Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
[linux-2.6] / net / sunrpc / auth_gss / auth_gss.c
1 /*
2  * linux/net/sunrpc/auth_gss/auth_gss.c
3  *
4  * RPCSEC_GSS client authentication.
5  *
6  *  Copyright (c) 2000 The Regents of the University of Michigan.
7  *  All rights reserved.
8  *
9  *  Dug Song       <dugsong@monkey.org>
10  *  Andy Adamson   <andros@umich.edu>
11  *
12  *  Redistribution and use in source and binary forms, with or without
13  *  modification, are permitted provided that the following conditions
14  *  are met:
15  *
16  *  1. Redistributions of source code must retain the above copyright
17  *     notice, this list of conditions and the following disclaimer.
18  *  2. Redistributions in binary form must reproduce the above copyright
19  *     notice, this list of conditions and the following disclaimer in the
20  *     documentation and/or other materials provided with the distribution.
21  *  3. Neither the name of the University nor the names of its
22  *     contributors may be used to endorse or promote products derived
23  *     from this software without specific prior written permission.
24  *
25  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
26  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  *
37  * $Id$
38  */
39
40
41 #include <linux/module.h>
42 #include <linux/init.h>
43 #include <linux/types.h>
44 #include <linux/slab.h>
45 #include <linux/sched.h>
46 #include <linux/pagemap.h>
47 #include <linux/sunrpc/clnt.h>
48 #include <linux/sunrpc/auth.h>
49 #include <linux/sunrpc/auth_gss.h>
50 #include <linux/sunrpc/svcauth_gss.h>
51 #include <linux/sunrpc/gss_err.h>
52 #include <linux/workqueue.h>
53 #include <linux/sunrpc/rpc_pipe_fs.h>
54 #include <linux/sunrpc/gss_api.h>
55 #include <asm/uaccess.h>
56
57 static const struct rpc_authops authgss_ops;
58
59 static const struct rpc_credops gss_credops;
60 static const struct rpc_credops gss_nullops;
61
62 #ifdef RPC_DEBUG
63 # define RPCDBG_FACILITY        RPCDBG_AUTH
64 #endif
65
66 #define NFS_NGROUPS     16
67
68 #define GSS_CRED_SLACK          1024            /* XXX: unused */
69 /* length of a krb5 verifier (48), plus data added before arguments when
70  * using integrity (two 4-byte integers): */
71 #define GSS_VERF_SLACK          100
72
73 /* XXX this define must match the gssd define
74 * as it is passed to gssd to signal the use of
75 * machine creds should be part of the shared rpc interface */
76
77 #define CA_RUN_AS_MACHINE  0x00000200
78
79 /* dump the buffer in `emacs-hexl' style */
80 #define isprint(c)      ((c > 0x1f) && (c < 0x7f))
81
82 struct gss_auth {
83         struct kref kref;
84         struct rpc_auth rpc_auth;
85         struct gss_api_mech *mech;
86         enum rpc_gss_svc service;
87         struct rpc_clnt *client;
88         struct dentry *dentry;
89 };
90
91 static void gss_free_ctx(struct gss_cl_ctx *);
92 static struct rpc_pipe_ops gss_upcall_ops;
93
94 static inline struct gss_cl_ctx *
95 gss_get_ctx(struct gss_cl_ctx *ctx)
96 {
97         atomic_inc(&ctx->count);
98         return ctx;
99 }
100
101 static inline void
102 gss_put_ctx(struct gss_cl_ctx *ctx)
103 {
104         if (atomic_dec_and_test(&ctx->count))
105                 gss_free_ctx(ctx);
106 }
107
108 /* gss_cred_set_ctx:
109  * called by gss_upcall_callback and gss_create_upcall in order
110  * to set the gss context. The actual exchange of an old context
111  * and a new one is protected by the inode->i_lock.
112  */
113 static void
114 gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
115 {
116         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
117         struct gss_cl_ctx *old;
118
119         old = gss_cred->gc_ctx;
120         rcu_assign_pointer(gss_cred->gc_ctx, ctx);
121         set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
122         clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
123         if (old)
124                 gss_put_ctx(old);
125 }
126
127 static int
128 gss_cred_is_uptodate_ctx(struct rpc_cred *cred)
129 {
130         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
131         int res = 0;
132
133         rcu_read_lock();
134         if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) && gss_cred->gc_ctx)
135                 res = 1;
136         rcu_read_unlock();
137         return res;
138 }
139
140 static const void *
141 simple_get_bytes(const void *p, const void *end, void *res, size_t len)
142 {
143         const void *q = (const void *)((const char *)p + len);
144         if (unlikely(q > end || q < p))
145                 return ERR_PTR(-EFAULT);
146         memcpy(res, p, len);
147         return q;
148 }
149
150 static inline const void *
151 simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
152 {
153         const void *q;
154         unsigned int len;
155
156         p = simple_get_bytes(p, end, &len, sizeof(len));
157         if (IS_ERR(p))
158                 return p;
159         q = (const void *)((const char *)p + len);
160         if (unlikely(q > end || q < p))
161                 return ERR_PTR(-EFAULT);
162         dest->data = kmemdup(p, len, GFP_KERNEL);
163         if (unlikely(dest->data == NULL))
164                 return ERR_PTR(-ENOMEM);
165         dest->len = len;
166         return q;
167 }
168
169 static struct gss_cl_ctx *
170 gss_cred_get_ctx(struct rpc_cred *cred)
171 {
172         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
173         struct gss_cl_ctx *ctx = NULL;
174
175         rcu_read_lock();
176         if (gss_cred->gc_ctx)
177                 ctx = gss_get_ctx(gss_cred->gc_ctx);
178         rcu_read_unlock();
179         return ctx;
180 }
181
182 static struct gss_cl_ctx *
183 gss_alloc_context(void)
184 {
185         struct gss_cl_ctx *ctx;
186
187         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
188         if (ctx != NULL) {
189                 ctx->gc_proc = RPC_GSS_PROC_DATA;
190                 ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
191                 spin_lock_init(&ctx->gc_seq_lock);
192                 atomic_set(&ctx->count,1);
