net/sunrpc/auth_gss/auth_gss.c

   1 /*
   2  * linux/net/sunrpc/auth_gss/auth_gss.c
   3  *
   4  * RPCSEC_GSS client authentication.
   5  *
   6  *  Copyright (c) 2000 The Regents of the University of Michigan.
   7  *  All rights reserved.
   8  *
   9  *  Dug Song       <dugsong@monkey.org>
  10  *  Andy Adamson   <andros@umich.edu>
  11  *
  12  *  Redistribution and use in source and binary forms, with or without
  13  *  modification, are permitted provided that the following conditions
  14  *  are met:
  15  *
  16  *  1. Redistributions of source code must retain the above copyright
  17  *     notice, this list of conditions and the following disclaimer.
  18  *  2. Redistributions in binary form must reproduce the above copyright
  19  *     notice, this list of conditions and the following disclaimer in the
  20  *     documentation and/or other materials provided with the distribution.
  21  *  3. Neither the name of the University nor the names of its
  22  *     contributors may be used to endorse or promote products derived
  23  *     from this software without specific prior written permission.
  24  *
  25  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  26  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  27  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  28  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  29  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  30  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  31  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  32  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  33  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  34  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  35  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36  */
  37
  38
  39 #include <linux/module.h>
  40 #include <linux/init.h>
  41 #include <linux/types.h>
  42 #include <linux/slab.h>
  43 #include <linux/sched.h>
  44 #include <linux/pagemap.h>
  45 #include <linux/sunrpc/clnt.h>
  46 #include <linux/sunrpc/auth.h>
  47 #include <linux/sunrpc/auth_gss.h>
  48 #include <linux/sunrpc/svcauth_gss.h>
  49 #include <linux/sunrpc/gss_err.h>
  50 #include <linux/workqueue.h>
  51 #include <linux/sunrpc/rpc_pipe_fs.h>
  52 #include <linux/sunrpc/gss_api.h>
  53 #include <asm/uaccess.h>
  54
  55 static const struct rpc_authops authgss_ops;
  56
  57 static const struct rpc_credops gss_credops;
  58 static const struct rpc_credops gss_nullops;
  59
  60 #define GSS_RETRY_EXPIRED 5
  61 static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
  62
  63 #ifdef RPC_DEBUG
  64 # define RPCDBG_FACILITY        RPCDBG_AUTH
  65 #endif
  66
  67 #define GSS_CRED_SLACK          (RPC_MAX_AUTH_SIZE * 2)
  68 /* length of a krb5 verifier (48), plus data added before arguments when
  69  * using integrity (two 4-byte integers): */
  70 #define GSS_VERF_SLACK          100
  71
  72 struct gss_auth {
  73         struct kref kref;
  74         struct rpc_auth rpc_auth;
  75         struct gss_api_mech *mech;
  76         enum rpc_gss_svc service;
  77         struct rpc_clnt *client;
  78         /*
  79          * There are two upcall pipes; dentry[1], named "gssd", is used
  80          * for the new text-based upcall; dentry[0] is named after the
  81          * mechanism (for example, "krb5") and exists for
  82          * backwards-compatibility with older gssd's.
  83          */
  84         struct rpc_pipe *pipe[2];
  85 };
  86
  87 /* pipe_version >= 0 if and only if someone has a pipe open. */
  88 static int pipe_version = -1;
  89 static atomic_t pipe_users = ATOMIC_INIT(0);
  90 static DEFINE_SPINLOCK(pipe_version_lock);
  91 static struct rpc_wait_queue pipe_version_rpc_waitqueue;
  92 static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
  93
  94 static void gss_free_ctx(struct gss_cl_ctx *);
  95 static const struct rpc_pipe_ops gss_upcall_ops_v0;
  96 static const struct rpc_pipe_ops gss_upcall_ops_v1;
  97
  98 static inline struct gss_cl_ctx *
  99 gss_get_ctx(struct gss_cl_ctx *ctx)
 100 {
 101         atomic_inc(&ctx->count);
 102         return ctx;
 103 }
 104
 105 static inline void
 106 gss_put_ctx(struct gss_cl_ctx *ctx)
 107 {
 108         if (atomic_dec_and_test(&ctx->count))
 109                 gss_free_ctx(ctx);
 110 }
 111
 112 /* gss_cred_set_ctx:
 113  * called by gss_upcall_callback and gss_create_upcall in order
 114  * to set the gss context. The actual exchange of an old context
 115  * and a new one is protected by the pipe->lock.
 116  */
 117 static void
 118 gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
 119 {
 120         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
 121
 122         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
 123                 return;
 124         gss_get_ctx(ctx);
 125         rcu_assign_pointer(gss_cred->gc_ctx, ctx);
 126         set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
 127         smp_mb__before_clear_bit();
 128         clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
 129 }
 130
 131 static const void *
 132 simple_get_bytes(const void *p, const void *end, void *res, size_t len)
 133 {
 134         const void *q = (const void *)((const char *)p + len);
 135         if (unlikely(q > end || q < p))
 136                 return ERR_PTR(-EFAULT);
 137         memcpy(res, p, len);
 138         return q;
 139 }
 140
 141 static inline const void *
 142 simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
 143 {
 144         const void *q;
 145         unsigned int len;
 146
 147         p = simple_get_bytes(p, end, &len, sizeof(len));
 148         if (IS_ERR(p))
 149                 return p;
 150         q = (const void *)((const char *)p + len);
 151         if (unlikely(q > end || q < p))
 152                 return ERR_PTR(-EFAULT);
 153         dest->data = kmemdup(p, len, GFP_NOFS);
 154         if (unlikely(dest->data == NULL))
 155                 return ERR_PTR(-ENOMEM);
 156         dest->len = len;
 157         return q;
 158 }
 159
 160 static struct gss_cl_ctx *
 161 gss_cred_get_ctx(struct rpc_cred *cred)
 162 {
 163         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
 164         struct gss_cl_ctx *ctx = NULL;
 165
 166         rcu_read_lock();
 167         if (gss_cred->gc_ctx)
 168                 ctx = gss_get_ctx(gss_cred->gc_ctx);
 169         rcu_read_unlock();
 170         return ctx;
 171 }
 172
 173 static struct gss_cl_ctx *
 174 gss_alloc_context(void)
 175 {
 176         struct gss_cl_ctx *ctx;
 177
 178         ctx = kzalloc(sizeof(*ctx), GFP_NOFS);
 179         if (ctx != NULL) {
 180                 ctx->gc_proc = RPC_GSS_PROC_DATA;
 181                 ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
 182                 spin_lock_init(&ctx->gc_seq_lock);
 183                 atomic_set(&ctx->count,1);
 184         }
 185         return ctx;
 186 }
 187
 188 #define GSSD_MIN_TIMEOUT (60 * 60)
 189 static const void *
 190 gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
 191 {
 192         const void *q;
 193         unsigned int seclen;
 194         unsigned int timeout;
 195         unsigned long now = jiffies;
 196         u32 window_size;
 197         int ret;
 198
 199         /* First unsigned int gives the remaining lifetime in seconds of the
 200          * credential - e.g. the remaining TGT lifetime for Kerberos or
 201          * the -t value passed to GSSD.
