2 * linux/net/sunrpc/auth_gss/auth_gss.c
4 * RPCSEC_GSS client authentication.
6 * Copyright (c) 2000 The Regents of the University of Michigan.
9 * Dug Song <dugsong@monkey.org>
10 * Andy Adamson <andros@umich.edu>
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 * 3. Neither the name of the University nor the names of its
22 * contributors may be used to endorse or promote products derived
23 * from this software without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
26 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41 #include <linux/module.h>
42 #include <linux/init.h>
43 #include <linux/types.h>
44 #include <linux/slab.h>
45 #include <linux/sched.h>
46 #include <linux/pagemap.h>
47 #include <linux/sunrpc/clnt.h>
48 #include <linux/sunrpc/auth.h>
49 #include <linux/sunrpc/auth_gss.h>
50 #include <linux/sunrpc/svcauth_gss.h>
51 #include <linux/sunrpc/gss_err.h>
52 #include <linux/workqueue.h>
53 #include <linux/sunrpc/rpc_pipe_fs.h>
54 #include <linux/sunrpc/gss_api.h>
55 #include <asm/uaccess.h>
57 static const struct rpc_authops authgss_ops;
59 static const struct rpc_credops gss_credops;
60 static const struct rpc_credops gss_nullops;
63 # define RPCDBG_FACILITY RPCDBG_AUTH
66 #define NFS_NGROUPS 16
68 #define GSS_CRED_SLACK 1024 /* XXX: unused */
69 /* length of a krb5 verifier (48), plus data added before arguments when
70 * using integrity (two 4-byte integers): */
71 #define GSS_VERF_SLACK 100
73 /* XXX this define must match the gssd define
74 * as it is passed to gssd to signal the use of
75 * machine creds should be part of the shared rpc interface */
77 #define CA_RUN_AS_MACHINE 0x00000200
79 /* dump the buffer in `emacs-hexl' style */
80 #define isprint(c) ((c > 0x1f) && (c < 0x7f))
84 struct rpc_auth rpc_auth;
85 struct gss_api_mech *mech;
86 enum rpc_gss_svc service;
87 struct rpc_clnt *client;
88 struct dentry *dentry;
91 static void gss_free_ctx(struct gss_cl_ctx *);
92 static struct rpc_pipe_ops gss_upcall_ops;
94 static inline struct gss_cl_ctx *
95 gss_get_ctx(struct gss_cl_ctx *ctx)
97 atomic_inc(&ctx->count);
102 gss_put_ctx(struct gss_cl_ctx *ctx)
104 if (atomic_dec_and_test(&ctx->count))
109 * called by gss_upcall_callback and gss_create_upcall in order
110 * to set the gss context. The actual exchange of an old context
111 * and a new one is protected by the inode->i_lock.
114 gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
116 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
117 struct gss_cl_ctx *old;
119 old = gss_cred->gc_ctx;
121 rcu_assign_pointer(gss_cred->gc_ctx, ctx);
122 set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
123 clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
129 gss_cred_is_uptodate_ctx(struct rpc_cred *cred)
131 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
135 if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) && gss_cred->gc_ctx)
142 simple_get_bytes(const void *p, const void *end, void *res, size_t len)
144 const void *q = (const void *)((const char *)p + len);
145 if (unlikely(q > end || q < p))
146 return ERR_PTR(-EFAULT);
151 static inline const void *
152 simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
157 p = simple_get_bytes(p, end, &len, sizeof(len));
160 q = (const void *)((const char *)p + len);
161 if (unlikely(q > end || q < p))
162 return ERR_PTR(-EFAULT);
163 dest->data = kmemdup(p, len, GFP_KERNEL);
164 if (unlikely(dest->data == NULL))
165 return ERR_PTR(-ENOMEM);
170 static struct gss_cl_ctx *
171 gss_cred_get_ctx(struct rpc_cred *cred)
173 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
174 struct gss_cl_ctx *ctx = NULL;
177 if (gss_cred->gc_ctx)
178 ctx = gss_get_ctx(gss_cred->gc_ctx);
183 static struct gss_cl_ctx *
184 gss_alloc_context(void)
186 struct gss_cl_ctx *ctx;
188 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
