Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Neil Brown <neilb@cse.unsw.edu.au> | |
3 | * J. Bruce Fields <bfields@umich.edu> | |
4 | * Andy Adamson <andros@umich.edu> | |
5 | * Dug Song <dugsong@monkey.org> | |
6 | * | |
7 | * RPCSEC_GSS server authentication. | |
8 | * This implements RPCSEC_GSS as defined in rfc2203 (rpcsec_gss) and rfc2078 | |
9 | * (gssapi) | |
10 | * | |
11 | * The RPCSEC_GSS involves three stages: | |
12 | * 1/ context creation | |
13 | * 2/ data exchange | |
14 | * 3/ context destruction | |
15 | * | |
16 | * Context creation is handled largely by upcalls to user-space. | |
17 | * In particular, GSS_Accept_sec_context is handled by an upcall | |
18 | * Data exchange is handled entirely within the kernel | |
19 | * In particular, GSS_GetMIC, GSS_VerifyMIC, GSS_Seal, GSS_Unseal are in-kernel. | |
20 | * Context destruction is handled in-kernel | |
21 | * GSS_Delete_sec_context is in-kernel | |
22 | * | |
23 | * Context creation is initiated by a RPCSEC_GSS_INIT request arriving. | |
24 | * The context handle and gss_token are used as a key into the rpcsec_init cache. | |
25 | * The content of this cache includes some of the outputs of GSS_Accept_sec_context, | |
26 | * being major_status, minor_status, context_handle, reply_token. | |
27 | * These are sent back to the client. | |
28 | * Sequence window management is handled by the kernel. The window size if currently | |
29 | * a compile time constant. | |
30 | * | |
31 | * When user-space is happy that a context is established, it places an entry | |
32 | * in the rpcsec_context cache. The key for this cache is the context_handle. | |
33 | * The content includes: | |
34 | * uid/gidlist - for determining access rights | |
35 | * mechanism type | |
36 | * mechanism specific information, such as a key | |
37 | * | |
38 | */ | |
39 | ||
40 | #include <linux/types.h> | |
41 | #include <linux/module.h> | |
42 | #include <linux/pagemap.h> | |
43 | ||
44 | #include <linux/sunrpc/auth_gss.h> | |
1da177e4 LT |
45 | #include <linux/sunrpc/gss_err.h> |
46 | #include <linux/sunrpc/svcauth.h> | |
47 | #include <linux/sunrpc/svcauth_gss.h> | |
48 | #include <linux/sunrpc/cache.h> | |
49 | ||
50 | #ifdef RPC_DEBUG | |
51 | # define RPCDBG_FACILITY RPCDBG_AUTH | |
52 | #endif | |
53 | ||
54 | /* The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests | |
55 | * into replies. | |
56 | * | |
57 | * Key is context handle (\x if empty) and gss_token. | |
58 | * Content is major_status minor_status (integers) context_handle, reply_token. | |
59 | * | |
60 | */ | |
61 | ||
62 | static int netobj_equal(struct xdr_netobj *a, struct xdr_netobj *b) | |
63 | { | |
64 | return a->len == b->len && 0 == memcmp(a->data, b->data, a->len); | |
65 | } | |
66 | ||
67 | #define RSI_HASHBITS 6 | |
68 | #define RSI_HASHMAX (1<<RSI_HASHBITS) | |
69 | #define RSI_HASHMASK (RSI_HASHMAX-1) | |
70 | ||
71 | struct rsi { | |
72 | struct cache_head h; | |
73 | struct xdr_netobj in_handle, in_token; | |
74 | struct xdr_netobj out_handle, out_token; | |
75 | int major_status, minor_status; | |
76 | }; | |
77 | ||
78 | static struct cache_head *rsi_table[RSI_HASHMAX]; | |
79 | static struct cache_detail rsi_cache; | |
d4d11ea9 N |
80 | static struct rsi *rsi_update(struct rsi *new, struct rsi *old); |
81 | static struct rsi *rsi_lookup(struct rsi *item); | |
1da177e4 LT |
82 | |
83 | static void rsi_free(struct rsi *rsii) | |
84 | { | |
85 | kfree(rsii->in_handle.data); | |
86 | kfree(rsii->in_token.data); | |
87 | kfree(rsii->out_handle.data); | |
88 | kfree(rsii->out_token.data); | |
89 | } | |
90 | ||
baab935f | 91 | static void rsi_put(struct kref *ref) |
1da177e4 | 92 | { |
baab935f N |
93 | struct rsi *rsii = container_of(ref, struct rsi, h.ref); |
94 | rsi_free(rsii); | |
95 | kfree(rsii); | |
1da177e4 LT |
96 | } |
97 | ||
98 | static inline int rsi_hash(struct rsi *item) | |
99 | { | |
100 | return hash_mem(item->in_handle.data, item->in_handle.len, RSI_HASHBITS) | |
101 | ^ hash_mem(item->in_token.data, item->in_token.len, RSI_HASHBITS); | |
102 | } | |
103 | ||
d4d11ea9 | 104 | static int rsi_match(struct cache_head *a, struct cache_head *b) |
1da177e4 | 105 | { |
d4d11ea9 N |
106 | struct rsi *item = container_of(a, struct rsi, h); |
107 | struct rsi *tmp = container_of(b, struct rsi, h); | |
1da177e4 LT |
108 | return netobj_equal(&item->in_handle, &tmp->in_handle) |
109 | && netobj_equal(&item->in_token, &tmp->in_token); | |
110 | } | |
111 | ||
112 | static int dup_to_netobj(struct xdr_netobj *dst, char *src, int len) | |
113 | { | |
114 | dst->len = len; | |
e69062b4 | 115 | dst->data = (len ? kmemdup(src, len, GFP_KERNEL) : NULL); |
1da177e4 LT |
116 | if (len && !dst->data) |
117 | return -ENOMEM; | |
118 | return 0; | |
119 | } | |
120 | ||
121 | static inline int dup_netobj(struct xdr_netobj *dst, struct xdr_netobj *src) | |
122 | { | |
123 | return dup_to_netobj(dst, src->data, src->len); | |
124 | } | |
125 | ||
d4d11ea9 | 126 | static void rsi_init(struct cache_head *cnew, struct cache_head *citem) |
1da177e4 | 127 | { |
d4d11ea9 N |
128 | struct rsi *new = container_of(cnew, struct rsi, h); |
129 | struct rsi *item = container_of(citem, struct rsi, h); | |
130 | ||
1da177e4 LT |
131 | new->out_handle.data = NULL; |
132 | new->out_handle.len = 0; | |
133 | new->out_token.data = NULL; | |
134 | new->out_token.len = 0; | |
135 | new->in_handle.len = item->in_handle.len; | |
136 | item->in_handle.len = 0; | |
137 | new->in_token.len = item->in_token.len; | |
138 | item->in_token.len = 0; | |
139 | new->in_handle.data = item->in_handle.data; | |
140 | item->in_handle.data = NULL; | |
141 | new->in_token.data = item->in_token.data; | |
142 | item->in_token.data = NULL; | |
143 | } | |
144 | ||
d4d11ea9 | 145 | static void update_rsi(struct cache_head *cnew, struct cache_head *citem) |
1da177e4 | 146 | { |
d4d11ea9 N |
147 | struct rsi *new = container_of(cnew, struct rsi, h); |
148 | struct rsi *item = container_of(citem, struct rsi, h); | |
149 | ||
1da177e4 LT |
150 | BUG_ON(new->out_handle.data || new->out_token.data); |
151 | new->out_handle.len = item->out_handle.len; | |
152 | item->out_handle.len = 0; | |
153 | new->out_token.len = item->out_token.len; | |
154 | item->out_token.len = 0; | |
