Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
[linux-2.6] / net / sunrpc / auth_gss / auth_gss.c
1 /*
2  * linux/net/sunrpc/auth_gss/auth_gss.c
3  *
4  * RPCSEC_GSS client authentication.
5  *
6  *  Copyright (c) 2000 The Regents of the University of Michigan.
7  *  All rights reserved.
8  *
9  *  Dug Song       <dugsong@monkey.org>
10  *  Andy Adamson   <andros@umich.edu>
11  *
12  *  Redistribution and use in source and binary forms, with or without
13  *  modification, are permitted provided that the following conditions
14  *  are met:
15  *
16  *  1. Redistributions of source code must retain the above copyright
17  *     notice, this list of conditions and the following disclaimer.
18  *  2. Redistributions in binary form must reproduce the above copyright
19  *     notice, this list of conditions and the following disclaimer in the
20  *     documentation and/or other materials provided with the distribution.
21  *  3. Neither the name of the University nor the names of its
22  *     contributors may be used to endorse or promote products derived
23  *     from this software without specific prior written permission.
24  *
25  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
26  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37
38
39 #include <linux/module.h>
40 #include <linux/init.h>
41 #include <linux/types.h>
42 #include <linux/slab.h>
43 #include <linux/sched.h>
44 #include <linux/pagemap.h>
45 #include <linux/sunrpc/clnt.h>
46 #include <linux/sunrpc/auth.h>
47 #include <linux/sunrpc/auth_gss.h>
48 #include <linux/sunrpc/svcauth_gss.h>
49 #include <linux/sunrpc/gss_err.h>
50 #include <linux/workqueue.h>
51 #include <linux/sunrpc/rpc_pipe_fs.h>
52 #include <linux/sunrpc/gss_api.h>
53 #include <asm/uaccess.h>
54
55 static const struct rpc_authops authgss_ops;
56
57 static const struct rpc_credops gss_credops;
58 static const struct rpc_credops gss_nullops;
59
60 #ifdef RPC_DEBUG
61 # define RPCDBG_FACILITY        RPCDBG_AUTH
62 #endif
63
64 #define NFS_NGROUPS     16
65
66 #define GSS_CRED_SLACK          1024            /* XXX: unused */
67 /* length of a krb5 verifier (48), plus data added before arguments when
68  * using integrity (two 4-byte integers): */
69 #define GSS_VERF_SLACK          100
70
71 /* XXX this define must match the gssd define
72 * as it is passed to gssd to signal the use of
73 * machine creds should be part of the shared rpc interface */
74
75 #define CA_RUN_AS_MACHINE  0x00000200
76
77 /* dump the buffer in `emacs-hexl' style */
78 #define isprint(c)      ((c > 0x1f) && (c < 0x7f))
79
80 struct gss_auth {
81         struct kref kref;
82         struct rpc_auth rpc_auth;
83         struct gss_api_mech *mech;
84         enum rpc_gss_svc service;
85         struct rpc_clnt *client;
86         struct dentry *dentry;
87 };
88
89 static void gss_free_ctx(struct gss_cl_ctx *);
90 static struct rpc_pipe_ops gss_upcall_ops;
91
92 static inline struct gss_cl_ctx *
93 gss_get_ctx(struct gss_cl_ctx *ctx)
94 {
95         atomic_inc(&ctx->count);
96         return ctx;
97 }
98
99 static inline void
100 gss_put_ctx(struct gss_cl_ctx *ctx)
101 {
102         if (atomic_dec_and_test(&ctx->count))
103                 gss_free_ctx(ctx);
104 }
105
106 /* gss_cred_set_ctx:
107  * called by gss_upcall_callback and gss_create_upcall in order
108  * to set the gss context. The actual exchange of an old context
109  * and a new one is protected by the inode->i_lock.
110  */
111 static void
112 gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
113 {
114         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
115
116         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
117                 return;
118         gss_get_ctx(ctx);
119         rcu_assign_pointer(gss_cred->gc_ctx, ctx);
120         set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
121         smp_mb__before_clear_bit();
122         clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
123 }
124
125 static const void *
126 simple_get_bytes(const void *p, const void *end, void *res, size_t len)
127 {
128         const void *q = (const void *)((const char *)p + len);
129         if (unlikely(q > end || q < p))
130                 return ERR_PTR(-EFAULT);
131         memcpy(res, p, len);
132         return q;
133 }
134
135 static inline const void *
136 simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
137 {
138         const void *q;
139         unsigned int len;
140
141         p = simple_get_bytes(p, end, &len, sizeof(len));
142         if (IS_ERR(p))
143                 return p;
144         q = (const void *)((const char *)p + len);
145         if (unlikely(q > end || q < p))
146                 return ERR_PTR(-EFAULT);
147         dest->data = kmemdup(p, len, GFP_KERNEL);
148         if (unlikely(dest->data == NULL))
149                 return ERR_PTR(-ENOMEM);
150         dest->len = len;
151         return q;
152 }
153
154 static struct gss_cl_ctx *
155 gss_cred_get_ctx(struct rpc_cred *cred)
156 {
157         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
158         struct gss_cl_ctx *ctx = NULL;
159
160         rcu_read_lock();
161         if (gss_cred->gc_ctx)
162                 ctx = gss_get_ctx(gss_cred->gc_ctx);
163         rcu_read_unlock();
164         return ctx;
165 }
166
167 static struct gss_cl_ctx *
168 gss_alloc_context(void)
169 {
170         struct gss_cl_ctx *ctx;
171
172         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
173         if (ctx != NULL) {
174                 ctx->gc_proc = RPC_GSS_PROC_DATA;
175                 ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
176                 spin_lock_init(&ctx->gc_seq_lock);
177                 atomic_set(&ctx->count,1);
178         }
179         return ctx;
180 }
181
182 #define GSSD_MIN_TIMEOUT (60 * 60)
183 static const void *
184 gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
185 {
186         const void *q;
187         unsigned int seclen;
188         unsigned int timeout;
189         u32 window_size;
190         int ret;
191
192         /* First unsigned int gives the lifetime (in seconds) of the cred */
