SUNRPC/NFS: make rpc pipe upcall generic
[linux-2.6.git] / net / sunrpc / auth_gss / auth_gss.c
1 /*
2  * linux/net/sunrpc/auth_gss/auth_gss.c
3  *
4  * RPCSEC_GSS client authentication.
5  *
6  *  Copyright (c) 2000 The Regents of the University of Michigan.
7  *  All rights reserved.
8  *
9  *  Dug Song       <dugsong@monkey.org>
10  *  Andy Adamson   <andros@umich.edu>
11  *
12  *  Redistribution and use in source and binary forms, with or without
13  *  modification, are permitted provided that the following conditions
14  *  are met:
15  *
16  *  1. Redistributions of source code must retain the above copyright
17  *     notice, this list of conditions and the following disclaimer.
18  *  2. Redistributions in binary form must reproduce the above copyright
19  *     notice, this list of conditions and the following disclaimer in the
20  *     documentation and/or other materials provided with the distribution.
21  *  3. Neither the name of the University nor the names of its
22  *     contributors may be used to endorse or promote products derived
23  *     from this software without specific prior written permission.
24  *
25  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
26  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
27  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37
38
39 #include <linux/module.h>
40 #include <linux/init.h>
41 #include <linux/types.h>
42 #include <linux/slab.h>
43 #include <linux/sched.h>
44 #include <linux/pagemap.h>
45 #include <linux/sunrpc/clnt.h>
46 #include <linux/sunrpc/auth.h>
47 #include <linux/sunrpc/auth_gss.h>
48 #include <linux/sunrpc/svcauth_gss.h>
49 #include <linux/sunrpc/gss_err.h>
50 #include <linux/workqueue.h>
51 #include <linux/sunrpc/rpc_pipe_fs.h>
52 #include <linux/sunrpc/gss_api.h>
53 #include <asm/uaccess.h>
54
55 static const struct rpc_authops authgss_ops;
56
57 static const struct rpc_credops gss_credops;
58 static const struct rpc_credops gss_nullops;
59
60 #define GSS_RETRY_EXPIRED 5
61 static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
62
63 #ifdef RPC_DEBUG
64 # define RPCDBG_FACILITY        RPCDBG_AUTH
65 #endif
66
67 #define GSS_CRED_SLACK          (RPC_MAX_AUTH_SIZE * 2)
68 /* length of a krb5 verifier (48), plus data added before arguments when
69  * using integrity (two 4-byte integers): */
70 #define GSS_VERF_SLACK          100
71
72 struct gss_auth {
73         struct kref kref;
74         struct rpc_auth rpc_auth;
75         struct gss_api_mech *mech;
76         enum rpc_gss_svc service;
77         struct rpc_clnt *client;
78         /*
79          * There are two upcall pipes; dentry[1], named "gssd", is used
80          * for the new text-based upcall; dentry[0] is named after the
81          * mechanism (for example, "krb5") and exists for
82          * backwards-compatibility with older gssd's.
83          */
84         struct dentry *dentry[2];
85 };
86
87 /* pipe_version >= 0 if and only if someone has a pipe open. */
88 static int pipe_version = -1;
89 static atomic_t pipe_users = ATOMIC_INIT(0);
90 static DEFINE_SPINLOCK(pipe_version_lock);
91 static struct rpc_wait_queue pipe_version_rpc_waitqueue;
92 static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
93
94 static void gss_free_ctx(struct gss_cl_ctx *);
95 static const struct rpc_pipe_ops gss_upcall_ops_v0;
96 static const struct rpc_pipe_ops gss_upcall_ops_v1;
97
98 static inline struct gss_cl_ctx *
99 gss_get_ctx(struct gss_cl_ctx *ctx)
100 {
101         atomic_inc(&ctx->count);
102         return ctx;
103 }
104
105 static inline void
106 gss_put_ctx(struct gss_cl_ctx *ctx)
107 {
108         if (atomic_dec_and_test(&ctx->count))
109                 gss_free_ctx(ctx);
110 }
111
112 /* gss_cred_set_ctx:
113  * called by gss_upcall_callback and gss_create_upcall in order
114  * to set the gss context. The actual exchange of an old context
115  * and a new one is protected by the inode->i_lock.
