Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
[linux-2.6] / net / sunrpc / auth_gss / auth_gss.c
1 /*
2  * linux/net/sunrpc/auth_gss/auth_gss.c
3  *
4  * RPCSEC_GSS client authentication.
5  *
6  *  Copyright (c) 2000 The Regents of the University of Michigan.
7  *  All rights reserved.
8  *
9  *  Dug Song       <dugsong@monkey.org>
10  *  Andy Adamson   <andros@umich.edu>
11  *
12  *  Redistribution and use in source and binary forms, with or without
13  *  modification, are permitted provided that the following conditions
14  *  are met:
15  *
16  *  1. Redistributions of source code must retain the above copyright
17  *     notice, this list of conditions and the following disclaimer.
18  *  2. Redistributions in binary form must reproduce the above copyright
19  *     notice, this list of conditions and the following disclaimer in the
20  *     documentation and/or other materials provided with the distribution.
21  *  3. Neither the name of the University nor the names of its
22  *     contributors may be used to endorse or promote products derived
23  *     from this software without specific prior written permission.
24  *
25  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
26  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  *
37  * $Id$
38  */
39
40
41 #include <linux/module.h>
42 #include <linux/init.h>
43 #include <linux/types.h>
44 #include <linux/slab.h>
45 #include <linux/sched.h>
46 #include <linux/pagemap.h>
47 #include <linux/sunrpc/clnt.h>
48 #include <linux/sunrpc/auth.h>
49 #include <linux/sunrpc/auth_gss.h>
50 #include <linux/sunrpc/svcauth_gss.h>
51 #include <linux/sunrpc/gss_err.h>
52 #include <linux/workqueue.h>
53 #include <linux/sunrpc/rpc_pipe_fs.h>
54 #include <linux/sunrpc/gss_api.h>
55 #include <asm/uaccess.h>
56
57 static const struct rpc_authops authgss_ops;
58
59 static const struct rpc_credops gss_credops;
60 static const struct rpc_credops gss_nullops;
61
62 #ifdef RPC_DEBUG
63 # define RPCDBG_FACILITY        RPCDBG_AUTH
64 #endif
65
66 #define NFS_NGROUPS     16
67
68 #define GSS_CRED_SLACK          1024            /* XXX: unused */
69 /* length of a krb5 verifier (48), plus data added before arguments when
70  * using integrity (two 4-byte integers): */
71 #define GSS_VERF_SLACK          100
72
73 /* XXX this define must match the gssd define
74 * as it is passed to gssd to signal the use of
75 * machine creds should be part of the shared rpc interface */
76
77 #define CA_RUN_AS_MACHINE  0x00000200
78
79 /* dump the buffer in `emacs-hexl' style */
80 #define isprint(c)      ((c > 0x1f) && (c < 0x7f))
81
82 struct gss_auth {
83         struct kref kref;
84         struct rpc_auth rpc_auth;
85         struct gss_api_mech *mech;
86         enum rpc_gss_svc service;
87         struct rpc_clnt *client;
88         struct dentry *dentry;
89 };
90
91 static void gss_free_ctx(struct gss_cl_ctx *);
92 static struct rpc_pipe_ops gss_upcall_ops;
93
94 static inline struct gss_cl_ctx *
95 gss_get_ctx(struct gss_cl_ctx *ctx)
96 {
97         atomic_inc(&ctx->count);
98         return ctx;
99 }
100
101 static inline void
102 gss_put_ctx(struct gss_cl_ctx *ctx)
103 {
104         if (atomic_dec_and_test(&ctx->count))
105                 gss_free_ctx(ctx);
106 }
107
108 /* gss_cred_set_ctx:
109  * called by gss_upcall_callback and gss_create_upcall in order
110  * to set the gss context. The actual exchange of an old context
111  * and a new one is protected by the inode->i_lock.
112  */
113 static void
114 gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
115 {
116         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
117
118         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
119                 return;
120         gss_get_ctx(ctx);
121         rcu_assign_pointer(gss_cred->gc_ctx, ctx);
122         set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
123         smp_mb__before_clear_bit();
124         clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
125 }
126
127 static const void *
128 simple_get_bytes(const void *p, const void *end, void *res, size_t len)
129 {
130         const void *q = (const void *)((const char *)p + len);
131         if (unlikely(q > end || q < p))
132                 return ERR_PTR(-EFAULT);
133         memcpy(res, p, len);
134         return q;
135 }
136
137 static inline const void *
138 simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
139 {
140         const void *q;
141         unsigned int len;
142
143         p = simple_get_bytes(p, end, &len, sizeof(len));
144         if (IS_ERR(p))
145                 return p;
146         q = (const void *)((const char *)p + len);
147         if (unlikely(q > end || q < p))
148                 return ERR_PTR(-EFAULT);
149         dest->data = kmemdup(p, len, GFP_KERNEL);
150         if (unlikely(dest->data == NULL))
151                 return ERR_PTR(-ENOMEM);
152         dest->len = len;
153         return q;
154 }
155
156 static struct gss_cl_ctx *
157 gss_cred_get_ctx(struct rpc_cred *cred)
158 {
159         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
160         struct gss_cl_ctx *ctx = NULL;
161
162         rcu_read_lock();
163         if (gss_cred->gc_ctx)
164                 ctx = gss_get_ctx(gss_cred->gc_ctx);
165         rcu_read_unlock();
166         return ctx;
167 }
168
169 static struct gss_cl_ctx *
170 gss_alloc_context(void)
171 {
172         struct gss_cl_ctx *ctx;
173
174         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
175         if (ctx != NULL) {
176                 ctx->gc_proc = RPC_GSS_PROC_DATA;
177                 ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
178                 spin_lock_init(&ctx->gc_seq_lock);
179                 atomic_set(&ctx->count,1);
180         }
181         return ctx;
182 }
183
184 #define GSSD_MIN_TIMEOUT (60 * 60)
185 static const void *
186 gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
187 {
188         const void *q;
189         unsigned int seclen;
190         unsigned int timeout;
191         u32 window_size;
192         int ret;
193
194         /* First unsigned int gives the lifetime (in seconds) of the cred */
