | |
40 | ||
5a0e3ad6 | 41 | #include <linux/slab.h> |
1da177e4 LT |
42 | #include <linux/types.h> |
43 | #include <linux/module.h> | |
44 | #include <linux/pagemap.h> | |
ae2975bc | 45 | #include <linux/user_namespace.h> |
1da177e4 LT |
46 | |
47 | #include <linux/sunrpc/auth_gss.h> | |
1da177e4 LT |
48 | #include <linux/sunrpc/gss_err.h> |
49 | #include <linux/sunrpc/svcauth.h> | |
50 | #include <linux/sunrpc/svcauth_gss.h> | |
51 | #include <linux/sunrpc/cache.h> | |
ff27e9f7 CL |
52 | |
53 | #include <trace/events/rpcgss.h> | |
54 | ||
030d794b | 55 | #include "gss_rpc_upcall.h" |
1da177e4 | 56 | |
a1db410d | 57 | |
1da177e4 LT |
58 | /* The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests |
59 | * into replies. | |
60 | * | |
61 | * Key is context handle (\x if empty) and gss_token. | |
62 | * Content is major_status minor_status (integers) context_handle, reply_token. | |
63 | * | |
64 | */ | |
65 | ||
66 | static int netobj_equal(struct xdr_netobj *a, struct xdr_netobj *b) | |
67 | { | |
68 | return a->len == b->len && 0 == memcmp(a->data, b->data, a->len); | |
69 | } | |
70 | ||
71 | #define RSI_HASHBITS 6 | |
72 | #define RSI_HASHMAX (1<<RSI_HASHBITS) | |
1da177e4 LT |
73 | |
74 | struct rsi { | |
75 | struct cache_head h; | |
76 | struct xdr_netobj in_handle, in_token; | |
77 | struct xdr_netobj out_handle, out_token; | |
78 | int major_status, minor_status; | |
6d1616b2 | 79 | struct rcu_head rcu_head; |
1da177e4 LT |
80 | }; |
81 | ||
a1db410d SK |
82 | static struct rsi *rsi_update(struct cache_detail *cd, struct rsi *new, struct rsi *old); |
83 | static struct rsi *rsi_lookup(struct cache_detail *cd, struct rsi *item); | |
1da177e4 LT |
84 | |
85 | static void rsi_free(struct rsi *rsii) | |
86 | { | |
87 | kfree(rsii->in_handle.data); | |
88 | kfree(rsii->in_token.data); | |
89 | kfree(rsii->out_handle.data); | |
90 | kfree(rsii->out_token.data); | |
91 | } | |
92 | ||
6d1616b2 | 93 | static void rsi_free_rcu(struct rcu_head *head) |
1da177e4 | 94 | { |
6d1616b2 TM |
95 | struct rsi *rsii = container_of(head, struct rsi, rcu_head); |
96 | ||
baab935f N |
97 | rsi_free(rsii); |
98 | kfree(rsii); | |
1da177e4 LT |
99 | } |
100 | ||
6d1616b2 TM |
101 | static void rsi_put(struct kref *ref) |
102 | { | |
103 | struct rsi *rsii = container_of(ref, struct rsi, h.ref); | |
104 | ||
105 | call_rcu(&rsii->rcu_head, rsi_free_rcu); | |
106 | } | |
107 | ||
1da177e4 LT |
108 | static inline int rsi_hash(struct rsi *item) |
109 | { | |
110 | return hash_mem(item->in_handle.data, item->in_handle.len, RSI_HASHBITS) | |
111 | ^ hash_mem(item->in_token.data, item->in_token.len, RSI_HASHBITS); | |
112 | } | |
113 | ||
d4d11ea9 | 114 | static int rsi_match(struct cache_head *a, struct cache_head *b) |
1da177e4 | 115 | { |
d4d11ea9 N |
116 | struct rsi *item = container_of(a, struct rsi, h); |
117 | struct rsi *tmp = container_of(b, struct rsi, h); | |
f64f9e71 JP |
118 | return netobj_equal(&item->in_handle, &tmp->in_handle) && |
119 | netobj_equal(&item->in_token, &tmp->in_token); | |
1da177e4 LT |
120 | } |
121 | ||
122 | static int dup_to_netobj(struct xdr_netobj *dst, char *src, int len) | |
123 | { | |
124 | dst->len = len; | |
e69062b4 | 125 | dst->data = (len ? kmemdup(src, len, GFP_KERNEL) : NULL); |
1da177e4 LT |
126 | if (len && !dst->data) |
127 | return -ENOMEM; | |
128 | return 0; | |
129 | } | |
130 | ||
131 | static inline int dup_netobj(struct xdr_netobj *dst, struct xdr_netobj *src) | |
132 | { | |
133 | return dup_to_netobj(dst, src->data, src->len); | |
134 | } | |
135 | ||
d4d11ea9 | 136 | static void rsi_init(struct cache_head *cnew, struct cache_head *citem) |
1da177e4 | 137 | { |
d4d11ea9 N |
138 | struct rsi *new = container_of(cnew, struct rsi, h); |
139 | struct rsi *item = container_of(citem, struct rsi, h); | |
140 | ||
1da177e4 LT |
141 | new->out_handle.data = NULL; |
142 | new->out_handle.len = 0; | |
143 | new->out_token.data = NULL; | |
144 | new->out_token.len = 0; | |
145 | new->in_handle.len = item->in_handle.len; | |
146 | item->in_handle.len = 0; | |
147 | new->in_token.len = item->in_token.len; | |
148 | item->in_token.len = 0; | |
149 | new->in_handle.data = item->in_handle.data; | |
150 | item->in_handle.data = NULL; | |
151 | new->in_token.data = item->in_token.data; | |
152 | item->in_token.data = NULL; | |
153 | } | |
154 | ||
d4d11ea9 | 155 | static void update_rsi(struct cache_head *cnew, struct cache_head *citem) |
1da177e4 | 156 | { |
d4d11ea9 N |
157 | struct rsi *new = container_of(cnew, struct rsi, h); |
158 | struct rsi *item = container_of(citem, struct rsi, h); | |
159 | ||
1da177e4 LT |
160 | BUG_ON(new->out_handle.data || new->out_token.data); |
161 | new->out_handle.len = item->out_handle.len; | |
162 | item->out_handle.len = 0; | |
163 | new->out_token.len = item->out_token.len; | |
164 | item->out_token.len = 0; | |
165 | new->out_handle.data = item->out_handle.data; | |
166 | item->out_handle.data = NULL; | |
167 | new->out_token.data = item->out_token.data; | |
168 | item->out_token.data = NULL; | |
169 | ||
170 | new->major_status = item->major_status; | |
171 | new->minor_status = item->minor_status; | |
172 | } | |
173 | ||
d4d11ea9 N |
174 | static struct cache_head *rsi_alloc(void) |
175 | { | |
176 | struct rsi *rsii = kmalloc(sizeof(*rsii), GFP_KERNEL); | |
177 | if (rsii) | |
178 | return &rsii->h; | |
179 | else | |
180 | return NULL; | |
181 | } | |
182 | ||
65286b88 TM |
183 | static int rsi_upcall(struct cache_detail *cd, struct cache_head *h) |
184 | { | |
185 | return sunrpc_cache_pipe_upcall_timeout(cd, h); | |
186 | } | |
187 | ||
1da177e4 | 188 | static void rsi_request(struct cache_detail *cd, |
cca5172a YH |
189 | struct cache_head *h, |
190 | char **bpp, int *blen) | |
1da177e4 LT |
191 | { |
192 | struct rsi *rsii = container_of(h, struct rsi, h); | |
193 | ||
194 | qword_addhex(bpp, blen, rsii->in_handle.data, rsii->in_handle.len); | |
195 | qword_addhex(bpp, blen, rsii->in_token.data, rsii->in_token.len); | |
196 | (*bpp)[-1] = '\n'; | |
197 | } | |
198 | ||
1da177e4 | 199 | static int rsi_parse(struct cache_detail *cd, |
cca5172a | 200 | char *mesg, int mlen) |
1da177e4 LT |
201 | { |
202 | /* context token expiry major minor context token */ | |
203 | char *buf = mesg; | |
204 | char *ep; | |
205 | int len; | |
206 | struct rsi rsii, *rsip = NULL; | |
f559935e | 207 | time64_t expiry; |
1da177e4 LT |
208 | int status = -EINVAL; |
209 | ||
210 | memset(&rsii, 0, sizeof(rsii)); | |
211 | /* handle */ | |
212 | len = qword_get(&mesg, buf, mlen); | |
213 | if (len < 0) | |
214 | goto out; | |
215 | status = -ENOMEM; | |
216 | if (dup_to_netobj(&rsii.in_handle, buf, len)) | |
217 | goto out; | |
218 | ||
219 | /* token */ | |
220 | len = qword_get(&mesg, buf, mlen); | |
221 | status = -EINVAL; | |
222 | if (len < 0) | |
223 | goto out; | |
224 | status = -ENOMEM; | |
225 | if (dup_to_netobj(&rsii.in_token, buf, len)) | |
226 | goto out; | |
227 | ||
a1db410d | 228 | rsip = rsi_lookup(cd, &rsii); |
d4d11ea9 N |
229 | if (!rsip) |
230 | goto out; | |
231 | ||
1da177e4 LT |
232 | rsii.h.flags = 0; |
233 | /* expiry */ | |
234 | expiry = get_expiry(&mesg); | |
235 | status = -EINVAL; | |
236 | if (expiry == 0) | |
237 | goto out; | |
238 | ||
239 | /* major/minor */ | |
240 | len = qword_get(&mesg, buf, mlen); | |
b39c18fc BF |
241 | if (len <= 0) |
242 | goto out; | |
243 | rsii.major_status = simple_strtoul(buf, &ep, 10); | |
244 | if (*ep) | |
245 | goto out; | |
246 | len = qword_get(&mesg, buf, mlen); | |
247 | if (len <= 0) | |
1da177e4 | 248 | goto out; |
b39c18fc BF |
249 | rsii.minor_status = simple_strtoul(buf, &ep, 10); |
250 | if (*ep) | |
1da177e4 | 251 | goto out; |
1da177e4 | 252 | |
b39c18fc BF |
253 | /* out_handle */ |
254 | len = qword_get(&mesg, buf, mlen); | |
255 | if (len < 0) | |
256 | goto out; | |
257 | status = -ENOMEM; | |
258 | if (dup_to_netobj(&rsii.out_handle, buf, len)) | |
259 | goto out; | |
1da177e4 | 260 | |
b39c18fc BF |
261 | /* out_token */ |
262 | len = qword_get(&mesg, buf, mlen); | |
263 | status = -EINVAL; | |
264 | if (len < 0) | |
265 | goto out; | |
266 | status = -ENOMEM; | |
267 | if (dup_to_netobj(&rsii.out_token, buf, len)) | |
268 | goto out; | |
1da177e4 | 269 | rsii.h.expiry_time = expiry; |
a1db410d | 270 | rsip = rsi_update(cd, &rsii, rsip); |
1da177e4 LT |
271 | status = 0; |
272 | out: | |
273 | rsi_free(&rsii); | |
274 | if (rsip) | |
a1db410d | 275 | cache_put(&rsip->h, cd); |
d4d11ea9 N |
276 | else |
277 | status = -ENOMEM; | |
1da177e4 LT |
278 | return status; |
279 | } | |
280 | ||
ee24eac3 | 281 | static const struct cache_detail rsi_cache_template = { |
f35279d3 | 282 | .owner = THIS_MODULE, |
1da177e4 | 283 | .hash_size = RSI_HASHMAX, |
1da177e4 LT |
284 | .name = "auth.rpcsec.init", |