193         }
194         return ctx;
195 }
196
197 #define GSSD_MIN_TIMEOUT (60 * 60)
198 static const void *
199 gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
200 {
201         const void *q;
202         unsigned int seclen;
203         unsigned int timeout;
204         u32 window_size;
205         int ret;
206
207         /* First unsigned int gives the lifetime (in seconds) of the cred */
208         p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
209         if (IS_ERR(p))
210                 goto err;
211         if (timeout == 0)
212                 timeout = GSSD_MIN_TIMEOUT;
213         ctx->gc_expiry = jiffies + (unsigned long)timeout * HZ * 3 / 4;
214         /* Sequence number window. Determines the maximum number of simultaneous requests */
215         p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
216         if (IS_ERR(p))
217                 goto err;
218         ctx->gc_win = window_size;
219         /* gssd signals an error by passing ctx->gc_win = 0: */
220         if (ctx->gc_win == 0) {
221                 /* in which case, p points to  an error code which we ignore */
222                 p = ERR_PTR(-EACCES);
223                 goto err;
224         }
225         /* copy the opaque wire context */
226         p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
227         if (IS_ERR(p))
228                 goto err;
229         /* import the opaque security context */
230         p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
231         if (IS_ERR(p))
232                 goto err;
233         q = (const void *)((const char *)p + seclen);
234         if (unlikely(q > end || q < p)) {
235                 p = ERR_PTR(-EFAULT);
236                 goto err;
237         }
238         ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx);
239         if (ret < 0) {
240                 p = ERR_PTR(ret);
241                 goto err;
242         }
243         return q;
244 err:
245         dprintk("RPC:       gss_fill_context returning %ld\n", -PTR_ERR(p));
246         return p;
247 }
248
249
250 struct gss_upcall_msg {
251         atomic_t count;
252         uid_t   uid;
253         struct rpc_pipe_msg msg;
254         struct list_head list;
255         struct gss_auth *auth;
256         struct rpc_wait_queue rpc_waitqueue;
257         wait_queue_head_t waitqueue;
258         struct gss_cl_ctx *ctx;
259 };
260
261 static void
262 gss_release_msg(struct gss_upcall_msg *gss_msg)
263 {
264         if (!atomic_dec_and_test(&gss_msg->count))
265                 return;
266         BUG_ON(!list_empty(&gss_msg->list));
267         if (gss_msg->ctx != NULL)
268                 gss_put_ctx(gss_msg->ctx);
269         kfree(gss_msg);
270 }
271
272 static struct gss_upcall_msg *
273 __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
274 {
275         struct gss_upcall_msg *pos;
276         list_for_each_entry(pos, &rpci->in_downcall, list) {
277                 if (pos->uid != uid)
278                         continue;
279                 atomic_inc(&pos->count);
280                 dprintk("RPC:       gss_find_upcall found msg %p\n", pos);
281                 return pos;
282         }
283         dprintk("RPC:       gss_find_upcall found nothing\n");
284         return NULL;
285 }
286
287 /* Try to add a upcall to the pipefs queue.
288  * If an upcall owned by our uid already exists, then we return a reference
289  * to that upcall instead of adding the new upcall.
290  */
291 static inline struct gss_upcall_msg *
292 gss_add_msg(struct gss_auth *gss_auth, struct gss_upcall_msg *gss_msg)
293 {
294         struct inode *inode = gss_auth->dentry->d_inode;
295         struct rpc_inode *rpci = RPC_I(inode);
296         struct gss_upcall_msg *old;
297
298         spin_lock(&inode->i_lock);
299         old = __gss_find_upcall(rpci, gss_msg->uid);
300         if (old == NULL) {
301                 atomic_inc(&gss_msg->count);
302                 list_add(&gss_msg->list, &rpci->in_downcall);
303         } else
304                 gss_msg = old;
305         spin_unlock(&inode->i_lock);
306         return gss_msg;
307 }
308
309 static void
310 __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
311 {
312         list_del_init(&gss_msg->list);
313         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
314         wake_up_all(&gss_msg->waitqueue);
315         atomic_dec(&gss_msg->count);
316 }
317
318 static void
319 gss_unhash_msg(struct gss_upcall_msg *gss_msg)
320 {
321         struct gss_auth *gss_auth = gss_msg->auth;
322         struct inode *inode = gss_auth->dentry->d_inode;
323
324         if (list_empty(&gss_msg->list))
325                 return;
326         spin_lock(&inode->i_lock);
327         if (!list_empty(&gss_msg->list))
328                 __gss_unhash_msg(gss_msg);
329         spin_unlock(&inode->i_lock);
330 }
331
332 static void
333 gss_upcall_callback(struct rpc_task *task)
334 {
335         struct gss_cred *gss_cred = container_of(task->tk_msg.rpc_cred,
336                         struct gss_cred, gc_base);
337         struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
338         struct inode *inode = gss_msg->auth->dentry->d_inode;
339
340         spin_lock(&inode->i_lock);
341         if (gss_msg->ctx)
342                 gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_get_ctx(gss_msg->ctx));
343         else
344                 task->tk_status = gss_msg->msg.errno;
345         gss_cred->gc_upcall = NULL;
346         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
347         spin_unlock(&inode->i_lock);
348         gss_release_msg(gss_msg);
349 }
350
351 static inline struct gss_upcall_msg *
352 gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid)
353 {
354         struct gss_upcall_msg *gss_msg;
355
356         gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL);
357         if (gss_msg != NULL) {
358                 INIT_LIST_HEAD(&gss_msg->list);
359                 rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
360                 init_waitqueue_head(&gss_msg->waitqueue);