195         p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
196         if (IS_ERR(p))
197                 goto err;
198         if (timeout == 0)
199                 timeout = GSSD_MIN_TIMEOUT;
200         ctx->gc_expiry = jiffies + (unsigned long)timeout * HZ * 3 / 4;
201         /* Sequence number window. Determines the maximum number of simultaneous requests */
202         p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
203         if (IS_ERR(p))
204                 goto err;
205         ctx->gc_win = window_size;
206         /* gssd signals an error by passing ctx->gc_win = 0: */
207         if (ctx->gc_win == 0) {
208                 /* in which case, p points to  an error code which we ignore */
209                 p = ERR_PTR(-EACCES);
210                 goto err;
211         }
212         /* copy the opaque wire context */
213         p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
214         if (IS_ERR(p))
215                 goto err;
216         /* import the opaque security context */
217         p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
218         if (IS_ERR(p))
219                 goto err;
220         q = (const void *)((const char *)p + seclen);
221         if (unlikely(q > end || q < p)) {
222                 p = ERR_PTR(-EFAULT);
223                 goto err;
224         }
225         ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx);
226         if (ret < 0) {
227                 p = ERR_PTR(ret);
228                 goto err;
229         }
230         return q;
231 err:
232         dprintk("RPC:       gss_fill_context returning %ld\n", -PTR_ERR(p));
233         return p;
234 }
235
236
237 struct gss_upcall_msg {
238         atomic_t count;
239         uid_t   uid;
240         struct rpc_pipe_msg msg;
241         struct list_head list;
242         struct gss_auth *auth;
243         struct rpc_wait_queue rpc_waitqueue;
244         wait_queue_head_t waitqueue;
245         struct gss_cl_ctx *ctx;
246 };
247
248 static void
249 gss_release_msg(struct gss_upcall_msg *gss_msg)
250 {
251         if (!atomic_dec_and_test(&gss_msg->count))
252                 return;
253         BUG_ON(!list_empty(&gss_msg->list));
254         if (gss_msg->ctx != NULL)
255                 gss_put_ctx(gss_msg->ctx);
256         rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
257         kfree(gss_msg);
258 }
259
260 static struct gss_upcall_msg *
261 __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
262 {
263         struct gss_upcall_msg *pos;
264         list_for_each_entry(pos, &rpci->in_downcall, list) {
265                 if (pos->uid != uid)
266                         continue;
267                 atomic_inc(&pos->count);
268                 dprintk("RPC:       gss_find_upcall found msg %p\n", pos);
269                 return pos;
270         }
271         dprintk("RPC:       gss_find_upcall found nothing\n");
272         return NULL;
273 }
274
275 /* Try to add a upcall to the pipefs queue.
276  * If an upcall owned by our uid already exists, then we return a reference
277  * to that upcall instead of adding the new upcall.
278  */
279 static inline struct gss_upcall_msg *
280 gss_add_msg(struct gss_auth *gss_auth, struct gss_upcall_msg *gss_msg)
281 {
282         struct inode *inode = gss_auth->dentry->d_inode;
283         struct rpc_inode *rpci = RPC_I(inode);
284         struct gss_upcall_msg *old;
285
286         spin_lock(&inode->i_lock);
287         old = __gss_find_upcall(rpci, gss_msg->uid);
288         if (old == NULL) {
289                 atomic_inc(&gss_msg->count);
290                 list_add(&gss_msg->list, &rpci->in_downcall);
291         } else
292                 gss_msg = old;
293         spin_unlock(&inode->i_lock);
294         return gss_msg;
295 }
296
297 static void
298 __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
299 {
300         list_del_init(&gss_msg->list);
301         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
302         wake_up_all(&gss_msg->waitqueue);
303         atomic_dec(&gss_msg->count);
304 }
305
306 static void
307 gss_unhash_msg(struct gss_upcall_msg *gss_msg)
308 {
309         struct gss_auth *gss_auth = gss_msg->auth;
310         struct inode *inode = gss_auth->dentry->d_inode;
311
312         if (list_empty(&gss_msg->list))
313                 return;
314         spin_lock(&inode->i_lock);
315         if (!list_empty(&gss_msg->list))
316                 __gss_unhash_msg(gss_msg);
317         spin_unlock(&inode->i_lock);
318 }
319
320 static void
321 gss_upcall_callback(struct rpc_task *task)
322 {
323         struct gss_cred *gss_cred = container_of(task->tk_msg.rpc_cred,
324                         struct gss_cred, gc_base);
325         struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
326         struct inode *inode = gss_msg->auth->dentry->d_inode;
327
328         spin_lock(&inode->i_lock);
329         if (gss_msg->ctx)
330                 gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
331         else
332                 task->tk_status = gss_msg->msg.errno;
333         gss_cred->gc_upcall = NULL;
334         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
335         spin_unlock(&inode->i_lock);
336         gss_release_msg(gss_msg);
337 }
338
339 static inline struct gss_upcall_msg *
340 gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid)
341 {
342         struct gss_upcall_msg *gss_msg;
343
344         gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL);
345         if (gss_msg != NULL) {
346                 INIT_LIST_HEAD(&gss_msg->list);
347                 rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
348                 init_waitqueue_head(&gss_msg->waitqueue);
349                 atomic_set(&gss_msg->count, 1);
350                 gss_msg->msg.data = &gss_msg->uid;
351                 gss_msg->msg.len = sizeof(gss_msg->uid);
352                 gss_msg->uid = uid;
353                 gss_msg->auth = gss_auth;
354         }
355         return gss_msg;
356 }
357
358 static struct gss_upcall_msg *
359 gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