116  */
117 static void
118 gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
119 {
120         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
121
122         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
123                 return;
124         gss_get_ctx(ctx);
125         rcu_assign_pointer(gss_cred->gc_ctx, ctx);
126         set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
127         smp_mb__before_clear_bit();
128         clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
129 }
130
131 static const void *
132 simple_get_bytes(const void *p, const void *end, void *res, size_t len)
133 {
134         const void *q = (const void *)((const char *)p + len);
135         if (unlikely(q > end || q < p))
136                 return ERR_PTR(-EFAULT);
137         memcpy(res, p, len);
138         return q;
139 }
140
141 static inline const void *
142 simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
143 {
144         const void *q;
145         unsigned int len;
146
147         p = simple_get_bytes(p, end, &len, sizeof(len));
148         if (IS_ERR(p))
149                 return p;
150         q = (const void *)((const char *)p + len);
151         if (unlikely(q > end || q < p))
152                 return ERR_PTR(-EFAULT);
153         dest->data = kmemdup(p, len, GFP_NOFS);
154         if (unlikely(dest->data == NULL))
155                 return ERR_PTR(-ENOMEM);
156         dest->len = len;
157         return q;
158 }
159
160 static struct gss_cl_ctx *
161 gss_cred_get_ctx(struct rpc_cred *cred)
162 {
163         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
164         struct gss_cl_ctx *ctx = NULL;
165
166         rcu_read_lock();
167         if (gss_cred->gc_ctx)
168                 ctx = gss_get_ctx(gss_cred->gc_ctx);
169         rcu_read_unlock();
170         return ctx;
171 }
172
173 static struct gss_cl_ctx *
174 gss_alloc_context(void)
175 {
176         struct gss_cl_ctx *ctx;
177
178         ctx = kzalloc(sizeof(*ctx), GFP_NOFS);
179         if (ctx != NULL) {
180                 ctx->gc_proc = RPC_GSS_PROC_DATA;
181                 ctx->gc_seq = 1;        /* NetApp 6.4R1 doesn't accept seq. no. 0 */
182                 spin_lock_init(&ctx->gc_seq_lock);
183                 atomic_set(&ctx->count,1);
184         }
185         return ctx;
186 }
187
188 #define GSSD_MIN_TIMEOUT (60 * 60)
189 static const void *
190 gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
191 {
192         const void *q;
193         unsigned int seclen;
194         unsigned int timeout;
195         u32 window_size;
196         int ret;
197
198         /* First unsigned int gives the lifetime (in seconds) of the cred */
199         p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
200         if (IS_ERR(p))
201                 goto err;
202         if (timeout == 0)
203                 timeout = GSSD_MIN_TIMEOUT;
204         ctx->gc_expiry = jiffies + (unsigned long)timeout * HZ * 3 / 4;
205         /* Sequence number window. Determines the maximum number of simultaneous requests */
206         p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
207         if (IS_ERR(p))
208                 goto err;
209         ctx->gc_win = window_size;
210         /* gssd signals an error by passing ctx->gc_win = 0: */
211         if (ctx->gc_win == 0) {
212                 /*
213                  * in which case, p points to an error code. Anything other
214                  * than -EKEYEXPIRED gets converted to -EACCES.