 202          */
 203         p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
 204         if (IS_ERR(p))
 205                 goto err;
 206         if (timeout == 0)
 207                 timeout = GSSD_MIN_TIMEOUT;
 208         ctx->gc_expiry = now + ((unsigned long)timeout * HZ);
 209         /* Sequence number window. Determines the maximum number of
 210          * simultaneous requests
 211          */
 212         p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
 213         if (IS_ERR(p))
 214                 goto err;
 215         ctx->gc_win = window_size;
 216         /* gssd signals an error by passing ctx->gc_win = 0: */
 217         if (ctx->gc_win == 0) {
 218                 /*
 219                  * in which case, p points to an error code. Anything other
 220                  * than -EKEYEXPIRED gets converted to -EACCES.
 221                  */
 222                 p = simple_get_bytes(p, end, &ret, sizeof(ret));
 223                 if (!IS_ERR(p))
 224                         p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
 225                                                     ERR_PTR(-EACCES);
 226                 goto err;
 227         }
 228         /* copy the opaque wire context */
 229         p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
 230         if (IS_ERR(p))
 231                 goto err;
 232         /* import the opaque security context */
 233         p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
 234         if (IS_ERR(p))
 235                 goto err;
 236         q = (const void *)((const char *)p + seclen);
 237         if (unlikely(q > end || q < p)) {
 238                 p = ERR_PTR(-EFAULT);
 239                 goto err;
 240         }
 241         ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, GFP_NOFS);
 242         if (ret < 0) {
 243                 p = ERR_PTR(ret);
 244                 goto err;
 245         }
 246         dprintk("RPC:       %s Success. gc_expiry %lu now %lu timeout %u\n",
 247                 __func__, ctx->gc_expiry, now, timeout);
 248         return q;
 249 err:
 250         dprintk("RPC:       %s returns %ld gc_expiry %lu now %lu timeout %u\n",
 251                 __func__, -PTR_ERR(p), ctx->gc_expiry, now, timeout);
 252         return p;
 253 }
 254
 255 #define UPCALL_BUF_LEN 128
 256
 257 struct gss_upcall_msg {
 258         atomic_t count;
 259         uid_t   uid;
 260         struct rpc_pipe_msg msg;
 261         struct list_head list;
 262         struct gss_auth *auth;
 263         struct rpc_pipe *pipe;
 264         struct rpc_wait_queue rpc_waitqueue;
 265         wait_queue_head_t waitqueue;
 266         struct gss_cl_ctx *ctx;
 267         char databuf[UPCALL_BUF_LEN];
 268 };
 269
 270 static int get_pipe_version(void)
 271 {
 272         int ret;
 273
 274         spin_lock(&pipe_version_lock);
 275         if (pipe_version >= 0) {
 276                 atomic_inc(&pipe_users);
 277                 ret = pipe_version;
 278         } else
 279                 ret = -EAGAIN;
 280         spin_unlock(&pipe_version_lock);
 281         return ret;
 282 }
 283
 284 static void put_pipe_version(void)
 285 {
 286         if (atomic_dec_and_lock(&pipe_users, &pipe_version_lock)) {
 287                 pipe_version = -1;
 288                 spin_unlock(&pipe_version_lock);
 289         }
 290 }
 291
 292 static void
 293 gss_release_msg(struct gss_upcall_msg *gss_msg)
 294 {
 295         if (!atomic_dec_and_test(&gss_msg->count))
 296                 return;
 297         put_pipe_version();
 298         BUG_ON(!list_empty(&gss_msg->list));
 299         if (gss_msg->ctx != NULL)
 300                 gss_put_ctx(gss_msg->ctx);
 301         rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
 302         kfree(gss_msg);
 303 }
 304
 305 static struct gss_upcall_msg *
 306 __gss_find_upcall(struct rpc_pipe *pipe, uid_t uid)
 307 {
 308         struct gss_upcall_msg *pos;
 309         list_for_each_entry(pos, &pipe->in_downcall, list) {
 310                 if (pos->uid != uid)
 311                         continue;
 312                 atomic_inc(&pos->count);
 313                 dprintk("RPC:       %s found msg %p\n", __func__, pos);
 314                 return pos;
 315         }
 316         dprintk("RPC:       %s found nothing\n", __func__);
 317         return NULL;
 318 }
 319
 320 /* Try to add an upcall to the pipefs queue.
 321  * If an upcall owned by our uid already exists, then we return a reference
 322  * to that upcall instead of adding the new upcall.
 323  */
 324 static inline struct gss_upcall_msg *
 325 gss_add_msg(struct gss_upcall_msg *gss_msg)
 326 {
 327         struct rpc_pipe *pipe = gss_msg->pipe;
 328         struct gss_upcall_msg *old;
 329
 330         spin_lock(&pipe->lock);
 331         old = __gss_find_upcall(pipe, gss_msg->uid);
 332         if (old == NULL) {
 333                 atomic_inc(&gss_msg->count);
 334                 list_add(&gss_msg->list, &pipe->in_downcall);
 335         } else
 336                 gss_msg = old;
 337         spin_unlock(&pipe->lock);
 338         return gss_msg;
 339 }
 340
 341 static void
 342 __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
 343 {
 344         list_del_init(&gss_msg->list);
 345         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
 346         wake_up_all(&gss_msg->waitqueue);
 347         atomic_dec(&gss_msg->count);
 348 }
 349
 350 static void
 351 gss_unhash_msg(struct gss_upcall_msg *gss_msg)
 352 {
 353         struct rpc_pipe *pipe = gss_msg->pipe;
 354
 355         if (list_empty(&gss_msg->list))
 356                 return;
 357         spin_lock(&pipe->lock);
 358         if (!list_empty(&gss_msg->list))
 359                 __gss_unhash_msg(gss_msg);
 360         spin_unlock(&pipe->lock);
 361 }
 362
 363 static void
 364 gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss_msg)
 365 {
 366         switch (gss_msg->msg.errno) {
 367         case 0:
 368                 if (gss_msg->ctx == NULL)
 369                         break;
 370                 clear_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
 371                 gss_cred_set_ctx(&gss_cred->gc_base, gss_msg->ctx);
 372                 break;
 373         case -EKEYEXPIRED:
 374                 set_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
 375         }
 376         gss_cred->gc_upcall_timestamp = jiffies;
 377         gss_cred->gc_upcall = NULL;
 378         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
 379 }
 380
 381 static void
 382 gss_upcall_callback(struct rpc_task *task)
 383 {
 384         struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
 385                         struct gss_cred, gc_base);
 386         struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
 387         struct rpc_pipe *pipe = gss_msg->pipe;
 388
 389         spin_lock(&pipe->lock);
 390         gss_handle_downcall_result(gss_cred, gss_msg);
 391         spin_unlock(&pipe->lock);
 392         task->tk_status = gss_msg->msg.errno;
 393         gss_release_msg(gss_msg);
 394 }
 395
 396 static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
 397 {
 398         gss_msg->msg.data = &gss_msg->uid;
 399         gss_msg->msg.len = sizeof(gss_msg->uid);
 400 }
 401
 402 static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
 403                                 struct rpc_clnt *clnt,
 404                                 const char *service_name)
 405 {
 406         struct gss_api_mech *mech = gss_msg->auth->mech;
 407         char *p = gss_msg->databuf;
 408         int len = 0;
 409
 410         gss_msg->msg.len = sprintf(gss_msg->databuf, "mech=%s uid=%d ",
 411                                    mech->gm_name,
 412                                    gss_msg->uid);
 413         p += gss_msg->msg.len;
 414         if (clnt->cl_principal) {
 415                 len = sprintf(p, "target=%s ", clnt->cl_principal);
 416                 p += len;
 417                 gss_msg->msg.len += len;
 418         }
 419         if (service_name != NULL) {
 420                 len = sprintf(p, "service=%s ", service_name);
 421                 p += len;
 422                 gss_msg->msg.len += len;
 423         }
 424         if (mech->gm_upcall_enctypes) {
 425                 len = sprintf(p, "enctypes=%s ", mech->gm_upcall_enctypes);