285 | .cache_put = rsi_put, | |
65286b88 | 286 | .cache_upcall = rsi_upcall, |
73fb847a | 287 | .cache_request = rsi_request, |
1da177e4 | 288 | .cache_parse = rsi_parse, |
d4d11ea9 N |
289 | .match = rsi_match, |
290 | .init = rsi_init, | |
291 | .update = update_rsi, | |
292 | .alloc = rsi_alloc, | |
1da177e4 LT |
293 | }; |
294 | ||
a1db410d | 295 | static struct rsi *rsi_lookup(struct cache_detail *cd, struct rsi *item) |
d4d11ea9 N |
296 | { |
297 | struct cache_head *ch; | |
298 | int hash = rsi_hash(item); | |
299 | ||
6d1616b2 | 300 | ch = sunrpc_cache_lookup_rcu(cd, &item->h, hash); |
d4d11ea9 N |
301 | if (ch) |
302 | return container_of(ch, struct rsi, h); | |
303 | else | |
304 | return NULL; | |
305 | } | |
306 | ||
a1db410d | 307 | static struct rsi *rsi_update(struct cache_detail *cd, struct rsi *new, struct rsi *old) |
d4d11ea9 N |
308 | { |
309 | struct cache_head *ch; | |
310 | int hash = rsi_hash(new); | |
311 | ||
a1db410d | 312 | ch = sunrpc_cache_update(cd, &new->h, |
d4d11ea9 N |
313 | &old->h, hash); |
314 | if (ch) | |
315 | return container_of(ch, struct rsi, h); | |
316 | else | |
317 | return NULL; | |
318 | } | |
319 | ||
1da177e4 LT |
320 | |
321 | /* | |
322 | * The rpcsec_context cache is used to store a context that is | |
323 | * used in data exchange. | |
324 | * The key is a context handle. The content is: | |
325 | * uid, gidlist, mechanism, service-set, mech-specific-data | |
326 | */ | |
327 | ||
328 | #define RSC_HASHBITS 10 | |
329 | #define RSC_HASHMAX (1<<RSC_HASHBITS) | |
1da177e4 LT |
330 | |
331 | #define GSS_SEQ_WIN 128 | |
332 | ||
333 | struct gss_svc_seq_data { | |
334 | /* highest seq number seen so far: */ | |
335 | int sd_max; | |
336 | /* for i such that sd_max-GSS_SEQ_WIN < i <= sd_max, the i-th bit of | |
337 | * sd_win is nonzero iff sequence number i has been seen already: */ | |
338 | unsigned long sd_win[GSS_SEQ_WIN/BITS_PER_LONG]; | |
339 | spinlock_t sd_lock; | |
340 | }; | |
341 | ||
342 | struct rsc { | |
343 | struct cache_head h; | |
344 | struct xdr_netobj handle; | |
345 | struct svc_cred cred; | |
346 | struct gss_svc_seq_data seqdata; | |
347 | struct gss_ctx *mechctx; | |
6d1616b2 | 348 | struct rcu_head rcu_head; |
1da177e4 LT |
349 | }; |
350 | ||
a1db410d SK |
351 | static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct rsc *old); |
352 | static struct rsc *rsc_lookup(struct cache_detail *cd, struct rsc *item); | |
1da177e4 LT |
353 | |
354 | static void rsc_free(struct rsc *rsci) | |
355 | { | |
356 | kfree(rsci->handle.data); | |
357 | if (rsci->mechctx) | |
358 | gss_delete_sec_context(&rsci->mechctx); | |
03a4e1f6 | 359 | free_svc_cred(&rsci->cred); |
1da177e4 LT |
360 | } |
361 | ||
6d1616b2 TM |
362 | static void rsc_free_rcu(struct rcu_head *head) |
363 | { | |
364 | struct rsc *rsci = container_of(head, struct rsc, rcu_head); | |
365 | ||
366 | kfree(rsci->handle.data); | |
367 | kfree(rsci); | |
368 | } | |
369 | ||
baab935f | 370 | static void rsc_put(struct kref *ref) |
1da177e4 | 371 | { |
baab935f | 372 | struct rsc *rsci = container_of(ref, struct rsc, h.ref); |
1da177e4 | 373 | |
6d1616b2 TM |
374 | if (rsci->mechctx) |
375 | gss_delete_sec_context(&rsci->mechctx); | |
376 | free_svc_cred(&rsci->cred); | |
377 | call_rcu(&rsci->rcu_head, rsc_free_rcu); | |
1da177e4 LT |
378 | } |
379 | ||
380 | static inline int | |
381 | rsc_hash(struct rsc *rsci) | |
382 | { | |
383 | return hash_mem(rsci->handle.data, rsci->handle.len, RSC_HASHBITS); | |
384 | } | |
385 | ||
17f834b6 N |
386 | static int |
387 | rsc_match(struct cache_head *a, struct cache_head *b) | |
1da177e4 | 388 | { |
17f834b6 N |
389 | struct rsc *new = container_of(a, struct rsc, h); |
390 | struct rsc *tmp = container_of(b, struct rsc, h); | |
391 | ||
1da177e4 LT |
392 | return netobj_equal(&new->handle, &tmp->handle); |
393 | } | |
394 | ||
17f834b6 N |
395 | static void |
396 | rsc_init(struct cache_head *cnew, struct cache_head *ctmp) | |
1da177e4 | 397 | { |
17f834b6 N |
398 | struct rsc *new = container_of(cnew, struct rsc, h); |
399 | struct rsc *tmp = container_of(ctmp, struct rsc, h); | |
400 | ||
1da177e4 LT |
401 | new->handle.len = tmp->handle.len; |
402 | tmp->handle.len = 0; | |
403 | new->handle.data = tmp->handle.data; | |
404 | tmp->handle.data = NULL; | |
405 | new->mechctx = NULL; | |
44234063 | 406 | init_svc_cred(&new->cred); |
1da177e4 LT |
407 | } |
408 | ||
17f834b6 N |
409 | static void |
410 | update_rsc(struct cache_head *cnew, struct cache_head *ctmp) | |
1da177e4 | 411 | { |
17f834b6 N |
412 | struct rsc *new = container_of(cnew, struct rsc, h); |
413 | struct rsc *tmp = container_of(ctmp, struct rsc, h); | |
414 | ||
1da177e4 LT |
415 | new->mechctx = tmp->mechctx; |
416 | tmp->mechctx = NULL; | |
417 | memset(&new->seqdata, 0, sizeof(new->seqdata)); | |
418 | spin_lock_init(&new->seqdata.sd_lock); | |
419 | new->cred = tmp->cred; | |
44234063 | 420 | init_svc_cred(&tmp->cred); |
1da177e4 LT |
421 | } |
422 | ||
17f834b6 N |
423 | static struct cache_head * |
424 | rsc_alloc(void) | |
425 | { | |
426 | struct rsc *rsci = kmalloc(sizeof(*rsci), GFP_KERNEL); | |
427 | if (rsci) | |
428 | return &rsci->h; | |
429 | else | |
430 | return NULL; | |
431 | } | |
432 | ||
65286b88 TM |
433 | static int rsc_upcall(struct cache_detail *cd, struct cache_head *h) |
434 | { | |
435 | return -EINVAL; | |
436 | } | |
437 | ||
1da177e4 LT |
438 | static int rsc_parse(struct cache_detail *cd, |
439 | char *mesg, int mlen) | |
440 | { | |
441 | /* contexthandle expiry [ uid gid N <n gids> mechname ...mechdata... ] */ | |
442 | char *buf = mesg; | |
683428fa | 443 | int id; |
1da177e4 LT |
444 | int len, rv; |
445 | struct rsc rsci, *rscp = NULL; | |
294ec5b8 | 446 | time64_t expiry; |
1da177e4 | 447 | int status = -EINVAL; |
1df0cada | 448 | struct gss_api_mech *gm = NULL; |
1da177e4 LT |
449 | |
450 | memset(&rsci, 0, sizeof(rsci)); | |
451 | /* context handle */ | |
452 | len = qword_get(&mesg, buf, mlen); | |
453 | if (len < 0) goto out; | |
454 | status = -ENOMEM; | |
455 | if (dup_to_netobj(&rsci.handle, buf, len)) | |
456 | goto out; | |
457 | ||
458 | rsci.h.flags = 0; | |
459 | /* expiry */ | |
460 | expiry = get_expiry(&mesg); | |
461 | status = -EINVAL; | |
462 | if (expiry == 0) | |
463 | goto out; | |
464 | ||
a1db410d | 465 | rscp = rsc_lookup(cd, &rsci); |
17f834b6 N |
466 | if (!rscp) |
467 | goto out; | |
468 | ||
1da177e4 | 469 | /* uid, or NEGATIVE */ |
683428fa | 470 | rv = get_int(&mesg, &id); |
1da177e4 LT |
471 | if (rv == -EINVAL) |
472 | goto out; | |
473 | if (rv == -ENOENT) | |
474 | set_bit(CACHE_NEGATIVE, &rsci.h.flags); | |
475 | else { | |
476 | int N, i; | |
1da177e4 | 477 | |
3c34ae11 BF |
478 | /* |
479 | * NOTE: we skip uid_valid()/gid_valid() checks here: | |
480 | * instead, * -1 id's are later mapped to the | |
481 | * (export-specific) anonymous id by nfsd_setuser. | |
482 | * | |
483 | * (But supplementary gid's get no such special | |
484 | * treatment so are checked for validity here.) | |
485 | */ | |
683428fa | 486 | /* uid */ |
e6667c73 | 487 | rsci.cred.cr_uid = make_kuid(current_user_ns(), id); |
683428fa | 488 | |
1da177e4 | 489 | /* gid */ |
683428fa EB |
490 | if (get_int(&mesg, &id)) |
491 | goto out; | |
e6667c73 | 492 | rsci.cred.cr_gid = make_kgid(current_user_ns(), id); |
1da177e4 LT |
493 | |
494 | /* number of additional gid's */ | |
495 | if (get_int(&mesg, &N)) | |
496 | goto out; | |
76cb4be9 DC |
497 | if (N < 0 || N > NGROUPS_MAX) |
498 | goto out; | |
1da177e4 LT |
499 | status = -ENOMEM; |
500 | rsci.cred.cr_group_info = groups_alloc(N); | |
501 | if (rsci.cred.cr_group_info == NULL) | |
502 | goto out; | |
503 | ||
504 | /* gid's */ | |
505 | status = -EINVAL; | |
506 | for (i=0; i<N; i++) { | |
ae2975bc | 507 | kgid_t kgid; |
683428fa | 508 | if (get_int(&mesg, &id)) |
1da177e4 | 509 | goto out; |
e6667c73 | 510 | kgid = make_kgid(current_user_ns(), id); |
ae2975bc EB |
511 | if (!gid_valid(kgid)) |
512 | goto out; | |
81243eac | 513 | rsci.cred.cr_group_info->gid[i] = kgid; |
1da177e4 | 514 | } |
bdcf0a42 | 515 | groups_sort(rsci.cred.cr_group_info); |
1da177e4 LT |
516 | |
517 | /* mech name */ | |
518 | len = qword_get(&mesg, buf, mlen); | |
519 | if (len < 0) | |
520 | goto out; | |
0dc1531a | 521 | gm = rsci.cred.cr_gss_mech = gss_mech_get_by_name(buf); |
1da177e4 LT |
522 | status = -EOPNOTSUPP; |
523 | if (!gm) | |
524 | goto out; | |
525 | ||
526 | status = -EINVAL; | |
527 | /* mech-specific data: */ | |
528 | len = qword_get(&mesg, buf, mlen); | |
1df0cada | 529 | if (len < 0) |
1da177e4 | 530 | goto out; |
400f26b5 SS |
531 | status = gss_import_sec_context(buf, len, gm, &rsci.mechctx, |
532 | NULL, GFP_KERNEL); | |
1df0cada | 533 | if (status) |
1da177e4 | 534 | goto out; |
68e76ad0 OK |
535 | |
536 | /* get client name */ | |
