svcauth_gss.c source code [linux/net/sunrpc/auth_gss/svcauth_gss.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Neil Brown <neilb@cse.unsw.edu.au>
4	* J. Bruce Fields <bfields@umich.edu>
5	* Andy Adamson <andros@umich.edu>
6	* Dug Song <dugsong@monkey.org>
7	*
8	* RPCSEC_GSS server authentication.
9	* This implements RPCSEC_GSS as defined in rfc2203 (rpcsec_gss) and rfc2078
10	* (gssapi)
11	*
12	* The RPCSEC_GSS involves three stages:
13	* 1/ context creation
14	* 2/ data exchange
15	* 3/ context destruction
16	*
17	* Context creation is handled largely by upcalls to user-space.
18	* In particular, GSS_Accept_sec_context is handled by an upcall
19	* Data exchange is handled entirely within the kernel
20	* In particular, GSS_GetMIC, GSS_VerifyMIC, GSS_Seal, GSS_Unseal are in-kernel.
21	* Context destruction is handled in-kernel
22	* GSS_Delete_sec_context is in-kernel
23	*
24	* Context creation is initiated by a RPCSEC_GSS_INIT request arriving.
25	* The context handle and gss_token are used as a key into the rpcsec_init cache.
26	* The content of this cache includes some of the outputs of GSS_Accept_sec_context,
27	* being major_status, minor_status, context_handle, reply_token.
28	* These are sent back to the client.
29	* Sequence window management is handled by the kernel. The window size if currently
30	* a compile time constant.
31	*
32	* When user-space is happy that a context is established, it places an entry
33	* in the rpcsec_context cache. The key for this cache is the context_handle.
34	* The content includes:
35	* uid/gidlist - for determining access rights
36	* mechanism type
37	* mechanism specific information, such as a key
38	*
39	*/
40
41	#include <linux/slab.h>
42	#include <linux/types.h>
43	#include <linux/module.h>
44	#include <linux/pagemap.h>
45	#include <linux/user_namespace.h>
46
47	#include <linux/sunrpc/auth_gss.h>
48	#include <linux/sunrpc/gss_err.h>
49	#include <linux/sunrpc/svcauth.h>
50	#include <linux/sunrpc/svcauth_gss.h>
51	#include <linux/sunrpc/cache.h>
52	#include <linux/sunrpc/gss_krb5.h>
53
54	#include <trace/events/rpcgss.h>
55
56	#include "gss_rpc_upcall.h"
57
58	/*
59	* Unfortunately there isn't a maximum checksum size exported via the
60	* GSS API. Manufacture one based on GSS mechanisms supported by this
61	* implementation.
62	*/
63	#define GSS_MAX_CKSUMSIZE (GSS_KRB5_TOK_HDR_LEN + GSS_KRB5_MAX_CKSUM_LEN)
64
65	/*
66	* This value may be increased in the future to accommodate other
67	* usage of the scratch buffer.
68	*/
69	#define GSS_SCRATCH_SIZE GSS_MAX_CKSUMSIZE
70
71	struct gss_svc_data {
72	/ decoded gss client cred: /
73	struct rpc_gss_wire_cred clcred;
74	u32 gsd_databody_offset;
75	struct rsc *rsci;
76
77	/ for temporary results /
78	__be32 gsd_seq_num;
79	u8 gsd_scratch[GSS_SCRATCH_SIZE];
80	};
81
82	/ The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests*
83	* into replies.
84	*
85	* Key is context handle (\x if empty) and gss_token.
86	* Content is major_status minor_status (integers) context_handle, reply_token.
87	*
88	*/
89
90	static int netobj_equal(struct xdr_netobj a, struct* xdr_netobj *b)
91	{
92	return a->len == b->len && `0` == memcmp(p: a->data, q: b->data, size: a->len);
93	}
94
95	#define RSI_HASHBITS 6
96	#define RSI_HASHMAX (1<<RSI_HASHBITS)
97
98	struct rsi {
99	struct cache_head h;
100	struct xdr_netobj in_handle, in_token;
101	struct xdr_netobj out_handle, out_token;
102	int major_status, minor_status;
103	struct rcu_head rcu_head;
104	};
105
106	static struct rsi rsi_update(struct* cache_detail cd, struct* rsi new, struct* rsi *old);
107	static struct rsi rsi_lookup(struct* cache_detail cd, struct* rsi *item);
108
109	static void rsi_free(struct rsi *rsii)
110	{
111	kfree(objp: rsii->in_handle.data);
112	kfree(objp: rsii->in_token.data);
113	kfree(objp: rsii->out_handle.data);
114	kfree(objp: rsii->out_token.data);
115	}
116
117	static void rsi_free_rcu(struct rcu_head *head)
118	{
119	struct rsi rsii = container_of(head, struct* rsi, rcu_head);
120
121	rsi_free(rsii);
122	kfree(objp: rsii);
123	}
124
125	static void rsi_put(struct kref *ref)
126	{
127	struct rsi rsii = container_of(ref, struct* rsi, h.ref);
128
129	call_rcu(head: &rsii->rcu_head, func: rsi_free_rcu);
130	}
131
132	static inline int rsi_hash(struct rsi *item)
133	{
134	return hash_mem(buf: item->in_handle.data, length: item->in_handle.len, RSI_HASHBITS)
135	^ hash_mem(buf: item->in_token.data, length: item->in_token.len, RSI_HASHBITS);
136	}
137
138	static int rsi_match(struct cache_head a, struct* cache_head *b)
139	{
140	struct rsi item = container_of(a, struct* rsi, h);
141	struct rsi tmp = container_of(b, struct* rsi, h);
142	return netobj_equal(a: &item->in_handle, b: &tmp->in_handle) &&
143	netobj_equal(a: &item->in_token, b: &tmp->in_token);
144	}
145
146	static int dup_to_netobj(struct xdr_netobj dst, char* src, int* len)
147	{
148	dst->len = len;
149	dst->data = (len ? kmemdup(src, len, GFP_KERNEL) : NULL);
150	if (len && !dst->data)
151	return -ENOMEM;
152	return `0`;
153	}
154
155	static inline int dup_netobj(struct xdr_netobj dst, struct* xdr_netobj *src)
156	{
157	return dup_to_netobj(dst, src: src->data, len: src->len);
158	}
159
160	static void rsi_init(struct cache_head cnew, struct* cache_head *citem)
161	{
162	struct rsi new = container_of(cnew, struct* rsi, h);
163	struct rsi item = container_of(citem, struct* rsi, h);
164
165	new->out_handle.data = NULL;
166	new->out_handle.len = `0`;
167	new->out_token.data = NULL;
168	new->out_token.len = `0`;
169	new->in_handle.len = item->in_handle.len;
170	item->in_handle.len = `0`;
171	new->in_token.len = item->in_token.len;
172	item->in_token.len = `0`;
173	new->in_handle.data = item->in_handle.data;
174	item->in_handle.data = NULL;
175	new->in_token.data = item->in_token.data;
176	item->in_token.data = NULL;
177	}
178
179	static void update_rsi(struct cache_head cnew, struct* cache_head *citem)
180	{
181	struct rsi new = container_of(cnew, struct* rsi, h);
182	struct rsi item = container_of(citem, struct* rsi, h);
183
184	BUG_ON(new->out_handle.data \|\| new->out_token.data);
185	new->out_handle.len = item->out_handle.len;
186	item->out_handle.len = `0`;
187	new->out_token.len = item->out_token.len;
188	item->out_token.len = `0`;
189	new->out_handle.data = item->out_handle.data;
190	item->out_handle.data = NULL;
191	new->out_token.data = item->out_token.data;
192	item->out_token.data = NULL;
193
194	new->major_status = item->major_status;
195	new->minor_status = item->minor_status;
196	}
197
198	static struct cache_head rsi_alloc(void*)
199	{
200	struct rsi rsii = kmalloc(sizeof(rsii), GFP_KERNEL);
201	if (rsii)
202	return &rsii->h;
203	else
204	return NULL;
205	}
206
207	static int rsi_upcall(struct cache_detail cd, struct* cache_head *h)
208	{
209	return sunrpc_cache_pipe_upcall_timeout(detail: cd, h);
210	}
211
212	static void rsi_request(struct cache_detail *cd,
213	struct cache_head *h,
214	char *bpp, int* *blen)
215	{
216	struct rsi rsii = container_of(h, struct* rsi, h);
217
218	qword_addhex(bpp, lp: blen, buf: rsii->in_handle.data, blen: rsii->in_handle.len);
219	qword_addhex(bpp, lp: blen, buf: rsii->in_token.data, blen: rsii->in_token.len);
220	(*bpp)[-`1`] = `'\n'`;
221	WARN_ONCE(*blen < `0`,
222	"RPCSEC/GSS credential too large - please use gssproxy\n");
223	}
224
225	static int rsi_parse(struct cache_detail *cd,
226	char mesg, int* mlen)
227	{
228	/ context token expiry major minor context token /
229	char *buf = mesg;
230	char *ep;
231	int len;
232	struct rsi rsii, *rsip = NULL;
233	time64_t expiry;
234	int status = -EINVAL;
235
236	memset(&rsii, `0`, sizeof(rsii));
237	/ handle /
238	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
239	if (len < `0`)
240	goto out;
241	status = -ENOMEM;
242	if (dup_to_netobj(dst: &rsii.in_handle, src: buf, len))
243	goto out;
244
245	/ token /
246	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
247	status = -EINVAL;
248	if (len < `0`)
249	goto out;
250	status = -ENOMEM;
251	if (dup_to_netobj(dst: &rsii.in_token, src: buf, len))
252	goto out;
253
254	rsip = rsi_lookup(cd, item: &rsii);
255	if (!rsip)
256	goto out;
257
258	rsii.h.flags = `0`;
259	/ expiry /
260	status = get_expiry(bpp: &mesg, rvp: &expiry);
261	if (status)
262	goto out;
263
264	status = -EINVAL;
265	/ major/minor /
266	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
267	if (len <= `0`)
268	goto out;
269	rsii.major_status = simple_strtoul(buf, &ep, `10`);
270	if (*ep)
271	goto out;
272	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
273	if (len <= `0`)
274	goto out;
275	rsii.minor_status = simple_strtoul(buf, &ep, `10`);
276	if (*ep)
277	goto out;
278
279	/ out_handle /
280	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
281	if (len < `0`)
282	goto out;
283	status = -ENOMEM;
284	if (dup_to_netobj(dst: &rsii.out_handle, src: buf, len))
285	goto out;
286
287	/ out_token /
288	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
289	status = -EINVAL;
290	if (len < `0`)
291	goto out;
292	status = -ENOMEM;
293	if (dup_to_netobj(dst: &rsii.out_token, src: buf, len))
294	goto out;
295	rsii.h.expiry_time = expiry;
296	rsip = rsi_update(cd, new: &rsii, old: rsip);
297	status = `0`;
298	out:
299	rsi_free(rsii: &rsii);
300	if (rsip)
301	cache_put(h: &rsip->h, cd);
302	else
303	status = -ENOMEM;
304	return status;
305	}
306
307	static const struct cache_detail rsi_cache_template = {
308	.owner = THIS_MODULE,
309	.hash_size = RSI_HASHMAX,
310	.name = "auth.rpcsec.init",
311	.cache_put = rsi_put,
312	.cache_upcall = rsi_upcall,
313	.cache_request = rsi_request,
314	.cache_parse = rsi_parse,
315	.match = rsi_match,
316	.init = rsi_init,
317	.update = update_rsi,
318	.alloc = rsi_alloc,
319	};
320
321	static struct rsi rsi_lookup(struct* cache_detail cd, struct* rsi *item)
322	{
323	struct cache_head *ch;
324	int hash = rsi_hash(item);
325
326	ch = sunrpc_cache_lookup_rcu(detail: cd, key: &item->h, hash);
327	if (ch)
328	return container_of(ch, struct rsi, h);
329	else
330	return NULL;
331	}
332
333	static struct rsi rsi_update(struct* cache_detail cd, struct* rsi new, struct* rsi *old)
334	{
335	struct cache_head *ch;
336	int hash = rsi_hash(item: new);
337
338	ch = sunrpc_cache_update(detail: cd, new: &new->h,
339	old: &old->h, hash);
340	if (ch)
341	return container_of(ch, struct rsi, h);
342	else
343	return NULL;
344	}
345
346
347	/*
348	* The rpcsec_context cache is used to store a context that is
349	* used in data exchange.