190 ctx->gc_proc = RPC_GSS_PROC_DATA;
191 ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */
192 spin_lock_init(&ctx->gc_seq_lock);
193 atomic_set(&ctx->count,1);
198 #define GSSD_MIN_TIMEOUT (60 * 60)
200 gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
204 unsigned int timeout;
208 /* First unsigned int gives the lifetime (in seconds) of the cred */
209 p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
213 timeout = GSSD_MIN_TIMEOUT;
214 ctx->gc_expiry = jiffies + (unsigned long)timeout * HZ * 3 / 4;
215 /* Sequence number window. Determines the maximum number of simultaneous requests */
216 p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
219 ctx->gc_win = window_size;
220 /* gssd signals an error by passing ctx->gc_win = 0: */
221 if (ctx->gc_win == 0) {
222 /* in which case, p points to an error code which we ignore */
223 p = ERR_PTR(-EACCES);
226 /* copy the opaque wire context */
227 p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
230 /* import the opaque security context */
231 p = simple_get_bytes(p, end, &seclen, sizeof(seclen));
234 q = (const void *)((const char *)p + seclen);
235 if (unlikely(q > end || q < p)) {
236 p = ERR_PTR(-EFAULT);
239 ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx);
246 dprintk("RPC: gss_fill_context returning %ld\n", -PTR_ERR(p));
251 struct gss_upcall_msg {
254 struct rpc_pipe_msg msg;
255 struct list_head list;
256 struct gss_auth *auth;
257 struct rpc_wait_queue rpc_waitqueue;
258 wait_queue_head_t waitqueue;
259 struct gss_cl_ctx *ctx;
263 gss_release_msg(struct gss_upcall_msg *gss_msg)
265 if (!atomic_dec_and_test(&gss_msg->count))
267 BUG_ON(!list_empty(&gss_msg->list));
268 if (gss_msg->ctx != NULL)
269 gss_put_ctx(gss_msg->ctx);
270 rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
274 static struct gss_upcall_msg *
275 __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
277 struct gss_upcall_msg *pos;
278 list_for_each_entry(pos, &rpci->in_downcall, list) {
281 atomic_inc(&pos->count);
282 dprintk("RPC: gss_find_upcall found msg %p\n", pos);
285 dprintk("RPC: gss_find_upcall found nothing\n");
289 /* Try to add a upcall to the pipefs queue.
290 * If an upcall owned by our uid already exists, then we return a reference
291 * to that upcall instead of adding the new upcall.
293 static inline struct gss_upcall_msg *
294 gss_add_msg(struct gss_auth *gss_auth, struct gss_upcall_msg *gss_msg)
296 struct inode *inode = gss_auth->dentry->d_inode;
297 struct rpc_inode *rpci = RPC_I(inode);
298 struct gss_upcall_msg *old;
300 spin_lock(&inode->i_lock);
301 old = __gss_find_upcall(rpci, gss_msg->uid);
303 atomic_inc(&gss_msg->count);
304 list_add(&gss_msg->list, &rpci->in_downcall);
307 spin_unlock(&inode->i_lock);
312 __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
314 list_del_init(&gss_msg->list);
315 rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
316 wake_up_all(&gss_msg->waitqueue);
317 atomic_dec(&gss_msg->count);
321 gss_unhash_msg(struct gss_upcall_msg *gss_msg)
323 struct gss_auth *gss_auth = gss_msg->auth;
324 struct inode *inode = gss_auth->dentry->d_inode;
326 if (list_empty(&gss_msg->list))
328 spin_lock(&inode->i_lock);
329 if (!list_empty(&gss_msg->list))
330 __gss_unhash_msg(gss_msg);
331 spin_unlock(&inode->i_lock);
335 gss_upcall_callback(struct rpc_task *task)
337 struct gss_cred *gss_cred = container_of(task->tk_msg.rpc_cred,
338 struct gss_cred, gc_base);
339 struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
340 struct inode *inode = gss_msg->auth->dentry->d_inode;
342 spin_lock(&inode->i_lock);
344 gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
346 task->tk_status = gss_msg->msg.errno;
347 gss_cred->gc_upcall = NULL;
348 rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
349 spin_unlock(&inode->i_lock);
350 gss_release_msg(gss_msg);