537 | len = qword_get(&mesg, buf, mlen); | |
538 | if (len > 0) { | |
03a4e1f6 | 539 | rsci.cred.cr_principal = kstrdup(buf, GFP_KERNEL); |
1eb6d622 WY |
540 | if (!rsci.cred.cr_principal) { |
541 | status = -ENOMEM; | |
68e76ad0 | 542 | goto out; |
1eb6d622 | 543 | } |
68e76ad0 OK |
544 | } |
545 | ||
1da177e4 LT |
546 | } |
547 | rsci.h.expiry_time = expiry; | |
a1db410d | 548 | rscp = rsc_update(cd, &rsci, rscp); |
1da177e4 LT |
549 | status = 0; |
550 | out: | |
551 | rsc_free(&rsci); | |
552 | if (rscp) | |
a1db410d | 553 | cache_put(&rscp->h, cd); |
17f834b6 N |
554 | else |
555 | status = -ENOMEM; | |
1da177e4 LT |
556 | return status; |
557 | } | |
558 | ||
ee24eac3 | 559 | static const struct cache_detail rsc_cache_template = { |
f35279d3 | 560 | .owner = THIS_MODULE, |
1da177e4 | 561 | .hash_size = RSC_HASHMAX, |
1da177e4 LT |
562 | .name = "auth.rpcsec.context", |
563 | .cache_put = rsc_put, | |
65286b88 | 564 | .cache_upcall = rsc_upcall, |
1da177e4 | 565 | .cache_parse = rsc_parse, |
17f834b6 N |
566 | .match = rsc_match, |
567 | .init = rsc_init, | |
568 | .update = update_rsc, | |
569 | .alloc = rsc_alloc, | |
1da177e4 LT |
570 | }; |
571 | ||
a1db410d | 572 | static struct rsc *rsc_lookup(struct cache_detail *cd, struct rsc *item) |
17f834b6 N |
573 | { |
574 | struct cache_head *ch; | |
575 | int hash = rsc_hash(item); | |
576 | ||
6d1616b2 | 577 | ch = sunrpc_cache_lookup_rcu(cd, &item->h, hash); |
17f834b6 N |
578 | if (ch) |
579 | return container_of(ch, struct rsc, h); | |
580 | else | |
581 | return NULL; | |
582 | } | |
583 | ||
a1db410d | 584 | static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct rsc *old) |
17f834b6 N |
585 | { |
586 | struct cache_head *ch; | |
587 | int hash = rsc_hash(new); | |
588 | ||
a1db410d | 589 | ch = sunrpc_cache_update(cd, &new->h, |
17f834b6 N |
590 | &old->h, hash); |
591 | if (ch) | |
592 | return container_of(ch, struct rsc, h); | |
593 | else | |
594 | return NULL; | |
595 | } | |
596 | ||
1da177e4 LT |
597 | |
598 | static struct rsc * | |
a1db410d | 599 | gss_svc_searchbyctx(struct cache_detail *cd, struct xdr_netobj *handle) |
1da177e4 LT |
600 | { |
601 | struct rsc rsci; | |
602 | struct rsc *found; | |
603 | ||
604 | memset(&rsci, 0, sizeof(rsci)); | |
bf2c4b6f CL |
605 | if (dup_to_netobj(&rsci.handle, handle->data, handle->len)) |
606 | return NULL; | |
a1db410d | 607 | found = rsc_lookup(cd, &rsci); |
bf2c4b6f | 608 | rsc_free(&rsci); |
1da177e4 LT |
609 | if (!found) |
610 | return NULL; | |
a1db410d | 611 | if (cache_check(cd, &found->h, NULL)) |
1da177e4 LT |
612 | return NULL; |
613 | return found; | |
614 | } | |
615 | ||
616 | /* Implements sequence number algorithm as specified in RFC 2203. */ | |
617 | static int | |
618 | gss_check_seq_num(struct rsc *rsci, int seq_num) | |
619 | { | |
620 | struct gss_svc_seq_data *sd = &rsci->seqdata; | |
621 | ||
622 | spin_lock(&sd->sd_lock); | |
623 | if (seq_num > sd->sd_max) { | |
624 | if (seq_num >= sd->sd_max + GSS_SEQ_WIN) { | |
625 | memset(sd->sd_win,0,sizeof(sd->sd_win)); | |
626 | sd->sd_max = seq_num; | |
627 | } else while (sd->sd_max < seq_num) { | |
628 | sd->sd_max++; | |
629 | __clear_bit(sd->sd_max % GSS_SEQ_WIN, sd->sd_win); | |
630 | } | |
631 | __set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win); | |
632 | goto ok; | |
633 | } else if (seq_num <= sd->sd_max - GSS_SEQ_WIN) { | |
634 | goto drop; | |
635 | } | |
636 | /* sd_max - GSS_SEQ_WIN < seq_num <= sd_max */ | |
637 | if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win)) | |
638 | goto drop; | |
639 | ok: | |
640 | spin_unlock(&sd->sd_lock); | |
641 | return 1; | |
642 | drop: | |
643 | spin_unlock(&sd->sd_lock); | |
644 | return 0; | |
645 | } | |
646 | ||
647 | static inline u32 round_up_to_quad(u32 i) | |
648 | { | |
649 | return (i + 3 ) & ~3; | |
650 | } | |
651 | ||
652 | static inline int | |
653 | svc_safe_getnetobj(struct kvec *argv, struct xdr_netobj *o) | |
654 | { | |
655 | int l; | |
656 | ||
657 | if (argv->iov_len < 4) | |
658 | return -1; | |
76994313 | 659 | o->len = svc_getnl(argv); |
1da177e4 LT |
660 | l = round_up_to_quad(o->len); |
661 | if (argv->iov_len < l) | |
662 | return -1; | |
663 | o->data = argv->iov_base; | |
664 | argv->iov_base += l; | |
665 | argv->iov_len -= l; | |
666 | return 0; | |
667 | } | |
668 | ||
669 | static inline int | |
670 | svc_safe_putnetobj(struct kvec *resv, struct xdr_netobj *o) | |
671 | { | |
753ed90d | 672 | u8 *p; |
1da177e4 LT |
673 | |
674 | if (resv->iov_len + 4 > PAGE_SIZE) | |
675 | return -1; | |
76994313 | 676 | svc_putnl(resv, o->len); |
1da177e4 LT |
677 | p = resv->iov_base + resv->iov_len; |
678 | resv->iov_len += round_up_to_quad(o->len); | |
679 | if (resv->iov_len > PAGE_SIZE) | |
680 | return -1; | |
681 | memcpy(p, o->data, o->len); | |
753ed90d | 682 | memset(p + o->len, 0, round_up_to_quad(o->len) - o->len); |
1da177e4 LT |
683 | return 0; |
684 | } | |
685 | ||
21fcd02b BF |
686 | /* |
687 | * Verify the checksum on the header and return SVC_OK on success. | |
1da177e4 LT |
688 | * Otherwise, return SVC_DROP (in the case of a bad sequence number) |
689 | * or return SVC_DENIED and indicate error in authp. | |
690 | */ | |
691 | static int | |
692 | gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci, | |
d8ed029d | 693 | __be32 *rpcstart, struct rpc_gss_wire_cred *gc, __be32 *authp) |
1da177e4 LT |
694 | { |
695 | struct gss_ctx *ctx_id = rsci->mechctx; | |
696 | struct xdr_buf rpchdr; | |
697 | struct xdr_netobj checksum; | |
698 | u32 flavor = 0; | |
699 | struct kvec *argv = &rqstp->rq_arg.head[0]; | |
700 | struct kvec iov; | |
701 | ||
702 | /* data to compute the checksum over: */ | |
703 | iov.iov_base = rpcstart; | |
704 | iov.iov_len = (u8 *)argv->iov_base - (u8 *)rpcstart; | |
705 | xdr_buf_from_iov(&iov, &rpchdr); | |
706 | ||
707 | *authp = rpc_autherr_badverf; | |
708 | if (argv->iov_len < 4) | |
709 | return SVC_DENIED; | |
76994313 | 710 | flavor = svc_getnl(argv); |
1da177e4 LT |
711 | if (flavor != RPC_AUTH_GSS) |
712 | return SVC_DENIED; | |
713 | if (svc_safe_getnetobj(argv, &checksum)) | |
714 | return SVC_DENIED; | |
715 | ||
716 | if (rqstp->rq_deferred) /* skip verification of revisited request */ | |
717 | return SVC_OK; | |
00fd6e14 | 718 | if (gss_verify_mic(ctx_id, &rpchdr, &checksum) != GSS_S_COMPLETE) { |
1da177e4 LT |
719 | *authp = rpcsec_gsserr_credproblem; |
720 | return SVC_DENIED; | |
721 | } | |
722 | ||
723 | if (gc->gc_seq > MAXSEQ) { | |
28155524 | 724 | trace_rpcgss_svc_large_seqno(rqstp->rq_xid, gc->gc_seq); |
1da177e4 LT |
725 | *authp = rpcsec_gsserr_ctxproblem; |
726 | return SVC_DENIED; | |
727 | } | |
728 | if (!gss_check_seq_num(rsci, gc->gc_seq)) { | |
28155524 | 729 | trace_rpcgss_svc_old_seqno(rqstp->rq_xid, gc->gc_seq); |
1da177e4 LT |
730 | return SVC_DROP; |
731 | } | |
732 | return SVC_OK; | |
733 | } | |
734 | ||
822f1005 AA |
735 | static int |
736 | gss_write_null_verf(struct svc_rqst *rqstp) | |
737 | { | |
d8ed029d | 738 | __be32 *p; |
822f1005 | 739 | |
76994313 | 740 | svc_putnl(rqstp->rq_res.head, RPC_AUTH_NULL); |
822f1005 AA |
741 | p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; |
742 | /* don't really need to check if head->iov_len > PAGE_SIZE ... */ | |
743 | *p++ = 0; | |
744 | if (!xdr_ressize_check(rqstp, p)) | |
745 | return -1; | |
746 | return 0; | |
747 | } | |
748 | ||
1da177e4 LT |
749 | static int |
750 | gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq) | |
751 | { | |
2876a344 | 752 | __be32 *xdr_seq; |
1da177e4 LT |
753 | u32 maj_stat; |
754 | struct xdr_buf verf_data; | |
755 | struct xdr_netobj mic; | |
d8ed029d | 756 | __be32 *p; |
1da177e4 | 757 | struct kvec iov; |
2876a344 | 758 | int err = -1; |
1da177e4 | 759 | |
76994313 | 760 | svc_putnl(rqstp->rq_res.head, RPC_AUTH_GSS); |
2876a344 BF |
761 | xdr_seq = kmalloc(4, GFP_KERNEL); |
762 | if (!xdr_seq) | |
763 | return -1; | |
764 | *xdr_seq = htonl(seq); | |
1da177e4 | 765 | |
2876a344 BF |
766 | iov.iov_base = xdr_seq; |
767 | iov.iov_len = 4; | |
1da177e4 LT |
768 | xdr_buf_from_iov(&iov, &verf_data); |
769 | p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; | |
770 | mic.data = (u8 *)(p + 1); | |
00fd6e14 | 771 | maj_stat = gss_get_mic(ctx_id, &verf_data, &mic); |
1da177e4 | 772 | if (maj_stat != GSS_S_COMPLETE) |
2876a344 | 773 | goto out; |
1da177e4 LT |
774 | *p++ = htonl(mic.len); |
775 | memset((u8 *)p + mic.len, 0, round_up_to_quad(mic.len) - mic.len); | |
776 | p += XDR_QUADLEN(mic.len); | |
777 | if (!xdr_ressize_check(rqstp, p)) | |
2876a344 BF |
778 | goto out; |
779 | err = 0; | |
780 | out: | |
781 | kfree(xdr_seq); | |
782 | return err; | |
1da177e4 LT |
783 | } |
784 | ||
785 | struct gss_domain { | |
786 | struct auth_domain h; | |
787 | u32 pseudoflavor; | |