215                  */
216                 p = simple_get_bytes(p, end, &ret, sizeof(ret));
217                 if (!IS_ERR(p))
218                         p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
219                                                     ERR_PTR(-EACCES);
220                 goto err;
221         }
222         /* copy the opaque wire context */
223         p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
224         if (IS_ERR(p))
225                 goto err;
226         /* import the opaque security context */
227         p  = simple_get_bytes(p, end, &seclen, sizeof(seclen));
228         if (IS_ERR(p))
229                 goto err;
230         q = (const void *)((const char *)p + seclen);
231         if (unlikely(q > end || q < p)) {
232                 p = ERR_PTR(-EFAULT);
233                 goto err;
234         }
235         ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, GFP_NOFS);
236         if (ret < 0) {
237                 p = ERR_PTR(ret);
238                 goto err;
239         }
240         return q;
241 err:
242         dprintk("RPC:       gss_fill_context returning %ld\n", -PTR_ERR(p));
243         return p;
244 }
245
246 #define UPCALL_BUF_LEN 128
247
248 struct gss_upcall_msg {
249         atomic_t count;
250         uid_t   uid;
251         struct rpc_pipe_msg msg;
252         struct list_head list;
253         struct gss_auth *auth;
254         struct rpc_inode *inode;
255         struct rpc_wait_queue rpc_waitqueue;
256         wait_queue_head_t waitqueue;
257         struct gss_cl_ctx *ctx;
258         char databuf[UPCALL_BUF_LEN];
259 };
260
261 static int get_pipe_version(void)
262 {
263         int ret;
264
265         spin_lock(&pipe_version_lock);
266         if (pipe_version >= 0) {
267                 atomic_inc(&pipe_users);
268                 ret = pipe_version;
269         } else
270                 ret = -EAGAIN;
271         spin_unlock(&pipe_version_lock);
272         return ret;
273 }
274
275 static void put_pipe_version(void)
276 {
277         if (atomic_dec_and_lock(&pipe_users, &pipe_version_lock)) {
278                 pipe_version = -1;
279                 spin_unlock(&pipe_version_lock);
280         }
281 }
282
283 static void
284 gss_release_msg(struct gss_upcall_msg *gss_msg)
285 {
286         if (!atomic_dec_and_test(&gss_msg->count))
287                 return;
288         put_pipe_version();
289         BUG_ON(!list_empty(&gss_msg->list));
290         if (gss_msg->ctx != NULL)
291                 gss_put_ctx(gss_msg->ctx);
292         rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
293         kfree(gss_msg);
294 }
295
296 static struct gss_upcall_msg *
297 __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
298 {
299         struct gss_upcall_msg *pos;
300         list_for_each_entry(pos, &rpci->in_downcall, list) {
301                 if (pos->uid != uid)
302                         continue;
303                 atomic_inc(&pos->count);
304                 dprintk("RPC:       gss_find_upcall found msg %p\n", pos);
305                 return pos;
306         }
307         dprintk("RPC:       gss_find_upcall found nothing\n");
308         return NULL;
309 }
310
311 /* Try to add an upcall to the pipefs queue.
312  * If an upcall owned by our uid already exists, then we return a reference
313  * to that upcall instead of adding the new upcall.
314  */
315 static inline struct gss_upcall_msg *
316 gss_add_msg(struct gss_upcall_msg *gss_msg)
317 {
318         struct rpc_inode *rpci = gss_msg->inode;
319         struct inode *inode = &rpci->vfs_inode;
320         struct gss_upcall_msg *old;
321
322         spin_lock(&inode->i_lock);
323         old = __gss_find_upcall(rpci, gss_msg->uid);
324         if (old == NULL) {
325                 atomic_inc(&gss_msg->count);
326                 list_add(&gss_msg->list, &rpci->in_downcall);
327         } else
328                 gss_msg = old;
329         spin_unlock(&inode->i_lock);
330         return gss_msg;
331 }
332
333 static void
334 __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
335 {
336         list_del_init(&gss_msg->list);
337         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
338         wake_up_all(&gss_msg->waitqueue);
339         atomic_dec(&gss_msg->count);
340 }
341
342 static void
343 gss_unhash_msg(struct gss_upcall_msg *gss_msg)
344 {
345         struct inode *inode = &gss_msg->inode->vfs_inode;
346
347         if (list_empty(&gss_msg->list))
348                 return;
349         spin_lock(&inode->i_lock);
350         if (!list_empty(&gss_msg->list))
351                 __gss_unhash_msg(gss_msg);
352         spin_unlock(&inode->i_lock);
353 }
354
355 static void
356 gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss_msg)