353 static inline struct gss_upcall_msg *
354 gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid)
356 struct gss_upcall_msg *gss_msg;
358 gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL);
359 if (gss_msg != NULL) {
360 INIT_LIST_HEAD(&gss_msg->list);
361 rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
362 init_waitqueue_head(&gss_msg->waitqueue);
363 atomic_set(&gss_msg->count, 1);
364 gss_msg->msg.data = &gss_msg->uid;
365 gss_msg->msg.len = sizeof(gss_msg->uid);
367 gss_msg->auth = gss_auth;
372 static struct gss_upcall_msg *
373 gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
375 struct gss_cred *gss_cred = container_of(cred,
376 struct gss_cred, gc_base);
377 struct gss_upcall_msg *gss_new, *gss_msg;
378 uid_t uid = cred->cr_uid;
380 /* Special case: rpc.gssd assumes that uid == 0 implies machine creds */
381 if (gss_cred->gc_machine_cred != 0)
384 gss_new = gss_alloc_msg(gss_auth, uid);
386 return ERR_PTR(-ENOMEM);
387 gss_msg = gss_add_msg(gss_auth, gss_new);
388 if (gss_msg == gss_new) {
389 int res = rpc_queue_upcall(gss_auth->dentry->d_inode, &gss_new->msg);
391 gss_unhash_msg(gss_new);
392 gss_msg = ERR_PTR(res);
395 gss_release_msg(gss_new);
400 gss_refresh_upcall(struct rpc_task *task)
402 struct rpc_cred *cred = task->tk_msg.rpc_cred;
403 struct gss_auth *gss_auth = container_of(cred->cr_auth,
404 struct gss_auth, rpc_auth);
405 struct gss_cred *gss_cred = container_of(cred,
406 struct gss_cred, gc_base);
407 struct gss_upcall_msg *gss_msg;
408 struct inode *inode = gss_auth->dentry->d_inode;
411 dprintk("RPC: %5u gss_refresh_upcall for uid %u\n", task->tk_pid,
413 gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
414 if (IS_ERR(gss_msg)) {
415 err = PTR_ERR(gss_msg);
418 spin_lock(&inode->i_lock);
419 if (gss_cred->gc_upcall != NULL)
420 rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
421 else if (gss_msg->ctx != NULL) {
422 gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
423 gss_cred->gc_upcall = NULL;
424 rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
425 } else if (gss_msg->msg.errno >= 0) {
426 task->tk_timeout = 0;
427 gss_cred->gc_upcall = gss_msg;
428 /* gss_upcall_callback will release the reference to gss_upcall_msg */
429 atomic_inc(&gss_msg->count);
430 rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
432 err = gss_msg->msg.errno;
433 spin_unlock(&inode->i_lock);
434 gss_release_msg(gss_msg);
436 dprintk("RPC: %5u gss_refresh_upcall for uid %u result %d\n",
437 task->tk_pid, cred->cr_uid, err);
442 gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
444 struct inode *inode = gss_auth->dentry->d_inode;
445 struct rpc_cred *cred = &gss_cred->gc_base;
446 struct gss_upcall_msg *gss_msg;
450 dprintk("RPC: gss_upcall for uid %u\n", cred->cr_uid);
451 gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
452 if (IS_ERR(gss_msg)) {
453 err = PTR_ERR(gss_msg);
457 prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_INTERRUPTIBLE);
458 spin_lock(&inode->i_lock);
459 if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
462 spin_unlock(&inode->i_lock);
470 gss_cred_set_ctx(cred, gss_msg->ctx);
472 err = gss_msg->msg.errno;
473 spin_unlock(&inode->i_lock);
475 finish_wait(&gss_msg->waitqueue, &wait);
476 gss_release_msg(gss_msg);
478 dprintk("RPC: gss_create_upcall for uid %u result %d\n",
484 gss_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg,
485 char __user *dst, size_t buflen)
487 char *data = (char *)msg->data + msg->copied;
488 size_t mlen = min(msg->len, buflen);
491 left = copy_to_user(dst, data, mlen);
493 msg->errno = -EFAULT;
503 #define MSG_BUF_MAXSIZE 1024
506 gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
510 struct rpc_clnt *clnt;
511 struct gss_upcall_msg *gss_msg;
512 struct inode *inode = filp->f_path.dentry->d_inode;
513 struct gss_cl_ctx *ctx;
515 ssize_t err = -EFBIG;