350	* The key is a context handle. The content is:
351	* uid, gidlist, mechanism, service-set, mech-specific-data
352	*/
353
354	#define RSC_HASHBITS 10
355	#define RSC_HASHMAX (1<<RSC_HASHBITS)
356
357	#define GSS_SEQ_WIN 128
358
359	struct gss_svc_seq_data {
360	/ highest seq number seen so far: /
361	u32 sd_max;
362	/ for i such that sd_max-GSS_SEQ_WIN < i <= sd_max, the i-th bit of*
363	* sd_win is nonzero iff sequence number i has been seen already: */
364	unsigned long sd_win[GSS_SEQ_WIN/BITS_PER_LONG];
365	spinlock_t sd_lock;
366	};
367
368	struct rsc {
369	struct cache_head h;
370	struct xdr_netobj handle;
371	struct svc_cred cred;
372	struct gss_svc_seq_data seqdata;
373	struct gss_ctx *mechctx;
374	struct rcu_head rcu_head;
375	};
376
377	static struct rsc rsc_update(struct* cache_detail cd, struct* rsc new, struct* rsc *old);
378	static struct rsc rsc_lookup(struct* cache_detail cd, struct* rsc *item);
379
380	static void rsc_free(struct rsc *rsci)
381	{
382	kfree(objp: rsci->handle.data);
383	if (rsci->mechctx)
384	gss_delete_sec_context(ctx_id: &rsci->mechctx);
385	free_svc_cred(cred: &rsci->cred);
386	}
387
388	static void rsc_free_rcu(struct rcu_head *head)
389	{
390	struct rsc rsci = container_of(head, struct* rsc, rcu_head);
391
392	kfree(objp: rsci->handle.data);
393	kfree(objp: rsci);
394	}
395
396	static void rsc_put(struct kref *ref)
397	{
398	struct rsc rsci = container_of(ref, struct* rsc, h.ref);
399
400	if (rsci->mechctx)
401	gss_delete_sec_context(ctx_id: &rsci->mechctx);
402	free_svc_cred(cred: &rsci->cred);
403	call_rcu(head: &rsci->rcu_head, func: rsc_free_rcu);
404	}
405
406	static inline int
407	rsc_hash(struct rsc *rsci)
408	{
409	return hash_mem(buf: rsci->handle.data, length: rsci->handle.len, RSC_HASHBITS);
410	}
411
412	static int
413	rsc_match(struct cache_head a, struct* cache_head *b)
414	{
415	struct rsc new = container_of(a, struct* rsc, h);
416	struct rsc tmp = container_of(b, struct* rsc, h);
417
418	return netobj_equal(a: &new->handle, b: &tmp->handle);
419	}
420
421	static void
422	rsc_init(struct cache_head cnew, struct* cache_head *ctmp)
423	{
424	struct rsc new = container_of(cnew, struct* rsc, h);
425	struct rsc tmp = container_of(ctmp, struct* rsc, h);
426
427	new->handle.len = tmp->handle.len;
428	tmp->handle.len = `0`;
429	new->handle.data = tmp->handle.data;
430	tmp->handle.data = NULL;
431	new->mechctx = NULL;
432	init_svc_cred(cred: &new->cred);
433	}
434
435	static void
436	update_rsc(struct cache_head cnew, struct* cache_head *ctmp)
437	{
438	struct rsc new = container_of(cnew, struct* rsc, h);
439	struct rsc tmp = container_of(ctmp, struct* rsc, h);
440
441	new->mechctx = tmp->mechctx;
442	tmp->mechctx = NULL;
443	memset(&new->seqdata, `0`, sizeof(new->seqdata));
444	spin_lock_init(&new->seqdata.sd_lock);
445	new->cred = tmp->cred;
446	init_svc_cred(cred: &tmp->cred);
447	}
448
449	static struct cache_head *
450	rsc_alloc(void)
451	{
452	struct rsc rsci = kmalloc(sizeof(rsci), GFP_KERNEL);
453	if (rsci)
454	return &rsci->h;
455	else
456	return NULL;
457	}
458
459	static int rsc_upcall(struct cache_detail cd, struct* cache_head *h)
460	{
461	return -EINVAL;
462	}
463
464	static int rsc_parse(struct cache_detail *cd,
465	char mesg, int* mlen)
466	{
467	/ contexthandle expiry [ uid gid N <n gids> mechname ...mechdata... ] /
468	char *buf = mesg;
469	int id;
470	int len, rv;
471	struct rsc rsci, *rscp = NULL;
472	time64_t expiry;
473	int status = -EINVAL;
474	struct gss_api_mech *gm = NULL;
475
476	memset(&rsci, `0`, sizeof(rsci));
477	/ context handle /
478	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
479	if (len < `0`) goto out;
480	status = -ENOMEM;
481	if (dup_to_netobj(dst: &rsci.handle, src: buf, len))
482	goto out;
483
484	rsci.h.flags = `0`;
485	/ expiry /
486	status = get_expiry(bpp: &mesg, rvp: &expiry);
487	if (status)
488	goto out;
489
490	status = -EINVAL;
491	rscp = rsc_lookup(cd, item: &rsci);
492	if (!rscp)
493	goto out;
494
495	/ uid, or NEGATIVE /
496	rv = get_int(bpp: &mesg, anint: &id);
497	if (rv == -EINVAL)
498	goto out;
499	if (rv == -ENOENT)
500	set_bit(nr: CACHE_NEGATIVE, addr: &rsci.h.flags);
501	else {
502	int N, i;
503
504	/*
505	* NOTE: we skip uid_valid()/gid_valid() checks here:
506	* instead, * -1 id's are later mapped to the
507	* (export-specific) anonymous id by nfsd_setuser.
508	*
509	* (But supplementary gid's get no such special
510	* treatment so are checked for validity here.)