357 {
358         switch (gss_msg->msg.errno) {
359         case 0:
360                 if (gss_msg->ctx == NULL)
361                         break;
362                 clear_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
363                 gss_cred_set_ctx(&gss_cred->gc_base, gss_msg->ctx);
364                 break;
365         case -EKEYEXPIRED:
366                 set_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
367         }
368         gss_cred->gc_upcall_timestamp = jiffies;
369         gss_cred->gc_upcall = NULL;
370         rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
371 }
372
373 static void
374 gss_upcall_callback(struct rpc_task *task)
375 {
376         struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
377                         struct gss_cred, gc_base);
378         struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
379         struct inode *inode = &gss_msg->inode->vfs_inode;
380
381         spin_lock(&inode->i_lock);
382         gss_handle_downcall_result(gss_cred, gss_msg);
383         spin_unlock(&inode->i_lock);
384         task->tk_status = gss_msg->msg.errno;
385         gss_release_msg(gss_msg);
386 }
387
388 static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
389 {
390         gss_msg->msg.data = &gss_msg->uid;
391         gss_msg->msg.len = sizeof(gss_msg->uid);
392 }
393
394 static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
395                                 struct rpc_clnt *clnt, int machine_cred)
396 {
397         struct gss_api_mech *mech = gss_msg->auth->mech;
398         char *p = gss_msg->databuf;
399         int len = 0;
400
401         gss_msg->msg.len = sprintf(gss_msg->databuf, "mech=%s uid=%d ",
402                                    mech->gm_name,
403                                    gss_msg->uid);
404         p += gss_msg->msg.len;
405         if (clnt->cl_principal) {
406                 len = sprintf(p, "target=%s ", clnt->cl_principal);
407                 p += len;
408                 gss_msg->msg.len += len;
409         }
410         if (machine_cred) {
411                 len = sprintf(p, "service=* ");
412                 p += len;
413                 gss_msg->msg.len += len;
414         } else if (!strcmp(clnt->cl_program->name, "nfs4_cb")) {
415                 len = sprintf(p, "service=nfs ");
416                 p += len;
417                 gss_msg->msg.len += len;
418         }
419         if (mech->gm_upcall_enctypes) {
420                 len = sprintf(p, "enctypes=%s ", mech->gm_upcall_enctypes);
421                 p += len;
422                 gss_msg->msg.len += len;
423         }
424         len = sprintf(p, "\n");
425         gss_msg->msg.len += len;
426
427         gss_msg->msg.data = gss_msg->databuf;
428         BUG_ON(gss_msg->msg.len > UPCALL_BUF_LEN);
429 }
430
431 static void gss_encode_msg(struct gss_upcall_msg *gss_msg,
432                                 struct rpc_clnt *clnt, int machine_cred)
433 {
434         if (pipe_version == 0)
435                 gss_encode_v0_msg(gss_msg);
436         else /* pipe_version == 1 */
437                 gss_encode_v1_msg(gss_msg, clnt, machine_cred);
438 }
439
440 static inline struct gss_upcall_msg *
441 gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt,
442                 int machine_cred)
443 {
444         struct gss_upcall_msg *gss_msg;
445         int vers;
446
447         gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
448         if (gss_msg == NULL)
449                 return ERR_PTR(-ENOMEM);
450         vers = get_pipe_version();
451         if (vers < 0) {
452                 kfree(gss_msg);
453                 return ERR_PTR(vers);
454         }
455         gss_msg->inode = RPC_I(gss_auth->dentry[vers]->d_inode);
456         INIT_LIST_HEAD(&gss_msg->list);
457         rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
458         init_waitqueue_head(&gss_msg->waitqueue);
459         atomic_set(&gss_msg->count, 1);
460         gss_msg->uid = uid;
461         gss_msg->auth = gss_auth;
462         gss_encode_msg(gss_msg, clnt, machine_cred);
463         return gss_msg;
464 }
465
466 static struct gss_upcall_msg *
467 gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
468 {
469         struct gss_cred *gss_cred = container_of(cred,
470                         struct gss_cred, gc_base);
471         struct gss_upcall_msg *gss_new, *gss_msg;
472         uid_t uid = cred->cr_uid;
473
474         gss_new = gss_alloc_msg(gss_auth, uid, clnt, gss_cred->gc_machine_cred);
475         if (IS_ERR(gss_new))
476                 return gss_new;
477         gss_msg = gss_add_msg(gss_new);
478         if (gss_msg == gss_new) {
479                 struct inode *inode = &gss_new->inode->vfs_inode;