517 if (mlen > MSG_BUF_MAXSIZE)
520 buf = kmalloc(mlen, GFP_KERNEL);
524 clnt = RPC_I(inode)->private;
526 if (copy_from_user(buf, src, mlen))
529 end = (const void *)((char *)buf + mlen);
530 p = simple_get_bytes(buf, end, &uid, sizeof(uid));
537 ctx = gss_alloc_context();
542 /* Find a matching upcall */
543 spin_lock(&inode->i_lock);
544 gss_msg = __gss_find_upcall(RPC_I(inode), uid);
545 if (gss_msg == NULL) {
546 spin_unlock(&inode->i_lock);
549 list_del_init(&gss_msg->list);
550 spin_unlock(&inode->i_lock);
552 p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
555 gss_msg->msg.errno = (err == -EAGAIN) ? -EAGAIN : -EACCES;
556 goto err_release_msg;
558 gss_msg->ctx = gss_get_ctx(ctx);
562 spin_lock(&inode->i_lock);
563 __gss_unhash_msg(gss_msg);
564 spin_unlock(&inode->i_lock);
565 gss_release_msg(gss_msg);
571 dprintk("RPC: gss_pipe_downcall returning %Zd\n", err);
576 gss_pipe_release(struct inode *inode)
578 struct rpc_inode *rpci = RPC_I(inode);
579 struct gss_upcall_msg *gss_msg;
581 spin_lock(&inode->i_lock);
582 while (!list_empty(&rpci->in_downcall)) {
584 gss_msg = list_entry(rpci->in_downcall.next,
585 struct gss_upcall_msg, list);
586 gss_msg->msg.errno = -EPIPE;
587 atomic_inc(&gss_msg->count);
588 __gss_unhash_msg(gss_msg);
589 spin_unlock(&inode->i_lock);
590 gss_release_msg(gss_msg);
591 spin_lock(&inode->i_lock);
593 spin_unlock(&inode->i_lock);
597 gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
599 struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
600 static unsigned long ratelimit;
602 if (msg->errno < 0) {
603 dprintk("RPC: gss_pipe_destroy_msg releasing msg %p\n",
605 atomic_inc(&gss_msg->count);
606 gss_unhash_msg(gss_msg);
607 if (msg->errno == -ETIMEDOUT) {
608 unsigned long now = jiffies;
609 if (time_after(now, ratelimit)) {
610 printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
611 "Please check user daemon is running!\n");
612 ratelimit = now + 15*HZ;
615 gss_release_msg(gss_msg);
620 * NOTE: we have the opportunity to use different
621 * parameters based on the input flavor (which must be a pseudoflavor)
623 static struct rpc_auth *
624 gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
626 struct gss_auth *gss_auth;
627 struct rpc_auth * auth;
628 int err = -ENOMEM; /* XXX? */
630 dprintk("RPC: creating GSS authenticator for client %p\n", clnt);
632 if (!try_module_get(THIS_MODULE))
634 if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
636 gss_auth->client = clnt;
638 gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
639 if (!gss_auth->mech) {
640 printk(KERN_WARNING "%s: Pseudoflavor %d not found!\n",
641 __FUNCTION__, flavor);
644 gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
645 if (gss_auth->service == 0)
647 auth = &gss_auth->rpc_auth;
648 auth->au_cslack = GSS_CRED_SLACK >> 2;
649 auth->au_rslack = GSS_VERF_SLACK >> 2;
650 auth->au_ops = &authgss_ops;
651 auth->au_flavor = flavor;
652 atomic_set(&auth->au_count, 1);
653 kref_init(&gss_auth->kref);
655 gss_auth->dentry = rpc_mkpipe(clnt->cl_dentry, gss_auth->mech->gm_name,
656 clnt, &gss_upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
657 if (IS_ERR(gss_auth->dentry)) {
658 err = PTR_ERR(gss_auth->dentry);
662 err = rpcauth_init_credcache(auth);
664 goto err_unlink_pipe;
668 rpc_unlink(gss_auth->dentry);
670 gss_mech_put(gss_auth->mech);
674 module_put(THIS_MODULE);
679 gss_free(struct gss_auth *gss_auth)
681 rpc_unlink(gss_auth->dentry);
682 gss_auth->dentry = NULL;
683 gss_mech_put(gss_auth->mech);
686 module_put(THIS_MODULE);
690 gss_free_callback(struct kref *kref)
692 struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
698 gss_destroy(struct rpc_auth *auth)
700 struct gss_auth *gss_auth;
702 dprintk("RPC: destroying GSS authenticator %p flavor %d\n",
703 auth, auth->au_flavor);
705 rpcauth_destroy_credcache(auth);