511	*/
512	/ uid /
513	rsci.cred.cr_uid = make_kuid(current_user_ns(), uid: id);
514
515	/ gid /
516	if (get_int(bpp: &mesg, anint: &id))
517	goto out;
518	rsci.cred.cr_gid = make_kgid(current_user_ns(), gid: id);
519
520	/ number of additional gid's /
521	if (get_int(bpp: &mesg, anint: &N))
522	goto out;
523	if (N < `0` \|\| N > NGROUPS_MAX)
524	goto out;
525	status = -ENOMEM;
526	rsci.cred.cr_group_info = groups_alloc(N);
527	if (rsci.cred.cr_group_info == NULL)
528	goto out;
529
530	/ gid's /
531	status = -EINVAL;
532	for (i=`0`; i<N; i++) {
533	kgid_t kgid;
534	if (get_int(bpp: &mesg, anint: &id))
535	goto out;
536	kgid = make_kgid(current_user_ns(), gid: id);
537	if (!gid_valid(gid: kgid))
538	goto out;
539	rsci.cred.cr_group_info->gid[i] = kgid;
540	}
541	groups_sort(rsci.cred.cr_group_info);
542
543	/ mech name /
544	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
545	if (len < `0`)
546	goto out;
547	gm = rsci.cred.cr_gss_mech = gss_mech_get_by_name(buf);
548	status = -EOPNOTSUPP;
549	if (!gm)
550	goto out;
551
552	status = -EINVAL;
553	/ mech-specific data: /
554	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
555	if (len < `0`)
556	goto out;
557	status = gss_import_sec_context(input_token: buf, bufsize: len, mech: gm, ctx_id: &rsci.mechctx,
558	NULL, GFP_KERNEL);
559	if (status)
560	goto out;
561
562	/ get client name /
563	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
564	if (len > `0`) {
565	rsci.cred.cr_principal = kstrdup(s: buf, GFP_KERNEL);
566	if (!rsci.cred.cr_principal) {
567	status = -ENOMEM;
568	goto out;
569	}
570	}
571
572	}
573	rsci.h.expiry_time = expiry;
574	rscp = rsc_update(cd, new: &rsci, old: rscp);
575	status = `0`;
576	out:
577	rsc_free(rsci: &rsci);
578	if (rscp)
579	cache_put(h: &rscp->h, cd);
580	else
581	status = -ENOMEM;
582	return status;
583	}
584
585	static const struct cache_detail rsc_cache_template = {
586	.owner = THIS_MODULE,
587	.hash_size = RSC_HASHMAX,
588	.name = "auth.rpcsec.context",
589	.cache_put = rsc_put,
590	.cache_upcall = rsc_upcall,
591	.cache_parse = rsc_parse,
592	.match = rsc_match,
593	.init = rsc_init,
594	.update = update_rsc,
595	.alloc = rsc_alloc,
596	};
597
598	static struct rsc rsc_lookup(struct* cache_detail cd, struct* rsc *item)
599	{
600	struct cache_head *ch;
601	int hash = rsc_hash(rsci: item);
602
603	ch = sunrpc_cache_lookup_rcu(detail: cd, key: &item->h, hash);
604	if (ch)
605	return container_of(ch, struct rsc, h);
606	else
607	return NULL;
608	}
609
610	static struct rsc rsc_update(struct* cache_detail cd, struct* rsc new, struct* rsc *old)
611	{
612	struct cache_head *ch;
613	int hash = rsc_hash(rsci: new);
614
615	ch = sunrpc_cache_update(detail: cd, new: &new->h,
616	old: &old->h, hash);
617	if (ch)
618	return container_of(ch, struct rsc, h);
619	else
620	return NULL;
621	}
622
623
624	static struct rsc *
625	gss_svc_searchbyctx(struct cache_detail cd, struct* xdr_netobj *handle)
626	{
627	struct rsc rsci;
628	struct rsc *found;
629
630	memset(&rsci, `0`, sizeof(rsci));
631	if (dup_to_netobj(dst: &rsci.handle, src: handle->data, len: handle->len))
632	return NULL;
633	found = rsc_lookup(cd, item: &rsci);
634	rsc_free(rsci: &rsci);
635	if (!found)
636	return NULL;
637	if (cache_check(detail: cd, h: &found->h, NULL))
638	return NULL;
639	return found;
640	}
641
642	/**
643	* gss_check_seq_num - GSS sequence number window check
644	* @rqstp: RPC Call to use when reporting errors
645	* @rsci: cached GSS context state (updated on return)
646	* @seq_num: sequence number to check
647	*
648	* Implements sequence number algorithm as specified in
649	* RFC 2203, Section 5.3.3.1. "Context Management".
650	*
651	* Return values:
652	* %true: @rqstp's GSS sequence number is inside the window
653	* %false: @rqstp's GSS sequence number is outside the window
654	*/
655	static bool gss_check_seq_num(const struct svc_rqst rqstp, struct* rsc *rsci,
656	u32 seq_num)
657	{
658	struct gss_svc_seq_data *sd = &rsci->seqdata;
659	bool result = false;
660
661	spin_lock(lock: &sd->sd_lock);
662	if (seq_num > sd->sd_max) {
663	if (seq_num >= sd->sd_max + GSS_SEQ_WIN) {
664	memset(sd->sd_win, `0`, sizeof(sd->sd_win));
665	sd->sd_max = seq_num;
666	} else while (sd->sd_max < seq_num) {
667	sd->sd_max++;
668	__clear_bit(sd->sd_max % GSS_SEQ_WIN, sd->sd_win);
669	}
670	__set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win);
671	goto ok;
672	} else if (seq_num + GSS_SEQ_WIN <= sd->sd_max) {
673	goto toolow;
674	}
675	if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win))
676	goto alreadyseen;
677
678	ok:
679	result = true;
680	out:
681	spin_unlock(lock: &sd->sd_lock);
682	return result;
683
684	toolow:
685	trace_rpcgss_svc_seqno_low(rqstp, seqno: seq_num,
686	min: sd->sd_max - GSS_SEQ_WIN,
687	max: sd->sd_max);
688	goto out;
689	alreadyseen:
690	trace_rpcgss_svc_seqno_seen(rqstp, seqno: seq_num);
691	goto out;
692	}
693
694	/*
695	* Decode and verify a Call's verifier field. For RPC_AUTH_GSS Calls,
696	* the body of this field contains a variable length checksum.
697	*
698	* GSS-specific auth_stat values are mandated by RFC 2203 Section
699	* 5.3.3.3.
700	*/
701	static int
702	svcauth_gss_verify_header(struct svc_rqst rqstp, struct* rsc *rsci,
703	__be32 rpcstart, struct* rpc_gss_wire_cred *gc)
704	{
705	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
706	struct gss_ctx *ctx_id = rsci->mechctx;
707	u32 flavor, maj_stat;
708	struct xdr_buf rpchdr;
709	struct xdr_netobj checksum;
710	struct kvec iov;
711
712	/*
713	* Compute the checksum of the incoming Call from the
714	* XID field to credential field:
715	*/
716	iov.iov_base = rpcstart;
717	iov.iov_len = (u8 )xdr->p - (u8 )rpcstart;
718	xdr_buf_from_iov(&iov, &rpchdr);
719
720	/ Call's verf field: /
721	if (xdr_stream_decode_opaque_auth(xdr, flavor: &flavor,
722	body: (void **)&checksum.data,
723	body_len: &checksum.len) < `0`) {
724	rqstp->rq_auth_stat = rpc_autherr_badverf;
725	return SVC_DENIED;
726	}
727	if (flavor != RPC_AUTH_GSS \|\| checksum.len < XDR_UNIT) {
728	rqstp->rq_auth_stat = rpc_autherr_badverf;
729	return SVC_DENIED;
730	}
731
732	if (rqstp->rq_deferred)
733	return SVC_OK;
734	maj_stat = gss_verify_mic(ctx_id, message: &rpchdr, mic_token: &checksum);
735	if (maj_stat != GSS_S_COMPLETE) {
736	trace_rpcgss_svc_mic(rqstp, maj_stat);
737	rqstp->rq_auth_stat = rpcsec_gsserr_credproblem;
738	return SVC_DENIED;
739	}
740
741	if (gc->gc_seq > MAXSEQ) {
742	trace_rpcgss_svc_seqno_large(rqstp, seqno: gc->gc_seq);
743	rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem;
744	return SVC_DENIED;
745	}
746	if (!gss_check_seq_num(rqstp, rsci, seq_num: gc->gc_seq))
747	return SVC_DROP;
748	return SVC_OK;
749	}
750
751	/*
752	* Construct and encode a Reply's verifier field. The verifier's body
753	* field contains a variable-length checksum of the GSS sequence
754	* number.
755	*/
756	static bool
757	svcauth_gss_encode_verf(struct svc_rqst rqstp, struct* gss_ctx *ctx_id, u32 seq)
758	{
759	struct gss_svc_data *gsd = rqstp->rq_auth_data;
760	u32 maj_stat;
761	struct xdr_buf verf_data;
762	struct xdr_netobj checksum;
763	struct kvec iov;
764
765	gsd->gsd_seq_num = cpu_to_be32(seq);
766	iov.iov_base = &gsd->gsd_seq_num;
767	iov.iov_len = XDR_UNIT;
768	xdr_buf_from_iov(&iov, &verf_data);
769
770	checksum.data = gsd->gsd_scratch;
771	maj_stat = gss_get_mic(ctx_id, message: &verf_data, mic_token: &checksum);
772	if (maj_stat != GSS_S_COMPLETE)
773	goto bad_mic;
774
775	return xdr_stream_encode_opaque_auth(xdr: &rqstp->rq_res_stream, flavor: RPC_AUTH_GSS,
776	body: checksum.data, body_len: checksum.len) > `0`;
777
778	bad_mic:
779	trace_rpcgss_svc_get_mic(rqstp, maj_stat);
780	return false;
781	}
782
783	struct gss_domain {
784	struct auth_domain h;
785	u32 pseudoflavor;
786	};
787
788	static struct auth_domain *
789	find_gss_auth_domain(struct gss_ctx *ctx, u32 svc)
790	{
791	char *name;
792
793	name = gss_service_to_auth_domain_name(ctx->mech_type, service: svc);
794	if (!name)
795	return NULL;
796	return auth_domain_find(name);
797	}
798
799	static struct auth_ops svcauthops_gss;
800
801	u32 svcauth_gss_flavor(struct auth_domain *dom)
802	{
803	struct gss_domain gd = container_of(dom, struct* gss_domain, h);
804
805	return gd->pseudoflavor;
806	}
807
808	EXPORT_SYMBOL_GPL(svcauth_gss_flavor);
809
810	struct auth_domain *
811	svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
812	{
813	struct gss_domain *new;
814	struct auth_domain *test;
815	int stat = -ENOMEM;
816
817	new = kmalloc(sizeof(*new), GFP_KERNEL);
818	if (!new)
819	goto out;
820	kref_init(kref: &new->h.ref);
821	new->h.name = kstrdup(s: name, GFP_KERNEL);
822	if (!new->h.name)
823	goto out_free_dom;
824	new->h.flavour = &svcauthops_gss;
825	new->pseudoflavor = pseudoflavor;
826
827	test = auth_domain_lookup(name, new: &new->h);
828	if (test != &new->h) {
829	pr_warn("svc: duplicate registration of gss pseudo flavour %s.\n",
830	name);
831	stat = -EADDRINUSE;
832	auth_domain_put(item: test);
833	goto out_free_name;
834	}
835	return test;
836
837	out_free_name:
838	kfree(objp: new->h.name);
839	out_free_dom:
840	kfree(objp: new);
841	out:
842	return ERR_PTR(error: stat);
843	}
844	EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor);
845
846	/*
847	* RFC 2203, Section 5.3.2.2
848	*
849	* struct rpc_gss_integ_data {
850	* opaque databody_integ<>;
851	* opaque checksum<>;
852	* };
853	*
854	* struct rpc_gss_data_t {
855	* unsigned int seq_num;
856	* proc_req_arg_t arg;
857	* };
858	*/
859	static noinline_for_stack int
860	svcauth_gss_unwrap_integ(struct svc_rqst rqstp, u32 seq, struct* gss_ctx *ctx)
861	{
862	struct gss_svc_data *gsd = rqstp->rq_auth_data;
863	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
864	u32 len, offset, seq_num, maj_stat;
865	struct xdr_buf *buf = xdr->buf;
866	struct xdr_buf databody_integ;
867	struct xdr_netobj checksum;
868
869	/ Did we already verify the signature on the original pass through? /
870	if (rqstp->rq_deferred)
871	return `0`;
872
873	if (xdr_stream_decode_u32(xdr, ptr: &len) < `0`)
874	goto unwrap_failed;
875	if (len & `3`)
876	goto unwrap_failed;
877	offset = xdr_stream_pos(xdr);
878	if (xdr_buf_subsegment(buf, &databody_integ, offset, len))
879	goto unwrap_failed;
880
881	/*
882	* The xdr_stream now points to the @seq_num field. The next
883	* XDR data item is the @arg field, which contains the clear
884	* text RPC program payload. The checksum, which follows the
885	* @arg field, is located and decoded without updating the
886	* xdr_stream.