361                 atomic_set(&gss_msg->count, 1);
362                 gss_msg->msg.data = &gss_msg->uid;
363                 gss_msg->msg.len = sizeof(gss_msg->uid);
364                 gss_msg->uid = uid;
365                 gss_msg->auth = gss_auth;
366         }
367         return gss_msg;
368 }
369
370 static struct gss_upcall_msg *
371 gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
372 {
373         struct gss_upcall_msg *gss_new, *gss_msg;
374
375         gss_new = gss_alloc_msg(gss_auth, cred->cr_uid);
376         if (gss_new == NULL)
377                 return ERR_PTR(-ENOMEM);
378         gss_msg = gss_add_msg(gss_auth, gss_new);
379         if (gss_msg == gss_new) {
380                 int res = rpc_queue_upcall(gss_auth->dentry->d_inode, &gss_new->msg);
381                 if (res) {
382                         gss_unhash_msg(gss_new);
383                         gss_msg = ERR_PTR(res);
384                 }
385         } else
386                 gss_release_msg(gss_new);
387         return gss_msg;
388 }
389
390 static inline int
391 gss_refresh_upcall(struct rpc_task *task)
392 {
393         struct rpc_cred *cred = task->tk_msg.rpc_cred;
394         struct gss_auth *gss_auth = container_of(cred->cr_auth,
395                         struct gss_auth, rpc_auth);
396         struct gss_cred *gss_cred = container_of(cred,
397                         struct gss_cred, gc_base);
398         struct gss_upcall_msg *gss_msg;
399         struct inode *inode = gss_auth->dentry->d_inode;
400         int err = 0;
401
402         dprintk("RPC: %5u gss_refresh_upcall for uid %u\n", task->tk_pid,
403                                                                 cred->cr_uid);
404         gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
405         if (IS_ERR(gss_msg)) {
406                 err = PTR_ERR(gss_msg);
407                 goto out;
408         }
409         spin_lock(&inode->i_lock);
410         if (gss_cred->gc_upcall != NULL)
411                 rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL, NULL);
412         else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
413                 task->tk_timeout = 0;
414                 gss_cred->gc_upcall = gss_msg;
415                 /* gss_upcall_callback will release the reference to gss_upcall_msg */
416                 atomic_inc(&gss_msg->count);
417                 rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback, NULL);
418         } else
419                 err = gss_msg->msg.errno;
420         spin_unlock(&inode->i_lock);
421         gss_release_msg(gss_msg);
422 out:
423         dprintk("RPC: %5u gss_refresh_upcall for uid %u result %d\n",
424                         task->tk_pid, cred->cr_uid, err);
425         return err;
426 }
427
428 static inline int
429 gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
430 {
431         struct inode *inode = gss_auth->dentry->d_inode;
432         struct rpc_cred *cred = &gss_cred->gc_base;
433         struct gss_upcall_msg *gss_msg;
434         DEFINE_WAIT(wait);
435         int err = 0;
436
437         dprintk("RPC:       gss_upcall for uid %u\n", cred->cr_uid);
438         gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
439         if (IS_ERR(gss_msg)) {
440                 err = PTR_ERR(gss_msg);
441                 goto out;
442         }
443         for (;;) {
444                 prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_INTERRUPTIBLE);
445                 spin_lock(&inode->i_lock);
446                 if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
447                         break;
448                 }
449                 spin_unlock(&inode->i_lock);
450                 if (signalled()) {
451                         err = -ERESTARTSYS;
452                         goto out_intr;
453                 }
454                 schedule();
455         }
456         if (gss_msg->ctx)
457                 gss_cred_set_ctx(cred, gss_get_ctx(gss_msg->ctx));
458         else
459                 err = gss_msg->msg.errno;
460         spin_unlock(&inode->i_lock);
461 out_intr:
462         finish_wait(&gss_msg->waitqueue, &wait);
463         gss_release_msg(gss_msg);
464 out:
465         dprintk("RPC:       gss_create_upcall for uid %u result %d\n",
466                         cred->cr_uid, err);
467         return err;
468 }
469
470 static ssize_t
471 gss_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg,
472                 char __user *dst, size_t buflen)
473 {
474         char *data = (char *)msg->data + msg->copied;
475         size_t mlen = min(msg->len, buflen);
476         unsigned long left;
477
478         left = copy_to_user(dst, data, mlen);
479         if (left == mlen) {
480                 msg->errno = -EFAULT;
481                 return -EFAULT;
482         }
483
484         mlen -= left;
485         msg->copied += mlen;
486         msg->errno = 0;
487         return mlen;
488 }
489
490 #define MSG_BUF_MAXSIZE 1024
491
492 static ssize_t
493 gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
494 {
495         const void *p, *end;
496         void *buf;
497         struct rpc_clnt *clnt;
498         struct gss_upcall_msg *gss_msg;
499         struct inode *inode = filp->f_path.dentry->d_inode;
500         struct gss_cl_ctx *ctx;
501         uid_t uid;
502         ssize_t err = -EFBIG;
503
504         if (mlen > MSG_BUF_MAXSIZE)
505                 goto out;
506         err = -ENOMEM;
507         buf = kmalloc(mlen, GFP_KERNEL);
508         if (!buf)
509                 goto out;
510
511         clnt = RPC_I(inode)->private;
512         err = -EFAULT;
513         if (copy_from_user(buf, src, mlen))
514                 goto err;
515
516         end = (const void *)((char *)buf + mlen);
517         p = simple_get_bytes(buf, end, &uid, sizeof(uid));
518         if (IS_ERR(p)) {
519                 err = PTR_ERR(p);
520                 goto err;
521         }
522
523         err = -ENOMEM;
524         ctx = gss_alloc_context();
525         if (ctx == NULL)
526                 goto err;
527
528         err = -ENOENT;