193         p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
194         if (IS_ERR(p))
195                 goto err;
196         if (timeout == 0)
197                 timeout = GSSD_MIN_TIMEOUT;
198         ctx->gc_expiry = jiffies + (unsigned long)timeout * HZ * 3 / 4;
199         /* Sequence number window. Determines the maximum number of simultaneous requests */
200         p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
201         if (IS_ERR(p))
202                 goto err;
203         ctx->gc_win = window_size;
204         /* gssd signals an error by passing ctx->gc_win = 0: */
205         if (ctx->gc_win == 0) {
206                 /* in which case, p points to  an error code which we ignore */
207                 p = ERR_PTR(-EACCES);
208                 goto err;
209         }
210         /* copy the opaque wire context */
211         p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
212         if (IS_ERR(p))
213                 goto err;
214         /* import the opaque security context */
215         p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
216         if (IS_ERR(p))
217                 goto err;
218         q = (const void *)((const char *)p + seclen);
219         if (unlikely(q > end || q < p)) {
220                 p = ERR_PTR(-EFAULT);
221                 goto err;
222         }
223         ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx);
224         if (ret < 0) {
225                 p = ERR_PTR(ret);
226                 goto err;
227         }
228         return q;
229 err:
230         dprintk("RPC:       gss_fill_context returning %ld\n", -PTR_ERR(p));
231         return p;
232 }
233
234
235 struct gss_upcall_msg {
236         atomic_t count;
237         uid_t   uid;
238         struct rpc_pipe_msg msg;
239         struct list_head list;
240         struct gss_auth *auth;
241         struct rpc_wait_queue rpc_waitqueue;
242         wait_queue_head_t waitqueue;
243         struct gss_cl_ctx *ctx;
244 };
245
246 static void
247 gss_release_msg(struct gss_upcall_msg *gss_msg)
248 {
249         if (!atomic_dec_and_test(&gss_msg->count))
250                 return;
251         BUG_ON(!list_empty(&gss_msg->list));
252         if (gss_msg->ctx != NULL)
253                 gss_put_ctx(gss_msg->ctx);
254         rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
255         kfree(gss_msg);
256 }
257
258 static struct gss_upcall_msg *
259 __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
260 {
261         struct gss_upcall_msg *pos;
262         list_for_each_entry(pos, &rpci->in_downcall, list) {
263                 if (pos->uid != uid)
264                         continue;
265                 atomic_inc(&pos->count);
266                 dprintk("RPC:       gss_find_upcall found msg %p\n", pos);
267                 return pos;
268         }
269         dprintk("RPC:       gss_find_upcall found nothing\n");
270         return NULL;
271 }
272
273 /* Try to add a upcall to the pipefs queue.
274  * If an upcall owned by our uid already exists, then we return a reference
275  * to that upcall instead of adding the new upcall.
276  */
277 static inline struct gss_upcall_msg *
278 gss_add_msg(struct gss_auth *gss_auth, struct gss_upcall_msg *gss_msg)
279 {
280         struct inode *inode = gss_auth->dentry->d_inode;
281         struct rpc_inode *rpci = RPC_I(inode);
282         struct gss_upcall_msg *old;
283
284         spin_lock(&inode->i_lock);
285         old = __gss_find_upcall(rpci, gss_msg->uid);
286         if (old == NULL) {
287                 atomic_inc(&gss_msg->count);
288                 list_add(&gss_msg->list, &rpci->in_downcall);
289         } else
290                 gss_msg = old;
291         spin_unlock(&inode->i_lock);
292         return gss_msg;
293 }
294
295 static void
296 __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
297 {
298         list_del_init(&gss_msg->list);
299         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
300         wake_up_all(&gss_msg->waitqueue);
301         atomic_dec(&gss_msg->count);
302 }
303
304 static void
305 gss_unhash_msg(struct gss_upcall_msg *gss_msg)
306 {
307         struct gss_auth *gss_auth = gss_msg->auth;
308         struct inode *inode = gss_auth->dentry->d_inode;
309
310         if (list_empty(&gss_msg->list))
311                 return;
312         spin_lock(&inode->i_lock);
313         if (!list_empty(&gss_msg->list))
314                 __gss_unhash_msg(gss_msg);
315         spin_unlock(&inode->i_lock);
316 }
317
318 static void
319 gss_upcall_callback(struct rpc_task *task)
320 {
321         struct gss_cred *gss_cred = container_of(task->tk_msg.rpc_cred,
322                         struct gss_cred, gc_base);
323         struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
324         struct inode *inode = gss_msg->auth->dentry->d_inode;
325
326         spin_lock(&inode->i_lock);
327         if (gss_msg->ctx)
328                 gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
329         else
330                 task->tk_status = gss_msg->msg.errno;
331         gss_cred->gc_upcall = NULL;
332         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
333         spin_unlock(&inode->i_lock);
334         gss_release_msg(gss_msg);
335 }
336
337 static inline struct gss_upcall_msg *
338 gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid)
339 {
340         struct gss_upcall_msg *gss_msg;
341
342         gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL);
343         if (gss_msg != NULL) {
344                 INIT_LIST_HEAD(&gss_msg->list);
345                 rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
346                 init_waitqueue_head(&gss_msg->waitqueue);
347                 atomic_set(&gss_msg->count, 1);
348                 gss_msg->msg.data = &gss_msg->uid;
349                 gss_msg->msg.len = sizeof(gss_msg->uid);
350                 gss_msg->uid = uid;
351                 gss_msg->auth = gss_auth;
352         }
353         return gss_msg;
354 }
355
356 static struct gss_upcall_msg *
357 gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
358 {