887	*/
888
889	offset += len;
890	if (xdr_decode_word(buf, offset, &checksum.len))
891	goto unwrap_failed;
892	if (checksum.len > sizeof(gsd->gsd_scratch))
893	goto unwrap_failed;
894	checksum.data = gsd->gsd_scratch;
895	if (read_bytes_from_xdr_buf(buf, offset + XDR_UNIT, checksum.data,
896	checksum.len))
897	goto unwrap_failed;
898
899	maj_stat = gss_verify_mic(ctx_id: ctx, message: &databody_integ, mic_token: &checksum);
900	if (maj_stat != GSS_S_COMPLETE)
901	goto bad_mic;
902
903	/ The received seqno is protected by the checksum. /
904	if (xdr_stream_decode_u32(xdr, ptr: &seq_num) < `0`)
905	goto unwrap_failed;
906	if (seq_num != seq)
907	goto bad_seqno;
908
909	xdr_truncate_decode(xdr, XDR_UNIT + checksum.len);
910	return `0`;
911
912	unwrap_failed:
913	trace_rpcgss_svc_unwrap_failed(rqstp);
914	return -EINVAL;
915	bad_seqno:
916	trace_rpcgss_svc_seqno_bad(rqstp, expected: seq, received: seq_num);
917	return -EINVAL;
918	bad_mic:
919	trace_rpcgss_svc_mic(rqstp, maj_stat);
920	return -EINVAL;
921	}
922
923	/*
924	* RFC 2203, Section 5.3.2.3
925	*
926	* struct rpc_gss_priv_data {
927	* opaque databody_priv<>
928	* };
929	*
930	* struct rpc_gss_data_t {
931	* unsigned int seq_num;
932	* proc_req_arg_t arg;
933	* };
934	*/
935	static noinline_for_stack int
936	svcauth_gss_unwrap_priv(struct svc_rqst rqstp, u32 seq, struct* gss_ctx *ctx)
937	{
938	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
939	u32 len, maj_stat, seq_num, offset;
940	struct xdr_buf *buf = xdr->buf;
941	unsigned int saved_len;
942
943	if (xdr_stream_decode_u32(xdr, ptr: &len) < `0`)
944	goto unwrap_failed;
945	if (rqstp->rq_deferred) {
946	/ Already decrypted last time through! The sequence number*
947	* check at out_seq is unnecessary but harmless: */
948	goto out_seq;
949	}
950	if (len > xdr_stream_remaining(xdr))
951	goto unwrap_failed;
952	offset = xdr_stream_pos(xdr);
953
954	saved_len = buf->len;
955	maj_stat = gss_unwrap(ctx_id: ctx, offset, len: offset + len, inbuf: buf);
956	if (maj_stat != GSS_S_COMPLETE)
957	goto bad_unwrap;
958	xdr->nwords -= XDR_QUADLEN(saved_len - buf->len);
959
960	out_seq:
961	/ gss_unwrap() decrypted the sequence number. /
962	if (xdr_stream_decode_u32(xdr, ptr: &seq_num) < `0`)
963	goto unwrap_failed;
964	if (seq_num != seq)
965	goto bad_seqno;
966	return `0`;
967
968	unwrap_failed:
969	trace_rpcgss_svc_unwrap_failed(rqstp);
970	return -EINVAL;
971	bad_seqno:
972	trace_rpcgss_svc_seqno_bad(rqstp, expected: seq, received: seq_num);
973	return -EINVAL;
974	bad_unwrap:
975	trace_rpcgss_svc_unwrap(rqstp, maj_stat);
976	return -EINVAL;
977	}
978
979	static enum svc_auth_status
980	svcauth_gss_set_client(struct svc_rqst *rqstp)
981	{
982	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
983	struct rsc *rsci = svcdata->rsci;
984	struct rpc_gss_wire_cred *gc = &svcdata->clcred;
985	int stat;
986
987	rqstp->rq_auth_stat = rpc_autherr_badcred;
988
989	/*
990	* A gss export can be specified either by:
991	* export *(sec=krb5,rw)
992	* or by
993	* export gss/krb5(rw)
994	* The latter is deprecated; but for backwards compatibility reasons
995	* the nfsd code will still fall back on trying it if the former
996	* doesn't work; so we try to make both available to nfsd, below.
997	*/
998	rqstp->rq_gssclient = find_gss_auth_domain(ctx: rsci->mechctx, svc: gc->gc_svc);
999	if (rqstp->rq_gssclient == NULL)
1000	return SVC_DENIED;
1001	stat = svcauth_unix_set_client(rqstp);
1002	if (stat == SVC_DROP \|\| stat == SVC_CLOSE)
1003	return stat;
1004
1005	rqstp->rq_auth_stat = rpc_auth_ok;
1006	return SVC_OK;
1007	}
1008
1009	static bool
1010	svcauth_gss_proc_init_verf(struct cache_detail cd, struct* svc_rqst *rqstp,
1011	struct xdr_netobj out_handle, int* *major_status,
1012	u32 seq_num)
1013	{
1014	struct xdr_stream *xdr = &rqstp->rq_res_stream;
1015	struct rsc *rsci;
1016	bool rc;
1017
1018	if (*major_status != GSS_S_COMPLETE)
1019	goto null_verifier;
1020	rsci = gss_svc_searchbyctx(cd, handle: out_handle);
1021	if (rsci == NULL) {
1022	*major_status = GSS_S_NO_CONTEXT;
1023	goto null_verifier;
1024	}
1025
1026	rc = svcauth_gss_encode_verf(rqstp, ctx_id: rsci->mechctx, seq: seq_num);
1027	cache_put(h: &rsci->h, cd);
1028	return rc;
1029
1030	null_verifier:
1031	return xdr_stream_encode_opaque_auth(xdr, flavor: RPC_AUTH_NULL, NULL, body_len: `0`) > `0`;
1032	}
1033
1034	static void gss_free_in_token_pages(struct gssp_in_token *in_token)
1035	{
1036	int i;
1037
1038	i = `0`;
1039	while (in_token->pages[i])
1040	put_page(page: in_token->pages[i++]);
1041	kfree(objp: in_token->pages);
1042	in_token->pages = NULL;
1043	}
1044
1045	static int gss_read_proxy_verf(struct svc_rqst *rqstp,
1046	struct rpc_gss_wire_cred *gc,
1047	struct xdr_netobj *in_handle,
1048	struct gssp_in_token *in_token)
1049	{
1050	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
1051	unsigned int length, pgto_offs, pgfrom_offs;
1052	int pages, i, pgto, pgfrom;
1053	size_t to_offs, from_offs;
1054	u32 inlen;
1055
1056	if (dup_netobj(dst: in_handle, src: &gc->gc_ctx))
1057	return SVC_CLOSE;
1058
1059	/*
1060	* RFC 2203 Section 5.2.2
1061	*
1062	* struct rpc_gss_init_arg {
1063	* opaque gss_token<>;
1064	* };
1065	*/
1066	if (xdr_stream_decode_u32(xdr, ptr: &inlen) < `0`)
1067	goto out_denied_free;
1068	if (inlen > xdr_stream_remaining(xdr))
1069	goto out_denied_free;
1070
1071	pages = DIV_ROUND_UP(inlen, PAGE_SIZE);
1072	in_token->pages = kcalloc(pages + `1`, sizeof(struct page *), GFP_KERNEL);
1073	if (!in_token->pages)
1074	goto out_denied_free;
1075	in_token->page_base = `0`;
1076	in_token->page_len = inlen;
1077	for (i = `0`; i < pages; i++) {
1078	in_token->pages[i] = alloc_page(GFP_KERNEL);
1079	if (!in_token->pages[i]) {
1080	gss_free_in_token_pages(in_token);
1081	goto out_denied_free;
1082	}
1083	}
1084
1085	length = min_t(unsigned int, inlen, (char )xdr->end - (char* *)xdr->p);
1086	if (length)
1087	memcpy(page_address(in_token->pages[`0`]), xdr->p, length);
1088	inlen -= length;
1089
1090	to_offs = length;
1091	from_offs = rqstp->rq_arg.page_base;
1092	while (inlen) {
1093	pgto = to_offs >> PAGE_SHIFT;
1094	pgfrom = from_offs >> PAGE_SHIFT;
1095	pgto_offs = to_offs & ~PAGE_MASK;
1096	pgfrom_offs = from_offs & ~PAGE_MASK;
1097
1098	length = min_t(unsigned int, inlen,
1099	min_t(unsigned int, PAGE_SIZE - pgto_offs,
1100	PAGE_SIZE - pgfrom_offs));
1101	memcpy(page_address(in_token->pages[pgto]) + pgto_offs,
1102	page_address(rqstp->rq_arg.pages[pgfrom]) + pgfrom_offs,
1103	length);
1104
1105	to_offs += length;
1106	from_offs += length;
1107	inlen -= length;
1108	}
1109	return `0`;
1110
1111	out_denied_free:
1112	kfree(objp: in_handle->data);
1113	return SVC_DENIED;
1114	}
1115
1116	/*
1117	* RFC 2203, Section 5.2.3.1.