360 {
361         struct gss_cred *gss_cred = container_of(cred,
362                         struct gss_cred, gc_base);
363         struct gss_upcall_msg *gss_new, *gss_msg;
364         uid_t uid = cred->cr_uid;
365
366         /* Special case: rpc.gssd assumes that uid == 0 implies machine creds */
367         if (gss_cred->gc_machine_cred != 0)
368                 uid = 0;
369
370         gss_new = gss_alloc_msg(gss_auth, uid);
371         if (gss_new == NULL)
372                 return ERR_PTR(-ENOMEM);
373         gss_msg = gss_add_msg(gss_auth, gss_new);
374         if (gss_msg == gss_new) {
375                 int res = rpc_queue_upcall(gss_auth->dentry->d_inode, &gss_new->msg);
376                 if (res) {
377                         gss_unhash_msg(gss_new);
378                         gss_msg = ERR_PTR(res);
379                 }
380         } else
381                 gss_release_msg(gss_new);
382         return gss_msg;
383 }
384
385 static inline int
386 gss_refresh_upcall(struct rpc_task *task)
387 {
388         struct rpc_cred *cred = task->tk_msg.rpc_cred;
389         struct gss_auth *gss_auth = container_of(cred->cr_auth,
390                         struct gss_auth, rpc_auth);
391         struct gss_cred *gss_cred = container_of(cred,
392                         struct gss_cred, gc_base);
393         struct gss_upcall_msg *gss_msg;
394         struct inode *inode = gss_auth->dentry->d_inode;
395         int err = 0;
396
397         dprintk("RPC: %5u gss_refresh_upcall for uid %u\n", task->tk_pid,
398                                                                 cred->cr_uid);
399         gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
400         if (IS_ERR(gss_msg)) {
401                 err = PTR_ERR(gss_msg);
402                 goto out;
403         }
404         spin_lock(&inode->i_lock);
405         if (gss_cred->gc_upcall != NULL)
406                 rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
407         else if (gss_msg->ctx != NULL) {
408                 gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
409                 gss_cred->gc_upcall = NULL;
410                 rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
411         } else if (gss_msg->msg.errno >= 0) {
412                 task->tk_timeout = 0;
413                 gss_cred->gc_upcall = gss_msg;
414                 /* gss_upcall_callback will release the reference to gss_upcall_msg */
415                 atomic_inc(&gss_msg->count);
416                 rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
417         } else
418                 err = gss_msg->msg.errno;
419         spin_unlock(&inode->i_lock);
420         gss_release_msg(gss_msg);
421 out:
422         dprintk("RPC: %5u gss_refresh_upcall for uid %u result %d\n",
423                         task->tk_pid, cred->cr_uid, err);
424         return err;
425 }
426
427 static inline int
428 gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
429 {
430         struct inode *inode = gss_auth->dentry->d_inode;
431         struct rpc_cred *cred = &gss_cred->gc_base;
432         struct gss_upcall_msg *gss_msg;
433         DEFINE_WAIT(wait);
434         int err = 0;
435
436         dprintk("RPC:       gss_upcall for uid %u\n", cred->cr_uid);
437         gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
438         if (IS_ERR(gss_msg)) {
439                 err = PTR_ERR(gss_msg);
440                 goto out;
441         }
442         for (;;) {
443                 prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_INTERRUPTIBLE);
444                 spin_lock(&inode->i_lock);
445                 if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
446                         break;
447                 }
448                 spin_unlock(&inode->i_lock);
449                 if (signalled()) {
450                         err = -ERESTARTSYS;
451                         goto out_intr;
452                 }
453                 schedule();
454         }
455         if (gss_msg->ctx)
456                 gss_cred_set_ctx(cred, gss_msg->ctx);
457         else
458                 err = gss_msg->msg.errno;
459         spin_unlock(&inode->i_lock);
460 out_intr:
461         finish_wait(&gss_msg->waitqueue, &wait);
462         gss_release_msg(gss_msg);
463 out:
464         dprintk("RPC:       gss_create_upcall for uid %u result %d\n",
465                         cred->cr_uid, err);
466         return err;
467 }
468
469 static ssize_t
470 gss_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg,
471                 char __user *dst, size_t buflen)
472 {
473         char *data = (char *)msg->data + msg->copied;
474         size_t mlen = min(msg->len, buflen);
475         unsigned long left;
476
477         left = copy_to_user(dst, data, mlen);
478         if (left == mlen) {
479                 msg->errno = -EFAULT;
480                 return -EFAULT;
481         }
482
483         mlen -= left;
484         msg->copied += mlen;
485         msg->errno = 0;
486         return mlen;
487 }
488
489 #define MSG_BUF_MAXSIZE 1024
490
491 static ssize_t
492 gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
493 {
494         const void *p, *end;
495         void *buf;
496         struct rpc_clnt *clnt;
497         struct gss_upcall_msg *gss_msg;
498         struct inode *inode = filp->f_path.dentry->d_inode;
499         struct gss_cl_ctx *ctx;
500         uid_t uid;
501         ssize_t err = -EFBIG;
502
503         if (mlen > MSG_BUF_MAXSIZE)
504                 goto out;
505         err = -ENOMEM;
506         buf = kmalloc(mlen, GFP_KERNEL);
507         if (!buf)
508                 goto out;
509
510         clnt = RPC_I(inode)->private;
511         err = -EFAULT;
512         if (copy_from_user(buf, src, mlen))
513                 goto err;
514
515         end = (const void *)((char *)buf + mlen);
516         p = simple_get_bytes(buf, end, &uid, sizeof(uid));
517         if (IS_ERR(p)) {
518                 err = PTR_ERR(p);
519                 goto err;
520         }
521
522         err = -ENOMEM;
523         ctx = gss_alloc_context();
524         if (ctx == NULL)