480                 int res = rpc_queue_upcall(inode, &gss_new->msg);
481                 if (res) {
482                         gss_unhash_msg(gss_new);
483                         gss_msg = ERR_PTR(res);
484                 }
485         } else
486                 gss_release_msg(gss_new);
487         return gss_msg;
488 }
489
490 static void warn_gssd(void)
491 {
492         static unsigned long ratelimit;
493         unsigned long now = jiffies;
494
495         if (time_after(now, ratelimit)) {
496                 printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n"
497                                 "Please check user daemon is running.\n");
498                 ratelimit = now + 15*HZ;
499         }
500 }
501
502 static inline int
503 gss_refresh_upcall(struct rpc_task *task)
504 {
505         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
506         struct gss_auth *gss_auth = container_of(cred->cr_auth,
507                         struct gss_auth, rpc_auth);
508         struct gss_cred *gss_cred = container_of(cred,
509                         struct gss_cred, gc_base);
510         struct gss_upcall_msg *gss_msg;
511         struct inode *inode;
512         int err = 0;
513
514         dprintk("RPC: %5u gss_refresh_upcall for uid %u\n", task->tk_pid,
515                                                                 cred->cr_uid);
516         gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
517         if (PTR_ERR(gss_msg) == -EAGAIN) {
518                 /* XXX: warning on the first, under the assumption we
519                  * shouldn't normally hit this case on a refresh. */
520                 warn_gssd();
521                 task->tk_timeout = 15*HZ;
522                 rpc_sleep_on(&pipe_version_rpc_waitqueue, task, NULL);
523                 return -EAGAIN;
524         }
525         if (IS_ERR(gss_msg)) {
526                 err = PTR_ERR(gss_msg);
527                 goto out;
528         }
529         inode = &gss_msg->inode->vfs_inode;
530         spin_lock(&inode->i_lock);
531         if (gss_cred->gc_upcall != NULL)
532                 rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
533         else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
534                 task->tk_timeout = 0;
535                 gss_cred->gc_upcall = gss_msg;
536                 /* gss_upcall_callback will release the reference to gss_upcall_msg */
537                 atomic_inc(&gss_msg->count);
538                 rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
539         } else {
540                 gss_handle_downcall_result(gss_cred, gss_msg);
541                 err = gss_msg->msg.errno;
542         }
543         spin_unlock(&inode->i_lock);
544         gss_release_msg(gss_msg);
545 out:
546         dprintk("RPC: %5u gss_refresh_upcall for uid %u result %d\n",
547                         task->tk_pid, cred->cr_uid, err);
548         return err;
549 }
550
551 static inline int
552 gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
553 {
554         struct inode *inode;
555         struct rpc_cred *cred = &gss_cred->gc_base;
556         struct gss_upcall_msg *gss_msg;
557         DEFINE_WAIT(wait);
558         int err = 0;
559
560         dprintk("RPC:       gss_upcall for uid %u\n", cred->cr_uid);
561 retry:
562         gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred);
563         if (PTR_ERR(gss_msg) == -EAGAIN) {
564                 err = wait_event_interruptible_timeout(pipe_version_waitqueue,
565                                 pipe_version >= 0, 15*HZ);
566                 if (pipe_version < 0) {
567                         warn_gssd();
568                         err = -EACCES;
569                 }
570                 if (err)
571                         goto out;
572                 goto retry;
573         }
574         if (IS_ERR(gss_msg)) {
575                 err = PTR_ERR(gss_msg);
576                 goto out;
577         }
578         inode = &gss_msg->inode->vfs_inode;
579         for (;;) {
580                 prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
581                 spin_lock(&inode->i_lock);
582                 if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
583                         break;
584                 }
585                 spin_unlock(&inode->i_lock);
586                 if (fatal_signal_pending(current)) {
587                         err = -ERESTARTSYS;
588                         goto out_intr;
589                 }
590                 schedule();
591         }
592         if (gss_msg->ctx)
593                 gss_cred_set_ctx(cred, gss_msg->ctx);
594         else
595                 err = gss_msg->msg.errno;
596         spin_unlock(&inode->i_lock);