529         /* Find a matching upcall */
530         spin_lock(&inode->i_lock);
531         gss_msg = __gss_find_upcall(RPC_I(inode), uid);
532         if (gss_msg == NULL) {
533                 spin_unlock(&inode->i_lock);
534                 goto err_put_ctx;
535         }
536         list_del_init(&gss_msg->list);
537         spin_unlock(&inode->i_lock);
538
539         p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
540         if (IS_ERR(p)) {
541                 err = PTR_ERR(p);
542                 gss_msg->msg.errno = (err == -EAGAIN) ? -EAGAIN : -EACCES;
543                 goto err_release_msg;
544         }
545         gss_msg->ctx = gss_get_ctx(ctx);
546         err = mlen;
547
548 err_release_msg:
549         spin_lock(&inode->i_lock);
550         __gss_unhash_msg(gss_msg);
551         spin_unlock(&inode->i_lock);
552         gss_release_msg(gss_msg);
553 err_put_ctx:
554         gss_put_ctx(ctx);
555 err:
556         kfree(buf);
557 out:
558         dprintk("RPC:       gss_pipe_downcall returning %Zd\n", err);
559         return err;
560 }
561
562 static void
563 gss_pipe_release(struct inode *inode)
564 {
565         struct rpc_inode *rpci = RPC_I(inode);
566         struct gss_upcall_msg *gss_msg;
567
568         spin_lock(&inode->i_lock);
569         while (!list_empty(&rpci->in_downcall)) {
570
571                 gss_msg = list_entry(rpci->in_downcall.next,
572                                 struct gss_upcall_msg, list);
573                 gss_msg->msg.errno = -EPIPE;
574                 atomic_inc(&gss_msg->count);
575                 __gss_unhash_msg(gss_msg);
576                 spin_unlock(&inode->i_lock);
577                 gss_release_msg(gss_msg);
578                 spin_lock(&inode->i_lock);
579         }
580         spin_unlock(&inode->i_lock);
581 }
582
583 static void
584 gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
585 {
586         struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
587         static unsigned long ratelimit;
588
589         if (msg->errno < 0) {
590                 dprintk("RPC:       gss_pipe_destroy_msg releasing msg %p\n",
591                                 gss_msg);
592                 atomic_inc(&gss_msg->count);
593                 gss_unhash_msg(gss_msg);
594                 if (msg->errno == -ETIMEDOUT) {
595                         unsigned long now = jiffies;
596                         if (time_after(now, ratelimit)) {
597                                 printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
598                                                     "Please check user daemon is running!\n");
599                                 ratelimit = now + 15*HZ;
600                         }
601                 }
602                 gss_release_msg(gss_msg);
603         }
604 }
605
606 /*
607  * NOTE: we have the opportunity to use different
608  * parameters based on the input flavor (which must be a pseudoflavor)
609  */
610 static struct rpc_auth *
611 gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
612 {
613         struct gss_auth *gss_auth;
614         struct rpc_auth * auth;
615         int err = -ENOMEM; /* XXX? */
616
617         dprintk("RPC:       creating GSS authenticator for client %p\n", clnt);
618
619         if (!try_module_get(THIS_MODULE))
620                 return ERR_PTR(err);
621         if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
622                 goto out_dec;
623         gss_auth->client = clnt;
624         err = -EINVAL;
625         gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
626         if (!gss_auth->mech) {
627                 printk(KERN_WARNING "%s: Pseudoflavor %d not found!\n",
628                                 __func__, flavor);
629                 goto err_free;
630         }
631         gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
632         if (gss_auth->service == 0)
633                 goto err_put_mech;
634         auth = &gss_auth->rpc_auth;
635         auth->au_cslack = GSS_CRED_SLACK >> 2;
636         auth->au_rslack = GSS_VERF_SLACK >> 2;
637         auth->au_ops = &authgss_ops;
638         auth->au_flavor = flavor;
639         atomic_set(&auth->au_count, 1);
640         kref_init(&gss_auth->kref);
641
642         gss_auth->dentry = rpc_mkpipe(clnt->cl_dentry, gss_auth->mech->gm_name,
643                         clnt, &gss_upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
644         if (IS_ERR(gss_auth->dentry)) {
645                 err = PTR_ERR(gss_auth->dentry);
646                 goto err_put_mech;
647         }
648
649         err = rpcauth_init_credcache(auth);
650         if (err)
651                 goto err_unlink_pipe;
652
653         return auth;
654 err_unlink_pipe:
655         rpc_unlink(gss_auth->dentry);
656 err_put_mech:
657         gss_mech_put(gss_auth->mech);
658 err_free:
659         kfree(gss_auth);
660 out_dec:
661         module_put(THIS_MODULE);
662         return ERR_PTR(err);
663 }
664
665 static void
666 gss_free(struct gss_auth *gss_auth)
667 {
668         rpc_unlink(gss_auth->dentry);
669         gss_auth->dentry = NULL;
670         gss_mech_put(gss_auth->mech);
671
672         kfree(gss_auth);
673         module_put(THIS_MODULE);
674 }
675
676 static void
677 gss_free_callback(struct kref *kref)
678 {
679         struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
680
681         gss_free(gss_auth);
682 }
683
684 static void
685 gss_destroy(struct rpc_auth *auth)
686 {
687         struct gss_auth *gss_auth;
688
689         dprintk("RPC:       destroying GSS authenticator %p flavor %d\n",
690                         auth, auth->au_flavor);
691
692         rpcauth_destroy_credcache(auth);
693
694         gss_auth = container_of(auth, struct gss_auth, rpc_auth);
695         kref_put(&gss_auth->kref, gss_free_callback);
696 }
697
698 /*
699  * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
700  * to the server with the GSS control procedure field set to
701  * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
702  * all RPCSEC_GSS state associated with that context.