525                 goto err;
526
527         err = -ENOENT;
528         /* Find a matching upcall */
529         spin_lock(&inode->i_lock);
530         gss_msg = __gss_find_upcall(RPC_I(inode), uid);
531         if (gss_msg == NULL) {
532                 spin_unlock(&inode->i_lock);
533                 goto err_put_ctx;
534         }
535         list_del_init(&gss_msg->list);
536         spin_unlock(&inode->i_lock);
537
538         p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
539         if (IS_ERR(p)) {
540                 err = PTR_ERR(p);
541                 gss_msg->msg.errno = (err == -EAGAIN) ? -EAGAIN : -EACCES;
542                 goto err_release_msg;
543         }
544         gss_msg->ctx = gss_get_ctx(ctx);
545         err = mlen;
546
547 err_release_msg:
548         spin_lock(&inode->i_lock);
549         __gss_unhash_msg(gss_msg);
550         spin_unlock(&inode->i_lock);
551         gss_release_msg(gss_msg);
552 err_put_ctx:
553         gss_put_ctx(ctx);
554 err:
555         kfree(buf);
556 out:
557         dprintk("RPC:       gss_pipe_downcall returning %Zd\n", err);
558         return err;
559 }
560
561 static void
562 gss_pipe_release(struct inode *inode)
563 {
564         struct rpc_inode *rpci = RPC_I(inode);
565         struct gss_upcall_msg *gss_msg;
566
567         spin_lock(&inode->i_lock);
568         while (!list_empty(&rpci->in_downcall)) {
569
570                 gss_msg = list_entry(rpci->in_downcall.next,
571                                 struct gss_upcall_msg, list);
572                 gss_msg->msg.errno = -EPIPE;
573                 atomic_inc(&gss_msg->count);
574                 __gss_unhash_msg(gss_msg);
575                 spin_unlock(&inode->i_lock);
576                 gss_release_msg(gss_msg);
577                 spin_lock(&inode->i_lock);
578         }
579         spin_unlock(&inode->i_lock);
580 }
581
582 static void
583 gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
584 {
585         struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
586         static unsigned long ratelimit;
587
588         if (msg->errno < 0) {
589                 dprintk("RPC:       gss_pipe_destroy_msg releasing msg %p\n",
590                                 gss_msg);
591                 atomic_inc(&gss_msg->count);
592                 gss_unhash_msg(gss_msg);
593                 if (msg->errno == -ETIMEDOUT) {
594                         unsigned long now = jiffies;
595                         if (time_after(now, ratelimit)) {
596                                 printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
597                                                     "Please check user daemon is running!\n");
598                                 ratelimit = now + 15*HZ;
599                         }
600                 }
601                 gss_release_msg(gss_msg);
602         }
603 }
604
605 /*
606  * NOTE: we have the opportunity to use different
607  * parameters based on the input flavor (which must be a pseudoflavor)
608  */
609 static struct rpc_auth *
610 gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
611 {
612         struct gss_auth *gss_auth;
613         struct rpc_auth * auth;
614         int err = -ENOMEM; /* XXX? */
615
616         dprintk("RPC:       creating GSS authenticator for client %p\n", clnt);
617
618         if (!try_module_get(THIS_MODULE))
619                 return ERR_PTR(err);
620         if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
621                 goto out_dec;
622         gss_auth->client = clnt;
623         err = -EINVAL;
624         gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
625         if (!gss_auth->mech) {
626                 printk(KERN_WARNING "%s: Pseudoflavor %d not found!\n",
627                                 __func__, flavor);
628                 goto err_free;
629         }
630         gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
631         if (gss_auth->service == 0)
632                 goto err_put_mech;
633         auth = &gss_auth->rpc_auth;
634         auth->au_cslack = GSS_CRED_SLACK >> 2;
635         auth->au_rslack = GSS_VERF_SLACK >> 2;
636         auth->au_ops = &authgss_ops;
637         auth->au_flavor = flavor;
638         atomic_set(&auth->au_count, 1);
639         kref_init(&gss_auth->kref);
640
641         gss_auth->dentry = rpc_mkpipe(clnt->cl_dentry, gss_auth->mech->gm_name,
642                         clnt, &gss_upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
643         if (IS_ERR(gss_auth->dentry)) {
644                 err = PTR_ERR(gss_auth->dentry);
645                 goto err_put_mech;
646         }
647
648         err = rpcauth_init_credcache(auth);
649         if (err)
650                 goto err_unlink_pipe;
651
652         return auth;
653 err_unlink_pipe:
654         rpc_unlink(gss_auth->dentry);
655 err_put_mech:
656         gss_mech_put(gss_auth->mech);
657 err_free:
658         kfree(gss_auth);
659 out_dec:
660         module_put(THIS_MODULE);
661         return ERR_PTR(err);
662 }
663
664 static void
665 gss_free(struct gss_auth *gss_auth)
666 {
667         rpc_unlink(gss_auth->dentry);
668         gss_auth->dentry = NULL;
669         gss_mech_put(gss_auth->mech);
670
671         kfree(gss_auth);
672         module_put(THIS_MODULE);
673 }
674
675 static void
676 gss_free_callback(struct kref *kref)
677 {
678         struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
679
680         gss_free(gss_auth);
681 }
682
683 static void
684 gss_destroy(struct rpc_auth *auth)
685 {
686         struct gss_auth *gss_auth;
687
688         dprintk("RPC:       destroying GSS authenticator %p flavor %d\n",
689                         auth, auth->au_flavor);
690
691         rpcauth_destroy_credcache(auth);
692
693         gss_auth = container_of(auth, struct gss_auth, rpc_auth);
694         kref_put(&gss_auth->kref, gss_free_callback);
695 }
696
697 /*
698  * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
699  * to the server with the GSS control procedure field set to
700  * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
701  * all RPCSEC_GSS state associated with that context.