597 out_intr:
598         finish_wait(&gss_msg->waitqueue, &wait);
599         gss_release_msg(gss_msg);
600 out:
601         dprintk("RPC:       gss_create_upcall for uid %u result %d\n",
602                         cred->cr_uid, err);
603         return err;
604 }
605
606 #define MSG_BUF_MAXSIZE 1024
607
608 static ssize_t
609 gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
610 {
611         const void *p, *end;
612         void *buf;
613         struct gss_upcall_msg *gss_msg;
614         struct inode *inode = filp->f_path.dentry->d_inode;
615         struct gss_cl_ctx *ctx;
616         uid_t uid;
617         ssize_t err = -EFBIG;
618
619         if (mlen > MSG_BUF_MAXSIZE)
620                 goto out;
621         err = -ENOMEM;
622         buf = kmalloc(mlen, GFP_NOFS);
623         if (!buf)
624                 goto out;
625
626         err = -EFAULT;
627         if (copy_from_user(buf, src, mlen))
628                 goto err;
629
630         end = (const void *)((char *)buf + mlen);
631         p = simple_get_bytes(buf, end, &uid, sizeof(uid));
632         if (IS_ERR(p)) {
633                 err = PTR_ERR(p);
634                 goto err;
635         }
636
637         err = -ENOMEM;
638         ctx = gss_alloc_context();
639         if (ctx == NULL)
640                 goto err;
641
642         err = -ENOENT;
643         /* Find a matching upcall */
644         spin_lock(&inode->i_lock);
645         gss_msg = __gss_find_upcall(RPC_I(inode), uid);
646         if (gss_msg == NULL) {
647                 spin_unlock(&inode->i_lock);
648                 goto err_put_ctx;
649         }
650         list_del_init(&gss_msg->list);
651         spin_unlock(&inode->i_lock);
652
653         p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
654         if (IS_ERR(p)) {
655                 err = PTR_ERR(p);
656                 switch (err) {
657                 case -EACCES:
658                 case -EKEYEXPIRED:
659                         gss_msg->msg.errno = err;
660                         err = mlen;
661                         break;
662                 case -EFAULT:
663                 case -ENOMEM:
664                 case -EINVAL:
665                 case -ENOSYS:
666                         gss_msg->msg.errno = -EAGAIN;
667                         break;
668                 default:
669                         printk(KERN_CRIT "%s: bad return from "
670                                 "gss_fill_context: %zd\n", __func__, err);
671                         BUG();
672                 }
673                 goto err_release_msg;
674         }
675         gss_msg->ctx = gss_get_ctx(ctx);
676         err = mlen;
677
678 err_release_msg:
679         spin_lock(&inode->i_lock);
680         __gss_unhash_msg(gss_msg);
681         spin_unlock(&inode->i_lock);
682         gss_release_msg(gss_msg);
683 err_put_ctx:
684         gss_put_ctx(ctx);
685 err:
686         kfree(buf);
687 out:
688         dprintk("RPC:       gss_pipe_downcall returning %Zd\n", err);
689         return err;
690 }
691
692 static int gss_pipe_open(struct inode *inode, int new_version)
693 {
694         int ret = 0;
695
696         spin_lock(&pipe_version_lock);
697         if (pipe_version < 0) {
698                 /* First open of any gss pipe determines the version: */
699                 pipe_version = new_version;
700                 rpc_wake_up(&pipe_version_rpc_waitqueue);
701                 wake_up(&pipe_version_waitqueue);
702         } else if (pipe_version != new_version) {
703                 /* Trying to open a pipe of a different version */
704                 ret = -EBUSY;
705                 goto out;
706         }
707         atomic_inc(&pipe_users);
708 out:
709         spin_unlock(&pipe_version_lock);
710         return ret;
711
712 }
713
714 static int gss_pipe_open_v0(struct inode *inode)
715 {
716         return gss_pipe_open(inode, 0);
717 }
718
719 static int gss_pipe_open_v1(struct inode *inode)
720 {
721         return gss_pipe_open(inode, 1);
722 }
723
724 static void
725 gss_pipe_release(struct inode *inode)
726 {
727         struct rpc_inode *rpci = RPC_I(inode);
728         struct gss_upcall_msg *gss_msg;
729
730 restart:
731         spin_lock(&inode->i_lock);
732         list_for_each_entry(gss_msg, &rpci->in_downcall, list) {
733
734                 if (!list_empty(&gss_msg->msg.list))
735                         continue;
736                 gss_msg->msg.errno = -EPIPE;
737                 atomic_inc(&gss_msg->count);
738                 __gss_unhash_msg(gss_msg);
739                 spin_unlock(&inode->i_lock);
740                 gss_release_msg(gss_msg);
741                 goto restart;
742         }
743         spin_unlock(&inode->i_lock);
744
745         put_pipe_version();