155 | new->out_handle.data = item->out_handle.data; | |
156 | item->out_handle.data = NULL; | |
157 | new->out_token.data = item->out_token.data; | |
158 | item->out_token.data = NULL; | |
159 | ||
160 | new->major_status = item->major_status; | |
161 | new->minor_status = item->minor_status; | |
162 | } | |
163 | ||
d4d11ea9 N |
164 | static struct cache_head *rsi_alloc(void) |
165 | { | |
166 | struct rsi *rsii = kmalloc(sizeof(*rsii), GFP_KERNEL); | |
167 | if (rsii) | |
168 | return &rsii->h; | |
169 | else | |
170 | return NULL; | |
171 | } | |
172 | ||
1da177e4 | 173 | static void rsi_request(struct cache_detail *cd, |
cca5172a YH |
174 | struct cache_head *h, |
175 | char **bpp, int *blen) | |
1da177e4 LT |
176 | { |
177 | struct rsi *rsii = container_of(h, struct rsi, h); | |
178 | ||
179 | qword_addhex(bpp, blen, rsii->in_handle.data, rsii->in_handle.len); | |
180 | qword_addhex(bpp, blen, rsii->in_token.data, rsii->in_token.len); | |
181 | (*bpp)[-1] = '\n'; | |
182 | } | |
183 | ||
184 | ||
185 | static int rsi_parse(struct cache_detail *cd, | |
cca5172a | 186 | char *mesg, int mlen) |
1da177e4 LT |
187 | { |
188 | /* context token expiry major minor context token */ | |
189 | char *buf = mesg; | |
190 | char *ep; | |
191 | int len; | |
192 | struct rsi rsii, *rsip = NULL; | |
193 | time_t expiry; | |
194 | int status = -EINVAL; | |
195 | ||
196 | memset(&rsii, 0, sizeof(rsii)); | |
197 | /* handle */ | |
198 | len = qword_get(&mesg, buf, mlen); | |
199 | if (len < 0) | |
200 | goto out; | |
201 | status = -ENOMEM; | |
202 | if (dup_to_netobj(&rsii.in_handle, buf, len)) | |
203 | goto out; | |
204 | ||
205 | /* token */ | |
206 | len = qword_get(&mesg, buf, mlen); | |
207 | status = -EINVAL; | |
208 | if (len < 0) | |
209 | goto out; | |
210 | status = -ENOMEM; | |
211 | if (dup_to_netobj(&rsii.in_token, buf, len)) | |
212 | goto out; | |
213 | ||
d4d11ea9 N |
214 | rsip = rsi_lookup(&rsii); |
215 | if (!rsip) | |
216 | goto out; | |
217 | ||
1da177e4 LT |
218 | rsii.h.flags = 0; |
219 | /* expiry */ | |
220 | expiry = get_expiry(&mesg); | |
221 | status = -EINVAL; | |
222 | if (expiry == 0) | |
223 | goto out; | |
224 | ||
225 | /* major/minor */ | |
226 | len = qword_get(&mesg, buf, mlen); | |
227 | if (len < 0) | |
228 | goto out; | |
229 | if (len == 0) { | |
230 | goto out; | |
231 | } else { | |
232 | rsii.major_status = simple_strtoul(buf, &ep, 10); | |
233 | if (*ep) | |
234 | goto out; | |
235 | len = qword_get(&mesg, buf, mlen); | |
236 | if (len <= 0) | |
237 | goto out; | |
238 | rsii.minor_status = simple_strtoul(buf, &ep, 10); | |
239 | if (*ep) | |
240 | goto out; | |
241 | ||
242 | /* out_handle */ | |
243 | len = qword_get(&mesg, buf, mlen); | |
244 | if (len < 0) | |
245 | goto out; | |
246 | status = -ENOMEM; | |
247 | if (dup_to_netobj(&rsii.out_handle, buf, len)) | |
248 | goto out; | |
249 | ||
250 | /* out_token */ | |
251 | len = qword_get(&mesg, buf, mlen); | |
252 | status = -EINVAL; | |
253 | if (len < 0) | |
254 | goto out; | |
255 | status = -ENOMEM; | |
256 | if (dup_to_netobj(&rsii.out_token, buf, len)) | |
257 | goto out; | |
258 | } | |
259 | rsii.h.expiry_time = expiry; | |
d4d11ea9 | 260 | rsip = rsi_update(&rsii, rsip); |
1da177e4 LT |
261 | status = 0; |
262 | out: | |
263 | rsi_free(&rsii); | |
264 | if (rsip) | |
baab935f | 265 | cache_put(&rsip->h, &rsi_cache); |
d4d11ea9 N |
266 | else |
267 | status = -ENOMEM; | |
1da177e4 LT |
268 | return status; |
269 | } | |
270 | ||
271 | static struct cache_detail rsi_cache = { | |
f35279d3 | 272 | .owner = THIS_MODULE, |
1da177e4 LT |
273 | .hash_size = RSI_HASHMAX, |
274 | .hash_table = rsi_table, | |
275 | .name = "auth.rpcsec.init", | |
276 | .cache_put = rsi_put, | |
277 | .cache_request = rsi_request, | |
278 | .cache_parse = rsi_parse, | |
d4d11ea9 N |
279 | .match = rsi_match, |
280 | .init = rsi_init, | |
281 | .update = update_rsi, | |
282 | .alloc = rsi_alloc, | |
1da177e4 LT |
283 | }; |
284 | ||
d4d11ea9 N |
285 | static struct rsi *rsi_lookup(struct rsi *item) |
286 | { | |
287 | struct cache_head *ch; | |
288 | int hash = rsi_hash(item); | |
289 | ||
290 | ch = sunrpc_cache_lookup(&rsi_cache, &item->h, hash); | |
291 | if (ch) | |
292 | return container_of(ch, struct rsi, h); | |
293 | else | |
294 | return NULL; | |
295 | } | |
296 | ||
297 | static struct rsi *rsi_update(struct rsi *new, struct rsi *old) | |
298 | { | |
299 | struct cache_head *ch; | |
300 | int hash = rsi_hash(new); | |
301 | ||
302 | ch = sunrpc_cache_update(&rsi_cache, &new->h, | |
303 | &old->h, hash); | |
304 | if (ch) | |
305 | return container_of(ch, struct rsi, h); | |
306 | else | |
307 | return NULL; | |
308 | } | |
309 | ||
1da177e4 LT |
310 | |
311 | /* | |
312 | * The rpcsec_context cache is used to store a context that is | |
313 | * used in data exchange. | |
314 | * The key is a context handle. The content is: | |
315 | * uid, gidlist, mechanism, service-set, mech-specific-data | |
316 | */ | |
317 | ||
318 | #define RSC_HASHBITS 10 | |
319 | #define RSC_HASHMAX (1<<RSC_HASHBITS) | |
320 | #define RSC_HASHMASK (RSC_HASHMAX-1) | |
321 | ||
322 | #define GSS_SEQ_WIN 128 | |
323 | ||
324 | struct gss_svc_seq_data { | |
325 | /* highest seq number seen so far: */ | |
326 | int sd_max; | |
327 | /* for i such that sd_max-GSS_SEQ_WIN < i <= sd_max, the i-th bit of | |
328 | * sd_win is nonzero iff sequence number i has been seen already: */ | |
329 | unsigned long sd_win[GSS_SEQ_WIN/BITS_PER_LONG]; | |
330 | spinlock_t sd_lock; | |
331 | }; | |
332 | ||
333 | struct rsc { | |
334 | struct cache_head h; | |
335 | struct xdr_netobj handle; | |
336 | struct svc_cred cred; | |
337 | struct gss_svc_seq_data seqdata; | |
338 | struct gss_ctx *mechctx; | |
339 | }; | |
340 | ||
341 | static struct cache_head *rsc_table[RSC_HASHMAX]; | |
342 | static struct cache_detail rsc_cache; | |
17f834b6 N |
343 | static struct rsc *rsc_update(struct rsc *new, struct rsc *old); |
344 | static struct rsc *rsc_lookup(struct rsc *item); | |
1da177e4 LT |
345 | |
346 | static void rsc_free(struct rsc *rsci) | |
347 | { | |
348 | kfree(rsci->handle.data); | |
349 | if (rsci->mechctx) | |
350 | gss_delete_sec_context(&rsci->mechctx); | |
351 | if (rsci->cred.cr_group_info) | |
352 | put_group_info(rsci->cred.cr_group_info); | |
353 | } | |