702  */
703 static int
704 gss_destroying_context(struct rpc_cred *cred)
705 {
706         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
707         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
708         struct rpc_task *task;
709
710         if (gss_cred->gc_ctx == NULL ||
711             test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
712                 return 0;
713
714         gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
715         cred->cr_ops = &gss_nullops;
716
717         /* Take a reference to ensure the cred will be destroyed either
718          * by the RPC call or by the put_rpccred() below */
719         get_rpccred(cred);
720
721         task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
722         if (!IS_ERR(task))
723                 rpc_put_task(task);
724
725         put_rpccred(cred);
726         return 1;
727 }
728
729 /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
730  * to create a new cred or context, so they check that things have been
731  * allocated before freeing them. */
732 static void
733 gss_do_free_ctx(struct gss_cl_ctx *ctx)
734 {
735         dprintk("RPC:       gss_free_ctx\n");
736
737         kfree(ctx->gc_wire_ctx.data);
738         kfree(ctx);
739 }
740
741 static void
742 gss_free_ctx_callback(struct rcu_head *head)
743 {
744         struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
745         gss_do_free_ctx(ctx);
746 }
747
748 static void
749 gss_free_ctx(struct gss_cl_ctx *ctx)
750 {
751         struct gss_ctx *gc_gss_ctx;
752
753         gc_gss_ctx = rcu_dereference(ctx->gc_gss_ctx);
754         rcu_assign_pointer(ctx->gc_gss_ctx, NULL);
755         call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
756         if (gc_gss_ctx)
757                 gss_delete_sec_context(&gc_gss_ctx);
758 }
759
760 static void
761 gss_free_cred(struct gss_cred *gss_cred)
762 {
763         dprintk("RPC:       gss_free_cred %p\n", gss_cred);
764         kfree(gss_cred);
765 }
766
767 static void
768 gss_free_cred_callback(struct rcu_head *head)
769 {
770         struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
771         gss_free_cred(gss_cred);
772 }
773
774 static void
775 gss_destroy_cred(struct rpc_cred *cred)
776 {
777         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
778         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
779         struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
780
781         if (gss_destroying_context(cred))
782                 return;
783         rcu_assign_pointer(gss_cred->gc_ctx, NULL);
784         call_rcu(&cred->cr_rcu, gss_free_cred_callback);
785         if (ctx)
786                 gss_put_ctx(ctx);
787         kref_put(&gss_auth->kref, gss_free_callback);
788 }
789
790 /*
791  * Lookup RPCSEC_GSS cred for the current process
792  */
793 static struct rpc_cred *
794 gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
795 {
796         return rpcauth_lookup_credcache(auth, acred, flags);
797 }
798
799 static struct rpc_cred *
800 gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
801 {
802         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
803         struct gss_cred *cred = NULL;
804         int err = -ENOMEM;
805
806         dprintk("RPC:       gss_create_cred for uid %d, flavor %d\n",
807                 acred->uid, auth->au_flavor);
808
809         if (!(cred = kzalloc(sizeof(*cred), GFP_KERNEL)))
810                 goto out_err;
811
812         rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
813         /*
814          * Note: in order to force a call to call_refresh(), we deliberately
815          * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
816          */
817         cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
818         cred->gc_service = gss_auth->service;
819         cred->gc_machine_cred = acred->machine_cred;
820         kref_get(&gss_auth->kref);
821         return &cred->gc_base;
822
823 out_err:
824         dprintk("RPC:       gss_create_cred failed with error %d\n", err);
825         return ERR_PTR(err);
826 }
827
828 static int
829 gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
830 {
831         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
832         struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
833         int err;
834
835         do {
836                 err = gss_create_upcall(gss_auth, gss_cred);
837         } while (err == -EAGAIN);
838         return err;
839 }
840
841 static int
842 gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
843 {
844         struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
845
846         if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
847                 goto out;
848         /* Don't match with creds that have expired. */
849         if (time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
850                 return 0;
851         if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
852                 return 0;
853 out:
854         if (acred->machine_cred != gss_cred->gc_machine_cred)
855                 return 0;
856         return (rc->cr_uid == acred->uid);
857 }
858
859 /*
860 * Marshal credentials.
861 * Maybe we should keep a cached credential for performance reasons.