746 }
747
748 static void
749 gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
750 {
751         struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
752
753         if (msg->errno < 0) {
754                 dprintk("RPC:       gss_pipe_destroy_msg releasing msg %p\n",
755                                 gss_msg);
756                 atomic_inc(&gss_msg->count);
757                 gss_unhash_msg(gss_msg);
758                 if (msg->errno == -ETIMEDOUT)
759                         warn_gssd();
760                 gss_release_msg(gss_msg);
761         }
762 }
763
764 /*
765  * NOTE: we have the opportunity to use different
766  * parameters based on the input flavor (which must be a pseudoflavor)
767  */
768 static struct rpc_auth *
769 gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
770 {
771         struct gss_auth *gss_auth;
772         struct rpc_auth * auth;
773         int err = -ENOMEM; /* XXX? */
774
775         dprintk("RPC:       creating GSS authenticator for client %p\n", clnt);
776
777         if (!try_module_get(THIS_MODULE))
778                 return ERR_PTR(err);
779         if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL)))
780                 goto out_dec;
781         gss_auth->client = clnt;
782         err = -EINVAL;
783         gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
784         if (!gss_auth->mech) {
785                 printk(KERN_WARNING "%s: Pseudoflavor %d not found!\n",
786                                 __func__, flavor);
787                 goto err_free;
788         }
789         gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
790         if (gss_auth->service == 0)
791                 goto err_put_mech;
792         auth = &gss_auth->rpc_auth;
793         auth->au_cslack = GSS_CRED_SLACK >> 2;
794         auth->au_rslack = GSS_VERF_SLACK >> 2;
795         auth->au_ops = &authgss_ops;
796         auth->au_flavor = flavor;
797         atomic_set(&auth->au_count, 1);
798         kref_init(&gss_auth->kref);
799
800         /*
801          * Note: if we created the old pipe first, then someone who
802          * examined the directory at the right moment might conclude
803          * that we supported only the old pipe.  So we instead create
804          * the new pipe first.
805          */
806         gss_auth->dentry[1] = rpc_mkpipe(clnt->cl_path.dentry,
807                                          "gssd",
808                                          clnt, &gss_upcall_ops_v1,
809                                          RPC_PIPE_WAIT_FOR_OPEN);
810         if (IS_ERR(gss_auth->dentry[1])) {
811                 err = PTR_ERR(gss_auth->dentry[1]);
812                 goto err_put_mech;
813         }
814
815         gss_auth->dentry[0] = rpc_mkpipe(clnt->cl_path.dentry,
816                                          gss_auth->mech->gm_name,
817                                          clnt, &gss_upcall_ops_v0,
818                                          RPC_PIPE_WAIT_FOR_OPEN);
819         if (IS_ERR(gss_auth->dentry[0])) {
820                 err = PTR_ERR(gss_auth->dentry[0]);
821                 goto err_unlink_pipe_1;
822         }
823         err = rpcauth_init_credcache(auth);
824         if (err)
825                 goto err_unlink_pipe_0;
826
827         return auth;
828 err_unlink_pipe_0:
829         rpc_unlink(gss_auth->dentry[0]);
830 err_unlink_pipe_1:
831         rpc_unlink(gss_auth->dentry[1]);
832 err_put_mech:
833         gss_mech_put(gss_auth->mech);
834 err_free:
835         kfree(gss_auth);
836 out_dec:
837         module_put(THIS_MODULE);
838         return ERR_PTR(err);
839 }
840
841 static void
842 gss_free(struct gss_auth *gss_auth)
843 {
844         rpc_unlink(gss_auth->dentry[1]);
845         rpc_unlink(gss_auth->dentry[0]);
846         gss_mech_put(gss_auth->mech);
847
848         kfree(gss_auth);
849         module_put(THIS_MODULE);
850 }
851
852 static void
853 gss_free_callback(struct kref *kref)
854 {
855         struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
856
857         gss_free(gss_auth);
858 }
859
860 static void
861 gss_destroy(struct rpc_auth *auth)
862 {
863         struct gss_auth *gss_auth;
864
865         dprintk("RPC:       destroying GSS authenticator %p flavor %d\n",
866                         auth, auth->au_flavor);
867
868         rpcauth_destroy_credcache(auth);
869
870         gss_auth = container_of(auth, struct gss_auth, rpc_auth);
871         kref_put(&gss_auth->kref, gss_free_callback);
872 }
873
874 /*
875  * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
876  * to the server with the GSS control procedure field set to
877  * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
878  * all RPCSEC_GSS state associated with that context.