 426                 p += len;
 427                 gss_msg->msg.len += len;
 428         }
 429         len = sprintf(p, "\n");
 430         gss_msg->msg.len += len;
 431
 432         gss_msg->msg.data = gss_msg->databuf;
 433         BUG_ON(gss_msg->msg.len > UPCALL_BUF_LEN);
 434 }
 435
 436 static void gss_encode_msg(struct gss_upcall_msg *gss_msg,
 437                                 struct rpc_clnt *clnt,
 438                                 const char *service_name)
 439 {
 440         if (pipe_version == 0)
 441                 gss_encode_v0_msg(gss_msg);
 442         else /* pipe_version == 1 */
 443                 gss_encode_v1_msg(gss_msg, clnt, service_name);
 444 }
 445
 446 static struct gss_upcall_msg *
 447 gss_alloc_msg(struct gss_auth *gss_auth, struct rpc_clnt *clnt,
 448                 uid_t uid, const char *service_name)
 449 {
 450         struct gss_upcall_msg *gss_msg;
 451         int vers;
 452
 453         gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
 454         if (gss_msg == NULL)
 455                 return ERR_PTR(-ENOMEM);
 456         vers = get_pipe_version();
 457         if (vers < 0) {
 458                 kfree(gss_msg);
 459                 return ERR_PTR(vers);
 460         }
 461         gss_msg->pipe = gss_auth->pipe[vers];
 462         INIT_LIST_HEAD(&gss_msg->list);
 463         rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
 464         init_waitqueue_head(&gss_msg->waitqueue);
 465         atomic_set(&gss_msg->count, 1);
 466         gss_msg->uid = uid;
 467         gss_msg->auth = gss_auth;
 468         gss_encode_msg(gss_msg, clnt, service_name);
 469         return gss_msg;
 470 }
 471
 472 static struct gss_upcall_msg *
 473 gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
 474 {
 475         struct gss_cred *gss_cred = container_of(cred,
 476                         struct gss_cred, gc_base);
 477         struct gss_upcall_msg *gss_new, *gss_msg;
 478         uid_t uid = cred->cr_uid;
 479
 480         gss_new = gss_alloc_msg(gss_auth, clnt, uid, gss_cred->gc_principal);
 481         if (IS_ERR(gss_new))
 482                 return gss_new;
 483         gss_msg = gss_add_msg(gss_new);
 484         if (gss_msg == gss_new) {
 485                 int res = rpc_queue_upcall(gss_new->pipe, &gss_new->msg);
 486                 if (res) {
 487                         gss_unhash_msg(gss_new);
 488                         gss_msg = ERR_PTR(res);
 489                 }
 490         } else
 491                 gss_release_msg(gss_new);
 492         return gss_msg;
 493 }
 494
 495 static void warn_gssd(void)
 496 {
 497         static unsigned long ratelimit;
 498         unsigned long now = jiffies;
 499
 500         if (time_after(now, ratelimit)) {
 501                 printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
 502                                 "Please check user daemon is running.\n");
 503                 ratelimit = now + 15*HZ;
 504         }
 505 }
 506
 507 static inline int
 508 gss_refresh_upcall(struct rpc_task *task)
 509 {
 510         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
 511         struct gss_auth *gss_auth = container_of(cred->cr_auth,
 512                         struct gss_auth, rpc_auth);
 513         struct gss_cred *gss_cred = container_of(cred,
 514                         struct gss_cred, gc_base);
 515         struct gss_upcall_msg *gss_msg;
 516         struct rpc_pipe *pipe;
 517         int err = 0;
 518
 519         dprintk("RPC: %5u %s for uid %u\n",
 520                 task->tk_pid, __func__, cred->cr_uid);
 521         gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
 522         if (PTR_ERR(gss_msg) == -EAGAIN) {
 523                 /* XXX: warning on the first, under the assumption we
 524                  * shouldn't normally hit this case on a refresh. */
 525                 warn_gssd();
 526                 task->tk_timeout = 15*HZ;
 527                 rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL);
 528                 return -EAGAIN;
 529         }
 530         if (IS_ERR(gss_msg)) {
 531                 err = PTR_ERR(gss_msg);
 532                 goto out;
 533         }
 534         pipe = gss_msg->pipe;
 535         spin_lock(&pipe->lock);
 536         if (gss_cred->gc_upcall != NULL)
 537                 rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
 538         else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
 539                 task->tk_timeout = 0;
 540                 gss_cred->gc_upcall = gss_msg;
 541                 /* gss_upcall_callback will release the reference to gss_upcall_msg */
 542                 atomic_inc(&gss_msg->count);
 543                 rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
 544         } else {
 545                 gss_handle_downcall_result(gss_cred, gss_msg);
 546                 err = gss_msg->msg.errno;
 547         }
 548         spin_unlock(&pipe->lock);
 549         gss_release_msg(gss_msg);
 550 out:
 551         dprintk("RPC: %5u %s for uid %u result %d\n",
 552                 task->tk_pid, __func__, cred->cr_uid, err);
 553         return err;
 554 }
 555
 556 static inline int
 557 gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
 558 {
 559         struct rpc_pipe *pipe;
 560         struct rpc_cred *cred = &gss_cred->gc_base;
 561         struct gss_upcall_msg *gss_msg;
 562         DEFINE_WAIT(wait);
 563         int err = 0;
 564
 565         dprintk("RPC:       %s for uid %u\n", __func__, cred->cr_uid);
 566 retry:
 567         gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
 568         if (PTR_ERR(gss_msg) == -EAGAIN) {
 569                 err = wait_event_interruptible_timeout(pipe_version_waitqueue,
 570                                 pipe_version >= 0, 15*HZ);
 571                 if (pipe_version < 0) {
 572                         warn_gssd();
 573                         err = -EACCES;
 574                 }
 575                 if (err)
 576                         goto out;
 577                 goto retry;
 578         }
 579         if (IS_ERR(gss_msg)) {
 580                 err = PTR_ERR(gss_msg);
 581                 goto out;
 582         }
 583         pipe = gss_msg->pipe;
 584         for (;;) {
 585                 prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
 586                 spin_lock(&pipe->lock);
 587                 if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
 588                         break;
 589                 }
 590                 spin_unlock(&pipe->lock);
 591                 if (fatal_signal_pending(current)) {
 592                         err = -ERESTARTSYS;
 593                         goto out_intr;
 594                 }
 595                 schedule();
 596         }
 597         if (gss_msg->ctx)
 598                 gss_cred_set_ctx(cred, gss_msg->ctx);
 599         else
 600                 err = gss_msg->msg.errno;
 601         spin_unlock(&pipe->lock);
 602 out_intr:
 603         finish_wait(&gss_msg->waitqueue, &wait);
 604         gss_release_msg(gss_msg);
 605 out:
 606         dprintk("RPC:       %s for uid %u result %d\n",
 607                 __func__, cred->cr_uid, err);
 608         return err;
 609 }
 610
 611 #define MSG_BUF_MAXSIZE 1024
 612
 613 static ssize_t
 614 gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
 615 {
 616         const void *p, *end;
 617         void *buf;
 618         struct gss_upcall_msg *gss_msg;
 619         struct rpc_pipe *pipe = RPC_I(filp->f_dentry->d_inode)->pipe;
 620         struct gss_cl_ctx *ctx;
 621         uid_t uid;
 622         ssize_t err = -EFBIG;
 623
 624         if (mlen > MSG_BUF_MAXSIZE)
 625                 goto out;
 626         err = -ENOMEM;
 627         buf = kmalloc(mlen, GFP_NOFS);
 628         if (!buf)
 629                 goto out;
 630
 631         err = -EFAULT;
 632         if (copy_from_user(buf, src, mlen))
 633                 goto err;
 634
 635         end = (const void *)((char *)buf + mlen);
 636         p = simple_get_bytes(buf, end, &uid, sizeof(uid));
 637         if (IS_ERR(p)) {
 638                 err = PTR_ERR(p);
 639                 goto err;
 640         }
 641
 642         err = -ENOMEM;
 643         ctx = gss_alloc_context();
 644         if (ctx == NULL)
 645                 goto err;
 646
 647         err = -ENOENT;
 648         /* Find a matching upcall */