788 | }; | |
789 | ||
790 | static struct auth_domain * | |
791 | find_gss_auth_domain(struct gss_ctx *ctx, u32 svc) | |
792 | { | |
793 | char *name; | |
794 | ||
795 | name = gss_service_to_auth_domain_name(ctx->mech_type, svc); | |
796 | if (!name) | |
797 | return NULL; | |
798 | return auth_domain_find(name); | |
799 | } | |
800 | ||
efc36aa5 N |
801 | static struct auth_ops svcauthops_gss; |
802 | ||
4796f457 BF |
803 | u32 svcauth_gss_flavor(struct auth_domain *dom) |
804 | { | |
805 | struct gss_domain *gd = container_of(dom, struct gss_domain, h); | |
806 | ||
807 | return gd->pseudoflavor; | |
808 | } | |
809 | ||
7bd88269 | 810 | EXPORT_SYMBOL_GPL(svcauth_gss_flavor); |
4796f457 | 811 | |
1da177e4 LT |
812 | int |
813 | svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name) | |
814 | { | |
815 | struct gss_domain *new; | |
816 | struct auth_domain *test; | |
817 | int stat = -ENOMEM; | |
818 | ||
819 | new = kmalloc(sizeof(*new), GFP_KERNEL); | |
820 | if (!new) | |
821 | goto out; | |
efc36aa5 | 822 | kref_init(&new->h.ref); |
e69062b4 | 823 | new->h.name = kstrdup(name, GFP_KERNEL); |
1da177e4 LT |
824 | if (!new->h.name) |
825 | goto out_free_dom; | |
efc36aa5 | 826 | new->h.flavour = &svcauthops_gss; |
1da177e4 | 827 | new->pseudoflavor = pseudoflavor; |
1da177e4 | 828 | |
cb276805 | 829 | stat = 0; |
efc36aa5 | 830 | test = auth_domain_lookup(name, &new->h); |
cb276805 BF |
831 | if (test != &new->h) { /* Duplicate registration */ |
832 | auth_domain_put(test); | |
833 | kfree(new->h.name); | |
834 | goto out_free_dom; | |
1da177e4 LT |
835 | } |
836 | return 0; | |
837 | ||
838 | out_free_dom: | |
839 | kfree(new); | |
840 | out: | |
841 | return stat; | |
842 | } | |
843 | ||
7bd88269 | 844 | EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor); |
1da177e4 LT |
845 | |
846 | static inline int | |
847 | read_u32_from_xdr_buf(struct xdr_buf *buf, int base, u32 *obj) | |
848 | { | |
d8ed029d | 849 | __be32 raw; |
1da177e4 LT |
850 | int status; |
851 | ||
852 | status = read_bytes_from_xdr_buf(buf, base, &raw, sizeof(*obj)); | |
853 | if (status) | |
854 | return status; | |
855 | *obj = ntohl(raw); | |
856 | return 0; | |
857 | } | |
858 | ||
859 | /* It would be nice if this bit of code could be shared with the client. | |
860 | * Obstacles: | |
861 | * The client shouldn't malloc(), would have to pass in own memory. | |
862 | * The server uses base of head iovec as read pointer, while the | |
863 | * client uses separate pointer. */ | |
864 | static int | |
4c190e2f | 865 | unwrap_integ_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx) |
1da177e4 LT |
866 | { |
867 | int stat = -EINVAL; | |
868 | u32 integ_len, maj_stat; | |
869 | struct xdr_netobj mic; | |
870 | struct xdr_buf integ_buf; | |
871 | ||
06eb8a56 CL |
872 | /* NFS READ normally uses splice to send data in-place. However |
873 | * the data in cache can change after the reply's MIC is computed | |
874 | * but before the RPC reply is sent. To prevent the client from | |
875 | * rejecting the server-computed MIC in this somewhat rare case, | |
876 | * do not use splice with the GSS integrity service. | |
877 | */ | |
878 | clear_bit(RQ_SPLICE_OK, &rqstp->rq_flags); | |
879 | ||
4c190e2f JL |
880 | /* Did we already verify the signature on the original pass through? */ |
881 | if (rqstp->rq_deferred) | |
882 | return 0; | |
883 | ||
76994313 | 884 | integ_len = svc_getnl(&buf->head[0]); |
1da177e4 | 885 | if (integ_len & 3) |
b797b5be | 886 | return stat; |
1da177e4 | 887 | if (integ_len > buf->len) |
b797b5be | 888 | return stat; |
1754eb2b BF |
889 | if (xdr_buf_subsegment(buf, &integ_buf, 0, integ_len)) { |
890 | WARN_ON_ONCE(1); | |
891 | return stat; | |
892 | } | |
1da177e4 LT |
893 | /* copy out mic... */ |
894 | if (read_u32_from_xdr_buf(buf, integ_len, &mic.len)) | |
1754eb2b | 895 | return stat; |
1da177e4 | 896 | if (mic.len > RPC_MAX_AUTH_SIZE) |
b797b5be | 897 | return stat; |
1da177e4 LT |
898 | mic.data = kmalloc(mic.len, GFP_KERNEL); |
899 | if (!mic.data) | |
b797b5be | 900 | return stat; |
1da177e4 LT |
901 | if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len)) |
902 | goto out; | |
00fd6e14 | 903 | maj_stat = gss_verify_mic(ctx, &integ_buf, &mic); |
1da177e4 LT |
904 | if (maj_stat != GSS_S_COMPLETE) |
905 | goto out; | |
76994313 | 906 | if (svc_getnl(&buf->head[0]) != seq) |
1da177e4 | 907 | goto out; |
c0cb8bf3 | 908 | /* trim off the mic and padding at the end before returning */ |
0a8e7b7d | 909 | xdr_buf_trim(buf, round_up_to_quad(mic.len) + 4); |
1da177e4 LT |
910 | stat = 0; |
911 | out: | |
b797b5be | 912 | kfree(mic.data); |
1da177e4 LT |
913 | return stat; |
914 | } | |
915 | ||
7c9fdcfb BF |
916 | static inline int |
917 | total_buf_len(struct xdr_buf *buf) | |
918 | { | |
919 | return buf->head[0].iov_len + buf->page_len + buf->tail[0].iov_len; | |
920 | } | |
921 | ||
922 | static void | |
923 | fix_priv_head(struct xdr_buf *buf, int pad) | |
924 | { | |
925 | if (buf->page_len == 0) { | |
926 | /* We need to adjust head and buf->len in tandem in this | |
927 | * case to make svc_defer() work--it finds the original | |
928 | * buffer start using buf->len - buf->head[0].iov_len. */ | |
929 | buf->head[0].iov_len -= pad; | |
930 | } | |
931 | } | |
932 | ||
933 | static int | |
934 | unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx) | |
935 | { | |
936 | u32 priv_len, maj_stat; | |
31c9590a | 937 | int pad, remaining_len, offset; |
7c9fdcfb | 938 | |
779fb0f3 | 939 | clear_bit(RQ_SPLICE_OK, &rqstp->rq_flags); |
7c9fdcfb | 940 | |
76994313 | 941 | priv_len = svc_getnl(&buf->head[0]); |
7c9fdcfb BF |
942 | if (rqstp->rq_deferred) { |
943 | /* Already decrypted last time through! The sequence number | |
944 | * check at out_seq is unnecessary but harmless: */ | |
945 | goto out_seq; | |
946 | } | |
947 | /* buf->len is the number of bytes from the original start of the | |
948 | * request to the end, where head[0].iov_len is just the bytes | |
949 | * not yet read from the head, so these two values are different: */ | |
950 | remaining_len = total_buf_len(buf); | |
951 | if (priv_len > remaining_len) | |
952 | return -EINVAL; | |
953 | pad = remaining_len - priv_len; | |
954 | buf->len -= pad; | |
955 | fix_priv_head(buf, pad); | |
956 | ||
31c9590a | 957 | maj_stat = gss_unwrap(ctx, 0, priv_len, buf); |
7c9fdcfb | 958 | pad = priv_len - buf->len; |
7c9fdcfb BF |
959 | buf->len -= pad; |
960 | /* The upper layers assume the buffer is aligned on 4-byte boundaries. | |
961 | * In the krb5p case, at least, the data ends up offset, so we need to | |
962 | * move it around. */ | |
963 | /* XXX: This is very inefficient. It would be better to either do | |
964 | * this while we encrypt, or maybe in the receive code, if we can peak | |
965 | * ahead and work out the service and mechanism there. */ | |
96f194b7 | 966 | offset = xdr_pad_size(buf->head[0].iov_len); |
7c9fdcfb BF |
967 | if (offset) { |
968 | buf->buflen = RPCSVC_MAXPAYLOAD; | |
969 | xdr_shift_buf(buf, offset); | |
970 | fix_priv_head(buf, pad); | |
971 | } | |
972 | if (maj_stat != GSS_S_COMPLETE) | |
973 | return -EINVAL; | |
974 | out_seq: | |
76994313 | 975 | if (svc_getnl(&buf->head[0]) != seq) |
7c9fdcfb BF |
976 | return -EINVAL; |
977 | return 0; | |
978 | } | |
979 | ||
1da177e4 LT |
980 | struct gss_svc_data { |
981 | /* decoded gss client cred: */ | |
982 | struct rpc_gss_wire_cred clcred; | |
5b304bc5 BF |
983 | /* save a pointer to the beginning of the encoded verifier, |
984 | * for use in encryption/checksumming in svcauth_gss_release: */ | |
985 | __be32 *verf_start; | |
1da177e4 LT |
986 | struct rsc *rsci; |
987 | }; | |
988 | ||
989 | static int | |
990 | svcauth_gss_set_client(struct svc_rqst *rqstp) | |
991 | { | |
992 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; | |
993 | struct rsc *rsci = svcdata->rsci; | |
994 | struct rpc_gss_wire_cred *gc = &svcdata->clcred; | |
3ab4d8b1 | 995 | int stat; |
1da177e4 | 996 | |
3ab4d8b1 BF |
997 | /* |
998 | * A gss export can be specified either by: | |
999 | * export *(sec=krb5,rw) | |
1000 | * or by | |
1001 | * export gss/krb5(rw) | |
1002 | * The latter is deprecated; but for backwards compatibility reasons | |
1003 | * the nfsd code will still fall back on trying it if the former | |
1004 | * doesn't work; so we try to make both available to nfsd, below. | |
1005 | */ | |
1006 | rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc); | |
1007 | if (rqstp->rq_gssclient == NULL) | |
1da177e4 | 1008 | return SVC_DENIED; |
3ab4d8b1 | 1009 | stat = svcauth_unix_set_client(rqstp); |
1ebede86 | 1010 | if (stat == SVC_DROP || stat == SVC_CLOSE) |
3ab4d8b1 | 1011 | return stat; |
1da177e4 LT |
1012 | return SVC_OK; |
1013 | } | |
1014 | ||
91a4762e | 1015 | static inline int |
fc2952a2 SS |