707 gss_auth = container_of(auth, struct gss_auth, rpc_auth);
708 kref_put(&gss_auth->kref, gss_free_callback);
712 * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
713 * to the server with the GSS control procedure field set to
714 * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
715 * all RPCSEC_GSS state associated with that context.
718 gss_destroying_context(struct rpc_cred *cred)
720 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
721 struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
722 struct rpc_task *task;
724 if (gss_cred->gc_ctx == NULL ||
725 test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
728 gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
729 cred->cr_ops = &gss_nullops;
731 /* Take a reference to ensure the cred will be destroyed either
732 * by the RPC call or by the put_rpccred() below */
735 task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
743 /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
744 * to create a new cred or context, so they check that things have been
745 * allocated before freeing them. */
747 gss_do_free_ctx(struct gss_cl_ctx *ctx)
749 dprintk("RPC: gss_free_ctx\n");
751 kfree(ctx->gc_wire_ctx.data);
756 gss_free_ctx_callback(struct rcu_head *head)
758 struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
759 gss_do_free_ctx(ctx);
763 gss_free_ctx(struct gss_cl_ctx *ctx)
765 struct gss_ctx *gc_gss_ctx;
767 gc_gss_ctx = rcu_dereference(ctx->gc_gss_ctx);
768 rcu_assign_pointer(ctx->gc_gss_ctx, NULL);
769 call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
771 gss_delete_sec_context(&gc_gss_ctx);
775 gss_free_cred(struct gss_cred *gss_cred)
777 dprintk("RPC: gss_free_cred %p\n", gss_cred);
782 gss_free_cred_callback(struct rcu_head *head)
784 struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
785 gss_free_cred(gss_cred);
789 gss_destroy_cred(struct rpc_cred *cred)
791 struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
792 struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
793 struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
795 if (gss_destroying_context(cred))
797 rcu_assign_pointer(gss_cred->gc_ctx, NULL);
798 call_rcu(&cred->cr_rcu, gss_free_cred_callback);
801 kref_put(&gss_auth->kref, gss_free_callback);
805 * Lookup RPCSEC_GSS cred for the current process
807 static struct rpc_cred *
808 gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
810 return rpcauth_lookup_credcache(auth, acred, flags);
813 static struct rpc_cred *
814 gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
816 struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
817 struct gss_cred *cred = NULL;
820 dprintk("RPC: gss_create_cred for uid %d, flavor %d\n",
821 acred->uid, auth->au_flavor);
823 if (!(cred = kzalloc(sizeof(*cred), GFP_KERNEL)))
826 rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
828 * Note: in order to force a call to call_refresh(), we deliberately
829 * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
831 cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
832 cred->gc_service = gss_auth->service;
833 cred->gc_machine_cred = acred->machine_cred;
834 kref_get(&gss_auth->kref);
835 return &cred->gc_base;
838 dprintk("RPC: gss_create_cred failed with error %d\n", err);
843 gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
845 struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
846 struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
850 err = gss_create_upcall(gss_auth, gss_cred);
851 } while (err == -EAGAIN);
856 gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
858 struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
861 * If the searchflags have set RPCAUTH_LOOKUP_NEW, then
862 * we don't really care if the credential has expired or not,
863 * since the caller should be prepared to reinitialise it.