359         struct gss_cred *gss_cred = container_of(cred,
360                         struct gss_cred, gc_base);
361         struct gss_upcall_msg *gss_new, *gss_msg;
362         uid_t uid = cred->cr_uid;
363
364         /* Special case: rpc.gssd assumes that uid == 0 implies machine creds */
365         if (gss_cred->gc_machine_cred != 0)
366                 uid = 0;
367
368         gss_new = gss_alloc_msg(gss_auth, uid);
369         if (gss_new == NULL)
370                 return ERR_PTR(-ENOMEM);
371         gss_msg = gss_add_msg(gss_auth, gss_new);
372         if (gss_msg == gss_new) {
373                 int res = rpc_queue_upcall(gss_auth->dentry->d_inode, &gss_new->msg);
374                 if (res) {
375                         gss_unhash_msg(gss_new);
376                         gss_msg = ERR_PTR(res);
377                 }
378         } else
379                 gss_release_msg(gss_new);
380         return gss_msg;
381 }
382
383 static inline int
384 gss_refresh_upcall(struct rpc_task *task)
385 {
386         struct rpc_cred *cred = task->tk_msg.rpc_cred;
387         struct gss_auth *gss_auth = container_of(cred->cr_auth,
388                         struct gss_auth, rpc_auth);
389         struct gss_cred *gss_cred = container_of(cred,
390                         struct gss_cred, gc_base);
391         struct gss_upcall_msg *gss_msg;
392         struct inode *inode = gss_auth->dentry->d_inode;
393         int err = 0;
394
395         dprintk("RPC: %5u gss_refresh_upcall for uid %u\n", task->tk_pid,
396                                                                 cred->cr_uid);
397         gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
398         if (IS_ERR(gss_msg)) {
399                 err = PTR_ERR(gss_msg);
400                 goto out;
401         }
402         spin_lock(&inode->i_lock);
403         if (gss_cred->gc_upcall != NULL)
404                 rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
405         else if (gss_msg->ctx != NULL) {
406                 gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
407                 gss_cred->gc_upcall = NULL;
408                 rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
409         } else if (gss_msg->msg.errno >= 0) {
410                 task->tk_timeout = 0;
411                 gss_cred->gc_upcall = gss_msg;
412                 /* gss_upcall_callback will release the reference to gss_upcall_msg */
413                 atomic_inc(&gss_msg->count);
414                 rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
415         } else
416                 err = gss_msg->msg.errno;
417         spin_unlock(&inode->i_lock);
418         gss_release_msg(gss_msg);
419 out:
420         dprintk("RPC: %5u gss_refresh_upcall for uid %u result %d\n",
421                         task->tk_pid, cred->cr_uid, err);
422         return err;
423 }
424
425 static inline int
426 gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
427 {
428         struct inode *inode = gss_auth->dentry->d_inode;
429         struct rpc_cred *cred = &gss_cred->gc_base;
430         struct gss_upcall_msg *gss_msg;
431         DEFINE_WAIT(wait);
432         int err = 0;
433
434         dprintk("RPC:       gss_upcall for uid %u\n", cred->cr_uid);
435         gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
436         if (IS_ERR(gss_msg)) {
437                 err = PTR_ERR(gss_msg);
438                 goto out;
439         }
440         for (;;) {
441                 prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_INTERRUPTIBLE);
442                 spin_lock(&inode->i_lock);
443                 if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
444                         break;
445                 }
446                 spin_unlock(&inode->i_lock);
447                 if (signalled()) {
448                         err = -ERESTARTSYS;
449                         goto out_intr;
450                 }
451                 schedule();
452         }
453         if (gss_msg->ctx)
454                 gss_cred_set_ctx(cred, gss_msg->ctx);
455         else
456                 err = gss_msg->msg.errno;
457         spin_unlock(&inode->i_lock);
458 out_intr:
459         finish_wait(&gss_msg->waitqueue, &wait);
460         gss_release_msg(gss_msg);
461 out:
462         dprintk("RPC:       gss_create_upcall for uid %u result %d\n",
463                         cred->cr_uid, err);
464         return err;
465 }
466
467 static ssize_t
468 gss_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg,
469                 char __user *dst, size_t buflen)
470 {
471         char *data = (char *)msg->data + msg->copied;
472         size_t mlen = min(msg->len, buflen);
473         unsigned long left;
474
475         left = copy_to_user(dst, data, mlen);
476         if (left == mlen) {
477                 msg->errno = -EFAULT;
478                 return -EFAULT;
479         }
480
481         mlen -= left;
482         msg->copied += mlen;
483         msg->errno = 0;
484         return mlen;
485 }
486
487 #define MSG_BUF_MAXSIZE 1024
488
489 static ssize_t
490 gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
491 {
492         const void *p, *end;
493         void *buf;
494         struct rpc_clnt *clnt;
495         struct gss_upcall_msg *gss_msg;
496         struct inode *inode = filp->f_path.dentry->d_inode;
497         struct gss_cl_ctx *ctx;
498         uid_t uid;
499         ssize_t err = -EFBIG;
500
501         if (mlen > MSG_BUF_MAXSIZE)
502                 goto out;
503         err = -ENOMEM;
504         buf = kmalloc(mlen, GFP_KERNEL);
505         if (!buf)
506                 goto out;
507
508         clnt = RPC_I(inode)->private;
509         err = -EFAULT;
510         if (copy_from_user(buf, src, mlen))
511                 goto err;
512
513         end = (const void *)((char *)buf + mlen);
514         p = simple_get_bytes(buf, end, &uid, sizeof(uid));
515         if (IS_ERR(p)) {
516                 err = PTR_ERR(p);
517                 goto err;
518         }
519
520         err = -ENOMEM;
521         ctx = gss_alloc_context();
522         if (ctx == NULL)
523                 goto err;