1016 | gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp, |
1017 | struct xdr_netobj *out_handle, int *major_status) | |
91a4762e KC |
1018 | { |
1019 | struct rsc *rsci; | |
54f9247b | 1020 | int rc; |
91a4762e | 1021 | |
fc2952a2 | 1022 | if (*major_status != GSS_S_COMPLETE) |
91a4762e | 1023 | return gss_write_null_verf(rqstp); |
fc2952a2 | 1024 | rsci = gss_svc_searchbyctx(cd, out_handle); |
91a4762e | 1025 | if (rsci == NULL) { |
fc2952a2 | 1026 | *major_status = GSS_S_NO_CONTEXT; |
91a4762e KC |
1027 | return gss_write_null_verf(rqstp); |
1028 | } | |
54f9247b | 1029 | rc = gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN); |
a1db410d | 1030 | cache_put(&rsci->h, cd); |
54f9247b | 1031 | return rc; |
91a4762e KC |
1032 | } |
1033 | ||
fc2952a2 | 1034 | static inline int |
030d794b SS |
1035 | gss_read_common_verf(struct rpc_gss_wire_cred *gc, |
1036 | struct kvec *argv, __be32 *authp, | |
1037 | struct xdr_netobj *in_handle) | |
21fcd02b | 1038 | { |
21fcd02b BF |
1039 | /* Read the verifier; should be NULL: */ |
1040 | *authp = rpc_autherr_badverf; | |
1041 | if (argv->iov_len < 2 * 4) | |
1042 | return SVC_DENIED; | |
1043 | if (svc_getnl(argv) != RPC_AUTH_NULL) | |
1044 | return SVC_DENIED; | |
1045 | if (svc_getnl(argv) != 0) | |
1046 | return SVC_DENIED; | |
21fcd02b BF |
1047 | /* Martial context handle and token for upcall: */ |
1048 | *authp = rpc_autherr_badcred; | |
1049 | if (gc->gc_proc == RPC_GSS_PROC_INIT && gc->gc_ctx.len != 0) | |
1050 | return SVC_DENIED; | |
fc2952a2 | 1051 | if (dup_netobj(in_handle, &gc->gc_ctx)) |
1ebede86 | 1052 | return SVC_CLOSE; |
21fcd02b | 1053 | *authp = rpc_autherr_badverf; |
030d794b SS |
1054 | |
1055 | return 0; | |
1056 | } | |
1057 | ||
1058 | static inline int | |
1059 | gss_read_verf(struct rpc_gss_wire_cred *gc, | |
1060 | struct kvec *argv, __be32 *authp, | |
1061 | struct xdr_netobj *in_handle, | |
1062 | struct xdr_netobj *in_token) | |
1063 | { | |
1064 | struct xdr_netobj tmpobj; | |
1065 | int res; | |
1066 | ||
1067 | res = gss_read_common_verf(gc, argv, authp, in_handle); | |
1068 | if (res) | |
1069 | return res; | |
1070 | ||
21fcd02b | 1071 | if (svc_safe_getnetobj(argv, &tmpobj)) { |
fc2952a2 | 1072 | kfree(in_handle->data); |
21fcd02b BF |
1073 | return SVC_DENIED; |
1074 | } | |
fc2952a2 SS |
1075 | if (dup_netobj(in_token, &tmpobj)) { |
1076 | kfree(in_handle->data); | |
1ebede86 | 1077 | return SVC_CLOSE; |
21fcd02b BF |
1078 | } |
1079 | ||
fc2952a2 SS |
1080 | return 0; |
1081 | } | |
1082 | ||
5866efa8 | 1083 | static void gss_free_in_token_pages(struct gssp_in_token *in_token) |
030d794b | 1084 | { |
030d794b | 1085 | u32 inlen; |
5866efa8 CL |
1086 | int i; |
1087 | ||
1088 | i = 0; | |
1089 | inlen = in_token->page_len; | |
1090 | while (inlen) { | |
1091 | if (in_token->pages[i]) | |
1092 | put_page(in_token->pages[i]); | |
1093 | inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen; | |
1094 | } | |
1095 | ||
1096 | kfree(in_token->pages); | |
1097 | in_token->pages = NULL; | |
1098 | } | |
1099 | ||
1100 | static int gss_read_proxy_verf(struct svc_rqst *rqstp, | |
1101 | struct rpc_gss_wire_cred *gc, __be32 *authp, | |
1102 | struct xdr_netobj *in_handle, | |
1103 | struct gssp_in_token *in_token) | |
1104 | { | |
1105 | struct kvec *argv = &rqstp->rq_arg.head[0]; | |
1106 | unsigned int page_base, length; | |
1107 | int pages, i, res; | |
1108 | size_t inlen; | |
030d794b SS |
1109 | |
1110 | res = gss_read_common_verf(gc, argv, authp, in_handle); | |
1111 | if (res) | |
1112 | return res; | |
1113 | ||
1114 | inlen = svc_getnl(argv); | |
1115 | if (inlen > (argv->iov_len + rqstp->rq_arg.page_len)) | |
1116 | return SVC_DENIED; | |
1117 | ||
5866efa8 CL |
1118 | pages = DIV_ROUND_UP(inlen, PAGE_SIZE); |
1119 | in_token->pages = kcalloc(pages, sizeof(struct page *), GFP_KERNEL); | |
1120 | if (!in_token->pages) | |
1121 | return SVC_DENIED; | |
1122 | in_token->page_base = 0; | |
030d794b | 1123 | in_token->page_len = inlen; |
5866efa8 CL |
1124 | for (i = 0; i < pages; i++) { |
1125 | in_token->pages[i] = alloc_page(GFP_KERNEL); | |
1126 | if (!in_token->pages[i]) { | |
1127 | gss_free_in_token_pages(in_token); | |
1128 | return SVC_DENIED; | |
1129 | } | |
1130 | } | |
030d794b | 1131 | |
5866efa8 CL |
1132 | length = min_t(unsigned int, inlen, argv->iov_len); |
1133 | memcpy(page_address(in_token->pages[0]), argv->iov_base, length); | |
1134 | inlen -= length; | |
1135 | ||
1136 | i = 1; | |
1137 | page_base = rqstp->rq_arg.page_base; | |
1138 | while (inlen) { | |
1139 | length = min_t(unsigned int, inlen, PAGE_SIZE); | |
1140 | memcpy(page_address(in_token->pages[i]), | |
1141 | page_address(rqstp->rq_arg.pages[i]) + page_base, | |
1142 | length); | |
1143 | ||
1144 | inlen -= length; | |
1145 | page_base = 0; | |
1146 | i++; | |
1147 | } | |
030d794b SS |
1148 | return 0; |
1149 | } | |
1150 | ||
fc2952a2 SS |
1151 | static inline int |
1152 | gss_write_resv(struct kvec *resv, size_t size_limit, | |
1153 | struct xdr_netobj *out_handle, struct xdr_netobj *out_token, | |
1154 | int major_status, int minor_status) | |
1155 | { | |
1156 | if (resv->iov_len + 4 > size_limit) | |
1157 | return -1; | |
1158 | svc_putnl(resv, RPC_SUCCESS); | |
1159 | if (svc_safe_putnetobj(resv, out_handle)) | |
1160 | return -1; | |
1161 | if (resv->iov_len + 3 * 4 > size_limit) | |
1162 | return -1; | |
1163 | svc_putnl(resv, major_status); | |
1164 | svc_putnl(resv, minor_status); | |
1165 | svc_putnl(resv, GSS_SEQ_WIN); | |
1166 | if (svc_safe_putnetobj(resv, out_token)) | |
1167 | return -1; | |
1168 | return 0; | |
1169 | } | |
1170 | ||
1171 | /* | |
1172 | * Having read the cred already and found we're in the context | |
1173 | * initiation case, read the verifier and initiate (or check the results | |
1174 | * of) upcalls to userspace for help with context initiation. If | |
1175 | * the upcall results are available, write the verifier and result. | |
1176 | * Otherwise, drop the request pending an answer to the upcall. | |
1177 | */ | |
030d794b | 1178 | static int svcauth_gss_legacy_init(struct svc_rqst *rqstp, |
fc2952a2 SS |
1179 | struct rpc_gss_wire_cred *gc, __be32 *authp) |
1180 | { | |
1181 | struct kvec *argv = &rqstp->rq_arg.head[0]; | |
1182 | struct kvec *resv = &rqstp->rq_res.head[0]; | |
1183 | struct rsi *rsip, rsikey; | |
1184 | int ret; | |
b8be5674 | 1185 | struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); |
fc2952a2 SS |
1186 | |
1187 | memset(&rsikey, 0, sizeof(rsikey)); | |
1188 | ret = gss_read_verf(gc, argv, authp, | |
1189 | &rsikey.in_handle, &rsikey.in_token); | |
1190 | if (ret) | |
1191 | return ret; | |
1192 | ||
21fcd02b | 1193 | /* Perform upcall, or find upcall result: */ |
a1db410d | 1194 | rsip = rsi_lookup(sn->rsi_cache, &rsikey); |
21fcd02b BF |
1195 | rsi_free(&rsikey); |
1196 | if (!rsip) | |
1ebede86 | 1197 | return SVC_CLOSE; |
a1db410d | 1198 | if (cache_check(sn->rsi_cache, &rsip->h, &rqstp->rq_chandle) < 0) |
21fcd02b | 1199 | /* No upcall result: */ |
1ebede86 | 1200 | return SVC_CLOSE; |
2ed5282c N |
1201 | |
1202 | ret = SVC_CLOSE; | |
1203 | /* Got an answer to the upcall; use it: */ | |
fc2952a2 SS |
1204 | if (gss_write_init_verf(sn->rsc_cache, rqstp, |
1205 | &rsip->out_handle, &rsip->major_status)) | |
2ed5282c | 1206 | goto out; |
fc2952a2 SS |
1207 | if (gss_write_resv(resv, PAGE_SIZE, |
1208 | &rsip->out_handle, &rsip->out_token, | |
1209 | rsip->major_status, rsip->minor_status)) | |
2ed5282c N |
1210 | goto out; |
1211 | ||
980e5a40 BF |
1212 | ret = SVC_COMPLETE; |
1213 | out: | |
a1db410d | 1214 | cache_put(&rsip->h, sn->rsi_cache); |
980e5a40 | 1215 | return ret; |
21fcd02b BF |
1216 | } |
1217 | ||
030d794b SS |
1218 | static int gss_proxy_save_rsc(struct cache_detail *cd, |
1219 | struct gssp_upcall_data *ud, | |
1220 | uint64_t *handle) | |
1221 | { | |
1222 | struct rsc rsci, *rscp = NULL; | |
1223 | static atomic64_t ctxhctr; | |
1224 | long long ctxh; | |
1225 | struct gss_api_mech *gm = NULL; | |
294ec5b8 | 1226 | time64_t expiry; |
030d794b SS |
1227 | int status = -EINVAL; |
1228 | ||
1229 | memset(&rsci, 0, sizeof(rsci)); | |
1230 | /* context handle */ | |
1231 | status = -ENOMEM; | |
1232 | /* the handle needs to be just a unique id, | |
1233 | * use a static counter */ | |
1234 | ctxh = atomic64_inc_return(&ctxhctr); | |
1235 | ||
1236 | /* make a copy for the caller */ | |
1237 | *handle = ctxh; | |
1238 | ||
1239 | /* make a copy for the rsc cache */ | |
1240 | if (dup_to_netobj(&rsci.handle, (char *)handle, sizeof(uint64_t))) | |
1241 | goto out; | |
1242 | rscp = rsc_lookup(cd, &rsci); | |
1243 | if (!rscp) | |
1244 | goto out; | |
1245 | ||
1246 | /* creds */ | |
1247 | if (!ud->found_creds) { | |
1248 | /* userspace seem buggy, we should always get at least a | |