862 */
863 static __be32 *
864 gss_marshal(struct rpc_task *task, __be32 *p)
865 {
866         struct rpc_cred *cred = task->tk_msg.rpc_cred;
867         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
868                                                  gc_base);
869         struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
870         __be32          *cred_len;
871         struct rpc_rqst *req = task->tk_rqstp;
872         u32             maj_stat = 0;
873         struct xdr_netobj mic;
874         struct kvec     iov;
875         struct xdr_buf  verf_buf;
876
877         dprintk("RPC: %5u gss_marshal\n", task->tk_pid);
878
879         *p++ = htonl(RPC_AUTH_GSS);
880         cred_len = p++;
881
882         spin_lock(&ctx->gc_seq_lock);
883         req->rq_seqno = ctx->gc_seq++;
884         spin_unlock(&ctx->gc_seq_lock);
885
886         *p++ = htonl((u32) RPC_GSS_VERSION);
887         *p++ = htonl((u32) ctx->gc_proc);
888         *p++ = htonl((u32) req->rq_seqno);
889         *p++ = htonl((u32) gss_cred->gc_service);
890         p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
891         *cred_len = htonl((p - (cred_len + 1)) << 2);
892
893         /* We compute the checksum for the verifier over the xdr-encoded bytes
894          * starting with the xid and ending at the end of the credential: */
895         iov.iov_base = xprt_skip_transport_header(task->tk_xprt,
896                                         req->rq_snd_buf.head[0].iov_base);
897         iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
898         xdr_buf_from_iov(&iov, &verf_buf);
899
900         /* set verifier flavor*/
901         *p++ = htonl(RPC_AUTH_GSS);
902
903         mic.data = (u8 *)(p + 1);
904         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
905         if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
906                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
907         } else if (maj_stat != 0) {
908                 printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
909                 goto out_put_ctx;
910         }
911         p = xdr_encode_opaque(p, NULL, mic.len);
912         gss_put_ctx(ctx);
913         return p;
914 out_put_ctx:
915         gss_put_ctx(ctx);
916         return NULL;
917 }
918
919 static int gss_renew_cred(struct rpc_task *task)
920 {
921         struct rpc_cred *oldcred = task->tk_msg.rpc_cred;
922         struct gss_cred *gss_cred = container_of(oldcred,
923                                                  struct gss_cred,
924                                                  gc_base);
925         struct rpc_auth *auth = oldcred->cr_auth;
926         struct auth_cred acred = {
927                 .uid = oldcred->cr_uid,
928                 .machine_cred = gss_cred->gc_machine_cred,
929         };
930         struct rpc_cred *new;
931
932         new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
933         if (IS_ERR(new))
934                 return PTR_ERR(new);
935         task->tk_msg.rpc_cred = new;
936         put_rpccred(oldcred);
937         return 0;
938 }
939
940 /*
941 * Refresh credentials. XXX - finish
942 */
943 static int
944 gss_refresh(struct rpc_task *task)
945 {
946         struct rpc_cred *cred = task->tk_msg.rpc_cred;
947         int ret = 0;
948
949         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
950                         !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
951                 ret = gss_renew_cred(task);
952                 if (ret < 0)
953                         goto out;
954                 cred = task->tk_msg.rpc_cred;
955         }
956
957         if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
958                 ret = gss_refresh_upcall(task);
959 out:
960         return ret;
961 }
962
963 /* Dummy refresh routine: used only when destroying the context */
964 static int
965 gss_refresh_null(struct rpc_task *task)
966 {
967         return -EACCES;
968 }
969
970 static __be32 *
971 gss_validate(struct rpc_task *task, __be32 *p)
972 {
973         struct rpc_cred *cred = task->tk_msg.rpc_cred;
974         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
975         __be32          seq;
976         struct kvec     iov;
977         struct xdr_buf  verf_buf;
978         struct xdr_netobj mic;
979         u32             flav,len;
980         u32             maj_stat;
981
982         dprintk("RPC: %5u gss_validate\n", task->tk_pid);
983
984         flav = ntohl(*p++);
985         if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
986                 goto out_bad;
987         if (flav != RPC_AUTH_GSS)
988                 goto out_bad;
989         seq = htonl(task->tk_rqstp->rq_seqno);
990         iov.iov_base = &seq;
991         iov.iov_len = sizeof(seq);
992         xdr_buf_from_iov(&iov, &verf_buf);
993         mic.data = (u8 *)p;
994         mic.len = len;
995
996         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
997         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
998                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
999         if (maj_stat) {
1000                 dprintk("RPC: %5u gss_validate: gss_verify_mic returned "
1001                                 "error 0x%08x\n", task->tk_pid, maj_stat);
1002                 goto out_bad;
1003         }
1004         /* We leave it to unwrap to calculate au_rslack. For now we just
1005          * calculate the length of the verifier: */
1006         cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1007         gss_put_ctx(ctx);
1008         dprintk("RPC: %5u gss_validate: gss_verify_mic succeeded.\n",
1009                         task->tk_pid);
1010         return p + XDR_QUADLEN(len);
1011 out_bad:
1012         gss_put_ctx(ctx);
1013         dprintk("RPC: %5u gss_validate failed.\n", task->tk_pid);
1014         return NULL;
1015 }
1016
1017 static inline int
1018 gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1019                 kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
1020 {
1021         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1022         struct xdr_buf  integ_buf;
1023         __be32          *integ_len = NULL;
1024         struct xdr_netobj mic;
1025         u32             offset;
1026         __be32          *q;
1027         struct kvec     *iov;