524
525         err = -ENOENT;
526         /* Find a matching upcall */
527         spin_lock(&inode->i_lock);
528         gss_msg = __gss_find_upcall(RPC_I(inode), uid);
529         if (gss_msg == NULL) {
530                 spin_unlock(&inode->i_lock);
531                 goto err_put_ctx;
532         }
533         list_del_init(&gss_msg->list);
534         spin_unlock(&inode->i_lock);
535
536         p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
537         if (IS_ERR(p)) {
538                 err = PTR_ERR(p);
539                 gss_msg->msg.errno = (err == -EAGAIN) ? -EAGAIN : -EACCES;
540                 goto err_release_msg;
541         }
542         gss_msg->ctx = gss_get_ctx(ctx);
543         err = mlen;
544
545 err_release_msg:
546         spin_lock(&inode->i_lock);
547         __gss_unhash_msg(gss_msg);
548         spin_unlock(&inode->i_lock);
549         gss_release_msg(gss_msg);
550 err_put_ctx:
551         gss_put_ctx(ctx);
552 err:
553         kfree(buf);
554 out:
555         dprintk("RPC:       gss_pipe_downcall returning %Zd\n", err);
556         return err;
557 }
558
559 static void
560 gss_pipe_release(struct inode *inode)
561 {
562         struct rpc_inode *rpci = RPC_I(inode);
563         struct gss_upcall_msg *gss_msg;
564
565         spin_lock(&inode->i_lock);
566         while (!list_empty(&rpci->in_downcall)) {
567
568                 gss_msg = list_entry(rpci->in_downcall.next,
569                                 struct gss_upcall_msg, list);
570                 gss_msg->msg.errno = -EPIPE;
571                 atomic_inc(&gss_msg->count);
572                 __gss_unhash_msg(gss_msg);
573                 spin_unlock(&inode->i_lock);
574                 gss_release_msg(gss_msg);
575                 spin_lock(&inode->i_lock);
576         }
577         spin_unlock(&inode->i_lock);
578 }
579
580 static void
581 gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
582 {
583         struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
584         static unsigned long ratelimit;
585
586         if (msg->errno < 0) {
587                 dprintk("RPC:       gss_pipe_destroy_msg releasing msg %p\n",
588                                 gss_msg);
589                 atomic_inc(&gss_msg->count);
590                 gss_unhash_msg(gss_msg);
591                 if (msg->errno == -ETIMEDOUT) {
592                         unsigned long now = jiffies;
593                         if (time_after(now, ratelimit)) {
594                                 printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
595                                                     "Please check user daemon is running!\n");
596                                 ratelimit = now + 15*HZ;
597                         }
598                 }
599                 gss_release_msg(gss_msg);
600         }
601 }
602
603 /*
604  * NOTE: we have the opportunity to use different
605  * parameters based on the input flavor (which must be a pseudoflavor)
606  */
607 static struct rpc_auth *
608 gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
609 {
610         struct gss_auth *gss_auth;
611         struct rpc_auth * auth;
612         int err = -ENOMEM; /* XXX? */
613
614         dprintk("RPC:       creating GSS authenticator for client %p\n", clnt);
615
616         if (!try_module_get(THIS_MODULE))
617                 return ERR_PTR(err);
618         if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
619                 goto out_dec;
620         gss_auth->client = clnt;
621         err = -EINVAL;
622         gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
623         if (!gss_auth->mech) {
624                 printk(KERN_WARNING "%s: Pseudoflavor %d not found!\n",
625                                 __func__, flavor);
626                 goto err_free;
627         }
628         gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
629         if (gss_auth->service == 0)
630                 goto err_put_mech;
631         auth = &gss_auth->rpc_auth;
632         auth->au_cslack = GSS_CRED_SLACK >> 2;
633         auth->au_rslack = GSS_VERF_SLACK >> 2;
634         auth->au_ops = &authgss_ops;
635         auth->au_flavor = flavor;
636         atomic_set(&auth->au_count, 1);
637         kref_init(&gss_auth->kref);
638
639         gss_auth->dentry = rpc_mkpipe(clnt->cl_dentry, gss_auth->mech->gm_name,
640                         clnt, &gss_upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
641         if (IS_ERR(gss_auth->dentry)) {
642                 err = PTR_ERR(gss_auth->dentry);
643                 goto err_put_mech;
644         }
645
646         err = rpcauth_init_credcache(auth);
647         if (err)
648                 goto err_unlink_pipe;
649
650         return auth;
651 err_unlink_pipe:
652         rpc_unlink(gss_auth->dentry);
653 err_put_mech:
654         gss_mech_put(gss_auth->mech);
655 err_free:
656         kfree(gss_auth);
657 out_dec:
658         module_put(THIS_MODULE);
659         return ERR_PTR(err);
660 }
661
662 static void
663 gss_free(struct gss_auth *gss_auth)
664 {
665         rpc_unlink(gss_auth->dentry);
666         gss_auth->dentry = NULL;
667         gss_mech_put(gss_auth->mech);
668
669         kfree(gss_auth);
670         module_put(THIS_MODULE);
671 }
672
673 static void
674 gss_free_callback(struct kref *kref)
675 {
676         struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
677
678         gss_free(gss_auth);
679 }
680
681 static void
682 gss_destroy(struct rpc_auth *auth)
683 {
684         struct gss_auth *gss_auth;
685
686         dprintk("RPC:       destroying GSS authenticator %p flavor %d\n",
687                         auth, auth->au_flavor);
688
689         rpcauth_destroy_credcache(auth);
690
691         gss_auth = container_of(auth, struct gss_auth, rpc_auth);
692         kref_put(&gss_auth->kref, gss_free_callback);
693 }
694
695 /*
696  * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
697  * to the server with the GSS control procedure field set to
698  * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
699  * all RPCSEC_GSS state associated with that context.