1249 | * mapping to nobody */ | |
3be34555 | 1250 | goto out; |
030d794b | 1251 | } else { |
3d96208c | 1252 | struct timespec64 boot; |
030d794b SS |
1253 | |
1254 | /* steal creds */ | |
1255 | rsci.cred = ud->creds; | |
1256 | memset(&ud->creds, 0, sizeof(struct svc_cred)); | |
1257 | ||
1258 | status = -EOPNOTSUPP; | |
1259 | /* get mech handle from OID */ | |
1260 | gm = gss_mech_get_by_OID(&ud->mech_oid); | |
1261 | if (!gm) | |
1262 | goto out; | |
7193bd17 | 1263 | rsci.cred.cr_gss_mech = gm; |
030d794b SS |
1264 | |
1265 | status = -EINVAL; | |
1266 | /* mech-specific data: */ | |
1267 | status = gss_import_sec_context(ud->out_handle.data, | |
1268 | ud->out_handle.len, | |
1269 | gm, &rsci.mechctx, | |
1270 | &expiry, GFP_KERNEL); | |
1271 | if (status) | |
1272 | goto out; | |
3d96208c RBC |
1273 | |
1274 | getboottime64(&boot); | |
1275 | expiry -= boot.tv_sec; | |
030d794b SS |
1276 | } |
1277 | ||
1278 | rsci.h.expiry_time = expiry; | |
1279 | rscp = rsc_update(cd, &rsci, rscp); | |
1280 | status = 0; | |
1281 | out: | |
030d794b SS |
1282 | rsc_free(&rsci); |
1283 | if (rscp) | |
1284 | cache_put(&rscp->h, cd); | |
1285 | else | |
1286 | status = -ENOMEM; | |
1287 | return status; | |
1288 | } | |
1289 | ||
1290 | static int svcauth_gss_proxy_init(struct svc_rqst *rqstp, | |
1291 | struct rpc_gss_wire_cred *gc, __be32 *authp) | |
1292 | { | |
1293 | struct kvec *resv = &rqstp->rq_res.head[0]; | |
1294 | struct xdr_netobj cli_handle; | |
1295 | struct gssp_upcall_data ud; | |
1296 | uint64_t handle; | |
1297 | int status; | |
1298 | int ret; | |
b8be5674 | 1299 | struct net *net = SVC_NET(rqstp); |
030d794b SS |
1300 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); |
1301 | ||
1302 | memset(&ud, 0, sizeof(ud)); | |
1303 | ret = gss_read_proxy_verf(rqstp, gc, authp, | |
1304 | &ud.in_handle, &ud.in_token); | |
1305 | if (ret) | |
1306 | return ret; | |
1307 | ||
1308 | ret = SVC_CLOSE; | |
1309 | ||
1310 | /* Perform synchronous upcall to gss-proxy */ | |
1311 | status = gssp_accept_sec_context_upcall(net, &ud); | |
1312 | if (status) | |
1313 | goto out; | |
1314 | ||
28155524 CL |
1315 | trace_rpcgss_svc_accept_upcall(rqstp->rq_xid, ud.major_status, |
1316 | ud.minor_status); | |
030d794b SS |
1317 | |
1318 | switch (ud.major_status) { | |
1319 | case GSS_S_CONTINUE_NEEDED: | |
1320 | cli_handle = ud.out_handle; | |
1321 | break; | |
1322 | case GSS_S_COMPLETE: | |
1323 | status = gss_proxy_save_rsc(sn->rsc_cache, &ud, &handle); | |
28155524 | 1324 | if (status) |
030d794b SS |
1325 | goto out; |
1326 | cli_handle.data = (u8 *)&handle; | |
1327 | cli_handle.len = sizeof(handle); | |
1328 | break; | |
1329 | default: | |
030d794b SS |
1330 | goto out; |
1331 | } | |
1332 | ||
1333 | /* Got an answer to the upcall; use it: */ | |
1334 | if (gss_write_init_verf(sn->rsc_cache, rqstp, | |
28155524 | 1335 | &cli_handle, &ud.major_status)) |
030d794b SS |
1336 | goto out; |
1337 | if (gss_write_resv(resv, PAGE_SIZE, | |
1338 | &cli_handle, &ud.out_token, | |
28155524 | 1339 | ud.major_status, ud.minor_status)) |
030d794b SS |
1340 | goto out; |
1341 | ||
1342 | ret = SVC_COMPLETE; | |
1343 | out: | |
5866efa8 | 1344 | gss_free_in_token_pages(&ud.in_token); |
030d794b SS |
1345 | gssp_free_upcall_data(&ud); |
1346 | return ret; | |
1347 | } | |
1348 | ||
0fdc2678 JL |
1349 | /* |
1350 | * Try to set the sn->use_gss_proxy variable to a new value. We only allow | |
1351 | * it to be changed if it's currently undefined (-1). If it's any other value | |
1352 | * then return -EBUSY unless the type wouldn't have changed anyway. | |
1353 | */ | |
1354 | static int set_gss_proxy(struct net *net, int type) | |
030d794b SS |
1355 | { |
1356 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
0fdc2678 | 1357 | int ret; |
030d794b | 1358 | |
0fdc2678 JL |
1359 | WARN_ON_ONCE(type != 0 && type != 1); |
1360 | ret = cmpxchg(&sn->use_gss_proxy, -1, type); | |
1361 | if (ret != -1 && ret != type) | |
1362 | return -EBUSY; | |
030d794b SS |
1363 | return 0; |
1364 | } | |
1365 | ||
0fdc2678 | 1366 | static bool use_gss_proxy(struct net *net) |
030d794b SS |
1367 | { |
1368 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
030d794b | 1369 | |
0fdc2678 JL |
1370 | /* If use_gss_proxy is still undefined, then try to disable it */ |
1371 | if (sn->use_gss_proxy == -1) | |
1372 | set_gss_proxy(net, 0); | |
1373 | return sn->use_gss_proxy; | |
030d794b SS |
1374 | } |
1375 | ||
0fdc2678 JL |
1376 | #ifdef CONFIG_PROC_FS |
1377 | ||
030d794b SS |
1378 | static ssize_t write_gssp(struct file *file, const char __user *buf, |
1379 | size_t count, loff_t *ppos) | |
1380 | { | |
e77e4300 | 1381 | struct net *net = PDE_DATA(file_inode(file)); |
030d794b SS |
1382 | char tbuf[20]; |
1383 | unsigned long i; | |
1384 | int res; | |
1385 | ||
1386 | if (*ppos || count > sizeof(tbuf)-1) | |
1387 | return -EINVAL; | |
1388 | if (copy_from_user(tbuf, buf, count)) | |
1389 | return -EFAULT; | |
1390 | ||
1391 | tbuf[count] = 0; | |
1392 | res = kstrtoul(tbuf, 0, &i); | |
1393 | if (res) | |
1394 | return res; | |
1395 | if (i != 1) | |
1396 | return -EINVAL; | |
a92e5eb1 | 1397 | res = set_gssp_clnt(net); |
030d794b SS |
1398 | if (res) |
1399 | return res; | |
a92e5eb1 | 1400 | res = set_gss_proxy(net, 1); |
030d794b SS |
1401 | if (res) |
1402 | return res; | |
1403 | return count; | |
1404 | } | |
1405 | ||
1406 | static ssize_t read_gssp(struct file *file, char __user *buf, | |
1407 | size_t count, loff_t *ppos) | |
1408 | { | |
e77e4300 | 1409 | struct net *net = PDE_DATA(file_inode(file)); |
1654a04c | 1410 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); |
030d794b SS |
1411 | unsigned long p = *ppos; |
1412 | char tbuf[10]; | |
1413 | size_t len; | |
030d794b | 1414 | |
1654a04c | 1415 | snprintf(tbuf, sizeof(tbuf), "%d\n", sn->use_gss_proxy); |
030d794b SS |
1416 | len = strlen(tbuf); |
1417 | if (p >= len) | |
1418 | return 0; | |
1419 | len -= p; | |
1420 | if (len > count) | |
1421 | len = count; | |
1422 | if (copy_to_user(buf, (void *)(tbuf+p), len)) | |
1423 | return -EFAULT; | |
1424 | *ppos += len; | |
1425 | return len; | |
1426 | } | |
1427 | ||
97a32539 AD |
1428 | static const struct proc_ops use_gss_proxy_proc_ops = { |
1429 | .proc_open = nonseekable_open, | |
1430 | .proc_write = write_gssp, | |
1431 | .proc_read = read_gssp, | |
030d794b SS |
1432 | }; |
1433 | ||
1434 | static int create_use_gss_proxy_proc_entry(struct net *net) | |
1435 | { | |
1436 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1437 | struct proc_dir_entry **p = &sn->use_gssp_proc; | |
1438 | ||
1439 | sn->use_gss_proxy = -1; | |
d6444062 | 1440 | *p = proc_create_data("use-gss-proxy", S_IFREG | 0600, |
030d794b | 1441 | sn->proc_net_rpc, |
97a32539 | 1442 | &use_gss_proxy_proc_ops, net); |
030d794b SS |
1443 | if (!*p) |
1444 | return -ENOMEM; | |
1445 | init_gssp_clnt(sn); | |
1446 | return 0; | |
1447 | } | |
1448 | ||
1449 | static void destroy_use_gss_proxy_proc_entry(struct net *net) | |
1450 | { | |
1451 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1452 | ||
1453 | if (sn->use_gssp_proc) { | |
8fdee4cc | 1454 | remove_proc_entry("use-gss-proxy", sn->proc_net_rpc); |
030d794b SS |
1455 | clear_gssp_clnt(sn); |
1456 | } | |
1457 | } | |
0ff3bab5 BF |
1458 | #else /* CONFIG_PROC_FS */ |
1459 | ||
1460 | static int create_use_gss_proxy_proc_entry(struct net *net) | |
1461 | { | |
1462 | return 0; | |
1463 | } | |
1464 | ||
1465 | static void destroy_use_gss_proxy_proc_entry(struct net *net) {} | |
030d794b SS |
1466 | |
1467 | #endif /* CONFIG_PROC_FS */ | |
1468 | ||
1da177e4 LT |
1469 | /* |
1470 | * Accept an rpcsec packet. | |
1471 | * If context establishment, punt to user space | |
1472 | * If data exchange, verify/decrypt | |
1473 | * If context destruction, handle here | |
1474 | * In the context establishment and destruction case we encode | |
1475 | * response here and return SVC_COMPLETE. | |
1476 | */ | |
1477 | static int | |
d8ed029d | 1478 | svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) |
1da177e4 LT |
1479 | { |
1480 | struct kvec *argv = &rqstp->rq_arg.head[0]; | |
1481 | struct kvec *resv = &rqstp->rq_res.head[0]; | |
1482 | u32 crlen; | |
1da177e4 LT |
1483 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; |
1484 | struct rpc_gss_wire_cred *gc; | |
1485 | struct rsc *rsci = NULL; | |
d8ed029d AD |
1486 | __be32 *rpcstart; |
1487 | __be32 *reject_stat = resv->iov_base + resv->iov_len; | |
1da177e4 | 1488 | int ret; |
b8be5674 | 1489 | struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); |
1da177e4 | 1490 | |
28155524 | 1491 | trace_rpcgss_svc_accept(rqstp->rq_xid, argv->iov_len); |
1da177e4 LT |
1492 | |
1493 | *authp = rpc_autherr_badcred; | |
1494 | if (!svcdata) | |