1118	*
1119	* struct rpc_gss_init_res {
1120	* opaque handle<>;
1121	* unsigned int gss_major;
1122	* unsigned int gss_minor;
1123	* unsigned int seq_window;
1124	* opaque gss_token<>;
1125	* };
1126	*/
1127	static bool
1128	svcxdr_encode_gss_init_res(struct xdr_stream *xdr,
1129	struct xdr_netobj *handle,
1130	struct xdr_netobj *gss_token,
1131	unsigned int major_status,
1132	unsigned int minor_status, u32 seq_num)
1133	{
1134	if (xdr_stream_encode_opaque(xdr, ptr: handle->data, len: handle->len) < `0`)
1135	return false;
1136	if (xdr_stream_encode_u32(xdr, n: major_status) < `0`)
1137	return false;
1138	if (xdr_stream_encode_u32(xdr, n: minor_status) < `0`)
1139	return false;
1140	if (xdr_stream_encode_u32(xdr, n: seq_num) < `0`)
1141	return false;
1142	if (xdr_stream_encode_opaque(xdr, ptr: gss_token->data, len: gss_token->len) < `0`)
1143	return false;
1144	return true;
1145	}
1146
1147	/*
1148	* Having read the cred already and found we're in the context
1149	* initiation case, read the verifier and initiate (or check the results
1150	* of) upcalls to userspace for help with context initiation. If
1151	* the upcall results are available, write the verifier and result.
1152	* Otherwise, drop the request pending an answer to the upcall.
1153	*/
1154	static int
1155	svcauth_gss_legacy_init(struct svc_rqst *rqstp,
1156	struct rpc_gss_wire_cred *gc)
1157	{
1158	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
1159	struct rsi *rsip, rsikey;
1160	__be32 *p;
1161	u32 len;
1162	int ret;
1163	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), id: sunrpc_net_id);
1164
1165	memset(&rsikey, `0`, sizeof(rsikey));
1166	if (dup_netobj(dst: &rsikey.in_handle, src: &gc->gc_ctx))
1167	return SVC_CLOSE;
1168
1169	/*
1170	* RFC 2203 Section 5.2.2
1171	*
1172	* struct rpc_gss_init_arg {
1173	* opaque gss_token<>;
1174	* };
1175	*/
1176	if (xdr_stream_decode_u32(xdr, ptr: &len) < `0`) {
1177	kfree(objp: rsikey.in_handle.data);
1178	return SVC_DENIED;
1179	}
1180	p = xdr_inline_decode(xdr, nbytes: len);
1181	if (!p) {
1182	kfree(objp: rsikey.in_handle.data);
1183	return SVC_DENIED;
1184	}
1185	rsikey.in_token.data = kmalloc(len, GFP_KERNEL);
1186	if (ZERO_OR_NULL_PTR(rsikey.in_token.data)) {
1187	kfree(objp: rsikey.in_handle.data);
1188	return SVC_CLOSE;
1189	}
1190	memcpy(rsikey.in_token.data, p, len);
1191	rsikey.in_token.len = len;
1192
1193	/ Perform upcall, or find upcall result: /
1194	rsip = rsi_lookup(cd: sn->rsi_cache, item: &rsikey);
1195	rsi_free(rsii: &rsikey);
1196	if (!rsip)
1197	return SVC_CLOSE;
1198	if (cache_check(detail: sn->rsi_cache, h: &rsip->h, rqstp: &rqstp->rq_chandle) < `0`)
1199	/ No upcall result: /
1200	return SVC_CLOSE;
1201
1202	ret = SVC_CLOSE;
1203	if (!svcauth_gss_proc_init_verf(cd: sn->rsc_cache, rqstp, out_handle: &rsip->out_handle,
1204	major_status: &rsip->major_status, GSS_SEQ_WIN))
1205	goto out;
1206	if (!svcxdr_set_accept_stat(rqstp))
1207	goto out;
1208	if (!svcxdr_encode_gss_init_res(xdr: &rqstp->rq_res_stream, handle: &rsip->out_handle,
1209	gss_token: &rsip->out_token, major_status: rsip->major_status,
1210	minor_status: rsip->minor_status, GSS_SEQ_WIN))
1211	goto out;
1212
1213	ret = SVC_COMPLETE;
1214	out:
1215	cache_put(h: &rsip->h, cd: sn->rsi_cache);
1216	return ret;
1217	}
1218
1219	static int gss_proxy_save_rsc(struct cache_detail *cd,
1220	struct gssp_upcall_data *ud,
1221	uint64_t *handle)
1222	{
1223	struct rsc rsci, *rscp = NULL;
1224	static atomic64_t ctxhctr;
1225	long long ctxh;
1226	struct gss_api_mech *gm = NULL;
1227	time64_t expiry;
1228	int status;
1229
1230	memset(&rsci, `0`, sizeof(rsci));
1231	/ context handle /
1232	status = -ENOMEM;
1233	/ the handle needs to be just a unique id,*
1234	* use a static counter */
1235	ctxh = atomic64_inc_return(v: &ctxhctr);
1236
1237	/ make a copy for the caller /
1238	*handle = ctxh;
1239
1240	/ make a copy for the rsc cache /
1241	if (dup_to_netobj(dst: &rsci.handle, src: (char )handle, len: sizeof*(uint64_t)))
1242	goto out;
1243	rscp = rsc_lookup(cd, item: &rsci);
1244	if (!rscp)
1245	goto out;
1246
1247	/ creds /
1248	if (!ud->found_creds) {
1249	/ userspace seem buggy, we should always get at least a*
1250	* mapping to nobody */
1251	goto out;
1252	} else {
1253	struct timespec64 boot;
1254
1255	/ steal creds /
1256	rsci.cred = ud->creds;
1257	memset(&ud->creds, `0`, sizeof(struct svc_cred));
1258
1259	status = -EOPNOTSUPP;
1260	/ get mech handle from OID /
1261	gm = gss_mech_get_by_OID(&ud->mech_oid);
1262	if (!gm)
1263	goto out;
1264	rsci.cred.cr_gss_mech = gm;
1265
1266	status = -EINVAL;
1267	/ mech-specific data: /
1268	status = gss_import_sec_context(input_token: ud->out_handle.data,
1269	bufsize: ud->out_handle.len,
1270	mech: gm, ctx_id: &rsci.mechctx,
1271	endtime: &expiry, GFP_KERNEL);
1272	if (status)
1273	goto out;
1274
1275	getboottime64(ts: &boot);
1276	expiry -= boot.tv_sec;
1277	}
1278
1279	rsci.h.expiry_time = expiry;
1280	rscp = rsc_update(cd, new: &rsci, old: rscp);
1281	status = `0`;
1282	out:
1283	rsc_free(rsci: &rsci);
1284	if (rscp)
1285	cache_put(h: &rscp->h, cd);
1286	else
1287	status = -ENOMEM;
1288	return status;
1289	}
1290
1291	static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,
1292	struct rpc_gss_wire_cred *gc)
1293	{
1294	struct xdr_netobj cli_handle;
1295	struct gssp_upcall_data ud;
1296	uint64_t handle;
1297	int status;
1298	int ret;
1299	struct net *net = SVC_NET(rqstp);
1300	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1301
1302	memset(&ud, `0`, sizeof(ud));
1303	ret = gss_read_proxy_verf(rqstp, gc, in_handle: &ud.in_handle, in_token: &ud.in_token);
1304	if (ret)
1305	return ret;
1306
1307	ret = SVC_CLOSE;
1308
1309	/ Perform synchronous upcall to gss-proxy /
1310	status = gssp_accept_sec_context_upcall(net, data: &ud);
1311	if (status)
1312	goto out;
1313
1314	trace_rpcgss_svc_accept_upcall(rqstp, major_status: ud.major_status, minor_status: ud.minor_status);
1315
1316	switch (ud.major_status) {
1317	case GSS_S_CONTINUE_NEEDED:
1318	cli_handle = ud.out_handle;
1319	break;
1320	case GSS_S_COMPLETE:
1321	status = gss_proxy_save_rsc(cd: sn->rsc_cache, ud: &ud, handle: &handle);
1322	if (status)
1323	goto out;
1324	cli_handle.data = (u8 *)&handle;
1325	cli_handle.len = sizeof(handle);
1326	break;
1327	default:
1328	goto out;
1329	}
1330
1331	if (!svcauth_gss_proc_init_verf(cd: sn->rsc_cache, rqstp, out_handle: &cli_handle,
1332	major_status: &ud.major_status, GSS_SEQ_WIN))
1333	goto out;
1334	if (!svcxdr_set_accept_stat(rqstp))
1335	goto out;
1336	if (!svcxdr_encode_gss_init_res(xdr: &rqstp->rq_res_stream, handle: &cli_handle,
1337	gss_token: &ud.out_token, major_status: ud.major_status,
1338	minor_status: ud.minor_status, GSS_SEQ_WIN))
1339	goto out;
1340
1341	ret = SVC_COMPLETE;
1342	out:
1343	gss_free_in_token_pages(in_token: &ud.in_token);
1344	gssp_free_upcall_data(data: &ud);
1345	return ret;
1346	}
1347
1348	/*
1349	* Try to set the sn->use_gss_proxy variable to a new value. We only allow
1350	* it to be changed if it's currently undefined (-1). If it's any other value
1351	* then return -EBUSY unless the type wouldn't have changed anyway.