700  */
701 static int
702 gss_destroying_context(struct rpc_cred *cred)
703 {
704         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
705         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
706         struct rpc_task *task;
707
708         if (gss_cred->gc_ctx == NULL ||
709             test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
710                 return 0;
711
712         gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
713         cred->cr_ops = &gss_nullops;
714
715         /* Take a reference to ensure the cred will be destroyed either
716          * by the RPC call or by the put_rpccred() below */
717         get_rpccred(cred);
718
719         task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
720         if (!IS_ERR(task))
721                 rpc_put_task(task);
722
723         put_rpccred(cred);
724         return 1;
725 }
726
727 /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
728  * to create a new cred or context, so they check that things have been
729  * allocated before freeing them. */
730 static void
731 gss_do_free_ctx(struct gss_cl_ctx *ctx)
732 {
733         dprintk("RPC:       gss_free_ctx\n");
734
735         kfree(ctx->gc_wire_ctx.data);
736         kfree(ctx);
737 }
738
739 static void
740 gss_free_ctx_callback(struct rcu_head *head)
741 {
742         struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
743         gss_do_free_ctx(ctx);
744 }
745
746 static void
747 gss_free_ctx(struct gss_cl_ctx *ctx)
748 {
749         struct gss_ctx *gc_gss_ctx;
750
751         gc_gss_ctx = rcu_dereference(ctx->gc_gss_ctx);
752         rcu_assign_pointer(ctx->gc_gss_ctx, NULL);
753         call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
754         if (gc_gss_ctx)
755                 gss_delete_sec_context(&gc_gss_ctx);
756 }
757
758 static void
759 gss_free_cred(struct gss_cred *gss_cred)
760 {
761         dprintk("RPC:       gss_free_cred %p\n", gss_cred);
762         kfree(gss_cred);
763 }
764
765 static void
766 gss_free_cred_callback(struct rcu_head *head)
767 {
768         struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
769         gss_free_cred(gss_cred);
770 }
771
772 static void
773 gss_destroy_cred(struct rpc_cred *cred)
774 {
775         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
776         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
777         struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
778
779         if (gss_destroying_context(cred))
780                 return;
781         rcu_assign_pointer(gss_cred->gc_ctx, NULL);
782         call_rcu(&cred->cr_rcu, gss_free_cred_callback);
783         if (ctx)
784                 gss_put_ctx(ctx);
785         kref_put(&gss_auth->kref, gss_free_callback);
786 }
787
788 /*
789  * Lookup RPCSEC_GSS cred for the current process
790  */
791 static struct rpc_cred *
792 gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
793 {
794         return rpcauth_lookup_credcache(auth, acred, flags);
795 }
796
797 static struct rpc_cred *
798 gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
799 {
800         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
801         struct gss_cred *cred = NULL;
802         int err = -ENOMEM;
803
804         dprintk("RPC:       gss_create_cred for uid %d, flavor %d\n",
805                 acred->uid, auth->au_flavor);
806
807         if (!(cred = kzalloc(sizeof(*cred), GFP_KERNEL)))
808                 goto out_err;
809
810         rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
811         /*
812          * Note: in order to force a call to call_refresh(), we deliberately
813          * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
814          */
815         cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
816         cred->gc_service = gss_auth->service;
817         cred->gc_machine_cred = acred->machine_cred;
818         kref_get(&gss_auth->kref);
819         return &cred->gc_base;
820
821 out_err:
822         dprintk("RPC:       gss_create_cred failed with error %d\n", err);
823         return ERR_PTR(err);
824 }
825
826 static int
827 gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
828 {
829         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
830         struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
831         int err;
832
833         do {
834                 err = gss_create_upcall(gss_auth, gss_cred);
835         } while (err == -EAGAIN);
836         return err;
837 }
838
839 static int
840 gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
841 {
842         struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
843
844         if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
845                 goto out;
846         /* Don't match with creds that have expired. */
847         if (time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
848                 return 0;
849         if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
850                 return 0;
851 out:
852         if (acred->machine_cred != gss_cred->gc_machine_cred)
853                 return 0;
854         return (rc->cr_uid == acred->uid);
855 }
856
857 /*
858 * Marshal credentials.
859 * Maybe we should keep a cached credential for performance reasons.