1495 | svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL); | |
1496 | if (!svcdata) | |
1497 | goto auth_err; | |
1498 | rqstp->rq_auth_data = svcdata; | |
5b304bc5 | 1499 | svcdata->verf_start = NULL; |
1da177e4 LT |
1500 | svcdata->rsci = NULL; |
1501 | gc = &svcdata->clcred; | |
1502 | ||
1503 | /* start of rpc packet is 7 u32's back from here: | |
1504 | * xid direction rpcversion prog vers proc flavour | |
1505 | */ | |
1506 | rpcstart = argv->iov_base; | |
1507 | rpcstart -= 7; | |
1508 | ||
1509 | /* credential is: | |
1510 | * version(==1), proc(0,1,2,3), seq, service (1,2,3), handle | |
25985edc | 1511 | * at least 5 u32s, and is preceded by length, so that makes 6. |
1da177e4 LT |
1512 | */ |
1513 | ||
1514 | if (argv->iov_len < 5 * 4) | |
1515 | goto auth_err; | |
76994313 AD |
1516 | crlen = svc_getnl(argv); |
1517 | if (svc_getnl(argv) != RPC_GSS_VERSION) | |
1da177e4 | 1518 | goto auth_err; |
76994313 AD |
1519 | gc->gc_proc = svc_getnl(argv); |
1520 | gc->gc_seq = svc_getnl(argv); | |
1521 | gc->gc_svc = svc_getnl(argv); | |
1da177e4 LT |
1522 | if (svc_safe_getnetobj(argv, &gc->gc_ctx)) |
1523 | goto auth_err; | |
1524 | if (crlen != round_up_to_quad(gc->gc_ctx.len) + 5 * 4) | |
1525 | goto auth_err; | |
1526 | ||
1527 | if ((gc->gc_proc != RPC_GSS_PROC_DATA) && (rqstp->rq_proc != 0)) | |
1528 | goto auth_err; | |
1529 | ||
1da177e4 LT |
1530 | *authp = rpc_autherr_badverf; |
1531 | switch (gc->gc_proc) { | |
1532 | case RPC_GSS_PROC_INIT: | |
1533 | case RPC_GSS_PROC_CONTINUE_INIT: | |
030d794b SS |
1534 | if (use_gss_proxy(SVC_NET(rqstp))) |
1535 | return svcauth_gss_proxy_init(rqstp, gc, authp); | |
1536 | else | |
1537 | return svcauth_gss_legacy_init(rqstp, gc, authp); | |
1da177e4 LT |
1538 | case RPC_GSS_PROC_DATA: |
1539 | case RPC_GSS_PROC_DESTROY: | |
21fcd02b | 1540 | /* Look up the context, and check the verifier: */ |
1da177e4 | 1541 | *authp = rpcsec_gsserr_credproblem; |
a1db410d | 1542 | rsci = gss_svc_searchbyctx(sn->rsc_cache, &gc->gc_ctx); |
1da177e4 LT |
1543 | if (!rsci) |
1544 | goto auth_err; | |
1545 | switch (gss_verify_header(rqstp, rsci, rpcstart, gc, authp)) { | |
1546 | case SVC_OK: | |
1547 | break; | |
1548 | case SVC_DENIED: | |
1549 | goto auth_err; | |
1550 | case SVC_DROP: | |
1551 | goto drop; | |
1552 | } | |
1553 | break; | |
1554 | default: | |
1555 | *authp = rpc_autherr_rejectedcred; | |
1556 | goto auth_err; | |
1557 | } | |
1558 | ||
1559 | /* now act upon the command: */ | |
1560 | switch (gc->gc_proc) { | |
1da177e4 | 1561 | case RPC_GSS_PROC_DESTROY: |
c5e434c9 WY |
1562 | if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq)) |
1563 | goto auth_err; | |
2b477c00 NB |
1564 | /* Delete the entry from the cache_list and call cache_put */ |
1565 | sunrpc_cache_unhash(sn->rsc_cache, &rsci->h); | |
1da177e4 LT |
1566 | if (resv->iov_len + 4 > PAGE_SIZE) |
1567 | goto drop; | |
76994313 | 1568 | svc_putnl(resv, RPC_SUCCESS); |
1da177e4 LT |
1569 | goto complete; |
1570 | case RPC_GSS_PROC_DATA: | |
1571 | *authp = rpcsec_gsserr_ctxproblem; | |
5b304bc5 | 1572 | svcdata->verf_start = resv->iov_base + resv->iov_len; |
1da177e4 LT |
1573 | if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq)) |
1574 | goto auth_err; | |
1575 | rqstp->rq_cred = rsci->cred; | |
1576 | get_group_info(rsci->cred.cr_group_info); | |
1577 | *authp = rpc_autherr_badcred; | |
1578 | switch (gc->gc_svc) { | |
1579 | case RPC_GSS_SVC_NONE: | |
1580 | break; | |
1581 | case RPC_GSS_SVC_INTEGRITY: | |
b620754b BF |
1582 | /* placeholders for length and seq. number: */ |
1583 | svc_putnl(resv, 0); | |
1584 | svc_putnl(resv, 0); | |
4c190e2f | 1585 | if (unwrap_integ_data(rqstp, &rqstp->rq_arg, |
1da177e4 | 1586 | gc->gc_seq, rsci->mechctx)) |
dd35210e | 1587 | goto garbage_args; |
a5cddc88 | 1588 | rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE; |
b620754b BF |
1589 | break; |
1590 | case RPC_GSS_SVC_PRIVACY: | |
1da177e4 | 1591 | /* placeholders for length and seq. number: */ |
76994313 AD |
1592 | svc_putnl(resv, 0); |
1593 | svc_putnl(resv, 0); | |
7c9fdcfb BF |
1594 | if (unwrap_priv_data(rqstp, &rqstp->rq_arg, |
1595 | gc->gc_seq, rsci->mechctx)) | |
dd35210e | 1596 | goto garbage_args; |
a5cddc88 | 1597 | rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE * 2; |
7c9fdcfb | 1598 | break; |
1da177e4 LT |
1599 | default: |
1600 | goto auth_err; | |
1601 | } | |
1602 | svcdata->rsci = rsci; | |
1603 | cache_get(&rsci->h); | |
d5497fc6 | 1604 | rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor( |
83523d08 CL |
1605 | rsci->mechctx->mech_type, |
1606 | GSS_C_QOP_DEFAULT, | |
1607 | gc->gc_svc); | |
1da177e4 LT |
1608 | ret = SVC_OK; |
1609 | goto out; | |
1610 | } | |
dd35210e | 1611 | garbage_args: |
dd35210e HJ |
1612 | ret = SVC_GARBAGE; |
1613 | goto out; | |
1da177e4 | 1614 | auth_err: |
21fcd02b | 1615 | /* Restore write pointer to its original value: */ |
1da177e4 LT |
1616 | xdr_ressize_check(rqstp, reject_stat); |
1617 | ret = SVC_DENIED; | |
1618 | goto out; | |
1619 | complete: | |
1620 | ret = SVC_COMPLETE; | |
1621 | goto out; | |
1622 | drop: | |
4d712ef1 | 1623 | ret = SVC_CLOSE; |
1da177e4 LT |
1624 | out: |
1625 | if (rsci) | |
a1db410d | 1626 | cache_put(&rsci->h, sn->rsc_cache); |
1da177e4 LT |
1627 | return ret; |
1628 | } | |
1629 | ||
cfbdbab0 | 1630 | static __be32 * |
3c15a486 BF |
1631 | svcauth_gss_prepare_to_wrap(struct xdr_buf *resbuf, struct gss_svc_data *gsd) |
1632 | { | |
cfbdbab0 AV |
1633 | __be32 *p; |
1634 | u32 verf_len; | |
3c15a486 | 1635 | |
5b304bc5 BF |
1636 | p = gsd->verf_start; |
1637 | gsd->verf_start = NULL; | |
1638 | ||
1639 | /* If the reply stat is nonzero, don't wrap: */ | |
1640 | if (*(p-1) != rpc_success) | |
1641 | return NULL; | |
1642 | /* Skip the verifier: */ | |
1643 | p += 1; | |
1644 | verf_len = ntohl(*p++); | |
1645 | p += XDR_QUADLEN(verf_len); | |
3c15a486 BF |
1646 | /* move accept_stat to right place: */ |
1647 | memcpy(p, p + 2, 4); | |
5b304bc5 | 1648 | /* Also don't wrap if the accept stat is nonzero: */ |
3c15a486 BF |
1649 | if (*p != rpc_success) { |
1650 | resbuf->head[0].iov_len -= 2 * 4; | |
1651 | return NULL; | |
1652 | } | |
1653 | p++; | |
1654 | return p; | |
1655 | } | |
1656 | ||
e142ede8 BF |
1657 | static inline int |
1658 | svcauth_gss_wrap_resp_integ(struct svc_rqst *rqstp) | |
1da177e4 LT |
1659 | { |
1660 | struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data; | |
1661 | struct rpc_gss_wire_cred *gc = &gsd->clcred; | |
1662 | struct xdr_buf *resbuf = &rqstp->rq_res; | |
1663 | struct xdr_buf integ_buf; | |
1664 | struct xdr_netobj mic; | |
1665 | struct kvec *resv; | |
d8ed029d | 1666 | __be32 *p; |
1da177e4 LT |
1667 | int integ_offset, integ_len; |
1668 | int stat = -EINVAL; | |
1669 | ||
3c15a486 BF |
1670 | p = svcauth_gss_prepare_to_wrap(resbuf, gsd); |
1671 | if (p == NULL) | |
e142ede8 | 1672 | goto out; |
e142ede8 BF |
1673 | integ_offset = (u8 *)(p + 1) - (u8 *)resbuf->head[0].iov_base; |
1674 | integ_len = resbuf->len - integ_offset; | |
96f194b7 CL |
1675 | if (integ_len & 3) |
1676 | goto out; | |
e142ede8 BF |
1677 | *p++ = htonl(integ_len); |
1678 | *p++ = htonl(gc->gc_seq); | |
1754eb2b BF |
1679 | if (xdr_buf_subsegment(resbuf, &integ_buf, integ_offset, integ_len)) { |
1680 | WARN_ON_ONCE(1); | |
1681 | goto out_err; | |
1682 | } | |
153e44d2 | 1683 | if (resbuf->tail[0].iov_base == NULL) { |
e142ede8 BF |
1684 | if (resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE > PAGE_SIZE) |
1685 | goto out_err; | |
1686 | resbuf->tail[0].iov_base = resbuf->head[0].iov_base | |
1687 | + resbuf->head[0].iov_len; | |
1688 | resbuf->tail[0].iov_len = 0; | |
e142ede8 | 1689 | } |
bba0f88b | 1690 | resv = &resbuf->tail[0]; |
e142ede8 BF |
1691 | mic.data = (u8 *)resv->iov_base + resv->iov_len + 4; |
1692 | if (gss_get_mic(gsd->rsci->mechctx, &integ_buf, &mic)) | |
1693 | goto out_err; | |
76994313 | 1694 | svc_putnl(resv, mic.len); |
e142ede8 BF |
1695 | memset(mic.data + mic.len, 0, |
1696 | round_up_to_quad(mic.len) - mic.len); | |
1697 | resv->iov_len += XDR_QUADLEN(mic.len) << 2; | |
1698 | /* not strictly required: */ | |
1699 | resbuf->len += XDR_QUADLEN(mic.len) << 2; | |
28155524 CL |
1700 | if (resv->iov_len > PAGE_SIZE) |
1701 | goto out_err; | |
e142ede8 BF |
1702 | out: |
1703 | stat = 0; | |
1704 | out_err: | |
1705 | return stat; | |
1706 | } | |
1707 | ||
7c9fdcfb BF |
1708 | static inline int |
1709 | svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp) | |
1710 | { | |
1711 | struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data; | |
1712 | struct rpc_gss_wire_cred *gc = &gsd->clcred; | |
1713 | struct xdr_buf *resbuf = &rqstp->rq_res; | |
1714 | struct page **inpages = NULL; | |
753ed90d AV |
1715 | __be32 *p, *len; |
1716 | int offset; | |
7c9fdcfb BF |
1717 | int pad; |
1718 | ||