 649         spin_lock(&pipe->lock);
 650         gss_msg = __gss_find_upcall(pipe, uid);
 651         if (gss_msg == NULL) {
 652                 spin_unlock(&pipe->lock);
 653                 goto err_put_ctx;
 654         }
 655         list_del_init(&gss_msg->list);
 656         spin_unlock(&pipe->lock);
 657
 658         p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
 659         if (IS_ERR(p)) {
 660                 err = PTR_ERR(p);
 661                 switch (err) {
 662                 case -EACCES:
 663                 case -EKEYEXPIRED:
 664                         gss_msg->msg.errno = err;
 665                         err = mlen;
 666                         break;
 667                 case -EFAULT:
 668                 case -ENOMEM:
 669                 case -EINVAL:
 670                 case -ENOSYS:
 671                         gss_msg->msg.errno = -EAGAIN;
 672                         break;
 673                 default:
 674                         printk(KERN_CRIT "%s: bad return from "
 675                                 "gss_fill_context: %zd\n", __func__, err);
 676                         BUG();
 677                 }
 678                 goto err_release_msg;
 679         }
 680         gss_msg->ctx = gss_get_ctx(ctx);
 681         err = mlen;
 682
 683 err_release_msg:
 684         spin_lock(&pipe->lock);
 685         __gss_unhash_msg(gss_msg);
 686         spin_unlock(&pipe->lock);
 687         gss_release_msg(gss_msg);
 688 err_put_ctx:
 689         gss_put_ctx(ctx);
 690 err:
 691         kfree(buf);
 692 out:
 693         dprintk("RPC:       %s returning %Zd\n", __func__, err);
 694         return err;
 695 }
 696
 697 static int gss_pipe_open(struct inode *inode, int new_version)
 698 {
 699         int ret = 0;
 700
 701         spin_lock(&pipe_version_lock);
 702         if (pipe_version < 0) {
 703                 /* First open of any gss pipe determines the version: */
 704                 pipe_version = new_version;
 705                 rpc_wake_up(&pipe_version_rpc_waitqueue);
 706                 wake_up(&pipe_version_waitqueue);
 707         } else if (pipe_version != new_version) {
 708                 /* Trying to open a pipe of a different version */
 709                 ret = -EBUSY;
 710                 goto out;
 711         }
 712         atomic_inc(&pipe_users);
 713 out:
 714         spin_unlock(&pipe_version_lock);
 715         return ret;
 716
 717 }
 718
 719 static int gss_pipe_open_v0(struct inode *inode)
 720 {
 721         return gss_pipe_open(inode, 0);
 722 }
 723
 724 static int gss_pipe_open_v1(struct inode *inode)
 725 {
 726         return gss_pipe_open(inode, 1);
 727 }
 728
 729 static void
 730 gss_pipe_release(struct inode *inode)
 731 {
 732         struct rpc_pipe *pipe = RPC_I(inode)->pipe;
 733         struct gss_upcall_msg *gss_msg;
 734
 735 restart:
 736         spin_lock(&pipe->lock);
 737         list_for_each_entry(gss_msg, &pipe->in_downcall, list) {
 738
 739                 if (!list_empty(&gss_msg->msg.list))
 740                         continue;
 741                 gss_msg->msg.errno = -EPIPE;
 742                 atomic_inc(&gss_msg->count);
 743                 __gss_unhash_msg(gss_msg);
 744                 spin_unlock(&pipe->lock);
 745                 gss_release_msg(gss_msg);
 746                 goto restart;
 747         }
 748         spin_unlock(&pipe->lock);
 749
 750         put_pipe_version();
 751 }
 752
 753 static void
 754 gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
 755 {
 756         struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
 757
 758         if (msg->errno < 0) {
 759                 dprintk("RPC:       %s releasing msg %p\n",
 760                         __func__, gss_msg);
 761                 atomic_inc(&gss_msg->count);
 762                 gss_unhash_msg(gss_msg);
 763                 if (msg->errno == -ETIMEDOUT)
 764                         warn_gssd();
 765                 gss_release_msg(gss_msg);
 766         }
 767 }
 768
 769 static void gss_pipes_dentries_destroy(struct rpc_auth *auth)
 770 {
 771         struct gss_auth *gss_auth;
 772
 773         gss_auth = container_of(auth, struct gss_auth, rpc_auth);
 774         if (gss_auth->pipe[0]->dentry)
 775                 rpc_unlink(gss_auth->pipe[0]->dentry);
 776         if (gss_auth->pipe[1]->dentry)
 777                 rpc_unlink(gss_auth->pipe[1]->dentry);
 778 }
 779
 780 static int gss_pipes_dentries_create(struct rpc_auth *auth)
 781 {
 782         int err;
 783         struct gss_auth *gss_auth;
 784         struct rpc_clnt *clnt;
 785
 786         gss_auth = container_of(auth, struct gss_auth, rpc_auth);
 787         clnt = gss_auth->client;
 788
 789         gss_auth->pipe[1]->dentry = rpc_mkpipe_dentry(clnt->cl_dentry,
 790                                                       "gssd",
 791                                                       clnt, gss_auth->pipe[1]);
 792         if (IS_ERR(gss_auth->pipe[1]->dentry))
 793                 return PTR_ERR(gss_auth->pipe[1]->dentry);
 794         gss_auth->pipe[0]->dentry = rpc_mkpipe_dentry(clnt->cl_dentry,
 795                                                       gss_auth->mech->gm_name,
 796                                                       clnt, gss_auth->pipe[0]);
 797         if (IS_ERR(gss_auth->pipe[0]->dentry)) {
 798                 err = PTR_ERR(gss_auth->pipe[0]->dentry);
 799                 goto err_unlink_pipe_1;
 800         }
 801         return 0;
 802
 803 err_unlink_pipe_1:
 804         rpc_unlink(gss_auth->pipe[1]->dentry);
 805         return err;
 806 }
 807
 808 static void gss_pipes_dentries_destroy_net(struct rpc_clnt *clnt,
 809                                            struct rpc_auth *auth)
 810 {
 811         struct net *net = rpc_net_ns(clnt);
 812         struct super_block *sb;
 813
 814         sb = rpc_get_sb_net(net);
 815         if (sb) {
 816                 if (clnt->cl_dentry)
 817                         gss_pipes_dentries_destroy(auth);
 818                 rpc_put_sb_net(net);
 819         }
 820 }
 821
 822 static int gss_pipes_dentries_create_net(struct rpc_clnt *clnt,
 823                                          struct rpc_auth *auth)
 824 {
 825         struct net *net = rpc_net_ns(clnt);
 826         struct super_block *sb;
 827         int err = 0;
 828
 829         sb = rpc_get_sb_net(net);
 830         if (sb) {
 831                 if (clnt->cl_dentry)
 832                         err = gss_pipes_dentries_create(auth);
 833                 rpc_put_sb_net(net);
 834         }
 835         return err;
 836 }
 837
 838 /*
 839  * NOTE: we have the opportunity to use different
 840  * parameters based on the input flavor (which must be a pseudoflavor)
 841  */
 842 static struct rpc_auth *
 843 gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
 844 {
 845         struct gss_auth *gss_auth;
 846         struct rpc_auth * auth;
 847         int err = -ENOMEM; /* XXX? */
 848
 849         dprintk("RPC:       creating GSS authenticator for client %p\n", clnt);
 850
 851         if (!try_module_get(THIS_MODULE))
 852                 return ERR_PTR(err);
 853         if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
 854                 goto out_dec;
 855         gss_auth->client = clnt;
 856         err = -EINVAL;
 857         gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
 858         if (!gss_auth->mech) {
 859                 printk(KERN_WARNING "%s: Pseudoflavor %d not found!\n",
 860                                 __func__, flavor);
 861                 goto err_free;
 862         }
 863         gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
 864         if (gss_auth->service == 0)
 865                 goto err_put_mech;
 866         auth = &gss_auth->rpc_auth;
 867         auth->au_cslack = GSS_CRED_SLACK >> 2;
 868         auth->au_rslack = GSS_VERF_SLACK >> 2;
 869         auth->au_ops = &authgss_ops;
 870         auth->au_flavor = flavor;
 871         atomic_set(&auth->au_count, 1);
 872         kref_init(&gss_auth->kref);
 873
 874         /*
 875          * Note: if we created the old pipe first, then someone who
 876          * examined the directory at the right moment might conclude
 877          * that we supported only the old pipe.  So we instead create
 878          * the new pipe first.