860 */
861 static __be32 *
862 gss_marshal(struct rpc_task *task, __be32 *p)
863 {
864         struct rpc_cred *cred = task->tk_msg.rpc_cred;
865         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
866                                                  gc_base);
867         struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
868         __be32          *cred_len;
869         struct rpc_rqst *req = task->tk_rqstp;
870         u32             maj_stat = 0;
871         struct xdr_netobj mic;
872         struct kvec     iov;
873         struct xdr_buf  verf_buf;
874
875         dprintk("RPC: %5u gss_marshal\n", task->tk_pid);
876
877         *p++ = htonl(RPC_AUTH_GSS);
878         cred_len = p++;
879
880         spin_lock(&ctx->gc_seq_lock);
881         req->rq_seqno = ctx->gc_seq++;
882         spin_unlock(&ctx->gc_seq_lock);
883
884         *p++ = htonl((u32) RPC_GSS_VERSION);
885         *p++ = htonl((u32) ctx->gc_proc);
886         *p++ = htonl((u32) req->rq_seqno);
887         *p++ = htonl((u32) gss_cred->gc_service);
888         p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
889         *cred_len = htonl((p - (cred_len + 1)) << 2);
890
891         /* We compute the checksum for the verifier over the xdr-encoded bytes
892          * starting with the xid and ending at the end of the credential: */
893         iov.iov_base = xprt_skip_transport_header(task->tk_xprt,
894                                         req->rq_snd_buf.head[0].iov_base);
895         iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
896         xdr_buf_from_iov(&iov, &verf_buf);
897
898         /* set verifier flavor*/
899         *p++ = htonl(RPC_AUTH_GSS);
900
901         mic.data = (u8 *)(p + 1);
902         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
903         if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
904                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
905         } else if (maj_stat != 0) {
906                 printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
907                 goto out_put_ctx;
908         }
909         p = xdr_encode_opaque(p, NULL, mic.len);
910         gss_put_ctx(ctx);
911         return p;
912 out_put_ctx:
913         gss_put_ctx(ctx);
914         return NULL;
915 }
916
917 static int gss_renew_cred(struct rpc_task *task)
918 {
919         struct rpc_cred *oldcred = task->tk_msg.rpc_cred;
920         struct gss_cred *gss_cred = container_of(oldcred,
921                                                  struct gss_cred,
922                                                  gc_base);
923         struct rpc_auth *auth = oldcred->cr_auth;
924         struct auth_cred acred = {
925                 .uid = oldcred->cr_uid,
926                 .machine_cred = gss_cred->gc_machine_cred,
927         };
928         struct rpc_cred *new;
929
930         new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
931         if (IS_ERR(new))
932                 return PTR_ERR(new);
933         task->tk_msg.rpc_cred = new;
934         put_rpccred(oldcred);
935         return 0;
936 }
937
938 /*
939 * Refresh credentials. XXX - finish
940 */
941 static int
942 gss_refresh(struct rpc_task *task)
943 {
944         struct rpc_cred *cred = task->tk_msg.rpc_cred;
945         int ret = 0;
946
947         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
948                         !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
949                 ret = gss_renew_cred(task);
950                 if (ret < 0)
951                         goto out;
952                 cred = task->tk_msg.rpc_cred;
953         }
954
955         if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
956                 ret = gss_refresh_upcall(task);
957 out:
958         return ret;
959 }
960
961 /* Dummy refresh routine: used only when destroying the context */
962 static int
963 gss_refresh_null(struct rpc_task *task)
964 {
965         return -EACCES;
966 }
967
968 static __be32 *
969 gss_validate(struct rpc_task *task, __be32 *p)
970 {
971         struct rpc_cred *cred = task->tk_msg.rpc_cred;
972         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
973         __be32          seq;
974         struct kvec     iov;
975         struct xdr_buf  verf_buf;
976         struct xdr_netobj mic;
977         u32             flav,len;
978         u32             maj_stat;
979
980         dprintk("RPC: %5u gss_validate\n", task->tk_pid);
981
982         flav = ntohl(*p++);
983         if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
984                 goto out_bad;
985         if (flav != RPC_AUTH_GSS)
986                 goto out_bad;
987         seq = htonl(task->tk_rqstp->rq_seqno);
988         iov.iov_base = &seq;
989         iov.iov_len = sizeof(seq);
990         xdr_buf_from_iov(&iov, &verf_buf);
991         mic.data = (u8 *)p;
992         mic.len = len;
993
994         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
995         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
996                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
997         if (maj_stat) {
998                 dprintk("RPC: %5u gss_validate: gss_verify_mic returned "
999                                 "error 0x%08x\n", task->tk_pid, maj_stat);
1000                 goto out_bad;
1001         }
1002         /* We leave it to unwrap to calculate au_rslack. For now we just
1003          * calculate the length of the verifier: */
1004         cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1005         gss_put_ctx(ctx);
1006         dprintk("RPC: %5u gss_validate: gss_verify_mic succeeded.\n",
1007                         task->tk_pid);
1008         return p + XDR_QUADLEN(len);
1009 out_bad:
1010         gss_put_ctx(ctx);
1011         dprintk("RPC: %5u gss_validate failed.\n", task->tk_pid);
1012         return NULL;
1013 }
1014
1015 static inline int
1016 gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1017                 kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
1018 {
1019         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1020         struct xdr_buf  integ_buf;
1021         __be32          *integ_len = NULL;
1022         struct xdr_netobj mic;
1023         u32             offset;
1024         __be32          *q;
1025         struct kvec     *iov;