865 if ((flags & RPCAUTH_LOOKUP_NEW) && test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
867 /* Don't match with creds that have expired. */
868 if (gss_cred->gc_ctx && time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
871 if (acred->machine_cred != gss_cred->gc_machine_cred)
873 return (rc->cr_uid == acred->uid);
877 * Marshal credentials.
878 * Maybe we should keep a cached credential for performance reasons.
881 gss_marshal(struct rpc_task *task, __be32 *p)
883 struct rpc_cred *cred = task->tk_msg.rpc_cred;
884 struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
886 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
888 struct rpc_rqst *req = task->tk_rqstp;
890 struct xdr_netobj mic;
892 struct xdr_buf verf_buf;
894 dprintk("RPC: %5u gss_marshal\n", task->tk_pid);
896 *p++ = htonl(RPC_AUTH_GSS);
899 spin_lock(&ctx->gc_seq_lock);
900 req->rq_seqno = ctx->gc_seq++;
901 spin_unlock(&ctx->gc_seq_lock);
903 *p++ = htonl((u32) RPC_GSS_VERSION);
904 *p++ = htonl((u32) ctx->gc_proc);
905 *p++ = htonl((u32) req->rq_seqno);
906 *p++ = htonl((u32) gss_cred->gc_service);
907 p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
908 *cred_len = htonl((p - (cred_len + 1)) << 2);
910 /* We compute the checksum for the verifier over the xdr-encoded bytes
911 * starting with the xid and ending at the end of the credential: */
912 iov.iov_base = xprt_skip_transport_header(task->tk_xprt,
913 req->rq_snd_buf.head[0].iov_base);
914 iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
915 xdr_buf_from_iov(&iov, &verf_buf);
917 /* set verifier flavor*/
918 *p++ = htonl(RPC_AUTH_GSS);
920 mic.data = (u8 *)(p + 1);
921 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
922 if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
923 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
924 } else if (maj_stat != 0) {
925 printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
928 p = xdr_encode_opaque(p, NULL, mic.len);
937 * Refresh credentials. XXX - finish
940 gss_refresh(struct rpc_task *task)
943 if (!gss_cred_is_uptodate_ctx(task->tk_msg.rpc_cred))
944 return gss_refresh_upcall(task);
948 /* Dummy refresh routine: used only when destroying the context */
950 gss_refresh_null(struct rpc_task *task)
956 gss_validate(struct rpc_task *task, __be32 *p)
958 struct rpc_cred *cred = task->tk_msg.rpc_cred;
959 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
962 struct xdr_buf verf_buf;
963 struct xdr_netobj mic;
967 dprintk("RPC: %5u gss_validate\n", task->tk_pid);
970 if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
972 if (flav != RPC_AUTH_GSS)
974 seq = htonl(task->tk_rqstp->rq_seqno);
976 iov.iov_len = sizeof(seq);
977 xdr_buf_from_iov(&iov, &verf_buf);
981 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
982 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
983 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
985 dprintk("RPC: %5u gss_validate: gss_verify_mic returned "
986 "error 0x%08x\n", task->tk_pid, maj_stat);
989 /* We leave it to unwrap to calculate au_rslack. For now we just
990 * calculate the length of the verifier: */
991 cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
993 dprintk("RPC: %5u gss_validate: gss_verify_mic succeeded.\n",
995 return p + XDR_QUADLEN(len);
998 dprintk("RPC: %5u gss_validate failed.\n", task->tk_pid);
1003 gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1004 kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
1006 struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1007 struct xdr_buf integ_buf;
1008 __be32 *integ_len = NULL;
1009 struct xdr_netobj mic;
1017 offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1018 *p++ = htonl(rqstp->rq_seqno);
1020 status = rpc_call_xdrproc(encode, rqstp, p, obj);
1024 if (xdr_buf_subsegment(snd_buf, &integ_buf,