354 | ||
baab935f | 355 | static void rsc_put(struct kref *ref) |
1da177e4 | 356 | { |
baab935f | 357 | struct rsc *rsci = container_of(ref, struct rsc, h.ref); |
1da177e4 | 358 | |
baab935f N |
359 | rsc_free(rsci); |
360 | kfree(rsci); | |
1da177e4 LT |
361 | } |
362 | ||
363 | static inline int | |
364 | rsc_hash(struct rsc *rsci) | |
365 | { | |
366 | return hash_mem(rsci->handle.data, rsci->handle.len, RSC_HASHBITS); | |
367 | } | |
368 | ||
17f834b6 N |
369 | static int |
370 | rsc_match(struct cache_head *a, struct cache_head *b) | |
1da177e4 | 371 | { |
17f834b6 N |
372 | struct rsc *new = container_of(a, struct rsc, h); |
373 | struct rsc *tmp = container_of(b, struct rsc, h); | |
374 | ||
1da177e4 LT |
375 | return netobj_equal(&new->handle, &tmp->handle); |
376 | } | |
377 | ||
17f834b6 N |
378 | static void |
379 | rsc_init(struct cache_head *cnew, struct cache_head *ctmp) | |
1da177e4 | 380 | { |
17f834b6 N |
381 | struct rsc *new = container_of(cnew, struct rsc, h); |
382 | struct rsc *tmp = container_of(ctmp, struct rsc, h); | |
383 | ||
1da177e4 LT |
384 | new->handle.len = tmp->handle.len; |
385 | tmp->handle.len = 0; | |
386 | new->handle.data = tmp->handle.data; | |
387 | tmp->handle.data = NULL; | |
388 | new->mechctx = NULL; | |
389 | new->cred.cr_group_info = NULL; | |
390 | } | |
391 | ||
17f834b6 N |
392 | static void |
393 | update_rsc(struct cache_head *cnew, struct cache_head *ctmp) | |
1da177e4 | 394 | { |
17f834b6 N |
395 | struct rsc *new = container_of(cnew, struct rsc, h); |
396 | struct rsc *tmp = container_of(ctmp, struct rsc, h); | |
397 | ||
1da177e4 LT |
398 | new->mechctx = tmp->mechctx; |
399 | tmp->mechctx = NULL; | |
400 | memset(&new->seqdata, 0, sizeof(new->seqdata)); | |
401 | spin_lock_init(&new->seqdata.sd_lock); | |
402 | new->cred = tmp->cred; | |
403 | tmp->cred.cr_group_info = NULL; | |
404 | } | |
405 | ||
17f834b6 N |
406 | static struct cache_head * |
407 | rsc_alloc(void) | |
408 | { | |
409 | struct rsc *rsci = kmalloc(sizeof(*rsci), GFP_KERNEL); | |
410 | if (rsci) | |
411 | return &rsci->h; | |
412 | else | |
413 | return NULL; | |
414 | } | |
415 | ||
1da177e4 LT |
416 | static int rsc_parse(struct cache_detail *cd, |
417 | char *mesg, int mlen) | |
418 | { | |
419 | /* contexthandle expiry [ uid gid N <n gids> mechname ...mechdata... ] */ | |
420 | char *buf = mesg; | |
421 | int len, rv; | |
422 | struct rsc rsci, *rscp = NULL; | |
423 | time_t expiry; | |
424 | int status = -EINVAL; | |
1df0cada | 425 | struct gss_api_mech *gm = NULL; |
1da177e4 LT |
426 | |
427 | memset(&rsci, 0, sizeof(rsci)); | |
428 | /* context handle */ | |
429 | len = qword_get(&mesg, buf, mlen); | |
430 | if (len < 0) goto out; | |
431 | status = -ENOMEM; | |
432 | if (dup_to_netobj(&rsci.handle, buf, len)) | |
433 | goto out; | |
434 | ||
435 | rsci.h.flags = 0; | |
436 | /* expiry */ | |
437 | expiry = get_expiry(&mesg); | |
438 | status = -EINVAL; | |
439 | if (expiry == 0) | |
440 | goto out; | |
441 | ||
17f834b6 N |
442 | rscp = rsc_lookup(&rsci); |
443 | if (!rscp) | |
444 | goto out; | |
445 | ||
1da177e4 LT |
446 | /* uid, or NEGATIVE */ |
447 | rv = get_int(&mesg, &rsci.cred.cr_uid); | |
448 | if (rv == -EINVAL) | |
449 | goto out; | |
450 | if (rv == -ENOENT) | |
451 | set_bit(CACHE_NEGATIVE, &rsci.h.flags); | |
452 | else { | |
453 | int N, i; | |
1da177e4 LT |
454 | |
455 | /* gid */ | |
456 | if (get_int(&mesg, &rsci.cred.cr_gid)) | |
457 | goto out; | |
458 | ||
459 | /* number of additional gid's */ | |
460 | if (get_int(&mesg, &N)) | |
461 | goto out; | |
462 | status = -ENOMEM; | |
463 | rsci.cred.cr_group_info = groups_alloc(N); | |
464 | if (rsci.cred.cr_group_info == NULL) | |
465 | goto out; | |
466 | ||
467 | /* gid's */ | |
468 | status = -EINVAL; | |
469 | for (i=0; i<N; i++) { | |
470 | gid_t gid; | |
471 | if (get_int(&mesg, &gid)) | |
472 | goto out; | |
473 | GROUP_AT(rsci.cred.cr_group_info, i) = gid; | |
474 | } | |
475 | ||
476 | /* mech name */ | |
477 | len = qword_get(&mesg, buf, mlen); | |
478 | if (len < 0) | |
479 | goto out; | |
480 | gm = gss_mech_get_by_name(buf); | |
481 | status = -EOPNOTSUPP; | |
482 | if (!gm) | |
483 | goto out; | |
484 | ||
485 | status = -EINVAL; | |
486 | /* mech-specific data: */ | |
487 | len = qword_get(&mesg, buf, mlen); | |
1df0cada | 488 | if (len < 0) |
1da177e4 | 489 | goto out; |
5fb8b49e | 490 | status = gss_import_sec_context(buf, len, gm, &rsci.mechctx); |
1df0cada | 491 | if (status) |
1da177e4 | 492 | goto out; |
1da177e4 LT |
493 | } |
494 | rsci.h.expiry_time = expiry; | |
17f834b6 | 495 | rscp = rsc_update(&rsci, rscp); |
1da177e4 LT |
496 | status = 0; |
497 | out: | |
1df0cada | 498 | gss_mech_put(gm); |
1da177e4 LT |
499 | rsc_free(&rsci); |
500 | if (rscp) | |
baab935f | 501 | cache_put(&rscp->h, &rsc_cache); |
17f834b6 N |
502 | else |
503 | status = -ENOMEM; | |
1da177e4 LT |
504 | return status; |
505 | } | |
506 | ||
507 | static struct cache_detail rsc_cache = { | |
f35279d3 | 508 | .owner = THIS_MODULE, |
1da177e4 LT |
509 | .hash_size = RSC_HASHMAX, |
510 | .hash_table = rsc_table, | |
511 | .name = "auth.rpcsec.context", | |
512 | .cache_put = rsc_put, | |
513 | .cache_parse = rsc_parse, | |
17f834b6 N |
514 | .match = rsc_match, |
515 | .init = rsc_init, | |
516 | .update = update_rsc, | |
517 | .alloc = rsc_alloc, | |
1da177e4 LT |
518 | }; |
519 | ||
17f834b6 N |
520 | static struct rsc *rsc_lookup(struct rsc *item) |
521 | { | |
522 | struct cache_head *ch; | |
523 | int hash = rsc_hash(item); | |
524 | ||
525 | ch = sunrpc_cache_lookup(&rsc_cache, &item->h, hash); | |
526 | if (ch) | |
527 | return container_of(ch, struct rsc, h); | |
528 | else | |
529 | return NULL; | |
530 | } | |
531 | ||
532 | static struct rsc *rsc_update(struct rsc *new, struct rsc *old) | |
533 | { | |
534 | struct cache_head *ch; | |
535 | int hash = rsc_hash(new); | |
536 | ||
537 | ch = sunrpc_cache_update(&rsc_cache, &new->h, | |
538 | &old->h, hash); | |
539 | if (ch) | |
540 | return container_of(ch, struct rsc, h); | |
541 | else | |
542 | return NULL; | |
543 | } | |
544 | ||
1da177e4 LT |
545 | |
546 | static struct rsc * | |
547 | gss_svc_searchbyctx(struct xdr_netobj *handle) | |
548 | { | |
549 | struct rsc rsci; | |
550 | struct rsc *found; | |
551 | ||