1026         u32             maj_stat = 0;
1027         int             status = -EIO;
1028
1029         integ_len = p++;
1030         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1031         *p++ = htonl(rqstp->rq_seqno);
1032
1033         status = rpc_call_xdrproc(encode, rqstp, p, obj);
1034         if (status)
1035                 return status;
1036
1037         if (xdr_buf_subsegment(snd_buf, &integ_buf,
1038                                 offset, snd_buf->len - offset))
1039                 return status;
1040         *integ_len = htonl(integ_buf.len);
1041
1042         /* guess whether we're in the head or the tail: */
1043         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1044                 iov = snd_buf->tail;
1045         else
1046                 iov = snd_buf->head;
1047         p = iov->iov_base + iov->iov_len;
1048         mic.data = (u8 *)(p + 1);
1049
1050         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1051         status = -EIO; /* XXX? */
1052         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1053                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1054         else if (maj_stat)
1055                 return status;
1056         q = xdr_encode_opaque(p, NULL, mic.len);
1057
1058         offset = (u8 *)q - (u8 *)p;
1059         iov->iov_len += offset;
1060         snd_buf->len += offset;
1061         return 0;
1062 }
1063
1064 static void
1065 priv_release_snd_buf(struct rpc_rqst *rqstp)
1066 {
1067         int i;
1068
1069         for (i=0; i < rqstp->rq_enc_pages_num; i++)
1070                 __free_page(rqstp->rq_enc_pages[i]);
1071         kfree(rqstp->rq_enc_pages);
1072 }
1073
1074 static int
1075 alloc_enc_pages(struct rpc_rqst *rqstp)
1076 {
1077         struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1078         int first, last, i;
1079
1080         if (snd_buf->page_len == 0) {
1081                 rqstp->rq_enc_pages_num = 0;
1082                 return 0;
1083         }
1084
1085         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1086         last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
1087         rqstp->rq_enc_pages_num = last - first + 1 + 1;
1088         rqstp->rq_enc_pages
1089                 = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
1090                                 GFP_NOFS);
1091         if (!rqstp->rq_enc_pages)
1092                 goto out;
1093         for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1094                 rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1095                 if (rqstp->rq_enc_pages[i] == NULL)
1096                         goto out_free;
1097         }
1098         rqstp->rq_release_snd_buf = priv_release_snd_buf;
1099         return 0;
1100 out_free:
1101         for (i--; i >= 0; i--) {
1102                 __free_page(rqstp->rq_enc_pages[i]);
1103         }
1104 out:
1105         return -EAGAIN;
1106 }
1107
1108 static inline int
1109 gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1110                 kxdrproc_t encode, struct rpc_rqst *rqstp, __be32 *p, void *obj)
1111 {
1112         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1113         u32             offset;
1114         u32             maj_stat;
1115         int             status;
1116         __be32          *opaque_len;
1117         struct page     **inpages;
1118         int             first;
1119         int             pad;
1120         struct kvec     *iov;
1121         char            *tmp;
1122
1123         opaque_len = p++;
1124         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1125         *p++ = htonl(rqstp->rq_seqno);
1126
1127         status = rpc_call_xdrproc(encode, rqstp, p, obj);
1128         if (status)
1129                 return status;
1130
1131         status = alloc_enc_pages(rqstp);
1132         if (status)
1133                 return status;
1134         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1135         inpages = snd_buf->pages + first;
1136         snd_buf->pages = rqstp->rq_enc_pages;
1137         snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1138         /* Give the tail its own page, in case we need extra space in the
1139          * head when wrapping: */
1140         if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1141                 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1142                 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1143                 snd_buf->tail[0].iov_base = tmp;
1144         }
1145         maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1146         /* RPC_SLACK_SPACE should prevent this ever happening: */
1147         BUG_ON(snd_buf->len > snd_buf->buflen);
1148         status = -EIO;
1149         /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1150          * done anyway, so it's safe to put the request on the wire: */
1151         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1152                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1153         else if (maj_stat)
1154                 return status;
1155
1156         *opaque_len = htonl(snd_buf->len - offset);
1157         /* guess whether we're in the head or the tail: */
1158         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1159                 iov = snd_buf->tail;
1160         else
1161                 iov = snd_buf->head;
1162         p = iov->iov_base + iov->iov_len;
1163         pad = 3 - ((snd_buf->len - offset - 1) & 3);
1164         memset(p, 0, pad);
1165         iov->iov_len += pad;
1166         snd_buf->len += pad;
1167
1168         return 0;
1169 }
1170
1171 static int
1172 gss_wrap_req(struct rpc_task *task,
1173              kxdrproc_t encode, void *rqstp, __be32 *p, void *obj)
1174 {
1175         struct rpc_cred *cred = task->tk_msg.rpc_cred;
1176         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1177                         gc_base);
1178         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1179         int             status = -EIO;
1180
1181         dprintk("RPC: %5u gss_wrap_req\n", task->tk_pid);
1182         if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1183                 /* The spec seems a little ambiguous here, but I think that not
1184                  * wrapping context destruction requests makes the most sense.