 879          */
 880         gss_auth->pipe[1] = rpc_mkpipe_data(&gss_upcall_ops_v1,
 881                                             RPC_PIPE_WAIT_FOR_OPEN);
 882         if (IS_ERR(gss_auth->pipe[1])) {
 883                 err = PTR_ERR(gss_auth->pipe[1]);
 884                 goto err_put_mech;
 885         }
 886
 887         gss_auth->pipe[0] = rpc_mkpipe_data(&gss_upcall_ops_v0,
 888                                             RPC_PIPE_WAIT_FOR_OPEN);
 889         if (IS_ERR(gss_auth->pipe[0])) {
 890                 err = PTR_ERR(gss_auth->pipe[0]);
 891                 goto err_destroy_pipe_1;
 892         }
 893         err = gss_pipes_dentries_create_net(clnt, auth);
 894         if (err)
 895                 goto err_destroy_pipe_0;
 896         err = rpcauth_init_credcache(auth);
 897         if (err)
 898                 goto err_unlink_pipes;
 899
 900         return auth;
 901 err_unlink_pipes:
 902         gss_pipes_dentries_destroy_net(clnt, auth);
 903 err_destroy_pipe_0:
 904         rpc_destroy_pipe_data(gss_auth->pipe[0]);
 905 err_destroy_pipe_1:
 906         rpc_destroy_pipe_data(gss_auth->pipe[1]);
 907 err_put_mech:
 908         gss_mech_put(gss_auth->mech);
 909 err_free:
 910         kfree(gss_auth);
 911 out_dec:
 912         module_put(THIS_MODULE);
 913         return ERR_PTR(err);
 914 }
 915
 916 static void
 917 gss_free(struct gss_auth *gss_auth)
 918 {
 919         gss_pipes_dentries_destroy_net(gss_auth->client, &gss_auth->rpc_auth);
 920         rpc_destroy_pipe_data(gss_auth->pipe[0]);
 921         rpc_destroy_pipe_data(gss_auth->pipe[1]);
 922         gss_mech_put(gss_auth->mech);
 923
 924         kfree(gss_auth);
 925         module_put(THIS_MODULE);
 926 }
 927
 928 static void
 929 gss_free_callback(struct kref *kref)
 930 {
 931         struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
 932
 933         gss_free(gss_auth);
 934 }
 935
 936 static void
 937 gss_destroy(struct rpc_auth *auth)
 938 {
 939         struct gss_auth *gss_auth;
 940
 941         dprintk("RPC:       destroying GSS authenticator %p flavor %d\n",
 942                         auth, auth->au_flavor);
 943
 944         rpcauth_destroy_credcache(auth);
 945
 946         gss_auth = container_of(auth, struct gss_auth, rpc_auth);
 947         kref_put(&gss_auth->kref, gss_free_callback);
 948 }
 949
 950 /*
 951  * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
 952  * to the server with the GSS control procedure field set to
 953  * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
 954  * all RPCSEC_GSS state associated with that context.
 955  */
 956 static int
 957 gss_destroying_context(struct rpc_cred *cred)
 958 {
 959         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
 960         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
 961         struct rpc_task *task;
 962
 963         if (gss_cred->gc_ctx == NULL ||
 964             test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
 965                 return 0;
 966
 967         gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
 968         cred->cr_ops = &gss_nullops;
 969
 970         /* Take a reference to ensure the cred will be destroyed either
 971          * by the RPC call or by the put_rpccred() below */
 972         get_rpccred(cred);
 973
 974         task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
 975         if (!IS_ERR(task))
 976                 rpc_put_task(task);
 977
 978         put_rpccred(cred);
 979         return 1;
 980 }
 981
 982 /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
 983  * to create a new cred or context, so they check that things have been
 984  * allocated before freeing them. */
 985 static void
 986 gss_do_free_ctx(struct gss_cl_ctx *ctx)
 987 {
 988         dprintk("RPC:       %s\n", __func__);
 989
 990         gss_delete_sec_context(&ctx->gc_gss_ctx);
 991         kfree(ctx->gc_wire_ctx.data);
 992         kfree(ctx);
 993 }
 994
 995 static void
 996 gss_free_ctx_callback(struct rcu_head *head)
 997 {
 998         struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
 999         gss_do_free_ctx(ctx);
1000 }
1001
1002 static void
1003 gss_free_ctx(struct gss_cl_ctx *ctx)
1004 {
1005         call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
1006 }
1007
1008 static void
1009 gss_free_cred(struct gss_cred *gss_cred)
1010 {
1011         dprintk("RPC:       %s cred=%p\n", __func__, gss_cred);
1012         kfree(gss_cred);
1013 }
1014
1015 static void
1016 gss_free_cred_callback(struct rcu_head *head)
1017 {
1018         struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
1019         gss_free_cred(gss_cred);
1020 }
1021
1022 static void
1023 gss_destroy_nullcred(struct rpc_cred *cred)
1024 {
1025         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
1026         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
1027         struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
1028
1029         RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
1030         call_rcu(&cred->cr_rcu, gss_free_cred_callback);
1031         if (ctx)
1032                 gss_put_ctx(ctx);
1033         kref_put(&gss_auth->kref, gss_free_callback);
1034 }
1035
1036 static void
1037 gss_destroy_cred(struct rpc_cred *cred)
1038 {
1039
1040         if (gss_destroying_context(cred))
1041                 return;
1042         gss_destroy_nullcred(cred);
1043 }
1044
1045 /*
1046  * Lookup RPCSEC_GSS cred for the current process
1047  */
1048 static struct rpc_cred *
1049 gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
1050 {
1051         return rpcauth_lookup_credcache(auth, acred, flags);
1052 }
1053
1054 static struct rpc_cred *
1055 gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
1056 {
1057         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1058         struct gss_cred *cred = NULL;
1059         int err = -ENOMEM;
1060
1061         dprintk("RPC:       %s for uid %d, flavor %d\n",
1062                 __func__, acred->uid, auth->au_flavor);
1063
1064         if (!(cred = kzalloc(sizeof(*cred), GFP_NOFS)))
1065                 goto out_err;
1066
1067         rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
1068         /*
1069          * Note: in order to force a call to call_refresh(), we deliberately
1070          * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
1071          */
1072         cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
1073         cred->gc_service = gss_auth->service;
1074         cred->gc_principal = NULL;
1075         if (acred->machine_cred)
1076                 cred->gc_principal = acred->principal;
1077         kref_get(&gss_auth->kref);
1078         return &cred->gc_base;
1079
1080 out_err:
1081         dprintk("RPC:       %s failed with error %d\n", __func__, err);
1082         return ERR_PTR(err);
1083 }
1084
1085 static int
1086 gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
1087 {
1088         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1089         struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
1090         int err;
1091
1092         do {
1093                 err = gss_create_upcall(gss_auth, gss_cred);
1094         } while (err == -EAGAIN);
1095         return err;
1096 }
1097
1098 static int
1099 gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
1100 {
1101         struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1102
1103         if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
1104                 goto out;
1105         /* Don't match with creds that have expired. */
1106         if (time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
1107                 return 0;
1108         if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
1109                 return 0;
1110 out:
1111         if (acred->principal != NULL) {
1112                 if (gss_cred->gc_principal == NULL)
1113                         return 0;
1114                 return strcmp(acred->principal, gss_cred->gc_principal) == 0;
1115         }
1116         if (gss_cred->gc_principal != NULL)
1117                 return 0;
1118         return rc->cr_uid == acred->uid;
1119 }
1120
1121 /*
1122 * Marshal credentials.