1025 offset, snd_buf->len - offset))
1027 *integ_len = htonl(integ_buf.len);
1029 /* guess whether we're in the head or the tail: */
1030 if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1031 iov = snd_buf->tail;
1033 iov = snd_buf->head;
1034 p = iov->iov_base + iov->iov_len;
1035 mic.data = (u8 *)(p + 1);
1037 maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1038 status = -EIO; /* XXX? */
1039 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1040 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1043 q = xdr_encode_opaque(p, NULL, mic.len);
1045 offset = (u8 *)q - (u8 *)p;
1046 iov->iov_len += offset;
1047 snd_buf->len += offset;
1052 priv_release_snd_buf(struct rpc_rqst *rqstp)
1056 for (i=0; i < rqstp->rq_enc_pages_num; i++)
1057 __free_page(rqstp->rq_enc_pages[i]);
1058 kfree(rqstp->rq_enc_pages);
1062 alloc_enc_pages(struct rpc_rqst *rqstp)
1064 struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1067 if (snd_buf->page_len == 0) {
1068 rqstp->rq_enc_pages_num = 0;
1072 first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1073 last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
1074 rqstp->rq_enc_pages_num = last - first + 1 + 1;
1076 = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
1078 if (!rqstp->rq_enc_pages)
1080 for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1081 rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1082 if (rqstp->rq_enc_pages[i] == NULL)
1085 rqstp->rq_release_snd_buf = priv_release_snd_buf;
1088 for (i--; i >= 0; i--) {
1089 __free_page(rqstp->rq_enc_pages[i]);
1096 gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1097 kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
1099 struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1104 struct page **inpages;
1111 offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1112 *p++ = htonl(rqstp->rq_seqno);
1114 status = rpc_call_xdrproc(encode, rqstp, p, obj);
1118 status = alloc_enc_pages(rqstp);
1121 first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1122 inpages = snd_buf->pages + first;
1123 snd_buf->pages = rqstp->rq_enc_pages;
1124 snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1125 /* Give the tail its own page, in case we need extra space in the
1126 * head when wrapping: */
1127 if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1128 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1129 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1130 snd_buf->tail[0].iov_base = tmp;
1132 maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1133 /* RPC_SLACK_SPACE should prevent this ever happening: */
1134 BUG_ON(snd_buf->len > snd_buf->buflen);
1136 /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1137 * done anyway, so it's safe to put the request on the wire: */
1138 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1139 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1143 *opaque_len = htonl(snd_buf->len - offset);
1144 /* guess whether we're in the head or the tail: */
1145 if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1146 iov = snd_buf->tail;
1148 iov = snd_buf->head;
1149 p = iov->iov_base + iov->iov_len;
1150 pad = 3 - ((snd_buf->len - offset - 1) & 3);
1152 iov->iov_len += pad;
1153 snd_buf->len += pad;
1159 gss_wrap_req(struct rpc_task *task,
1160 kxdrproc_t encode, void *rqstp, __be32 *p, void *obj)
1162 struct rpc_cred *cred = task->tk_msg.rpc_cred;
1163 struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1165 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1168 dprintk("RPC: %5u gss_wrap_req\n", task->tk_pid);
1169 if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1170 /* The spec seems a little ambiguous here, but I think that not
1171 * wrapping context destruction requests makes the most sense.