552 | memset(&rsci, 0, sizeof(rsci)); | |
553 | if (dup_to_netobj(&rsci.handle, handle->data, handle->len)) | |
554 | return NULL; | |
17f834b6 | 555 | found = rsc_lookup(&rsci); |
1da177e4 LT |
556 | rsc_free(&rsci); |
557 | if (!found) | |
558 | return NULL; | |
559 | if (cache_check(&rsc_cache, &found->h, NULL)) | |
560 | return NULL; | |
561 | return found; | |
562 | } | |
563 | ||
564 | /* Implements sequence number algorithm as specified in RFC 2203. */ | |
565 | static int | |
566 | gss_check_seq_num(struct rsc *rsci, int seq_num) | |
567 | { | |
568 | struct gss_svc_seq_data *sd = &rsci->seqdata; | |
569 | ||
570 | spin_lock(&sd->sd_lock); | |
571 | if (seq_num > sd->sd_max) { | |
572 | if (seq_num >= sd->sd_max + GSS_SEQ_WIN) { | |
573 | memset(sd->sd_win,0,sizeof(sd->sd_win)); | |
574 | sd->sd_max = seq_num; | |
575 | } else while (sd->sd_max < seq_num) { | |
576 | sd->sd_max++; | |
577 | __clear_bit(sd->sd_max % GSS_SEQ_WIN, sd->sd_win); | |
578 | } | |
579 | __set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win); | |
580 | goto ok; | |
581 | } else if (seq_num <= sd->sd_max - GSS_SEQ_WIN) { | |
582 | goto drop; | |
583 | } | |
584 | /* sd_max - GSS_SEQ_WIN < seq_num <= sd_max */ | |
585 | if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win)) | |
586 | goto drop; | |
587 | ok: | |
588 | spin_unlock(&sd->sd_lock); | |
589 | return 1; | |
590 | drop: | |
591 | spin_unlock(&sd->sd_lock); | |
592 | return 0; | |
593 | } | |
594 | ||
595 | static inline u32 round_up_to_quad(u32 i) | |
596 | { | |
597 | return (i + 3 ) & ~3; | |
598 | } | |
599 | ||
600 | static inline int | |
601 | svc_safe_getnetobj(struct kvec *argv, struct xdr_netobj *o) | |
602 | { | |
603 | int l; | |
604 | ||
605 | if (argv->iov_len < 4) | |
606 | return -1; | |
76994313 | 607 | o->len = svc_getnl(argv); |
1da177e4 LT |
608 | l = round_up_to_quad(o->len); |
609 | if (argv->iov_len < l) | |
610 | return -1; | |
611 | o->data = argv->iov_base; | |
612 | argv->iov_base += l; | |
613 | argv->iov_len -= l; | |
614 | return 0; | |
615 | } | |
616 | ||
617 | static inline int | |
618 | svc_safe_putnetobj(struct kvec *resv, struct xdr_netobj *o) | |
619 | { | |
753ed90d | 620 | u8 *p; |
1da177e4 LT |
621 | |
622 | if (resv->iov_len + 4 > PAGE_SIZE) | |
623 | return -1; | |
76994313 | 624 | svc_putnl(resv, o->len); |
1da177e4 LT |
625 | p = resv->iov_base + resv->iov_len; |
626 | resv->iov_len += round_up_to_quad(o->len); | |
627 | if (resv->iov_len > PAGE_SIZE) | |
628 | return -1; | |
629 | memcpy(p, o->data, o->len); | |
753ed90d | 630 | memset(p + o->len, 0, round_up_to_quad(o->len) - o->len); |
1da177e4 LT |
631 | return 0; |
632 | } | |
633 | ||
634 | /* Verify the checksum on the header and return SVC_OK on success. | |
635 | * Otherwise, return SVC_DROP (in the case of a bad sequence number) | |
636 | * or return SVC_DENIED and indicate error in authp. | |
637 | */ | |
638 | static int | |
639 | gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci, | |
d8ed029d | 640 | __be32 *rpcstart, struct rpc_gss_wire_cred *gc, __be32 *authp) |
1da177e4 LT |
641 | { |
642 | struct gss_ctx *ctx_id = rsci->mechctx; | |
643 | struct xdr_buf rpchdr; | |
644 | struct xdr_netobj checksum; | |
645 | u32 flavor = 0; | |
646 | struct kvec *argv = &rqstp->rq_arg.head[0]; | |
647 | struct kvec iov; | |
648 | ||
649 | /* data to compute the checksum over: */ | |
650 | iov.iov_base = rpcstart; | |
651 | iov.iov_len = (u8 *)argv->iov_base - (u8 *)rpcstart; | |
652 | xdr_buf_from_iov(&iov, &rpchdr); | |
653 | ||
654 | *authp = rpc_autherr_badverf; | |
655 | if (argv->iov_len < 4) | |
656 | return SVC_DENIED; | |
76994313 | 657 | flavor = svc_getnl(argv); |
1da177e4 LT |
658 | if (flavor != RPC_AUTH_GSS) |
659 | return SVC_DENIED; | |
660 | if (svc_safe_getnetobj(argv, &checksum)) | |
661 | return SVC_DENIED; | |
662 | ||
663 | if (rqstp->rq_deferred) /* skip verification of revisited request */ | |
664 | return SVC_OK; | |
00fd6e14 | 665 | if (gss_verify_mic(ctx_id, &rpchdr, &checksum) != GSS_S_COMPLETE) { |
1da177e4 LT |
666 | *authp = rpcsec_gsserr_credproblem; |
667 | return SVC_DENIED; | |
668 | } | |
669 | ||
670 | if (gc->gc_seq > MAXSEQ) { | |
8885cb36 CL |
671 | dprintk("RPC: svcauth_gss: discarding request with " |
672 | "large sequence number %d\n", gc->gc_seq); | |
1da177e4 LT |
673 | *authp = rpcsec_gsserr_ctxproblem; |
674 | return SVC_DENIED; | |
675 | } | |
676 | if (!gss_check_seq_num(rsci, gc->gc_seq)) { | |
8885cb36 CL |
677 | dprintk("RPC: svcauth_gss: discarding request with " |
678 | "old sequence number %d\n", gc->gc_seq); | |
1da177e4 LT |
679 | return SVC_DROP; |
680 | } | |
681 | return SVC_OK; | |
682 | } | |
683 | ||
822f1005 AA |
684 | static int |
685 | gss_write_null_verf(struct svc_rqst *rqstp) | |
686 | { | |
d8ed029d | 687 | __be32 *p; |
822f1005 | 688 | |
76994313 | 689 | svc_putnl(rqstp->rq_res.head, RPC_AUTH_NULL); |
822f1005 AA |
690 | p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; |
691 | /* don't really need to check if head->iov_len > PAGE_SIZE ... */ | |
692 | *p++ = 0; | |
693 | if (!xdr_ressize_check(rqstp, p)) | |
694 | return -1; | |
695 | return 0; | |
696 | } | |
697 | ||
1da177e4 LT |
698 | static int |
699 | gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq) | |
700 | { | |
d8ed029d | 701 | __be32 xdr_seq; |
1da177e4 LT |
702 | u32 maj_stat; |
703 | struct xdr_buf verf_data; | |
704 | struct xdr_netobj mic; | |
d8ed029d | 705 | __be32 *p; |
1da177e4 LT |
706 | struct kvec iov; |
707 | ||
76994313 | 708 | svc_putnl(rqstp->rq_res.head, RPC_AUTH_GSS); |
1da177e4 LT |
709 | xdr_seq = htonl(seq); |
710 | ||
711 | iov.iov_base = &xdr_seq; | |
712 | iov.iov_len = sizeof(xdr_seq); | |
713 | xdr_buf_from_iov(&iov, &verf_data); | |
714 | p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; | |
715 | mic.data = (u8 *)(p + 1); | |
00fd6e14 | 716 | maj_stat = gss_get_mic(ctx_id, &verf_data, &mic); |
1da177e4 LT |
717 | if (maj_stat != GSS_S_COMPLETE) |
718 | return -1; | |
719 | *p++ = htonl(mic.len); | |
720 | memset((u8 *)p + mic.len, 0, round_up_to_quad(mic.len) - mic.len); | |
721 | p += XDR_QUADLEN(mic.len); | |
722 | if (!xdr_ressize_check(rqstp, p)) | |
723 | return -1; | |
724 | return 0; | |
725 | } | |
726 | ||
727 | struct gss_domain { | |