1028         u32             maj_stat = 0;
1029         int             status = -EIO;
1030
1031         integ_len = p++;
1032         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1033         *p++ = htonl(rqstp->rq_seqno);
1034
1035         status = rpc_call_xdrproc(encode, rqstp, p, obj);
1036         if (status)
1037                 return status;
1038
1039         if (xdr_buf_subsegment(snd_buf, &integ_buf,
1040                                 offset, snd_buf->len - offset))
1041                 return status;
1042         *integ_len = htonl(integ_buf.len);
1043
1044         /* guess whether we're in the head or the tail: */
1045         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1046                 iov = snd_buf->tail;
1047         else
1048                 iov = snd_buf->head;
1049         p = iov->iov_base + iov->iov_len;
1050         mic.data = (u8 *)(p + 1);
1051
1052         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1053         status = -EIO; /* XXX? */
1054         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1055                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1056         else if (maj_stat)
1057                 return status;
1058         q = xdr_encode_opaque(p, NULL, mic.len);
1059
1060         offset = (u8 *)q - (u8 *)p;
1061         iov->iov_len += offset;
1062         snd_buf->len += offset;
1063         return 0;
1064 }
1065
1066 static void
1067 priv_release_snd_buf(struct rpc_rqst *rqstp)
1068 {
1069         int i;
1070
1071         for (i=0; i < rqstp->rq_enc_pages_num; i++)
1072                 __free_page(rqstp->rq_enc_pages[i]);
1073         kfree(rqstp->rq_enc_pages);
1074 }
1075
1076 static int
1077 alloc_enc_pages(struct rpc_rqst *rqstp)
1078 {
1079         struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1080         int first, last, i;
1081
1082         if (snd_buf->page_len == 0) {
1083                 rqstp->rq_enc_pages_num = 0;
1084                 return 0;
1085         }
1086
1087         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1088         last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
1089         rqstp->rq_enc_pages_num = last - first + 1 + 1;
1090         rqstp->rq_enc_pages
1091                 = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
1092                                 GFP_NOFS);
1093         if (!rqstp->rq_enc_pages)
1094                 goto out;
1095         for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1096                 rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1097                 if (rqstp->rq_enc_pages[i] == NULL)
1098                         goto out_free;
1099         }
1100         rqstp->rq_release_snd_buf = priv_release_snd_buf;
1101         return 0;
1102 out_free:
1103         for (i--; i >= 0; i--) {
1104                 __free_page(rqstp->rq_enc_pages[i]);
1105         }
1106 out:
1107         return -EAGAIN;
1108 }
1109
1110 static inline int
1111 gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1112                 kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
1113 {
1114         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1115         u32             offset;
1116         u32             maj_stat;
1117         int             status;
1118         __be32          *opaque_len;
1119         struct page     **inpages;
1120         int             first;
1121         int             pad;
1122         struct kvec     *iov;
1123         char            *tmp;
1124
1125         opaque_len = p++;
1126         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1127         *p++ = htonl(rqstp->rq_seqno);
1128
1129         status = rpc_call_xdrproc(encode, rqstp, p, obj);
1130         if (status)
1131                 return status;
1132
1133         status = alloc_enc_pages(rqstp);
1134         if (status)
1135                 return status;
1136         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1137         inpages = snd_buf->pages + first;
1138         snd_buf->pages = rqstp->rq_enc_pages;
1139         snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1140         /* Give the tail its own page, in case we need extra space in the
1141          * head when wrapping: */
1142         if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1143                 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1144                 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1145                 snd_buf->tail[0].iov_base = tmp;
1146         }
1147         maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1148         /* RPC_SLACK_SPACE should prevent this ever happening: */
1149         BUG_ON(snd_buf->len > snd_buf->buflen);
1150         status = -EIO;
1151         /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1152          * done anyway, so it's safe to put the request on the wire: */
1153         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1154                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1155         else if (maj_stat)
1156                 return status;
1157
1158         *opaque_len = htonl(snd_buf->len - offset);
1159         /* guess whether we're in the head or the tail: */
1160         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1161                 iov = snd_buf->tail;
1162         else
1163                 iov = snd_buf->head;
1164         p = iov->iov_base + iov->iov_len;
1165         pad = 3 - ((snd_buf->len - offset - 1) & 3);
1166         memset(p, 0, pad);
1167         iov->iov_len += pad;
1168         snd_buf->len += pad;
1169
1170         return 0;
1171 }
1172
1173 static int
1174 gss_wrap_req(struct rpc_task *task,
1175              kxdrproc_t encode, void *rqstp, __be32 *p, void *obj)
1176 {
1177         struct rpc_cred *cred = task->tk_msg.rpc_cred;
1178         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1179                         gc_base);
1180         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1181         int             status = -EIO;
1182
1183         dprintk("RPC: %5u gss_wrap_req\n", task->tk_pid);
1184         if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1185                 /* The spec seems a little ambiguous here, but I think that not
1186                  * wrapping context destruction requests makes the most sense.