1173 status = rpc_call_xdrproc(encode, rqstp, p, obj);
1176 switch (gss_cred->gc_service) {
1177 case RPC_GSS_SVC_NONE:
1178 status = rpc_call_xdrproc(encode, rqstp, p, obj);
1180 case RPC_GSS_SVC_INTEGRITY:
1181 status = gss_wrap_req_integ(cred, ctx, encode,
1184 case RPC_GSS_SVC_PRIVACY:
1185 status = gss_wrap_req_priv(cred, ctx, encode,
1191 dprintk("RPC: %5u gss_wrap_req returning %d\n", task->tk_pid, status);
1196 gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1197 struct rpc_rqst *rqstp, __be32 **p)
1199 struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
1200 struct xdr_buf integ_buf;
1201 struct xdr_netobj mic;
1202 u32 data_offset, mic_offset;
1207 integ_len = ntohl(*(*p)++);
1210 data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1211 mic_offset = integ_len + data_offset;
1212 if (mic_offset > rcv_buf->len)
1214 if (ntohl(*(*p)++) != rqstp->rq_seqno)
1217 if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1218 mic_offset - data_offset))
1221 if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1224 maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1225 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1226 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1227 if (maj_stat != GSS_S_COMPLETE)
1233 gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1234 struct rpc_rqst *rqstp, __be32 **p)
1236 struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
1242 opaque_len = ntohl(*(*p)++);
1243 offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1244 if (offset + opaque_len > rcv_buf->len)
1246 /* remove padding: */
1247 rcv_buf->len = offset + opaque_len;
1249 maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1250 if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1251 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1252 if (maj_stat != GSS_S_COMPLETE)
1254 if (ntohl(*(*p)++) != rqstp->rq_seqno)
1262 gss_unwrap_resp(struct rpc_task *task,
1263 kxdrproc_t decode, void *rqstp, __be32 *p, void *obj)
1265 struct rpc_cred *cred = task->tk_msg.rpc_cred;
1266 struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1268 struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1270 struct kvec *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1271 int savedlen = head->iov_len;
1274 if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1276 switch (gss_cred->gc_service) {
1277 case RPC_GSS_SVC_NONE:
1279 case RPC_GSS_SVC_INTEGRITY:
1280 status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1284 case RPC_GSS_SVC_PRIVACY:
1285 status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1290 /* take into account extra slack for integrity and privacy cases: */
1291 cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1292 + (savedlen - head->iov_len);
1294 status = rpc_call_xdrproc(decode, rqstp, p, obj);
1297 dprintk("RPC: %5u gss_unwrap_resp returning %d\n", task->tk_pid,
1302 static const struct rpc_authops authgss_ops = {
1303 .owner = THIS_MODULE,
1304 .au_flavor = RPC_AUTH_GSS,
1305 .au_name = "RPCSEC_GSS",
1306 .create = gss_create,
1307 .destroy = gss_destroy,
1308 .lookup_cred = gss_lookup_cred,
1309 .crcreate = gss_create_cred
1312 static const struct rpc_credops gss_credops = {
1313 .cr_name = "AUTH_GSS",
1314 .crdestroy = gss_destroy_cred,
1315 .cr_init = gss_cred_init,
1316 .crbind = rpcauth_generic_bind_cred,
1317 .crmatch = gss_match,
1318 .crmarshal = gss_marshal,
1319 .crrefresh = gss_refresh,
1320 .crvalidate = gss_validate,
1321 .crwrap_req = gss_wrap_req,
1322 .crunwrap_resp = gss_unwrap_resp,
1325 static const struct rpc_credops gss_nullops = {
1326 .cr_name = "AUTH_GSS",
1327 .crdestroy = gss_destroy_cred,
1328 .crbind = rpcauth_generic_bind_cred,
1329 .crmatch = gss_match,
1330 .crmarshal = gss_marshal,
1331 .crrefresh = gss_refresh_null,
1332 .crvalidate = gss_validate,
1333 .crwrap_req = gss_wrap_req,
1334 .crunwrap_resp = gss_unwrap_resp,
1337 static struct rpc_pipe_ops gss_upcall_ops = {
1338 .upcall = gss_pipe_upcall,
1339 .downcall = gss_pipe_downcall,
1340 .destroy_msg = gss_pipe_destroy_msg,
1341 .release_pipe = gss_pipe_release,
1345 * Initialize RPCSEC_GSS module
1347 static int __init init_rpcsec_gss(void)
1351 err = rpcauth_register(&authgss_ops);
1354 err = gss_svc_init();
1356 goto out_unregister;
1359 rpcauth_unregister(&authgss_ops);
1364 static void __exit exit_rpcsec_gss(void)
1367 rpcauth_unregister(&authgss_ops);
1370 MODULE_LICENSE("GPL");
1371 module_init(init_rpcsec_gss)
1372 module_exit(exit_rpcsec_gss)