703  */
704 static int
705 gss_destroying_context(struct rpc_cred *cred)
706 {
707         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
708         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
709         struct rpc_task *task;
710
711         if (gss_cred->gc_ctx == NULL ||
712                         gss_cred->gc_ctx->gc_proc == RPC_GSS_PROC_DESTROY)
713                 return 0;
714
715         gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
716         cred->cr_ops = &gss_nullops;
717
718         /* Take a reference to ensure the cred will be destroyed either
719          * by the RPC call or by the put_rpccred() below */
720         get_rpccred(cred);
721
722         task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC);
723         if (!IS_ERR(task))
724                 rpc_put_task(task);
725
726         put_rpccred(cred);
727         return 1;
728 }
729
730 /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
731  * to create a new cred or context, so they check that things have been
732  * allocated before freeing them. */
733 static void
734 gss_do_free_ctx(struct gss_cl_ctx *ctx)
735 {
736         dprintk("RPC:       gss_free_ctx\n");
737
738         kfree(ctx->gc_wire_ctx.data);
739         kfree(ctx);
740 }
741
742 static void
743 gss_free_ctx_callback(struct rcu_head *head)
744 {
745         struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
746         gss_do_free_ctx(ctx);
747 }
748
749 static void
750 gss_free_ctx(struct gss_cl_ctx *ctx)
751 {
752         struct gss_ctx *gc_gss_ctx;
753
754         gc_gss_ctx = rcu_dereference(ctx->gc_gss_ctx);
755         rcu_assign_pointer(ctx->gc_gss_ctx, NULL);
756         call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
757         if (gc_gss_ctx)
758                 gss_delete_sec_context(&gc_gss_ctx);
759 }
760
761 static void
762 gss_free_cred(struct gss_cred *gss_cred)
763 {
764         dprintk("RPC:       gss_free_cred %p\n", gss_cred);
765         kfree(gss_cred);
766 }
767
768 static void
769 gss_free_cred_callback(struct rcu_head *head)
770 {
771         struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
772         gss_free_cred(gss_cred);
773 }
774
775 static void
776 gss_destroy_cred(struct rpc_cred *cred)
777 {
778         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
779         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
780         struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
781
782         if (gss_destroying_context(cred))
783                 return;
784         rcu_assign_pointer(gss_cred->gc_ctx, NULL);
785         call_rcu(&cred->cr_rcu, gss_free_cred_callback);
786         if (ctx)
787                 gss_put_ctx(ctx);
788         kref_put(&gss_auth->kref, gss_free_callback);
789 }
790
791 /*
792  * Lookup RPCSEC_GSS cred for the current process
793  */
794 static struct rpc_cred *
795 gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
796 {
797         return rpcauth_lookup_credcache(auth, acred, flags);
798 }
799
800 static struct rpc_cred *
801 gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
802 {
803         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
804         struct gss_cred *cred = NULL;
805         int err = -ENOMEM;
806
807         dprintk("RPC:       gss_create_cred for uid %d, flavor %d\n",
808                 acred->uid, auth->au_flavor);
809
810         if (!(cred = kzalloc(sizeof(*cred), GFP_KERNEL)))
811                 goto out_err;
812
813         rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
814         /*
815          * Note: in order to force a call to call_refresh(), we deliberately
816          * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
817          */
818         cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
819         cred->gc_service = gss_auth->service;
820         kref_get(&gss_auth->kref);
821         return &cred->gc_base;
822
823 out_err:
824         dprintk("RPC:       gss_create_cred failed with error %d\n", err);
825         return ERR_PTR(err);
826 }
827
828 static int
829 gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
830 {
831         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
832         struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
833         int err;
834
835         do {
836                 err = gss_create_upcall(gss_auth, gss_cred);
837         } while (err == -EAGAIN);
838         return err;
839 }
840
841 static int
842 gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
843 {
844         struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
845
846         /*
847          * If the searchflags have set RPCAUTH_LOOKUP_NEW, then
848          * we don't really care if the credential has expired or not,
849          * since the caller should be prepared to reinitialise it.