728 | struct auth_domain h; | |
729 | u32 pseudoflavor; | |
730 | }; | |
731 | ||
732 | static struct auth_domain * | |
733 | find_gss_auth_domain(struct gss_ctx *ctx, u32 svc) | |
734 | { | |
735 | char *name; | |
736 | ||
737 | name = gss_service_to_auth_domain_name(ctx->mech_type, svc); | |
738 | if (!name) | |
739 | return NULL; | |
740 | return auth_domain_find(name); | |
741 | } | |
742 | ||
efc36aa5 N |
743 | static struct auth_ops svcauthops_gss; |
744 | ||
4796f457 BF |
745 | u32 svcauth_gss_flavor(struct auth_domain *dom) |
746 | { | |
747 | struct gss_domain *gd = container_of(dom, struct gss_domain, h); | |
748 | ||
749 | return gd->pseudoflavor; | |
750 | } | |
751 | ||
752 | EXPORT_SYMBOL(svcauth_gss_flavor); | |
753 | ||
1da177e4 LT |
754 | int |
755 | svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name) | |
756 | { | |
757 | struct gss_domain *new; | |
758 | struct auth_domain *test; | |
759 | int stat = -ENOMEM; | |
760 | ||
761 | new = kmalloc(sizeof(*new), GFP_KERNEL); | |
762 | if (!new) | |
763 | goto out; | |
efc36aa5 | 764 | kref_init(&new->h.ref); |
e69062b4 | 765 | new->h.name = kstrdup(name, GFP_KERNEL); |
1da177e4 LT |
766 | if (!new->h.name) |
767 | goto out_free_dom; | |
efc36aa5 | 768 | new->h.flavour = &svcauthops_gss; |
1da177e4 | 769 | new->pseudoflavor = pseudoflavor; |
1da177e4 | 770 | |
cb276805 | 771 | stat = 0; |
efc36aa5 | 772 | test = auth_domain_lookup(name, &new->h); |
cb276805 BF |
773 | if (test != &new->h) { /* Duplicate registration */ |
774 | auth_domain_put(test); | |
775 | kfree(new->h.name); | |
776 | goto out_free_dom; | |
1da177e4 LT |
777 | } |
778 | return 0; | |
779 | ||
780 | out_free_dom: | |
781 | kfree(new); | |
782 | out: | |
783 | return stat; | |
784 | } | |
785 | ||
786 | EXPORT_SYMBOL(svcauth_gss_register_pseudoflavor); | |
787 | ||
788 | static inline int | |
789 | read_u32_from_xdr_buf(struct xdr_buf *buf, int base, u32 *obj) | |
790 | { | |
d8ed029d | 791 | __be32 raw; |
1da177e4 LT |
792 | int status; |
793 | ||
794 | status = read_bytes_from_xdr_buf(buf, base, &raw, sizeof(*obj)); | |
795 | if (status) | |
796 | return status; | |
797 | *obj = ntohl(raw); | |
798 | return 0; | |
799 | } | |
800 | ||
801 | /* It would be nice if this bit of code could be shared with the client. | |
802 | * Obstacles: | |
803 | * The client shouldn't malloc(), would have to pass in own memory. | |
804 | * The server uses base of head iovec as read pointer, while the | |
805 | * client uses separate pointer. */ | |
806 | static int | |
807 | unwrap_integ_data(struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx) | |
808 | { | |
809 | int stat = -EINVAL; | |
810 | u32 integ_len, maj_stat; | |
811 | struct xdr_netobj mic; | |
812 | struct xdr_buf integ_buf; | |
813 | ||
76994313 | 814 | integ_len = svc_getnl(&buf->head[0]); |
1da177e4 | 815 | if (integ_len & 3) |
b797b5be | 816 | return stat; |
1da177e4 | 817 | if (integ_len > buf->len) |
b797b5be | 818 | return stat; |
1da177e4 LT |
819 | if (xdr_buf_subsegment(buf, &integ_buf, 0, integ_len)) |
820 | BUG(); | |
821 | /* copy out mic... */ | |
822 | if (read_u32_from_xdr_buf(buf, integ_len, &mic.len)) | |
823 | BUG(); | |
824 | if (mic.len > RPC_MAX_AUTH_SIZE) | |
b797b5be | 825 | return stat; |
1da177e4 LT |
826 | mic.data = kmalloc(mic.len, GFP_KERNEL); |
827 | if (!mic.data) | |
b797b5be | 828 | return stat; |
1da177e4 LT |
829 | if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len)) |
830 | goto out; | |
00fd6e14 | 831 | maj_stat = gss_verify_mic(ctx, &integ_buf, &mic); |
1da177e4 LT |
832 | if (maj_stat != GSS_S_COMPLETE) |
833 | goto out; | |
76994313 | 834 | if (svc_getnl(&buf->head[0]) != seq) |
1da177e4 LT |
835 | goto out; |
836 | stat = 0; | |
837 | out: | |
b797b5be | 838 | kfree(mic.data); |
1da177e4 LT |
839 | return stat; |
840 | } | |
841 | ||
7c9fdcfb BF |
842 | static inline int |
843 | total_buf_len(struct xdr_buf *buf) | |
844 | { | |
845 | return buf->head[0].iov_len + buf->page_len + buf->tail[0].iov_len; | |
846 | } | |
847 | ||
848 | static void | |
849 | fix_priv_head(struct xdr_buf *buf, int pad) | |
850 | { | |
851 | if (buf->page_len == 0) { | |
852 | /* We need to adjust head and buf->len in tandem in this | |
853 | * case to make svc_defer() work--it finds the original | |
854 | * buffer start using buf->len - buf->head[0].iov_len. */ | |
855 | buf->head[0].iov_len -= pad; | |
856 | } | |
857 | } | |
858 | ||
859 | static int | |
860 | unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx) | |
861 | { | |
862 | u32 priv_len, maj_stat; | |
863 | int pad, saved_len, remaining_len, offset; | |
864 | ||
cf8208d0 | 865 | rqstp->rq_splice_ok = 0; |
7c9fdcfb | 866 | |
76994313 | 867 | priv_len = svc_getnl(&buf->head[0]); |
7c9fdcfb BF |
868 | if (rqstp->rq_deferred) { |
869 | /* Already decrypted last time through! The sequence number | |
870 | * check at out_seq is unnecessary but harmless: */ | |
871 | goto out_seq; | |
872 | } | |
873 | /* buf->len is the number of bytes from the original start of the | |
874 | * request to the end, where head[0].iov_len is just the bytes | |
875 | * not yet read from the head, so these two values are different: */ | |
876 | remaining_len = total_buf_len(buf); | |
877 | if (priv_len > remaining_len) | |
878 | return -EINVAL; | |
879 | pad = remaining_len - priv_len; | |
880 | buf->len -= pad; | |
881 | fix_priv_head(buf, pad); | |
882 | ||
883 | /* Maybe it would be better to give gss_unwrap a length parameter: */ | |
884 | saved_len = buf->len; | |
885 | buf->len = priv_len; | |
886 | maj_stat = gss_unwrap(ctx, 0, buf); | |
887 | pad = priv_len - buf->len; | |
888 | buf->len = saved_len; | |
889 | buf->len -= pad; | |
890 | /* The upper layers assume the buffer is aligned on 4-byte boundaries. | |
891 | * In the krb5p case, at least, the data ends up offset, so we need to | |
892 | * move it around. */ | |
893 | /* XXX: This is very inefficient. It would be better to either do | |
894 | * this while we encrypt, or maybe in the receive code, if we can peak | |
895 | * ahead and work out the service and mechanism there. */ | |
896 | offset = buf->head[0].iov_len % 4; | |
897 | if (offset) { | |
898 | buf->buflen = RPCSVC_MAXPAYLOAD; | |
899 | xdr_shift_buf(buf, offset); | |
900 | fix_priv_head(buf, pad); | |