1123 * Maybe we should keep a cached credential for performance reasons.
1124 */
1125 static __be32 *
1126 gss_marshal(struct rpc_task *task, __be32 *p)
1127 {
1128         struct rpc_rqst *req = task->tk_rqstp;
1129         struct rpc_cred *cred = req->rq_cred;
1130         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1131                                                  gc_base);
1132         struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
1133         __be32          *cred_len;
1134         u32             maj_stat = 0;
1135         struct xdr_netobj mic;
1136         struct kvec     iov;
1137         struct xdr_buf  verf_buf;
1138
1139         dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1140
1141         *p++ = htonl(RPC_AUTH_GSS);
1142         cred_len = p++;
1143
1144         spin_lock(&ctx->gc_seq_lock);
1145         req->rq_seqno = ctx->gc_seq++;
1146         spin_unlock(&ctx->gc_seq_lock);
1147
1148         *p++ = htonl((u32) RPC_GSS_VERSION);
1149         *p++ = htonl((u32) ctx->gc_proc);
1150         *p++ = htonl((u32) req->rq_seqno);
1151         *p++ = htonl((u32) gss_cred->gc_service);
1152         p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
1153         *cred_len = htonl((p - (cred_len + 1)) << 2);
1154
1155         /* We compute the checksum for the verifier over the xdr-encoded bytes
1156          * starting with the xid and ending at the end of the credential: */
1157         iov.iov_base = xprt_skip_transport_header(task->tk_xprt,
1158                                         req->rq_snd_buf.head[0].iov_base);
1159         iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
1160         xdr_buf_from_iov(&iov, &verf_buf);
1161
1162         /* set verifier flavor*/
1163         *p++ = htonl(RPC_AUTH_GSS);
1164
1165         mic.data = (u8 *)(p + 1);
1166         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1167         if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
1168                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1169         } else if (maj_stat != 0) {
1170                 printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
1171                 goto out_put_ctx;
1172         }
1173         p = xdr_encode_opaque(p, NULL, mic.len);
1174         gss_put_ctx(ctx);
1175         return p;
1176 out_put_ctx:
1177         gss_put_ctx(ctx);
1178         return NULL;
1179 }
1180
1181 static int gss_renew_cred(struct rpc_task *task)
1182 {
1183         struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
1184         struct gss_cred *gss_cred = container_of(oldcred,
1185                                                  struct gss_cred,
1186                                                  gc_base);
1187         struct rpc_auth *auth = oldcred->cr_auth;
1188         struct auth_cred acred = {
1189                 .uid = oldcred->cr_uid,
1190                 .principal = gss_cred->gc_principal,
1191                 .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0),
1192         };
1193         struct rpc_cred *new;
1194
1195         new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
1196         if (IS_ERR(new))
1197                 return PTR_ERR(new);
1198         task->tk_rqstp->rq_cred = new;
1199         put_rpccred(oldcred);
1200         return 0;
1201 }
1202
1203 static int gss_cred_is_negative_entry(struct rpc_cred *cred)
1204 {
1205         if (test_bit(RPCAUTH_CRED_NEGATIVE, &cred->cr_flags)) {
1206                 unsigned long now = jiffies;
1207                 unsigned long begin, expire;
1208                 struct gss_cred *gss_cred;
1209
1210                 gss_cred = container_of(cred, struct gss_cred, gc_base);
1211                 begin = gss_cred->gc_upcall_timestamp;
1212                 expire = begin + gss_expired_cred_retry_delay * HZ;
1213
1214                 if (time_in_range_open(now, begin, expire))
1215                         return 1;
1216         }
1217         return 0;
1218 }
1219
1220 /*
1221 * Refresh credentials. XXX - finish
1222 */
1223 static int
1224 gss_refresh(struct rpc_task *task)
1225 {
1226         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1227         int ret = 0;
1228
1229         if (gss_cred_is_negative_entry(cred))
1230                 return -EKEYEXPIRED;
1231
1232         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
1233                         !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
1234                 ret = gss_renew_cred(task);
1235                 if (ret < 0)
1236                         goto out;
1237                 cred = task->tk_rqstp->rq_cred;
1238         }
1239
1240         if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
1241                 ret = gss_refresh_upcall(task);
1242 out:
1243         return ret;
1244 }
1245
1246 /* Dummy refresh routine: used only when destroying the context */
1247 static int
1248 gss_refresh_null(struct rpc_task *task)
1249 {
1250         return -EACCES;
1251 }
1252
1253 static __be32 *
1254 gss_validate(struct rpc_task *task, __be32 *p)
1255 {
1256         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1257         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1258         __be32          seq;
1259         struct kvec     iov;
1260         struct xdr_buf  verf_buf;
1261         struct xdr_netobj mic;
1262         u32             flav,len;
1263         u32             maj_stat;
1264
1265         dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1266
1267         flav = ntohl(*p++);
1268         if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
1269                 goto out_bad;
1270         if (flav != RPC_AUTH_GSS)
1271                 goto out_bad;
1272         seq = htonl(task->tk_rqstp->rq_seqno);
1273         iov.iov_base = &seq;
1274         iov.iov_len = sizeof(seq);
1275         xdr_buf_from_iov(&iov, &verf_buf);
1276         mic.data = (u8 *)p;
1277         mic.len = len;
1278
1279         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1280         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1281                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1282         if (maj_stat) {
1283                 dprintk("RPC: %5u %s: gss_verify_mic returned error 0x%08x\n",
1284                         task->tk_pid, __func__, maj_stat);
1285                 goto out_bad;
1286         }
1287         /* We leave it to unwrap to calculate au_rslack. For now we just
1288          * calculate the length of the verifier: */
1289         cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1290         gss_put_ctx(ctx);
1291         dprintk("RPC: %5u %s: gss_verify_mic succeeded.\n",
1292                         task->tk_pid, __func__);
1293         return p + XDR_QUADLEN(len);
1294 out_bad:
1295         gss_put_ctx(ctx);
1296         dprintk("RPC: %5u %s failed.\n", task->tk_pid, __func__);
1297         return NULL;
1298 }
1299
1300 static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
1301                                 __be32 *p, void *obj)
1302 {
1303         struct xdr_stream xdr;