1352	*/
1353	static int set_gss_proxy(struct net net, int* type)
1354	{
1355	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1356	int ret;
1357
1358	WARN_ON_ONCE(type != `0` && type != `1`);
1359	ret = cmpxchg(&sn->use_gss_proxy, -`1`, type);
1360	if (ret != -`1` && ret != type)
1361	return -EBUSY;
1362	return `0`;
1363	}
1364
1365	static bool use_gss_proxy(struct net *net)
1366	{
1367	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1368
1369	/ If use_gss_proxy is still undefined, then try to disable it /
1370	if (sn->use_gss_proxy == -`1`)
1371	set_gss_proxy(net, type: `0`);
1372	return sn->use_gss_proxy;
1373	}
1374
1375	static noinline_for_stack int
1376	svcauth_gss_proc_init(struct svc_rqst rqstp, struct* rpc_gss_wire_cred *gc)
1377	{
1378	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
1379	u32 flavor, len;
1380	void *body;
1381
1382	/ Call's verf field: /
1383	if (xdr_stream_decode_opaque_auth(xdr, flavor: &flavor, body: &body, body_len: &len) < `0`)
1384	return SVC_GARBAGE;
1385	if (flavor != RPC_AUTH_NULL \|\| len != `0`) {
1386	rqstp->rq_auth_stat = rpc_autherr_badverf;
1387	return SVC_DENIED;
1388	}
1389
1390	if (gc->gc_proc == RPC_GSS_PROC_INIT && gc->gc_ctx.len != `0`) {
1391	rqstp->rq_auth_stat = rpc_autherr_badcred;
1392	return SVC_DENIED;
1393	}
1394
1395	if (!use_gss_proxy(SVC_NET(rqstp)))
1396	return svcauth_gss_legacy_init(rqstp, gc);
1397	return svcauth_gss_proxy_init(rqstp, gc);
1398	}
1399
1400	#ifdef CONFIG_PROC_FS
1401
1402	static ssize_t write_gssp(struct file file, const* char __user *buf,
1403	size_t count, loff_t *ppos)
1404	{
1405	struct net *net = pde_data(inode: file_inode(f: file));
1406	char tbuf[`20`];
1407	unsigned long i;
1408	int res;
1409
1410	if (ppos \|\| count > sizeof*(tbuf)-`1`)
1411	return -EINVAL;
1412	if (copy_from_user(to: tbuf, from: buf, n: count))
1413	return -EFAULT;
1414
1415	tbuf[count] = `0`;
1416	res = kstrtoul(s: tbuf, base: `0`, res: &i);
1417	if (res)
1418	return res;
1419	if (i != `1`)
1420	return -EINVAL;
1421	res = set_gssp_clnt(net);
1422	if (res)
1423	return res;
1424	res = set_gss_proxy(net, type: `1`);
1425	if (res)
1426	return res;
1427	return count;
1428	}
1429
1430	static ssize_t read_gssp(struct file file, char* __user *buf,
1431	size_t count, loff_t *ppos)
1432	{
1433	struct net *net = pde_data(inode: file_inode(f: file));
1434	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1435	unsigned long p = *ppos;
1436	char tbuf[`10`];
1437	size_t len;
1438
1439	snprintf(buf: tbuf, size: sizeof(tbuf), fmt: "%d\n", sn->use_gss_proxy);
1440	len = strlen(tbuf);
1441	if (p >= len)
1442	return `0`;
1443	len -= p;
1444	if (len > count)
1445	len = count;
1446	if (copy_to_user(to: buf, from: (void *)(tbuf+p), n: len))
1447	return -EFAULT;
1448	*ppos += len;
1449	return len;
1450	}
1451
1452	static const struct proc_ops use_gss_proxy_proc_ops = {
1453	.proc_open = nonseekable_open,
1454	.proc_write = write_gssp,
1455	.proc_read = read_gssp,
1456	};
1457
1458	static int create_use_gss_proxy_proc_entry(struct net *net)
1459	{
1460	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1461	struct proc_dir_entry **p = &sn->use_gssp_proc;
1462
1463	sn->use_gss_proxy = -`1`;
1464	*p = proc_create_data("use-gss-proxy", S_IFREG \| `0600`,
1465	sn->proc_net_rpc,
1466	&use_gss_proxy_proc_ops, net);
1467	if (!*p)
1468	return -ENOMEM;
1469	init_gssp_clnt(sn);
1470	return `0`;
1471	}
1472
1473	static void destroy_use_gss_proxy_proc_entry(struct net *net)
1474	{
1475	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1476
1477	if (sn->use_gssp_proc) {
1478	remove_proc_entry("use-gss-proxy", sn->proc_net_rpc);
1479	clear_gssp_clnt(sn);
1480	}
1481	}
1482
1483	static ssize_t read_gss_krb5_enctypes(struct file file, char* __user *buf,
1484	size_t count, loff_t *ppos)
1485	{
1486	struct rpcsec_gss_oid oid = {
1487	.len = `9`,
1488	.data = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02",
1489	};
1490	struct gss_api_mech *mech;
1491	ssize_t ret;
1492
1493	mech = gss_mech_get_by_OID(&oid);
1494	if (!mech)
1495	return `0`;
1496	if (!mech->gm_upcall_enctypes) {
1497	gss_mech_put(mech);
1498	return `0`;
1499	}
1500
1501	ret = simple_read_from_buffer(to: buf, count, ppos,
1502	from: mech->gm_upcall_enctypes,
1503	strlen(mech->gm_upcall_enctypes));
1504	gss_mech_put(mech);
1505	return ret;
1506	}
1507
1508	static const struct proc_ops gss_krb5_enctypes_proc_ops = {
1509	.proc_open = nonseekable_open,
1510	.proc_read = read_gss_krb5_enctypes,
1511	};
1512
1513	static int create_krb5_enctypes_proc_entry(struct net *net)
1514	{
1515	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1516
1517	sn->gss_krb5_enctypes =
1518	proc_create_data("gss_krb5_enctypes", S_IFREG \| `0444`,
1519	sn->proc_net_rpc, &gss_krb5_enctypes_proc_ops,
1520	net);
1521	return sn->gss_krb5_enctypes ? `0` : -ENOMEM;
1522	}
1523
1524	static void destroy_krb5_enctypes_proc_entry(struct net *net)
1525	{
1526	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1527
1528	if (sn->gss_krb5_enctypes)
1529	remove_proc_entry("gss_krb5_enctypes", sn->proc_net_rpc);
1530	}
1531
1532	#else /* CONFIG_PROC_FS */
1533
1534	static int create_use_gss_proxy_proc_entry(struct net *net)
1535	{
1536	return `0`;
1537	}
1538
1539	static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
1540
1541	static int create_krb5_enctypes_proc_entry(struct net *net)
1542	{
1543	return `0`;
1544	}
1545
1546	static void destroy_krb5_enctypes_proc_entry(struct net *net) {}
1547
1548	#endif /* CONFIG_PROC_FS */
1549
1550	/*
1551	* The Call's credential body should contain a struct rpc_gss_cred_t.
1552	*
1553	* RFC 2203 Section 5
1554	*
1555	* struct rpc_gss_cred_t {
1556	* union switch (unsigned int version) {
1557	* case RPCSEC_GSS_VERS_1:
1558	* struct {
1559	* rpc_gss_proc_t gss_proc;
1560	* unsigned int seq_num;
1561	* rpc_gss_service_t service;
1562	* opaque handle<>;
1563	* } rpc_gss_cred_vers_1_t;
1564	* }
1565	* };
1566	*/
1567	static bool
1568	svcauth_gss_decode_credbody(struct xdr_stream *xdr,
1569	struct rpc_gss_wire_cred *gc,
1570	__be32 **rpcstart)
1571	{
1572	ssize_t handle_len;
1573	u32 body_len;
1574	__be32 *p;
1575
1576	p = xdr_inline_decode(xdr, XDR_UNIT);
1577	if (!p)
1578	return false;
1579	/*
1580	* start of rpc packet is 7 u32's back from here:
1581	* xid direction rpcversion prog vers proc flavour
1582	*/
1583	*rpcstart = p - `7`;
1584	body_len = be32_to_cpup(p);
1585	if (body_len > RPC_MAX_AUTH_SIZE)
1586	return false;
1587
1588	/ struct rpc_gss_cred_t /
1589	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_v) < `0`)
1590	return false;
1591	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_proc) < `0`)
1592	return false;
1593	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_seq) < `0`)
1594	return false;
1595	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_svc) < `0`)
1596	return false;
1597	handle_len = xdr_stream_decode_opaque_inline(xdr,
1598	ptr: (void **)&gc->gc_ctx.data,
1599	maxlen: body_len);
1600	if (handle_len < `0`)
1601	return false;
1602	if (body_len != XDR_UNIT * `5` + xdr_align_size(n: handle_len))
1603	return false;
1604
1605	gc->gc_ctx.len = handle_len;
1606	return true;
1607	}
1608
1609	/**
1610	* svcauth_gss_accept - Decode and validate incoming RPC_AUTH_GSS credential
1611	* @rqstp: RPC transaction
1612	*
1613	* Return values:
1614	* %SVC_OK: Success
1615	* %SVC_COMPLETE: GSS context lifetime event
1616	* %SVC_DENIED: Credential or verifier is not valid
1617	* %SVC_GARBAGE: Failed to decode credential or verifier
1618	* %SVC_CLOSE: Temporary failure
1619	*
1620	* The rqstp->rq_auth_stat field is also set (see RFCs 2203 and 5531).