850          */
851         if ((flags & RPCAUTH_LOOKUP_NEW) && test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
852                 goto out;
853         /* Don't match with creds that have expired. */
854         if (gss_cred->gc_ctx && time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
855                 return 0;
856 out:
857         return (rc->cr_uid == acred->uid);
858 }
859
860 /*
861 * Marshal credentials.
862 * Maybe we should keep a cached credential for performance reasons.
863 */
864 static __be32 *
865 gss_marshal(struct rpc_task *task, __be32 *p)
866 {
867         struct rpc_cred *cred = task->tk_msg.rpc_cred;
868         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
869                                                  gc_base);
870         struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
871         __be32          *cred_len;
872         struct rpc_rqst *req = task->tk_rqstp;
873         u32             maj_stat = 0;
874         struct xdr_netobj mic;
875         struct kvec     iov;
876         struct xdr_buf  verf_buf;
877
878         dprintk("RPC: %5u gss_marshal\n", task->tk_pid);
879
880         *p++ = htonl(RPC_AUTH_GSS);
881         cred_len = p++;
882
883         spin_lock(&ctx->gc_seq_lock);
884         req->rq_seqno = ctx->gc_seq++;
885         spin_unlock(&ctx->gc_seq_lock);
886
887         *p++ = htonl((u32) RPC_GSS_VERSION);
888         *p++ = htonl((u32) ctx->gc_proc);
889         *p++ = htonl((u32) req->rq_seqno);
890         *p++ = htonl((u32) gss_cred->gc_service);
891         p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
892         *cred_len = htonl((p - (cred_len + 1)) << 2);
893
894         /* We compute the checksum for the verifier over the xdr-encoded bytes
895          * starting with the xid and ending at the end of the credential: */
896         iov.iov_base = xprt_skip_transport_header(task->tk_xprt,
897                                         req->rq_snd_buf.head[0].iov_base);
898         iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
899         xdr_buf_from_iov(&iov, &verf_buf);
900
901         /* set verifier flavor*/
902         *p++ = htonl(RPC_AUTH_GSS);
903
904         mic.data = (u8 *)(p + 1);
905         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
906         if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
907                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
908         } else if (maj_stat != 0) {
909                 printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
910                 goto out_put_ctx;
911         }
912         p = xdr_encode_opaque(p, NULL, mic.len);
913         gss_put_ctx(ctx);
914         return p;
915 out_put_ctx:
916         gss_put_ctx(ctx);
917         return NULL;
918 }
919
920 /*
921 * Refresh credentials. XXX - finish
922 */
923 static int
924 gss_refresh(struct rpc_task *task)
925 {
926
927         if (!gss_cred_is_uptodate_ctx(task->tk_msg.rpc_cred))
928                 return gss_refresh_upcall(task);
929         return 0;
930 }
931
932 /* Dummy refresh routine: used only when destroying the context */
933 static int
934 gss_refresh_null(struct rpc_task *task)
935 {
936         return -EACCES;
937 }
938
939 static __be32 *
940 gss_validate(struct rpc_task *task, __be32 *p)
941 {
942         struct rpc_cred *cred = task->tk_msg.rpc_cred;
943         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
944         __be32          seq;
945         struct kvec     iov;
946         struct xdr_buf  verf_buf;
947         struct xdr_netobj mic;
948         u32             flav,len;
949         u32             maj_stat;
950
951         dprintk("RPC: %5u gss_validate\n", task->tk_pid);
952
953         flav = ntohl(*p++);
954         if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
955                 goto out_bad;
956         if (flav != RPC_AUTH_GSS)
957                 goto out_bad;
958         seq = htonl(task->tk_rqstp->rq_seqno);
959         iov.iov_base = &seq;
960         iov.iov_len = sizeof(seq);
961         xdr_buf_from_iov(&iov, &verf_buf);
962         mic.data = (u8 *)p;
963         mic.len = len;
964
965         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
966         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
967                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
968         if (maj_stat) {
969                 dprintk("RPC: %5u gss_validate: gss_verify_mic returned "
970                                 "error 0x%08x\n", task->tk_pid, maj_stat);
971                 goto out_bad;
972         }
973         /* We leave it to unwrap to calculate au_rslack. For now we just
974          * calculate the length of the verifier: */
975         cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
976         gss_put_ctx(ctx);
977         dprintk("RPC: %5u gss_validate: gss_verify_mic succeeded.\n",
978                         task->tk_pid);
979         return p + XDR_QUADLEN(len);
980 out_bad:
981         gss_put_ctx(ctx);
982         dprintk("RPC: %5u gss_validate failed.\n", task->tk_pid);
983         return NULL;
984 }
985
986 static inline int
987 gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
988                 kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
989 {
990         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
991         struct xdr_buf  integ_buf;
992         __be32          *integ_len = NULL;
993         struct xdr_netobj mic;
994         u32             offset;
995         __be32          *q;
996         struct kvec     *iov;
997         u32             maj_stat = 0;
998         int             status = -EIO;
999
1000         integ_len = p++;
1001         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1002         *p++ = htonl(rqstp->rq_seqno);
1003
1004         status = rpc_call_xdrproc(encode, rqstp, p, obj);
1005         if (status)
1006                 return status;
1007