1304
1305         xdr_init_encode(&xdr, &rqstp->rq_snd_buf, p);
1306         encode(rqstp, &xdr, obj);
1307 }
1308
1309 static inline int
1310 gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1311                    kxdreproc_t encode, struct rpc_rqst *rqstp,
1312                    __be32 *p, void *obj)
1313 {
1314         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1315         struct xdr_buf  integ_buf;
1316         __be32          *integ_len = NULL;
1317         struct xdr_netobj mic;
1318         u32             offset;
1319         __be32          *q;
1320         struct kvec     *iov;
1321         u32             maj_stat = 0;
1322         int             status = -EIO;
1323
1324         integ_len = p++;
1325         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1326         *p++ = htonl(rqstp->rq_seqno);
1327
1328         gss_wrap_req_encode(encode, rqstp, p, obj);
1329
1330         if (xdr_buf_subsegment(snd_buf, &integ_buf,
1331                                 offset, snd_buf->len - offset))
1332                 return status;
1333         *integ_len = htonl(integ_buf.len);
1334
1335         /* guess whether we're in the head or the tail: */
1336         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1337                 iov = snd_buf->tail;
1338         else
1339                 iov = snd_buf->head;
1340         p = iov->iov_base + iov->iov_len;
1341         mic.data = (u8 *)(p + 1);
1342
1343         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1344         status = -EIO; /* XXX? */
1345         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1346                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1347         else if (maj_stat)
1348                 return status;
1349         q = xdr_encode_opaque(p, NULL, mic.len);
1350
1351         offset = (u8 *)q - (u8 *)p;
1352         iov->iov_len += offset;
1353         snd_buf->len += offset;
1354         return 0;
1355 }
1356
1357 static void
1358 priv_release_snd_buf(struct rpc_rqst *rqstp)
1359 {
1360         int i;
1361
1362         for (i=0; i < rqstp->rq_enc_pages_num; i++)
1363                 __free_page(rqstp->rq_enc_pages[i]);
1364         kfree(rqstp->rq_enc_pages);
1365 }
1366
1367 static int
1368 alloc_enc_pages(struct rpc_rqst *rqstp)
1369 {
1370         struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1371         int first, last, i;
1372
1373         if (snd_buf->page_len == 0) {
1374                 rqstp->rq_enc_pages_num = 0;
1375                 return 0;
1376         }
1377
1378         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1379         last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
1380         rqstp->rq_enc_pages_num = last - first + 1 + 1;
1381         rqstp->rq_enc_pages
1382                 = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
1383                                 GFP_NOFS);
1384         if (!rqstp->rq_enc_pages)
1385                 goto out;
1386         for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1387                 rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1388                 if (rqstp->rq_enc_pages[i] == NULL)
1389                         goto out_free;
1390         }
1391         rqstp->rq_release_snd_buf = priv_release_snd_buf;
1392         return 0;
1393 out_free:
1394         rqstp->rq_enc_pages_num = i;
1395         priv_release_snd_buf(rqstp);
1396 out:
1397         return -EAGAIN;
1398 }
1399
1400 static inline int
1401 gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1402                   kxdreproc_t encode, struct rpc_rqst *rqstp,
1403                   __be32 *p, void *obj)
1404 {
1405         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1406         u32             offset;
1407         u32             maj_stat;
1408         int             status;
1409         __be32          *opaque_len;
1410         struct page     **inpages;
1411         int             first;
1412         int             pad;
1413         struct kvec     *iov;
1414         char            *tmp;
1415
1416         opaque_len = p++;
1417         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1418         *p++ = htonl(rqstp->rq_seqno);
1419
1420         gss_wrap_req_encode(encode, rqstp, p, obj);
1421
1422         status = alloc_enc_pages(rqstp);
1423         if (status)
1424                 return status;
1425         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1426         inpages = snd_buf->pages + first;
1427         snd_buf->pages = rqstp->rq_enc_pages;
1428         snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1429         /*
1430          * Give the tail its own page, in case we need extra space in the
1431          * head when wrapping:
1432          *
1433          * call_allocate() allocates twice the slack space required
1434          * by the authentication flavor to rq_callsize.
1435          * For GSS, slack is GSS_CRED_SLACK.
1436          */
1437         if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1438                 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1439                 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1440                 snd_buf->tail[0].iov_base = tmp;
1441         }
1442         maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1443         /* slack space should prevent this ever happening: */
1444         BUG_ON(snd_buf->len > snd_buf->buflen);
1445         status = -EIO;
1446         /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1447          * done anyway, so it's safe to put the request on the wire: */
1448         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1449                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1450         else if (maj_stat)
1451                 return status;
1452
1453         *opaque_len = htonl(snd_buf->len - offset);
1454         /* guess whether we're in the head or the tail: */
1455         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1456                 iov = snd_buf->tail;
1457         else
1458                 iov = snd_buf->head;
1459         p = iov->iov_base + iov->iov_len;
1460         pad = 3 - ((snd_buf->len - offset - 1) & 3);
1461         memset(p, 0, pad);
1462         iov->iov_len += pad;
1463         snd_buf->len += pad;
1464
1465         return 0;
1466 }
1467
1468 static int
1469 gss_wrap_req(struct rpc_task *task,
1470              kxdreproc_t encode, void *rqstp, __be32 *p, void *obj)
1471 {
1472         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1473         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1474                         gc_base);
1475         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1476         int             status = -EIO;
1477
1478         dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
1479         if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1480                 /* The spec seems a little ambiguous here, but I think that not
1481                  * wrapping context destruction requests makes the most sense.