1187                  */
1188                 status = rpc_call_xdrproc(encode, rqstp, p, obj);
1189                 goto out;
1190         }
1191         switch (gss_cred->gc_service) {
1192                 case RPC_GSS_SVC_NONE:
1193                         status = rpc_call_xdrproc(encode, rqstp, p, obj);
1194                         break;
1195                 case RPC_GSS_SVC_INTEGRITY:
1196                         status = gss_wrap_req_integ(cred, ctx, encode,
1197                                                                 rqstp, p, obj);
1198                         break;
1199                 case RPC_GSS_SVC_PRIVACY:
1200                         status = gss_wrap_req_priv(cred, ctx, encode,
1201                                         rqstp, p, obj);
1202                         break;
1203         }
1204 out:
1205         gss_put_ctx(ctx);
1206         dprintk("RPC: %5u gss_wrap_req returning %d\n", task->tk_pid, status);
1207         return status;
1208 }
1209
1210 static inline int
1211 gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1212                 struct rpc_rqst *rqstp, __be32 **p)
1213 {
1214         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1215         struct xdr_buf integ_buf;
1216         struct xdr_netobj mic;
1217         u32 data_offset, mic_offset;
1218         u32 integ_len;
1219         u32 maj_stat;
1220         int status = -EIO;
1221
1222         integ_len = ntohl(*(*p)++);
1223         if (integ_len & 3)
1224                 return status;
1225         data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1226         mic_offset = integ_len + data_offset;
1227         if (mic_offset > rcv_buf->len)
1228                 return status;
1229         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1230                 return status;
1231
1232         if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1233                                 mic_offset - data_offset))
1234                 return status;
1235
1236         if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1237                 return status;
1238
1239         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1240         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1241                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1242         if (maj_stat != GSS_S_COMPLETE)
1243                 return status;
1244         return 0;
1245 }
1246
1247 static inline int
1248 gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1249                 struct rpc_rqst *rqstp, __be32 **p)
1250 {
1251         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1252         u32 offset;
1253         u32 opaque_len;
1254         u32 maj_stat;
1255         int status = -EIO;
1256
1257         opaque_len = ntohl(*(*p)++);
1258         offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1259         if (offset + opaque_len > rcv_buf->len)
1260                 return status;
1261         /* remove padding: */
1262         rcv_buf->len = offset + opaque_len;
1263
1264         maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1265         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1266                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1267         if (maj_stat != GSS_S_COMPLETE)
1268                 return status;
1269         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1270                 return status;
1271
1272         return 0;
1273 }
1274
1275
1276 static int
1277 gss_unwrap_resp(struct rpc_task *task,
1278                 kxdrproc_t decode, void *rqstp, __be32 *p, void *obj)
1279 {
1280         struct rpc_cred *cred = task->tk_msg.rpc_cred;
1281         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1282                         gc_base);
1283         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1284         __be32          *savedp = p;
1285         struct kvec     *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1286         int             savedlen = head->iov_len;
1287         int             status = -EIO;
1288
1289         if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1290                 goto out_decode;
1291         switch (gss_cred->gc_service) {
1292                 case RPC_GSS_SVC_NONE:
1293                         break;
1294                 case RPC_GSS_SVC_INTEGRITY:
1295                         status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1296                         if (status)
1297                                 goto out;
1298                         break;
1299                 case RPC_GSS_SVC_PRIVACY:
1300                         status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1301                         if (status)
1302                                 goto out;
1303                         break;
1304         }
1305         /* take into account extra slack for integrity and privacy cases: */
1306         cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1307                                                 + (savedlen - head->iov_len);
1308 out_decode:
1309         status = rpc_call_xdrproc(decode, rqstp, p, obj);
1310 out:
1311         gss_put_ctx(ctx);
1312         dprintk("RPC: %5u gss_unwrap_resp returning %d\n", task->tk_pid,
1313                         status);
1314         return status;
1315 }
1316
1317 static const struct rpc_authops authgss_ops = {
1318         .owner          = THIS_MODULE,
1319         .au_flavor      = RPC_AUTH_GSS,
1320         .au_name        = "RPCSEC_GSS",
1321         .create         = gss_create,
1322         .destroy        = gss_destroy,
1323         .lookup_cred    = gss_lookup_cred,
1324         .crcreate       = gss_create_cred
1325 };
1326
1327 static const struct rpc_credops gss_credops = {
1328         .cr_name        = "AUTH_GSS",
1329         .crdestroy      = gss_destroy_cred,
1330         .cr_init        = gss_cred_init,
1331         .crbind         = rpcauth_generic_bind_cred,
1332         .crmatch        = gss_match,
1333         .crmarshal      = gss_marshal,
1334         .crrefresh      = gss_refresh,
1335         .crvalidate     = gss_validate,
1336         .crwrap_req     = gss_wrap_req,
1337         .crunwrap_resp  = gss_unwrap_resp,
1338 };
1339
1340 static const struct rpc_credops gss_nullops = {
1341         .cr_name        = "AUTH_GSS",
1342         .crdestroy      = gss_destroy_cred,
1343         .crbind         = rpcauth_generic_bind_cred,
1344         .crmatch        = gss_match,
1345         .crmarshal      = gss_marshal,
1346         .crrefresh      = gss_refresh_null,
1347         .crvalidate     = gss_validate,
1348         .crwrap_req     = gss_wrap_req,
1349         .crunwrap_resp  = gss_unwrap_resp,
1350 };
1351
1352 static struct rpc_pipe_ops gss_upcall_ops = {
1353         .upcall         = gss_pipe_upcall,
1354         .downcall       = gss_pipe_downcall,
1355         .destroy_msg    = gss_pipe_destroy_msg,
1356         .release_pipe   = gss_pipe_release,
1357 };
1358
1359 /*
1360  * Initialize RPCSEC_GSS module
1361  */
1362 static int __init init_rpcsec_gss(void)
1363 {
1364         int err = 0;
1365
1366         err = rpcauth_register(&authgss_ops);
1367         if (err)
1368                 goto out;
1369         err = gss_svc_init();
1370         if (err)
1371                 goto out_unregister;
1372         return 0;
1373 out_unregister:
1374         rpcauth_unregister(&authgss_ops);
1375 out:
1376         return err;
1377 }
1378
1379 static void __exit exit_rpcsec_gss(void)
1380 {
1381         gss_svc_shutdown();
1382         rpcauth_unregister(&authgss_ops);
1383 }
1384
1385 MODULE_LICENSE("GPL");
1386 module_init(init_rpcsec_gss)
1387 module_exit(exit_rpcsec_gss)