1008         if (xdr_buf_subsegment(snd_buf, &integ_buf,
1009                                 offset, snd_buf->len - offset))
1010                 return status;
1011         *integ_len = htonl(integ_buf.len);
1012
1013         /* guess whether we're in the head or the tail: */
1014         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1015                 iov = snd_buf->tail;
1016         else
1017                 iov = snd_buf->head;
1018         p = iov->iov_base + iov->iov_len;
1019         mic.data = (u8 *)(p + 1);
1020
1021         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1022         status = -EIO; /* XXX? */
1023         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1024                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1025         else if (maj_stat)
1026                 return status;
1027         q = xdr_encode_opaque(p, NULL, mic.len);
1028
1029         offset = (u8 *)q - (u8 *)p;
1030         iov->iov_len += offset;
1031         snd_buf->len += offset;
1032         return 0;
1033 }
1034
1035 static void
1036 priv_release_snd_buf(struct rpc_rqst *rqstp)
1037 {
1038         int i;
1039
1040         for (i=0; i < rqstp->rq_enc_pages_num; i++)
1041                 __free_page(rqstp->rq_enc_pages[i]);
1042         kfree(rqstp->rq_enc_pages);
1043 }
1044
1045 static int
1046 alloc_enc_pages(struct rpc_rqst *rqstp)
1047 {
1048         struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1049         int first, last, i;
1050
1051         if (snd_buf->page_len == 0) {
1052                 rqstp->rq_enc_pages_num = 0;
1053                 return 0;
1054         }
1055
1056         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1057         last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
1058         rqstp->rq_enc_pages_num = last - first + 1 + 1;
1059         rqstp->rq_enc_pages
1060                 = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
1061                                 GFP_NOFS);
1062         if (!rqstp->rq_enc_pages)
1063                 goto out;
1064         for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1065                 rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1066                 if (rqstp->rq_enc_pages[i] == NULL)
1067                         goto out_free;
1068         }
1069         rqstp->rq_release_snd_buf = priv_release_snd_buf;
1070         return 0;
1071 out_free:
1072         for (i--; i >= 0; i--) {
1073                 __free_page(rqstp->rq_enc_pages[i]);
1074         }
1075 out:
1076         return -EAGAIN;
1077 }
1078
1079 static inline int
1080 gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1081                 kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
1082 {
1083         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1084         u32             offset;
1085         u32             maj_stat;
1086         int             status;
1087         __be32          *opaque_len;
1088         struct page     **inpages;
1089         int             first;
1090         int             pad;
1091         struct kvec     *iov;
1092         char            *tmp;
1093
1094         opaque_len = p++;
1095         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1096         *p++ = htonl(rqstp->rq_seqno);
1097
1098         status = rpc_call_xdrproc(encode, rqstp, p, obj);
1099         if (status)
1100                 return status;
1101
1102         status = alloc_enc_pages(rqstp);
1103         if (status)
1104                 return status;
1105         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1106         inpages = snd_buf->pages + first;
1107         snd_buf->pages = rqstp->rq_enc_pages;
1108         snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1109         /* Give the tail its own page, in case we need extra space in the
1110          * head when wrapping: */
1111         if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1112                 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1113                 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1114                 snd_buf->tail[0].iov_base = tmp;
1115         }
1116         maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1117         /* RPC_SLACK_SPACE should prevent this ever happening: */
1118         BUG_ON(snd_buf->len > snd_buf->buflen);
1119         status = -EIO;
1120         /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1121          * done anyway, so it's safe to put the request on the wire: */
1122         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1123                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1124         else if (maj_stat)
1125                 return status;
1126
1127         *opaque_len = htonl(snd_buf->len - offset);
1128         /* guess whether we're in the head or the tail: */
1129         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1130                 iov = snd_buf->tail;
1131         else
1132                 iov = snd_buf->head;
1133         p = iov->iov_base + iov->iov_len;
1134         pad = 3 - ((snd_buf->len - offset - 1) & 3);
1135         memset(p, 0, pad);
1136         iov->iov_len += pad;
1137         snd_buf->len += pad;
1138
1139         return 0;
1140 }
1141
1142 static int
1143 gss_wrap_req(struct rpc_task *task,
1144              kxdrproc_t encode, void *rqstp, __be32 *p, void *obj)
1145 {
1146         struct rpc_cred *cred = task->tk_msg.rpc_cred;
1147         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1148                         gc_base);
1149         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1150         int             status = -EIO;
1151
1152         dprintk("RPC: %5u gss_wrap_req\n", task->tk_pid);
1153         if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1154                 /* The spec seems a little ambiguous here, but I think that not
1155                  * wrapping context destruction requests makes the most sense.