1482                  */
1483                 gss_wrap_req_encode(encode, rqstp, p, obj);
1484                 status = 0;
1485                 goto out;
1486         }
1487         switch (gss_cred->gc_service) {
1488         case RPC_GSS_SVC_NONE:
1489                 gss_wrap_req_encode(encode, rqstp, p, obj);
1490                 status = 0;
1491                 break;
1492         case RPC_GSS_SVC_INTEGRITY:
1493                 status = gss_wrap_req_integ(cred, ctx, encode, rqstp, p, obj);
1494                 break;
1495         case RPC_GSS_SVC_PRIVACY:
1496                 status = gss_wrap_req_priv(cred, ctx, encode, rqstp, p, obj);
1497                 break;
1498         }
1499 out:
1500         gss_put_ctx(ctx);
1501         dprintk("RPC: %5u %s returning %d\n", task->tk_pid, __func__, status);
1502         return status;
1503 }
1504
1505 static inline int
1506 gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1507                 struct rpc_rqst *rqstp, __be32 **p)
1508 {
1509         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1510         struct xdr_buf integ_buf;
1511         struct xdr_netobj mic;
1512         u32 data_offset, mic_offset;
1513         u32 integ_len;
1514         u32 maj_stat;
1515         int status = -EIO;
1516
1517         integ_len = ntohl(*(*p)++);
1518         if (integ_len & 3)
1519                 return status;
1520         data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1521         mic_offset = integ_len + data_offset;
1522         if (mic_offset > rcv_buf->len)
1523                 return status;
1524         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1525                 return status;
1526
1527         if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1528                                 mic_offset - data_offset))
1529                 return status;
1530
1531         if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1532                 return status;
1533
1534         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1535         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1536                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1537         if (maj_stat != GSS_S_COMPLETE)
1538                 return status;
1539         return 0;
1540 }
1541
1542 static inline int
1543 gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1544                 struct rpc_rqst *rqstp, __be32 **p)
1545 {
1546         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1547         u32 offset;
1548         u32 opaque_len;
1549         u32 maj_stat;
1550         int status = -EIO;
1551
1552         opaque_len = ntohl(*(*p)++);
1553         offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1554         if (offset + opaque_len > rcv_buf->len)
1555                 return status;
1556         /* remove padding: */
1557         rcv_buf->len = offset + opaque_len;
1558
1559         maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1560         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1561                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1562         if (maj_stat != GSS_S_COMPLETE)
1563                 return status;
1564         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1565                 return status;
1566
1567         return 0;
1568 }
1569
1570 static int
1571 gss_unwrap_req_decode(kxdrdproc_t decode, struct rpc_rqst *rqstp,
1572                       __be32 *p, void *obj)
1573 {
1574         struct xdr_stream xdr;
1575
1576         xdr_init_decode(&xdr, &rqstp->rq_rcv_buf, p);
1577         return decode(rqstp, &xdr, obj);
1578 }
1579
1580 static int
1581 gss_unwrap_resp(struct rpc_task *task,
1582                 kxdrdproc_t decode, void *rqstp, __be32 *p, void *obj)
1583 {
1584         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1585         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1586                         gc_base);
1587         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1588         __be32          *savedp = p;
1589         struct kvec     *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1590         int             savedlen = head->iov_len;
1591         int             status = -EIO;
1592
1593         if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1594                 goto out_decode;
1595         switch (gss_cred->gc_service) {
1596         case RPC_GSS_SVC_NONE:
1597                 break;
1598         case RPC_GSS_SVC_INTEGRITY:
1599                 status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1600                 if (status)
1601                         goto out;
1602                 break;
1603         case RPC_GSS_SVC_PRIVACY:
1604                 status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1605                 if (status)
1606                         goto out;
1607                 break;
1608         }
1609         /* take into account extra slack for integrity and privacy cases: */
1610         cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1611                                                 + (savedlen - head->iov_len);
1612 out_decode:
1613         status = gss_unwrap_req_decode(decode, rqstp, p, obj);
1614 out:
1615         gss_put_ctx(ctx);
1616         dprintk("RPC: %5u %s returning %d\n",
1617                 task->tk_pid, __func__, status);
1618         return status;
1619 }
1620
1621 static const struct rpc_authops authgss_ops = {
1622         .owner          = THIS_MODULE,
1623         .au_flavor      = RPC_AUTH_GSS,
1624         .au_name        = "RPCSEC_GSS",
1625         .create         = gss_create,
1626         .destroy        = gss_destroy,
1627         .lookup_cred    = gss_lookup_cred,
1628         .crcreate       = gss_create_cred,
1629         .pipes_create   = gss_pipes_dentries_create,
1630         .pipes_destroy  = gss_pipes_dentries_destroy,
1631         .list_pseudoflavors = gss_mech_list_pseudoflavors,
1632 };
1633
1634 static const struct rpc_credops gss_credops = {
1635         .cr_name        = "AUTH_GSS",
1636         .crdestroy      = gss_destroy_cred,
1637         .cr_init        = gss_cred_init,
1638         .crbind         = rpcauth_generic_bind_cred,
1639         .crmatch        = gss_match,
1640         .crmarshal      = gss_marshal,
1641         .crrefresh      = gss_refresh,
1642         .crvalidate     = gss_validate,
1643         .crwrap_req     = gss_wrap_req,
1644         .crunwrap_resp  = gss_unwrap_resp,
1645 };
1646
1647 static const struct rpc_credops gss_nullops = {
1648         .cr_name        = "AUTH_GSS",
1649         .crdestroy      = gss_destroy_nullcred,
1650         .crbind         = rpcauth_generic_bind_cred,
1651         .crmatch        = gss_match,
1652         .crmarshal      = gss_marshal,
1653         .crrefresh      = gss_refresh_null,
1654         .crvalidate     = gss_validate,
1655         .crwrap_req     = gss_wrap_req,
1656         .crunwrap_resp  = gss_unwrap_resp,
1657 };
1658
1659 static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
1660         .upcall         = rpc_pipe_generic_upcall,
1661         .downcall       = gss_pipe_downcall,
1662         .destroy_msg    = gss_pipe_destroy_msg,
1663         .open_pipe      = gss_pipe_open_v0,
1664         .release_pipe   = gss_pipe_release,
1665 };
1666
1667 static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
1668         .upcall         = rpc_pipe_generic_upcall,
1669         .downcall       = gss_pipe_downcall,
1670         .destroy_msg    = gss_pipe_destroy_msg,
1671         .open_pipe      = gss_pipe_open_v1,
1672         .release_pipe   = gss_pipe_release,
1673 };
1674
1675 static __net_init int rpcsec_gss_init_net(struct net *net)
1676 {
1677         return gss_svc_init_net(net);
1678 }
1679
1680 static __net_exit void rpcsec_gss_exit_net(struct net *net)
1681 {
1682         gss_svc_shutdown_net(net);
1683 }
1684
1685 static struct pernet_operations rpcsec_gss_net_ops = {
1686         .init = rpcsec_gss_init_net,
1687         .exit = rpcsec_gss_exit_net,
1688 };
1689
1690 /*
1691  * Initialize RPCSEC_GSS module
1692  */
1693 static int __init init_rpcsec_gss(void)
1694 {
1695         int err = 0;
1696
1697         err = rpcauth_register(&authgss_ops);
1698         if (err)
1699                 goto out;
1700         err = gss_svc_init();
1701         if (err)
1702                 goto out_unregister;
1703         err = register_pernet_subsys(&rpcsec_gss_net_ops);
1704         if (err)
1705                 goto out_svc_exit;
1706         rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
1707         return 0;
1708 out_svc_exit:
1709         gss_svc_shutdown();
1710 out_unregister:
1711         rpcauth_unregister(&authgss_ops);
1712 out:
1713         return err;
1714 }
1715
1716 static void __exit exit_rpcsec_gss(void)
1717 {
1718         unregister_pernet_subsys(&rpcsec_gss_net_ops);
1719         gss_svc_shutdown();
1720         rpcauth_unregister(&authgss_ops);
1721         rcu_barrier(); /* Wait for completion of call_rcu()'s */
1722 }
1723
1724 MODULE_LICENSE("GPL");
1725 module_param_named(expired_cred_retry_delay,
1726                    gss_expired_cred_retry_delay,
1727                    uint, 0644);
1728 MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
1729                 "the RPC engine retries an expired credential");
1730
1731 module_init(init_rpcsec_gss)
1732 module_exit(exit_rpcsec_gss)