3c15a486 BF |
1719 | p = svcauth_gss_prepare_to_wrap(resbuf, gsd); |
1720 | if (p == NULL) | |
7c9fdcfb | 1721 | return 0; |
7c9fdcfb BF |
1722 | len = p++; |
1723 | offset = (u8 *)p - (u8 *)resbuf->head[0].iov_base; | |
1724 | *p++ = htonl(gc->gc_seq); | |
1725 | inpages = resbuf->pages; | |
1726 | /* XXX: Would be better to write some xdr helper functions for | |
1727 | * nfs{2,3,4}xdr.c that place the data right, instead of copying: */ | |
7561042f KC |
1728 | |
1729 | /* | |
1730 | * If there is currently tail data, make sure there is | |
1731 | * room for the head, tail, and 2 * RPC_MAX_AUTH_SIZE in | |
1732 | * the page, and move the current tail data such that | |
1733 | * there is RPC_MAX_AUTH_SIZE slack space available in | |
1734 | * both the head and tail. | |
1735 | */ | |
44524359 | 1736 | if (resbuf->tail[0].iov_base) { |
28155524 CL |
1737 | if (resbuf->tail[0].iov_base >= |
1738 | resbuf->head[0].iov_base + PAGE_SIZE) | |
1739 | return -EINVAL; | |
1740 | if (resbuf->tail[0].iov_base < resbuf->head[0].iov_base) | |
1741 | return -EINVAL; | |
7c9fdcfb BF |
1742 | if (resbuf->tail[0].iov_len + resbuf->head[0].iov_len |
1743 | + 2 * RPC_MAX_AUTH_SIZE > PAGE_SIZE) | |
1744 | return -ENOMEM; | |
1745 | memmove(resbuf->tail[0].iov_base + RPC_MAX_AUTH_SIZE, | |
1746 | resbuf->tail[0].iov_base, | |
1747 | resbuf->tail[0].iov_len); | |
1748 | resbuf->tail[0].iov_base += RPC_MAX_AUTH_SIZE; | |
1749 | } | |
7561042f KC |
1750 | /* |
1751 | * If there is no current tail data, make sure there is | |
1752 | * room for the head data, and 2 * RPC_MAX_AUTH_SIZE in the | |
1753 | * allotted page, and set up tail information such that there | |
1754 | * is RPC_MAX_AUTH_SIZE slack space available in both the | |
1755 | * head and tail. | |
1756 | */ | |
7c9fdcfb BF |
1757 | if (resbuf->tail[0].iov_base == NULL) { |
1758 | if (resbuf->head[0].iov_len + 2*RPC_MAX_AUTH_SIZE > PAGE_SIZE) | |
1759 | return -ENOMEM; | |
1760 | resbuf->tail[0].iov_base = resbuf->head[0].iov_base | |
1761 | + resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE; | |
1762 | resbuf->tail[0].iov_len = 0; | |
7c9fdcfb BF |
1763 | } |
1764 | if (gss_wrap(gsd->rsci->mechctx, offset, resbuf, inpages)) | |
1765 | return -ENOMEM; | |
1766 | *len = htonl(resbuf->len - offset); | |
1767 | pad = 3 - ((resbuf->len - offset - 1)&3); | |
d8ed029d | 1768 | p = (__be32 *)(resbuf->tail[0].iov_base + resbuf->tail[0].iov_len); |
7c9fdcfb BF |
1769 | memset(p, 0, pad); |
1770 | resbuf->tail[0].iov_len += pad; | |
1771 | resbuf->len += pad; | |
1772 | return 0; | |
1773 | } | |
1774 | ||
e142ede8 BF |
1775 | static int |
1776 | svcauth_gss_release(struct svc_rqst *rqstp) | |
1777 | { | |
1778 | struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data; | |
1779 | struct rpc_gss_wire_cred *gc = &gsd->clcred; | |
1780 | struct xdr_buf *resbuf = &rqstp->rq_res; | |
1781 | int stat = -EINVAL; | |
b8be5674 | 1782 | struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); |
e142ede8 | 1783 | |
1da177e4 LT |
1784 | if (gc->gc_proc != RPC_GSS_PROC_DATA) |
1785 | goto out; | |
1786 | /* Release can be called twice, but we only wrap once. */ | |
5b304bc5 | 1787 | if (gsd->verf_start == NULL) |
1da177e4 LT |
1788 | goto out; |
1789 | /* normally not set till svc_send, but we need it here: */ | |
7c9fdcfb BF |
1790 | /* XXX: what for? Do we mess it up the moment we call svc_putu32 |
1791 | * or whatever? */ | |
1792 | resbuf->len = total_buf_len(resbuf); | |
1da177e4 LT |
1793 | switch (gc->gc_svc) { |
1794 | case RPC_GSS_SVC_NONE: | |
1795 | break; | |
1796 | case RPC_GSS_SVC_INTEGRITY: | |
7c9fdcfb BF |
1797 | stat = svcauth_gss_wrap_resp_integ(rqstp); |
1798 | if (stat) | |
1799 | goto out_err; | |
1da177e4 LT |
1800 | break; |
1801 | case RPC_GSS_SVC_PRIVACY: | |
7c9fdcfb BF |
1802 | stat = svcauth_gss_wrap_resp_priv(rqstp); |
1803 | if (stat) | |
1804 | goto out_err; | |
1805 | break; | |
eac81736 WY |
1806 | /* |
1807 | * For any other gc_svc value, svcauth_gss_accept() already set | |
1808 | * the auth_error appropriately; just fall through: | |
1809 | */ | |
1da177e4 LT |
1810 | } |
1811 | ||
1812 | out: | |
1813 | stat = 0; | |
1814 | out_err: | |
1815 | if (rqstp->rq_client) | |
1816 | auth_domain_put(rqstp->rq_client); | |
1817 | rqstp->rq_client = NULL; | |
3ab4d8b1 BF |
1818 | if (rqstp->rq_gssclient) |
1819 | auth_domain_put(rqstp->rq_gssclient); | |
1820 | rqstp->rq_gssclient = NULL; | |
1da177e4 LT |
1821 | if (rqstp->rq_cred.cr_group_info) |
1822 | put_group_info(rqstp->rq_cred.cr_group_info); | |
1823 | rqstp->rq_cred.cr_group_info = NULL; | |
1824 | if (gsd->rsci) | |
a1db410d | 1825 | cache_put(&gsd->rsci->h, sn->rsc_cache); |
1da177e4 LT |
1826 | gsd->rsci = NULL; |
1827 | ||
1828 | return stat; | |
1829 | } | |
1830 | ||
1831 | static void | |
608a0ab2 | 1832 | svcauth_gss_domain_release_rcu(struct rcu_head *head) |
1da177e4 | 1833 | { |
608a0ab2 | 1834 | struct auth_domain *dom = container_of(head, struct auth_domain, rcu_head); |
1da177e4 LT |
1835 | struct gss_domain *gd = container_of(dom, struct gss_domain, h); |
1836 | ||
1837 | kfree(dom->name); | |
1838 | kfree(gd); | |
1839 | } | |
1840 | ||
608a0ab2 TM |
1841 | static void |
1842 | svcauth_gss_domain_release(struct auth_domain *dom) | |
1843 | { | |
1844 | call_rcu(&dom->rcu_head, svcauth_gss_domain_release_rcu); | |
1845 | } | |
1846 | ||
1da177e4 LT |
1847 | static struct auth_ops svcauthops_gss = { |
1848 | .name = "rpcsec_gss", | |
1849 | .owner = THIS_MODULE, | |
1850 | .flavour = RPC_AUTH_GSS, | |
1851 | .accept = svcauth_gss_accept, | |
1852 | .release = svcauth_gss_release, | |
1853 | .domain_release = svcauth_gss_domain_release, | |
1854 | .set_client = svcauth_gss_set_client, | |
1855 | }; | |
1856 | ||
a1db410d SK |
1857 | static int rsi_cache_create_net(struct net *net) |
1858 | { | |
1859 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1860 | struct cache_detail *cd; | |
1861 | int err; | |
1862 | ||
1863 | cd = cache_create_net(&rsi_cache_template, net); | |
1864 | if (IS_ERR(cd)) | |
1865 | return PTR_ERR(cd); | |
1866 | err = cache_register_net(cd, net); | |
1867 | if (err) { | |
1868 | cache_destroy_net(cd, net); | |
1869 | return err; | |
1870 | } | |
1871 | sn->rsi_cache = cd; | |
1872 | return 0; | |
1873 | } | |
1874 | ||
1875 | static void rsi_cache_destroy_net(struct net *net) | |
1876 | { | |
1877 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1878 | struct cache_detail *cd = sn->rsi_cache; | |
1879 | ||
1880 | sn->rsi_cache = NULL; | |
1881 | cache_purge(cd); | |
1882 | cache_unregister_net(cd, net); | |
1883 | cache_destroy_net(cd, net); | |
1884 | } | |
1885 | ||
1886 | static int rsc_cache_create_net(struct net *net) | |
1887 | { | |
1888 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1889 | struct cache_detail *cd; | |
1890 | int err; | |
1891 | ||
1892 | cd = cache_create_net(&rsc_cache_template, net); | |
1893 | if (IS_ERR(cd)) | |
1894 | return PTR_ERR(cd); | |
1895 | err = cache_register_net(cd, net); | |
1896 | if (err) { | |
1897 | cache_destroy_net(cd, net); | |
1898 | return err; | |
1899 | } | |
1900 | sn->rsc_cache = cd; | |
1901 | return 0; | |
1902 | } | |
1903 | ||
1904 | static void rsc_cache_destroy_net(struct net *net) | |
1905 | { | |
1906 | struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); | |
1907 | struct cache_detail *cd = sn->rsc_cache; | |
1908 | ||
1909 | sn->rsc_cache = NULL; | |
1910 | cache_purge(cd); | |
1911 | cache_unregister_net(cd, net); | |
1912 | cache_destroy_net(cd, net); | |
1913 | } | |
1914 | ||
1da177e4 | 1915 | int |
a1db410d | 1916 | gss_svc_init_net(struct net *net) |
1da177e4 | 1917 | { |
a1db410d SK |
1918 | int rv; |
1919 | ||
1920 | rv = rsc_cache_create_net(net); | |
dbf847ec BF |
1921 | if (rv) |
1922 | return rv; | |
a1db410d | 1923 | rv = rsi_cache_create_net(net); |
dbf847ec BF |
1924 | if (rv) |
1925 | goto out1; | |
030d794b SS |
1926 | rv = create_use_gss_proxy_proc_entry(net); |
1927 | if (rv) | |
1928 | goto out2; | |
dbf847ec | 1929 | return 0; |
030d794b SS |
1930 | out2: |
1931 | destroy_use_gss_proxy_proc_entry(net); | |
dbf847ec | 1932 | out1: |
a1db410d | 1933 | rsc_cache_destroy_net(net); |
1da177e4 LT |
1934 | return rv; |
1935 | } | |
1936 | ||
a1db410d SK |
1937 | void |
1938 | gss_svc_shutdown_net(struct net *net) | |
1939 | { | |
030d794b | 1940 | destroy_use_gss_proxy_proc_entry(net); |
a1db410d SK |
1941 | rsi_cache_destroy_net(net); |
1942 | rsc_cache_destroy_net(net); | |
1943 | } | |
1944 | ||
1945 | int | |
1946 | gss_svc_init(void) | |
1947 | { | |
1948 | return svc_auth_register(RPC_AUTH_GSS, &svcauthops_gss); | |
1949 | } | |
1950 | ||
1da177e4 LT |
1951 | void |
1952 | gss_svc_shutdown(void) | |
1953 | { | |
1da177e4 LT |
1954 | svc_auth_unregister(RPC_AUTH_GSS); |
1955 | } |