1156                  */
1157                 status = rpc_call_xdrproc(encode, rqstp, p, obj);
1158                 goto out;
1159         }
1160         switch (gss_cred->gc_service) {
1161                 case RPC_GSS_SVC_NONE:
1162                         status = rpc_call_xdrproc(encode, rqstp, p, obj);
1163                         break;
1164                 case RPC_GSS_SVC_INTEGRITY:
1165                         status = gss_wrap_req_integ(cred, ctx, encode,
1166                                                                 rqstp, p, obj);
1167                         break;
1168                 case RPC_GSS_SVC_PRIVACY:
1169                         status = gss_wrap_req_priv(cred, ctx, encode,
1170                                         rqstp, p, obj);
1171                         break;
1172         }
1173 out:
1174         gss_put_ctx(ctx);
1175         dprintk("RPC: %5u gss_wrap_req returning %d\n", task->tk_pid, status);
1176         return status;
1177 }
1178
1179 static inline int
1180 gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1181                 struct rpc_rqst *rqstp, __be32 **p)
1182 {
1183         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1184         struct xdr_buf integ_buf;
1185         struct xdr_netobj mic;
1186         u32 data_offset, mic_offset;
1187         u32 integ_len;
1188         u32 maj_stat;
1189         int status = -EIO;
1190
1191         integ_len = ntohl(*(*p)++);
1192         if (integ_len & 3)
1193                 return status;
1194         data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1195         mic_offset = integ_len + data_offset;
1196         if (mic_offset > rcv_buf->len)
1197                 return status;
1198         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1199                 return status;
1200
1201         if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1202                                 mic_offset - data_offset))
1203                 return status;
1204
1205         if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1206                 return status;
1207
1208         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1209         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1210                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1211         if (maj_stat != GSS_S_COMPLETE)
1212                 return status;
1213         return 0;
1214 }
1215
1216 static inline int
1217 gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1218                 struct rpc_rqst *rqstp, __be32 **p)
1219 {
1220         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1221         u32 offset;
1222         u32 opaque_len;
1223         u32 maj_stat;
1224         int status = -EIO;
1225
1226         opaque_len = ntohl(*(*p)++);
1227         offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1228         if (offset + opaque_len > rcv_buf->len)
1229                 return status;
1230         /* remove padding: */
1231         rcv_buf->len = offset + opaque_len;
1232
1233         maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1234         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1235                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1236         if (maj_stat != GSS_S_COMPLETE)
1237                 return status;
1238         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1239                 return status;
1240
1241         return 0;
1242 }
1243
1244
1245 static int
1246 gss_unwrap_resp(struct rpc_task *task,
1247                 kxdrproc_t decode, void *rqstp, __be32 *p, void *obj)
1248 {
1249         struct rpc_cred *cred = task->tk_msg.rpc_cred;
1250         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1251                         gc_base);
1252         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1253         __be32          *savedp = p;
1254         struct kvec     *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1255         int             savedlen = head->iov_len;
1256         int             status = -EIO;
1257
1258         if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1259                 goto out_decode;
1260         switch (gss_cred->gc_service) {
1261                 case RPC_GSS_SVC_NONE:
1262                         break;
1263                 case RPC_GSS_SVC_INTEGRITY:
1264                         status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1265                         if (status)
1266                                 goto out;
1267                         break;
1268                 case RPC_GSS_SVC_PRIVACY:
1269                         status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1270                         if (status)
1271                                 goto out;
1272                         break;
1273         }
1274         /* take into account extra slack for integrity and privacy cases: */
1275         cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1276                                                 + (savedlen - head->iov_len);
1277 out_decode:
1278         status = rpc_call_xdrproc(decode, rqstp, p, obj);
1279 out:
1280         gss_put_ctx(ctx);
1281         dprintk("RPC: %5u gss_unwrap_resp returning %d\n", task->tk_pid,
1282                         status);
1283         return status;
1284 }
1285
1286 static const struct rpc_authops authgss_ops = {
1287         .owner          = THIS_MODULE,
1288         .au_flavor      = RPC_AUTH_GSS,
1289 #ifdef RPC_DEBUG
1290         .au_name        = "RPCSEC_GSS",
1291 #endif
1292         .create         = gss_create,
1293         .destroy        = gss_destroy,
1294         .lookup_cred    = gss_lookup_cred,
1295         .crcreate       = gss_create_cred
1296 };
1297
1298 static const struct rpc_credops gss_credops = {
1299         .cr_name        = "AUTH_GSS",
1300         .crdestroy      = gss_destroy_cred,
1301         .cr_init        = gss_cred_init,
1302         .crmatch        = gss_match,
1303         .crmarshal      = gss_marshal,
1304         .crrefresh      = gss_refresh,
1305         .crvalidate     = gss_validate,
1306         .crwrap_req     = gss_wrap_req,
1307         .crunwrap_resp  = gss_unwrap_resp,
1308 };
1309
1310 static const struct rpc_credops gss_nullops = {
1311         .cr_name        = "AUTH_GSS",
1312         .crdestroy      = gss_destroy_cred,
1313         .crmatch        = gss_match,
1314         .crmarshal      = gss_marshal,
1315         .crrefresh      = gss_refresh_null,
1316         .crvalidate     = gss_validate,
1317         .crwrap_req     = gss_wrap_req,
1318         .crunwrap_resp  = gss_unwrap_resp,
1319 };
1320
1321 static struct rpc_pipe_ops gss_upcall_ops = {
1322         .upcall         = gss_pipe_upcall,
1323         .downcall       = gss_pipe_downcall,
1324         .destroy_msg    = gss_pipe_destroy_msg,
1325         .release_pipe   = gss_pipe_release,
1326 };
1327
1328 /*
1329  * Initialize RPCSEC_GSS module
1330  */
1331 static int __init init_rpcsec_gss(void)
1332 {
1333         int err = 0;
1334
1335         err = rpcauth_register(&authgss_ops);
1336         if (err)
1337                 goto out;
1338         err = gss_svc_init();
1339         if (err)
1340                 goto out_unregister;
1341         return 0;
1342 out_unregister:
1343         rpcauth_unregister(&authgss_ops);
1344 out:
1345         return err;
1346 }
1347
1348 static void __exit exit_rpcsec_gss(void)
1349 {
1350         gss_svc_shutdown();
1351         rpcauth_unregister(&authgss_ops);
1352 }
1353
1354 MODULE_LICENSE("GPL");
1355 module_init(init_rpcsec_gss)
1356 module_exit(exit_rpcsec_gss)