901 | } | |
902 | if (maj_stat != GSS_S_COMPLETE) | |
903 | return -EINVAL; | |
904 | out_seq: | |
76994313 | 905 | if (svc_getnl(&buf->head[0]) != seq) |
7c9fdcfb BF |
906 | return -EINVAL; |
907 | return 0; | |
908 | } | |
909 | ||
1da177e4 LT |
910 | struct gss_svc_data { |
911 | /* decoded gss client cred: */ | |
912 | struct rpc_gss_wire_cred clcred; | |
5b304bc5 BF |
913 | /* save a pointer to the beginning of the encoded verifier, |
914 | * for use in encryption/checksumming in svcauth_gss_release: */ | |
915 | __be32 *verf_start; | |
1da177e4 LT |
916 | struct rsc *rsci; |
917 | }; | |
918 | ||
919 | static int | |
920 | svcauth_gss_set_client(struct svc_rqst *rqstp) | |
921 | { | |
922 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; | |
923 | struct rsc *rsci = svcdata->rsci; | |
924 | struct rpc_gss_wire_cred *gc = &svcdata->clcred; | |
3ab4d8b1 | 925 | int stat; |
1da177e4 | 926 | |
3ab4d8b1 BF |
927 | /* |
928 | * A gss export can be specified either by: | |
929 | * export *(sec=krb5,rw) | |
930 | * or by | |
931 | * export gss/krb5(rw) | |
932 | * The latter is deprecated; but for backwards compatibility reasons | |
933 | * the nfsd code will still fall back on trying it if the former | |
934 | * doesn't work; so we try to make both available to nfsd, below. | |
935 | */ | |
936 | rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc); | |
937 | if (rqstp->rq_gssclient == NULL) | |
1da177e4 | 938 | return SVC_DENIED; |
3ab4d8b1 BF |
939 | stat = svcauth_unix_set_client(rqstp); |
940 | if (stat == SVC_DROP) | |
941 | return stat; | |
1da177e4 LT |
942 | return SVC_OK; |
943 | } | |
944 | ||
91a4762e KC |
945 | static inline int |
946 | gss_write_init_verf(struct svc_rqst *rqstp, struct rsi *rsip) | |
947 | { | |
948 | struct rsc *rsci; | |
54f9247b | 949 | int rc; |
91a4762e KC |
950 | |
951 | if (rsip->major_status != GSS_S_COMPLETE) | |
952 | return gss_write_null_verf(rqstp); | |
953 | rsci = gss_svc_searchbyctx(&rsip->out_handle); | |
954 | if (rsci == NULL) { | |
955 | rsip->major_status = GSS_S_NO_CONTEXT; | |
956 | return gss_write_null_verf(rqstp); | |
957 | } | |
54f9247b FF |
958 | rc = gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN); |
959 | cache_put(&rsci->h, &rsc_cache); | |
960 | return rc; | |
91a4762e KC |
961 | } |
962 | ||
1da177e4 LT |
963 | /* |
964 | * Accept an rpcsec packet. | |
965 | * If context establishment, punt to user space | |
966 | * If data exchange, verify/decrypt | |
967 | * If context destruction, handle here | |
968 | * In the context establishment and destruction case we encode | |
969 | * response here and return SVC_COMPLETE. | |
970 | */ | |
971 | static int | |
d8ed029d | 972 | svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) |
1da177e4 LT |
973 | { |
974 | struct kvec *argv = &rqstp->rq_arg.head[0]; | |
975 | struct kvec *resv = &rqstp->rq_res.head[0]; | |
976 | u32 crlen; | |
977 | struct xdr_netobj tmpobj; | |
978 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; | |
979 | struct rpc_gss_wire_cred *gc; | |
980 | struct rsc *rsci = NULL; | |
981 | struct rsi *rsip, rsikey; | |
d8ed029d AD |
982 | __be32 *rpcstart; |
983 | __be32 *reject_stat = resv->iov_base + resv->iov_len; | |
1da177e4 LT |
984 | int ret; |
985 | ||
8885cb36 CL |
986 | dprintk("RPC: svcauth_gss: argv->iov_len = %zd\n", |
987 | argv->iov_len); | |
1da177e4 LT |
988 | |
989 | *authp = rpc_autherr_badcred; | |
990 | if (!svcdata) | |
991 | svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL); | |
992 | if (!svcdata) | |
993 | goto auth_err; | |
994 | rqstp->rq_auth_data = svcdata; | |
5b304bc5 | 995 | svcdata->verf_start = NULL; |
1da177e4 LT |
996 | svcdata->rsci = NULL; |
997 | gc = &svcdata->clcred; | |
998 | ||
999 | /* start of rpc packet is 7 u32's back from here: | |
1000 | * xid direction rpcversion prog vers proc flavour | |
1001 | */ | |
1002 | rpcstart = argv->iov_base; | |
1003 | rpcstart -= 7; | |
1004 | ||
1005 | /* credential is: | |
1006 | * version(==1), proc(0,1,2,3), seq, service (1,2,3), handle | |
1007 | * at least 5 u32s, and is preceeded by length, so that makes 6. | |
1008 | */ | |
1009 | ||
1010 | if (argv->iov_len < 5 * 4) | |
1011 | goto auth_err; | |
76994313 AD |
1012 | crlen = svc_getnl(argv); |
1013 | if (svc_getnl(argv) != RPC_GSS_VERSION) | |
1da177e4 | 1014 | goto auth_err; |
76994313 AD |
1015 | gc->gc_proc = svc_getnl(argv); |
1016 | gc->gc_seq = svc_getnl(argv); | |
1017 | gc->gc_svc = svc_getnl(argv); | |
1da177e4 LT |
1018 | if (svc_safe_getnetobj(argv, &gc->gc_ctx)) |
1019 | goto auth_err; | |
1020 | if (crlen != round_up_to_quad(gc->gc_ctx.len) + 5 * 4) | |
1021 | goto auth_err; | |
1022 | ||
1023 | if ((gc->gc_proc != RPC_GSS_PROC_DATA) && (rqstp->rq_proc != 0)) | |
1024 | goto auth_err; | |
1025 | ||
1026 | /* | |
1027 | * We've successfully parsed the credential. Let's check out the | |
1028 | * verifier. An AUTH_NULL verifier is allowed (and required) for | |
1029 | * INIT and CONTINUE_INIT requests. AUTH_RPCSEC_GSS is required for | |
1030 | * PROC_DATA and PROC_DESTROY. | |
1031 | * | |
1032 | * AUTH_NULL verifier is 0 (AUTH_NULL), 0 (length). | |
1033 | * AUTH_RPCSEC_GSS verifier is: | |
1034 | * 6 (AUTH_RPCSEC_GSS), length, checksum. | |
1035 | * checksum is calculated over rpcheader from xid up to here. | |
1036 | */ | |
1037 | *authp = rpc_autherr_badverf; | |
1038 | switch (gc->gc_proc) { | |
1039 | case RPC_GSS_PROC_INIT: | |
1040 | case RPC_GSS_PROC_CONTINUE_INIT: | |
1041 | if (argv->iov_len < 2 * 4) | |
1042 | goto auth_err; | |
76994313 | 1043 | if (svc_getnl(argv) != RPC_AUTH_NULL) |
1da177e4 | 1044 | goto auth_err; |
76994313 | 1045 | if (svc_getnl(argv) != 0) |
1da177e4 LT |
1046 | goto auth_err; |
1047 | break; | |
1048 | case RPC_GSS_PROC_DATA: | |
1049 | case RPC_GSS_PROC_DESTROY: | |
1050 | *authp = rpcsec_gsserr_credproblem; | |
1051 | rsci = gss_svc_searchbyctx(&gc->gc_ctx); | |
1052 | if (!rsci) | |
1053 | goto auth_err; | |
1054 | switch (gss_verify_header(rqstp, rsci, rpcstart, gc, authp)) { | |
1055 | case SVC_OK: | |
1056 | break; | |
1057 | case SVC_DENIED: | |
1058 | goto auth_err; | |
1059 | case SVC_DROP: | |
1060 | goto drop; | |
1061 | } | |
1062 | break; | |
1063 | default: | |
1064 | *authp = rpc_autherr_rejectedcred; | |
1065 | goto auth_err; | |