1621	*/
1622	static enum svc_auth_status
1623	svcauth_gss_accept(struct svc_rqst *rqstp)
1624	{
1625	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
1626	__be32 *rpcstart;
1627	struct rpc_gss_wire_cred *gc;
1628	struct rsc *rsci = NULL;
1629	int ret;
1630	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), id: sunrpc_net_id);
1631
1632	rqstp->rq_auth_stat = rpc_autherr_failed;
1633	if (!svcdata)
1634	svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL);
1635	if (!svcdata)
1636	goto auth_err;
1637	rqstp->rq_auth_data = svcdata;
1638	svcdata->gsd_databody_offset = `0`;
1639	svcdata->rsci = NULL;
1640	gc = &svcdata->clcred;
1641
1642	rqstp->rq_auth_stat = rpc_autherr_badcred;
1643	if (!svcauth_gss_decode_credbody(xdr: &rqstp->rq_arg_stream, gc, rpcstart: &rpcstart))
1644	goto auth_err;
1645	if (gc->gc_v != RPC_GSS_VERSION)
1646	goto auth_err;
1647
1648	switch (gc->gc_proc) {
1649	case RPC_GSS_PROC_INIT:
1650	case RPC_GSS_PROC_CONTINUE_INIT:
1651	if (rqstp->rq_proc != `0`)
1652	goto auth_err;
1653	return svcauth_gss_proc_init(rqstp, gc);
1654	case RPC_GSS_PROC_DESTROY:
1655	if (rqstp->rq_proc != `0`)
1656	goto auth_err;
1657	fallthrough;
1658	case RPC_GSS_PROC_DATA:
1659	rqstp->rq_auth_stat = rpcsec_gsserr_credproblem;
1660	rsci = gss_svc_searchbyctx(cd: sn->rsc_cache, handle: &gc->gc_ctx);
1661	if (!rsci)
1662	goto auth_err;
1663	switch (svcauth_gss_verify_header(rqstp, rsci, rpcstart, gc)) {
1664	case SVC_OK:
1665	break;
1666	case SVC_DENIED:
1667	goto auth_err;
1668	case SVC_DROP:
1669	goto drop;
1670	}
1671	break;
1672	default:
1673	if (rqstp->rq_proc != `0`)
1674	goto auth_err;
1675	rqstp->rq_auth_stat = rpc_autherr_rejectedcred;
1676	goto auth_err;
1677	}
1678
1679	/ now act upon the command: /
1680	switch (gc->gc_proc) {
1681	case RPC_GSS_PROC_DESTROY:
1682	if (!svcauth_gss_encode_verf(rqstp, ctx_id: rsci->mechctx, seq: gc->gc_seq))
1683	goto auth_err;
1684	if (!svcxdr_set_accept_stat(rqstp))
1685	goto auth_err;
1686	/ Delete the entry from the cache_list and call cache_put /
1687	sunrpc_cache_unhash(sn->rsc_cache, &rsci->h);
1688	goto complete;
1689	case RPC_GSS_PROC_DATA:
1690	rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem;
1691	if (!svcauth_gss_encode_verf(rqstp, ctx_id: rsci->mechctx, seq: gc->gc_seq))
1692	goto auth_err;
1693	if (!svcxdr_set_accept_stat(rqstp))
1694	goto auth_err;
1695	svcdata->gsd_databody_offset = xdr_stream_pos(xdr: &rqstp->rq_res_stream);
1696	rqstp->rq_cred = rsci->cred;
1697	get_group_info(gi: rsci->cred.cr_group_info);
1698	rqstp->rq_auth_stat = rpc_autherr_badcred;
1699	switch (gc->gc_svc) {
1700	case RPC_GSS_SVC_NONE:
1701	break;
1702	case RPC_GSS_SVC_INTEGRITY:
1703	/ placeholders for body length and seq. number: /
1704	xdr_reserve_space(xdr: &rqstp->rq_res_stream, XDR_UNIT * `2`);
1705	if (svcauth_gss_unwrap_integ(rqstp, seq: gc->gc_seq,
1706	ctx: rsci->mechctx))
1707	goto garbage_args;
1708	svcxdr_set_auth_slack(rqstp, RPC_MAX_AUTH_SIZE);
1709	break;
1710	case RPC_GSS_SVC_PRIVACY:
1711	/ placeholders for body length and seq. number: /
1712	xdr_reserve_space(xdr: &rqstp->rq_res_stream, XDR_UNIT * `2`);
1713	if (svcauth_gss_unwrap_priv(rqstp, seq: gc->gc_seq,
1714	ctx: rsci->mechctx))
1715	goto garbage_args;
1716	svcxdr_set_auth_slack(rqstp, RPC_MAX_AUTH_SIZE * `2`);
1717	break;
1718	default:
1719	goto auth_err;
1720	}
1721	svcdata->rsci = rsci;
1722	cache_get(h: &rsci->h);
1723	rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor(
1724	rsci->mechctx->mech_type,
1725	GSS_C_QOP_DEFAULT,
1726	service: gc->gc_svc);
1727	ret = SVC_OK;
1728	trace_rpcgss_svc_authenticate(rqstp, gc);
1729	goto out;
1730	}
1731	garbage_args:
1732	ret = SVC_GARBAGE;
1733	goto out;
1734	auth_err:
1735	xdr_truncate_encode(xdr: &rqstp->rq_res_stream, XDR_UNIT * `2`);
1736	ret = SVC_DENIED;
1737	goto out;
1738	complete:
1739	ret = SVC_COMPLETE;
1740	goto out;
1741	drop:
1742	ret = SVC_CLOSE;
1743	out:
1744	if (rsci)
1745	cache_put(h: &rsci->h, cd: sn->rsc_cache);
1746	return ret;
1747	}
1748
1749	static u32
1750	svcauth_gss_prepare_to_wrap(struct svc_rqst rqstp, struct* gss_svc_data *gsd)
1751	{
1752	u32 offset;
1753
1754	/ Release can be called twice, but we only wrap once. /
1755	offset = gsd->gsd_databody_offset;
1756	gsd->gsd_databody_offset = `0`;
1757
1758	/ AUTH_ERROR replies are not wrapped. /
1759	if (rqstp->rq_auth_stat != rpc_auth_ok)
1760	return `0`;
1761
1762	/ Also don't wrap if the accept_stat is nonzero: /
1763	if (*rqstp->rq_accept_statp != rpc_success)
1764	return `0`;
1765
1766	return offset;
1767	}
1768
1769	/*
1770	* RFC 2203, Section 5.3.2.2
1771	*
1772	* struct rpc_gss_integ_data {
1773	* opaque databody_integ<>;
1774	* opaque checksum<>;
1775	* };
1776	*
1777	* struct rpc_gss_data_t {
1778	* unsigned int seq_num;
1779	* proc_req_arg_t arg;
1780	* };
1781	*
1782	* The RPC Reply message has already been XDR-encoded. rq_res_stream
1783	* is now positioned so that the checksum can be written just past
1784	* the RPC Reply message.
1785	*/
1786	static int svcauth_gss_wrap_integ(struct svc_rqst *rqstp)
1787	{
1788	struct gss_svc_data *gsd = rqstp->rq_auth_data;
1789	struct xdr_stream *xdr = &rqstp->rq_res_stream;
1790	struct rpc_gss_wire_cred *gc = &gsd->clcred;
1791	struct xdr_buf *buf = xdr->buf;
1792	struct xdr_buf databody_integ;
1793	struct xdr_netobj checksum;
1794	u32 offset, maj_stat;
1795
1796	offset = svcauth_gss_prepare_to_wrap(rqstp, gsd);
1797	if (!offset)
1798	goto out;
1799
1800	if (xdr_buf_subsegment(buf, &databody_integ, offset + XDR_UNIT,
1801	buf->len - offset - XDR_UNIT))
1802	goto wrap_failed;
1803	/ Buffer space for these has already been reserved in*
1804	* svcauth_gss_accept(). */
1805	if (xdr_encode_word(buf, offset, databody_integ.len))
1806	goto wrap_failed;
1807	if (xdr_encode_word(buf, offset + XDR_UNIT, gc->gc_seq))
1808	goto wrap_failed;
1809
1810	checksum.data = gsd->gsd_scratch;
1811	maj_stat = gss_get_mic(ctx_id: gsd->rsci->mechctx, message: &databody_integ, mic_token: &checksum);
1812	if (maj_stat != GSS_S_COMPLETE)
1813	goto bad_mic;
1814
1815	if (xdr_stream_encode_opaque(xdr, ptr: checksum.data, len: checksum.len) < `0`)
1816	goto wrap_failed;
1817	xdr_commit_encode(xdr);
1818
1819	out:
1820	return `0`;
1821
1822	bad_mic:
1823	trace_rpcgss_svc_get_mic(rqstp, maj_stat);
1824	return -EINVAL;
1825	wrap_failed:
1826	trace_rpcgss_svc_wrap_failed(rqstp);
1827	return -EINVAL;
1828	}
1829
1830	/*
1831	* RFC 2203, Section 5.3.2.3
1832	*
1833	* struct rpc_gss_priv_data {
1834	* opaque databody_priv<>
1835	* };
1836	*
1837	* struct rpc_gss_data_t {
1838	* unsigned int seq_num;
1839	* proc_req_arg_t arg;
1840	* };
1841	*
1842	* gss_wrap() expands the size of the RPC message payload in the
1843	* response buffer. The main purpose of svcauth_gss_wrap_priv()
1844	* is to ensure there is adequate space in the response buffer to
1845	* avoid overflow during the wrap.
1846	*/
1847	static int svcauth_gss_wrap_priv(struct svc_rqst *rqstp)
1848	{
1849	struct gss_svc_data *gsd = rqstp->rq_auth_data;
1850	struct rpc_gss_wire_cred *gc = &gsd->clcred;
1851	struct xdr_buf *buf = &rqstp->rq_res;
1852	struct kvec *head = buf->head;
1853	struct kvec *tail = buf->tail;
1854	u32 offset, pad, maj_stat;
1855	__be32 *p;
1856
1857	offset = svcauth_gss_prepare_to_wrap(rqstp, gsd);
1858	if (!offset)
1859	return `0`;
1860
1861	/*
1862	* Buffer space for this field has already been reserved
1863	* in svcauth_gss_accept(). Note that the GSS sequence
1864	* number is encrypted along with the RPC reply payload.