1185                  */
1186                 status = rpc_call_xdrproc(encode, rqstp, p, obj);
1187                 goto out;
1188         }
1189         switch (gss_cred->gc_service) {
1190                 case RPC_GSS_SVC_NONE:
1191                         status = rpc_call_xdrproc(encode, rqstp, p, obj);
1192                         break;
1193                 case RPC_GSS_SVC_INTEGRITY:
1194                         status = gss_wrap_req_integ(cred, ctx, encode,
1195                                                                 rqstp, p, obj);
1196                         break;
1197                 case RPC_GSS_SVC_PRIVACY:
1198                         status = gss_wrap_req_priv(cred, ctx, encode,
1199                                         rqstp, p, obj);
1200                         break;
1201         }
1202 out:
1203         gss_put_ctx(ctx);
1204         dprintk("RPC: %5u gss_wrap_req returning %d\n", task->tk_pid, status);
1205         return status;
1206 }
1207
1208 static inline int
1209 gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1210                 struct rpc_rqst *rqstp, __be32 **p)
1211 {
1212         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1213         struct xdr_buf integ_buf;
1214         struct xdr_netobj mic;
1215         u32 data_offset, mic_offset;
1216         u32 integ_len;
1217         u32 maj_stat;
1218         int status = -EIO;
1219
1220         integ_len = ntohl(*(*p)++);
1221         if (integ_len & 3)
1222                 return status;
1223         data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1224         mic_offset = integ_len + data_offset;
1225         if (mic_offset > rcv_buf->len)
1226                 return status;
1227         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1228                 return status;
1229
1230         if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1231                                 mic_offset - data_offset))
1232                 return status;
1233
1234         if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1235                 return status;
1236
1237         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1238         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1239                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1240         if (maj_stat != GSS_S_COMPLETE)
1241                 return status;
1242         return 0;
1243 }
1244
1245 static inline int
1246 gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1247                 struct rpc_rqst *rqstp, __be32 **p)
1248 {
1249         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1250         u32 offset;
1251         u32 opaque_len;
1252         u32 maj_stat;
1253         int status = -EIO;
1254
1255         opaque_len = ntohl(*(*p)++);
1256         offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1257         if (offset + opaque_len > rcv_buf->len)
1258                 return status;
1259         /* remove padding: */
1260         rcv_buf->len = offset + opaque_len;
1261
1262         maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1263         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1264                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1265         if (maj_stat != GSS_S_COMPLETE)
1266                 return status;
1267         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1268                 return status;
1269
1270         return 0;
1271 }
1272
1273
1274 static int
1275 gss_unwrap_resp(struct rpc_task *task,
1276                 kxdrproc_t decode, void *rqstp, __be32 *p, void *obj)
1277 {
1278         struct rpc_cred *cred = task->tk_msg.rpc_cred;
1279         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1280                         gc_base);
1281         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1282         __be32          *savedp = p;
1283         struct kvec     *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1284         int             savedlen = head->iov_len;
1285         int             status = -EIO;
1286
1287         if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1288                 goto out_decode;
1289         switch (gss_cred->gc_service) {
1290                 case RPC_GSS_SVC_NONE:
1291                         break;
1292                 case RPC_GSS_SVC_INTEGRITY:
1293                         status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1294                         if (status)
1295                                 goto out;
1296                         break;
1297                 case RPC_GSS_SVC_PRIVACY:
1298                         status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1299                         if (status)
1300                                 goto out;
1301                         break;
1302         }
1303         /* take into account extra slack for integrity and privacy cases: */
1304         cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1305                                                 + (savedlen - head->iov_len);
1306 out_decode:
1307         status = rpc_call_xdrproc(decode, rqstp, p, obj);
1308 out:
1309         gss_put_ctx(ctx);
1310         dprintk("RPC: %5u gss_unwrap_resp returning %d\n", task->tk_pid,
1311                         status);
1312         return status;
1313 }
1314
1315 static const struct rpc_authops authgss_ops = {
1316         .owner          = THIS_MODULE,
1317         .au_flavor      = RPC_AUTH_GSS,
1318         .au_name        = "RPCSEC_GSS",
1319         .create         = gss_create,
1320         .destroy        = gss_destroy,
1321         .lookup_cred    = gss_lookup_cred,
1322         .crcreate       = gss_create_cred
1323 };
1324
1325 static const struct rpc_credops gss_credops = {
1326         .cr_name        = "AUTH_GSS",
1327         .crdestroy      = gss_destroy_cred,
1328         .cr_init        = gss_cred_init,
1329         .crbind         = rpcauth_generic_bind_cred,
1330         .crmatch        = gss_match,
1331         .crmarshal      = gss_marshal,
1332         .crrefresh      = gss_refresh,
1333         .crvalidate     = gss_validate,
1334         .crwrap_req     = gss_wrap_req,
1335         .crunwrap_resp  = gss_unwrap_resp,
1336 };
1337
1338 static const struct rpc_credops gss_nullops = {
1339         .cr_name        = "AUTH_GSS",
1340         .crdestroy      = gss_destroy_cred,
1341         .crbind         = rpcauth_generic_bind_cred,
1342         .crmatch        = gss_match,
1343         .crmarshal      = gss_marshal,
1344         .crrefresh      = gss_refresh_null,
1345         .crvalidate     = gss_validate,
1346         .crwrap_req     = gss_wrap_req,
1347         .crunwrap_resp  = gss_unwrap_resp,
1348 };
1349
1350 static struct rpc_pipe_ops gss_upcall_ops = {
1351         .upcall         = gss_pipe_upcall,
1352         .downcall       = gss_pipe_downcall,
1353         .destroy_msg    = gss_pipe_destroy_msg,
1354         .release_pipe   = gss_pipe_release,
1355 };
1356
1357 /*
1358  * Initialize RPCSEC_GSS module
1359  */
1360 static int __init init_rpcsec_gss(void)
1361 {
1362         int err = 0;
1363
1364         err = rpcauth_register(&authgss_ops);
1365         if (err)
1366                 goto out;
1367         err = gss_svc_init();
1368         if (err)
1369                 goto out_unregister;
1370         return 0;
1371 out_unregister:
1372         rpcauth_unregister(&authgss_ops);
1373 out:
1374         return err;
1375 }
1376
1377 static void __exit exit_rpcsec_gss(void)
1378 {
1379         gss_svc_shutdown();
1380         rpcauth_unregister(&authgss_ops);
1381 }
1382
1383 MODULE_LICENSE("GPL");
1384 module_init(init_rpcsec_gss)
1385 module_exit(exit_rpcsec_gss)