1066 | } | |
1067 | ||
1068 | /* now act upon the command: */ | |
1069 | switch (gc->gc_proc) { | |
1070 | case RPC_GSS_PROC_INIT: | |
1071 | case RPC_GSS_PROC_CONTINUE_INIT: | |
1072 | *authp = rpc_autherr_badcred; | |
1073 | if (gc->gc_proc == RPC_GSS_PROC_INIT && gc->gc_ctx.len != 0) | |
1074 | goto auth_err; | |
1075 | memset(&rsikey, 0, sizeof(rsikey)); | |
1076 | if (dup_netobj(&rsikey.in_handle, &gc->gc_ctx)) | |
1077 | goto drop; | |
1078 | *authp = rpc_autherr_badverf; | |
1079 | if (svc_safe_getnetobj(argv, &tmpobj)) { | |
1080 | kfree(rsikey.in_handle.data); | |
1081 | goto auth_err; | |
1082 | } | |
1083 | if (dup_netobj(&rsikey.in_token, &tmpobj)) { | |
1084 | kfree(rsikey.in_handle.data); | |
1085 | goto drop; | |
1086 | } | |
1087 | ||
d4d11ea9 | 1088 | rsip = rsi_lookup(&rsikey); |
1da177e4 LT |
1089 | rsi_free(&rsikey); |
1090 | if (!rsip) { | |
1091 | goto drop; | |
1092 | } | |
1093 | switch(cache_check(&rsi_cache, &rsip->h, &rqstp->rq_chandle)) { | |
1094 | case -EAGAIN: | |
e0bb89ef | 1095 | case -ETIMEDOUT: |
1da177e4 LT |
1096 | case -ENOENT: |
1097 | goto drop; | |
1098 | case 0: | |
91a4762e KC |
1099 | if (gss_write_init_verf(rqstp, rsip)) |
1100 | goto drop; | |
1da177e4 LT |
1101 | if (resv->iov_len + 4 > PAGE_SIZE) |
1102 | goto drop; | |
76994313 | 1103 | svc_putnl(resv, RPC_SUCCESS); |
1da177e4 LT |
1104 | if (svc_safe_putnetobj(resv, &rsip->out_handle)) |
1105 | goto drop; | |
1106 | if (resv->iov_len + 3 * 4 > PAGE_SIZE) | |
1107 | goto drop; | |
76994313 AD |
1108 | svc_putnl(resv, rsip->major_status); |
1109 | svc_putnl(resv, rsip->minor_status); | |
1110 | svc_putnl(resv, GSS_SEQ_WIN); | |
1da177e4 LT |
1111 | if (svc_safe_putnetobj(resv, &rsip->out_token)) |
1112 | goto drop; | |
1da177e4 LT |
1113 | } |
1114 | goto complete; | |
1115 | case RPC_GSS_PROC_DESTROY: | |
c5e434c9 WY |
1116 | if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq)) |
1117 | goto auth_err; | |
1da177e4 LT |
1118 | set_bit(CACHE_NEGATIVE, &rsci->h.flags); |
1119 | if (resv->iov_len + 4 > PAGE_SIZE) | |
1120 | goto drop; | |
76994313 | 1121 | svc_putnl(resv, RPC_SUCCESS); |
1da177e4 LT |
1122 | goto complete; |
1123 | case RPC_GSS_PROC_DATA: | |
1124 | *authp = rpcsec_gsserr_ctxproblem; | |
5b304bc5 | 1125 | svcdata->verf_start = resv->iov_base + resv->iov_len; |
1da177e4 LT |
1126 | if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq)) |
1127 | goto auth_err; | |
1128 | rqstp->rq_cred = rsci->cred; | |
1129 | get_group_info(rsci->cred.cr_group_info); | |
1130 | *authp = rpc_autherr_badcred; | |
1131 | switch (gc->gc_svc) { | |
1132 | case RPC_GSS_SVC_NONE: | |
1133 | break; | |
1134 | case RPC_GSS_SVC_INTEGRITY: | |
1135 | if (unwrap_integ_data(&rqstp->rq_arg, | |
1136 | gc->gc_seq, rsci->mechctx)) | |
1137 | goto auth_err; | |
1138 | /* placeholders for length and seq. number: */ | |
76994313 AD |
1139 | svc_putnl(resv, 0); |
1140 | svc_putnl(resv, 0); | |
1da177e4 LT |
1141 | break; |
1142 | case RPC_GSS_SVC_PRIVACY: | |
7c9fdcfb BF |
1143 | if (unwrap_priv_data(rqstp, &rqstp->rq_arg, |
1144 | gc->gc_seq, rsci->mechctx)) | |
1145 | goto auth_err; | |
1146 | /* placeholders for length and seq. number: */ | |
76994313 AD |
1147 | svc_putnl(resv, 0); |
1148 | svc_putnl(resv, 0); | |
7c9fdcfb | 1149 | break; |
1da177e4 LT |
1150 | default: |
1151 | goto auth_err; | |
1152 | } | |
1153 | svcdata->rsci = rsci; | |
1154 | cache_get(&rsci->h); | |
c4170583 AA |
1155 | rqstp->rq_flavor = gss_svc_to_pseudoflavor( |
1156 | rsci->mechctx->mech_type, gc->gc_svc); | |
1da177e4 LT |
1157 | ret = SVC_OK; |
1158 | goto out; | |
1159 | } | |
1160 | auth_err: | |
1161 | /* Restore write pointer to original value: */ | |
1162 | xdr_ressize_check(rqstp, reject_stat); | |
1163 | ret = SVC_DENIED; | |
1164 | goto out; | |
1165 | complete: | |
1166 | ret = SVC_COMPLETE; | |
1167 | goto out; | |
1168 | drop: | |
1169 | ret = SVC_DROP; | |
1170 | out: | |
1171 | if (rsci) | |
baab935f | 1172 | cache_put(&rsci->h, &rsc_cache); |
1da177e4 LT |
1173 | return ret; |
1174 | } | |
1175 | ||
cfbdbab0 | 1176 | static __be32 * |
3c15a486 BF |
1177 | svcauth_gss_prepare_to_wrap(struct xdr_buf *resbuf, struct gss_svc_data *gsd) |
1178 | { | |
cfbdbab0 AV |
1179 | __be32 *p; |
1180 | u32 verf_len; | |
3c15a486 | 1181 | |
5b304bc5 BF |
1182 | p = gsd->verf_start; |
1183 | gsd->verf_start = NULL; | |
1184 | ||
1185 | /* If the reply stat is nonzero, don't wrap: */ | |
1186 | if (*(p-1) != rpc_success) | |
1187 | return NULL; | |
1188 | /* Skip the verifier: */ | |
1189 | p += 1; | |
1190 | verf_len = ntohl(*p++); | |
1191 | p += XDR_QUADLEN(verf_len); | |
3c15a486 BF |
1192 | /* move accept_stat to right place: */ |
1193 | memcpy(p, p + 2, 4); | |
5b304bc5 | 1194 | /* Also don't wrap if the accept stat is nonzero: */ |
3c15a486 BF |
1195 | if (*p != rpc_success) { |
1196 | resbuf->head[0].iov_len -= 2 * 4; | |
1197 | return NULL; | |
1198 | } | |
1199 | p++; | |
1200 | return p; | |
1201 | } | |
1202 | ||
e142ede8 BF |
1203 | static inline int |
1204 | svcauth_gss_wrap_resp_integ(struct svc_rqst *rqstp) | |
1da177e4 LT |
1205 | { |
1206 | struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data; | |
1207 | struct rpc_gss_wire_cred *gc = &gsd->clcred; | |
1208 | struct xdr_buf *resbuf = &rqstp->rq_res; | |
1209 | struct xdr_buf integ_buf; | |
1210 | struct xdr_netobj mic; | |
1211 | struct kvec *resv; | |
d8ed029d | 1212 | __be32 *p; |
1da177e4 LT |
1213 | int integ_offset, integ_len; |
1214 | int stat = -EINVAL; | |
1215 | ||
3c15a486 BF |
1216 | p = svcauth_gss_prepare_to_wrap(resbuf, gsd); |
1217 | if (p == NULL) | |
e142ede8 | 1218 | goto out; |
e142ede8 BF |
1219 | integ_offset = (u8 *)(p + 1) - (u8 *)resbuf->head[0].iov_base; |
1220 | integ_len = resbuf->len - integ_offset; | |
1221 | BUG_ON(integ_len % 4); | |
1222 | *p++ = htonl(integ_len); | |
1223 | *p++ = htonl(gc->gc_seq); | |
1224 | if (xdr_buf_subsegment(resbuf, &integ_buf, integ_offset, | |
1225 | integ_len)) | |
1226 | BUG(); | |
153e44d2 | 1227 | if (resbuf->tail[0].iov_base == NULL) { |
e142ede8 BF |
1228 | if (resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE > PAGE_SIZE) |
1229 | goto out_err; | |
1230 | resbuf->tail[0].iov_base = resbuf->head[0].iov_base | |
1231 | + resbuf->head[0].iov_len; | |