1865	*/
1866	if (xdr_encode_word(buf, offset + XDR_UNIT, gc->gc_seq))
1867	goto wrap_failed;
1868
1869	/*
1870	* If there is currently tail data, make sure there is
1871	* room for the head, tail, and 2 * RPC_MAX_AUTH_SIZE in
1872	* the page, and move the current tail data such that
1873	* there is RPC_MAX_AUTH_SIZE slack space available in
1874	* both the head and tail.
1875	*/
1876	if (tail->iov_base) {
1877	if (tail->iov_base >= head->iov_base + PAGE_SIZE)
1878	goto wrap_failed;
1879	if (tail->iov_base < head->iov_base)
1880	goto wrap_failed;
1881	if (tail->iov_len + head->iov_len
1882	+ `2` * RPC_MAX_AUTH_SIZE > PAGE_SIZE)
1883	goto wrap_failed;
1884	memmove(tail->iov_base + RPC_MAX_AUTH_SIZE, tail->iov_base,
1885	tail->iov_len);
1886	tail->iov_base += RPC_MAX_AUTH_SIZE;
1887	}
1888	/*
1889	* If there is no current tail data, make sure there is
1890	* room for the head data, and 2 * RPC_MAX_AUTH_SIZE in the
1891	* allotted page, and set up tail information such that there
1892	* is RPC_MAX_AUTH_SIZE slack space available in both the
1893	* head and tail.
1894	*/
1895	if (!tail->iov_base) {
1896	if (head->iov_len + `2` * RPC_MAX_AUTH_SIZE > PAGE_SIZE)
1897	goto wrap_failed;
1898	tail->iov_base = head->iov_base
1899	+ head->iov_len + RPC_MAX_AUTH_SIZE;
1900	tail->iov_len = `0`;
1901	}
1902
1903	maj_stat = gss_wrap(ctx_id: gsd->rsci->mechctx, offset: offset + XDR_UNIT, outbuf: buf,
1904	inpages: buf->pages);
1905	if (maj_stat != GSS_S_COMPLETE)
1906	goto bad_wrap;
1907
1908	/ Wrapping can change the size of databody_priv. /
1909	if (xdr_encode_word(buf, offset, buf->len - offset - XDR_UNIT))
1910	goto wrap_failed;
1911	pad = xdr_pad_size(n: buf->len - offset - XDR_UNIT);
1912	p = (__be32 *)(tail->iov_base + tail->iov_len);
1913	memset(p, `0`, pad);
1914	tail->iov_len += pad;
1915	buf->len += pad;
1916
1917	return `0`;
1918	wrap_failed:
1919	trace_rpcgss_svc_wrap_failed(rqstp);
1920	return -EINVAL;
1921	bad_wrap:
1922	trace_rpcgss_svc_wrap(rqstp, maj_stat);
1923	return -ENOMEM;
1924	}
1925
1926	/**
1927	* svcauth_gss_release - Wrap payload and release resources
1928	* @rqstp: RPC transaction context
1929	*
1930	* Return values:
1931	* %0: the Reply is ready to be sent
1932	* %-ENOMEM: failed to allocate memory
1933	* %-EINVAL: encoding error
1934	*/
1935	static int
1936	svcauth_gss_release(struct svc_rqst *rqstp)
1937	{
1938	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), id: sunrpc_net_id);
1939	struct gss_svc_data *gsd = rqstp->rq_auth_data;
1940	struct rpc_gss_wire_cred *gc;
1941	int stat;
1942
1943	if (!gsd)
1944	goto out;
1945	gc = &gsd->clcred;
1946	if (gc->gc_proc != RPC_GSS_PROC_DATA)
1947	goto out;
1948
1949	switch (gc->gc_svc) {
1950	case RPC_GSS_SVC_NONE:
1951	break;
1952	case RPC_GSS_SVC_INTEGRITY:
1953	stat = svcauth_gss_wrap_integ(rqstp);
1954	if (stat)
1955	goto out_err;
1956	break;
1957	case RPC_GSS_SVC_PRIVACY:
1958	stat = svcauth_gss_wrap_priv(rqstp);
1959	if (stat)
1960	goto out_err;
1961	break;
1962	/*
1963	* For any other gc_svc value, svcauth_gss_accept() already set
1964	* the auth_error appropriately; just fall through:
1965	*/
1966	}
1967
1968	out:
1969	stat = `0`;
1970	out_err:
1971	if (rqstp->rq_client)
1972	auth_domain_put(item: rqstp->rq_client);
1973	rqstp->rq_client = NULL;
1974	if (rqstp->rq_gssclient)
1975	auth_domain_put(item: rqstp->rq_gssclient);
1976	rqstp->rq_gssclient = NULL;
1977	if (rqstp->rq_cred.cr_group_info)
1978	put_group_info(rqstp->rq_cred.cr_group_info);
1979	rqstp->rq_cred.cr_group_info = NULL;
1980	if (gsd && gsd->rsci) {
1981	cache_put(h: &gsd->rsci->h, cd: sn->rsc_cache);
1982	gsd->rsci = NULL;
1983	}
1984	return stat;
1985	}
1986
1987	static void
1988	svcauth_gss_domain_release_rcu(struct rcu_head *head)
1989	{
1990	struct auth_domain dom = container_of(head, struct* auth_domain, rcu_head);
1991	struct gss_domain gd = container_of(dom, struct* gss_domain, h);
1992
1993	kfree(objp: dom->name);
1994	kfree(objp: gd);
1995	}
1996
1997	static void
1998	svcauth_gss_domain_release(struct auth_domain *dom)
1999	{
2000	call_rcu(head: &dom->rcu_head, func: svcauth_gss_domain_release_rcu);
2001	}
2002
2003	static rpc_authflavor_t svcauth_gss_pseudoflavor(struct svc_rqst *rqstp)
2004	{
2005	return svcauth_gss_flavor(rqstp->rq_gssclient);
2006	}
2007
2008	static struct auth_ops svcauthops_gss = {
2009	.name = "rpcsec_gss",
2010	.owner = THIS_MODULE,
2011	.flavour = RPC_AUTH_GSS,
2012	.accept = svcauth_gss_accept,
2013	.release = svcauth_gss_release,
2014	.domain_release = svcauth_gss_domain_release,
2015	.set_client = svcauth_gss_set_client,
2016	.pseudoflavor = svcauth_gss_pseudoflavor,
2017	};
2018
2019	static int rsi_cache_create_net(struct net *net)
2020	{
2021	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2022	struct cache_detail *cd;
2023	int err;
2024
2025	cd = cache_create_net(tmpl: &rsi_cache_template, net);
2026	if (IS_ERR(ptr: cd))
2027	return PTR_ERR(ptr: cd);
2028	err = cache_register_net(cd, net);
2029	if (err) {
2030	cache_destroy_net(cd, net);
2031	return err;
2032	}
2033	sn->rsi_cache = cd;
2034	return `0`;
2035	}
2036
2037	static void rsi_cache_destroy_net(struct net *net)
2038	{
2039	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2040	struct cache_detail *cd = sn->rsi_cache;
2041
2042	sn->rsi_cache = NULL;
2043	cache_purge(detail: cd);
2044	cache_unregister_net(cd, net);
2045	cache_destroy_net(cd, net);
2046	}
2047
2048	static int rsc_cache_create_net(struct net *net)
2049	{
2050	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2051	struct cache_detail *cd;
2052	int err;
2053
2054	cd = cache_create_net(tmpl: &rsc_cache_template, net);
2055	if (IS_ERR(ptr: cd))
2056	return PTR_ERR(ptr: cd);
2057	err = cache_register_net(cd, net);
2058	if (err) {
2059	cache_destroy_net(cd, net);
2060	return err;
2061	}
2062	sn->rsc_cache = cd;
2063	return `0`;
2064	}
2065
2066	static void rsc_cache_destroy_net(struct net *net)
2067	{
2068	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2069	struct cache_detail *cd = sn->rsc_cache;
2070
2071	sn->rsc_cache = NULL;
2072	cache_purge(detail: cd);
2073	cache_unregister_net(cd, net);
2074	cache_destroy_net(cd, net);
2075	}
2076
2077	int
2078	gss_svc_init_net(struct net *net)
2079	{
2080	int rv;
2081
2082	rv = rsc_cache_create_net(net);
2083	if (rv)
2084	return rv;
2085	rv = rsi_cache_create_net(net);
2086	if (rv)
2087	goto out1;
2088	rv = create_use_gss_proxy_proc_entry(net);
2089	if (rv)
2090	goto out2;
2091
2092	rv = create_krb5_enctypes_proc_entry(net);
2093	if (rv)
2094	goto out3;
2095
2096	return `0`;
2097
2098	out3:
2099	destroy_use_gss_proxy_proc_entry(net);
2100	out2:
2101	rsi_cache_destroy_net(net);
2102	out1:
2103	rsc_cache_destroy_net(net);
2104	return rv;
2105	}
2106
2107	void
2108	gss_svc_shutdown_net(struct net *net)
2109	{
2110	destroy_krb5_enctypes_proc_entry(net);
2111	destroy_use_gss_proxy_proc_entry(net);
2112	rsi_cache_destroy_net(net);
2113	rsc_cache_destroy_net(net);
2114	}
2115
2116	int
2117	gss_svc_init(void)
2118	{
2119	return svc_auth_register(flavor: RPC_AUTH_GSS, aops: &svcauthops_gss);
2120	}
2121
2122	void
2123	gss_svc_shutdown(void)
2124	{
2125	svc_auth_unregister(flavor: RPC_AUTH_GSS);
2126	}
2127

source code of linux/net/sunrpc/auth_gss/svcauth_gss.c