1232 | resbuf->tail[0].iov_len = 0; | |
e142ede8 BF |
1233 | resv = &resbuf->tail[0]; |
1234 | } else { | |
1235 | resv = &resbuf->tail[0]; | |
1236 | } | |
1237 | mic.data = (u8 *)resv->iov_base + resv->iov_len + 4; | |
1238 | if (gss_get_mic(gsd->rsci->mechctx, &integ_buf, &mic)) | |
1239 | goto out_err; | |
76994313 | 1240 | svc_putnl(resv, mic.len); |
e142ede8 BF |
1241 | memset(mic.data + mic.len, 0, |
1242 | round_up_to_quad(mic.len) - mic.len); | |
1243 | resv->iov_len += XDR_QUADLEN(mic.len) << 2; | |
1244 | /* not strictly required: */ | |
1245 | resbuf->len += XDR_QUADLEN(mic.len) << 2; | |
1246 | BUG_ON(resv->iov_len > PAGE_SIZE); | |
1247 | out: | |
1248 | stat = 0; | |
1249 | out_err: | |
1250 | return stat; | |
1251 | } | |
1252 | ||
7c9fdcfb BF |
1253 | static inline int |
1254 | svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp) | |
1255 | { | |
1256 | struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data; | |
1257 | struct rpc_gss_wire_cred *gc = &gsd->clcred; | |
1258 | struct xdr_buf *resbuf = &rqstp->rq_res; | |
1259 | struct page **inpages = NULL; | |
753ed90d AV |
1260 | __be32 *p, *len; |
1261 | int offset; | |
7c9fdcfb BF |
1262 | int pad; |
1263 | ||
3c15a486 BF |
1264 | p = svcauth_gss_prepare_to_wrap(resbuf, gsd); |
1265 | if (p == NULL) | |
7c9fdcfb | 1266 | return 0; |
7c9fdcfb BF |
1267 | len = p++; |
1268 | offset = (u8 *)p - (u8 *)resbuf->head[0].iov_base; | |
1269 | *p++ = htonl(gc->gc_seq); | |
1270 | inpages = resbuf->pages; | |
1271 | /* XXX: Would be better to write some xdr helper functions for | |
1272 | * nfs{2,3,4}xdr.c that place the data right, instead of copying: */ | |
44524359 | 1273 | if (resbuf->tail[0].iov_base) { |
7c9fdcfb BF |
1274 | BUG_ON(resbuf->tail[0].iov_base >= resbuf->head[0].iov_base |
1275 | + PAGE_SIZE); | |
1276 | BUG_ON(resbuf->tail[0].iov_base < resbuf->head[0].iov_base); | |
1277 | if (resbuf->tail[0].iov_len + resbuf->head[0].iov_len | |
1278 | + 2 * RPC_MAX_AUTH_SIZE > PAGE_SIZE) | |
1279 | return -ENOMEM; | |
1280 | memmove(resbuf->tail[0].iov_base + RPC_MAX_AUTH_SIZE, | |
1281 | resbuf->tail[0].iov_base, | |
1282 | resbuf->tail[0].iov_len); | |
1283 | resbuf->tail[0].iov_base += RPC_MAX_AUTH_SIZE; | |
1284 | } | |
1285 | if (resbuf->tail[0].iov_base == NULL) { | |
1286 | if (resbuf->head[0].iov_len + 2*RPC_MAX_AUTH_SIZE > PAGE_SIZE) | |
1287 | return -ENOMEM; | |
1288 | resbuf->tail[0].iov_base = resbuf->head[0].iov_base | |
1289 | + resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE; | |
1290 | resbuf->tail[0].iov_len = 0; | |
7c9fdcfb BF |
1291 | } |
1292 | if (gss_wrap(gsd->rsci->mechctx, offset, resbuf, inpages)) | |
1293 | return -ENOMEM; | |
1294 | *len = htonl(resbuf->len - offset); | |
1295 | pad = 3 - ((resbuf->len - offset - 1)&3); | |
d8ed029d | 1296 | p = (__be32 *)(resbuf->tail[0].iov_base + resbuf->tail[0].iov_len); |
7c9fdcfb BF |
1297 | memset(p, 0, pad); |
1298 | resbuf->tail[0].iov_len += pad; | |
1299 | resbuf->len += pad; | |
1300 | return 0; | |
1301 | } | |
1302 | ||
e142ede8 BF |
1303 | static int |
1304 | svcauth_gss_release(struct svc_rqst *rqstp) | |
1305 | { | |
1306 | struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data; | |
1307 | struct rpc_gss_wire_cred *gc = &gsd->clcred; | |
1308 | struct xdr_buf *resbuf = &rqstp->rq_res; | |
1309 | int stat = -EINVAL; | |
1310 | ||
1da177e4 LT |
1311 | if (gc->gc_proc != RPC_GSS_PROC_DATA) |
1312 | goto out; | |
1313 | /* Release can be called twice, but we only wrap once. */ | |
5b304bc5 | 1314 | if (gsd->verf_start == NULL) |
1da177e4 LT |
1315 | goto out; |
1316 | /* normally not set till svc_send, but we need it here: */ | |
7c9fdcfb BF |
1317 | /* XXX: what for? Do we mess it up the moment we call svc_putu32 |
1318 | * or whatever? */ | |
1319 | resbuf->len = total_buf_len(resbuf); | |
1da177e4 LT |
1320 | switch (gc->gc_svc) { |
1321 | case RPC_GSS_SVC_NONE: | |
1322 | break; | |
1323 | case RPC_GSS_SVC_INTEGRITY: | |
7c9fdcfb BF |
1324 | stat = svcauth_gss_wrap_resp_integ(rqstp); |
1325 | if (stat) | |
1326 | goto out_err; | |
1da177e4 LT |
1327 | break; |
1328 | case RPC_GSS_SVC_PRIVACY: | |
7c9fdcfb BF |
1329 | stat = svcauth_gss_wrap_resp_priv(rqstp); |
1330 | if (stat) | |
1331 | goto out_err; | |
1332 | break; | |
1da177e4 LT |
1333 | default: |
1334 | goto out_err; | |
1335 | } | |
1336 | ||
1337 | out: | |
1338 | stat = 0; | |
1339 | out_err: | |
1340 | if (rqstp->rq_client) | |
1341 | auth_domain_put(rqstp->rq_client); | |
1342 | rqstp->rq_client = NULL; | |
3ab4d8b1 BF |
1343 | if (rqstp->rq_gssclient) |
1344 | auth_domain_put(rqstp->rq_gssclient); | |
1345 | rqstp->rq_gssclient = NULL; | |
1da177e4 LT |
1346 | if (rqstp->rq_cred.cr_group_info) |
1347 | put_group_info(rqstp->rq_cred.cr_group_info); | |
1348 | rqstp->rq_cred.cr_group_info = NULL; | |
1349 | if (gsd->rsci) | |
baab935f | 1350 | cache_put(&gsd->rsci->h, &rsc_cache); |
1da177e4 LT |
1351 | gsd->rsci = NULL; |
1352 | ||
1353 | return stat; | |
1354 | } | |
1355 | ||
1356 | static void | |
1357 | svcauth_gss_domain_release(struct auth_domain *dom) | |
1358 | { | |
1359 | struct gss_domain *gd = container_of(dom, struct gss_domain, h); | |
1360 | ||
1361 | kfree(dom->name); | |
1362 | kfree(gd); | |
1363 | } | |
1364 | ||
1365 | static struct auth_ops svcauthops_gss = { | |
1366 | .name = "rpcsec_gss", | |
1367 | .owner = THIS_MODULE, | |
1368 | .flavour = RPC_AUTH_GSS, | |
1369 | .accept = svcauth_gss_accept, | |
1370 | .release = svcauth_gss_release, | |
1371 | .domain_release = svcauth_gss_domain_release, | |
1372 | .set_client = svcauth_gss_set_client, | |
1373 | }; | |
1374 | ||
1375 | int | |
1376 | gss_svc_init(void) | |
1377 | { | |
1378 | int rv = svc_auth_register(RPC_AUTH_GSS, &svcauthops_gss); | |
1379 | if (rv == 0) { | |
1380 | cache_register(&rsc_cache); | |
1381 | cache_register(&rsi_cache); | |
1382 | } | |
1383 | return rv; | |
1384 | } | |
1385 | ||
1386 | void | |
1387 | gss_svc_shutdown(void) | |
1388 | { | |
f35279d3 BA |
1389 | if (cache_unregister(&rsc_cache)) |
1390 | printk(KERN_ERR "auth_rpcgss: failed to unregister rsc cache\n"); | |
1391 | if (cache_unregister(&rsi_cache)) | |
1392 | printk(KERN_ERR "auth_rpcgss: failed to unregister rsi cache\n"); | |
1da177e4 LT |
1393 | svc_auth_unregister(RPC_AUTH_GSS); |
1394 | } |