879  */
880 static int
881 gss_destroying_context(struct rpc_cred *cred)
882 {
883         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
884         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
885         struct rpc_task *task;
886
887         if (gss_cred->gc_ctx == NULL ||
888             test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
889                 return 0;
890
891         gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
892         cred->cr_ops = &gss_nullops;
893
894         /* Take a reference to ensure the cred will be destroyed either
895          * by the RPC call or by the put_rpccred() below */
896         get_rpccred(cred);
897
898         task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
899         if (!IS_ERR(task))
900                 rpc_put_task(task);
901
902         put_rpccred(cred);
903         return 1;
904 }
905
906 /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
907  * to create a new cred or context, so they check that things have been
908  * allocated before freeing them. */
909 static void
910 gss_do_free_ctx(struct gss_cl_ctx *ctx)
911 {
912         dprintk("RPC:       gss_free_ctx\n");
913
914         gss_delete_sec_context(&ctx->gc_gss_ctx);
915         kfree(ctx->gc_wire_ctx.data);
916         kfree(ctx);
917 }
918
919 static void
920 gss_free_ctx_callback(struct rcu_head *head)
921 {
922         struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
923         gss_do_free_ctx(ctx);
924 }
925
926 static void
927 gss_free_ctx(struct gss_cl_ctx *ctx)
928 {
929         call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
930 }
931
932 static void
933 gss_free_cred(struct gss_cred *gss_cred)
934 {
935         dprintk("RPC:       gss_free_cred %p\n", gss_cred);
936         kfree(gss_cred);
937 }
938
939 static void
940 gss_free_cred_callback(struct rcu_head *head)
941 {
942         struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
943         gss_free_cred(gss_cred);
944 }
945
946 static void
947 gss_destroy_nullcred(struct rpc_cred *cred)
948 {
949         struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
950         struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
951         struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
952
953         rcu_assign_pointer(gss_cred->gc_ctx, NULL);
954         call_rcu(&cred->cr_rcu, gss_free_cred_callback);
955         if (ctx)
956                 gss_put_ctx(ctx);
957         kref_put(&gss_auth->kref, gss_free_callback);
958 }
959
960 static void
961 gss_destroy_cred(struct rpc_cred *cred)
962 {
963
964         if (gss_destroying_context(cred))
965                 return;
966         gss_destroy_nullcred(cred);
967 }
968
969 /*
970  * Lookup RPCSEC_GSS cred for the current process
971  */
972 static struct rpc_cred *
973 gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
974 {
975         return rpcauth_lookup_credcache(auth, acred, flags);
976 }
977
978 static struct rpc_cred *
979 gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
980 {
981         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
982         struct gss_cred *cred = NULL;
983         int err = -ENOMEM;
984
985         dprintk("RPC:       gss_create_cred for uid %d, flavor %d\n",
986                 acred->uid, auth->au_flavor);
987
988         if (!(cred = kzalloc(sizeof(*cred), GFP_NOFS)))
989                 goto out_err;
990
991         rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
992         /*
993          * Note: in order to force a call to call_refresh(), we deliberately
994          * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
995          */
996         cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
997         cred->gc_service = gss_auth->service;
998         cred->gc_machine_cred = acred->machine_cred;
999         kref_get(&gss_auth->kref);
1000         return &cred->gc_base;
1001
1002 out_err:
1003         dprintk("RPC:       gss_create_cred failed with error %d\n", err);
1004         return ERR_PTR(err);
1005 }
1006
1007 static int
1008 gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
1009 {
1010         struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
1011         struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
1012         int err;
1013
1014         do {
1015                 err = gss_create_upcall(gss_auth, gss_cred);
1016         } while (err == -EAGAIN);
1017         return err;
1018 }
1019
1020 static int
1021 gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
1022 {
1023         struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
1024
1025         if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
1026                 goto out;
1027         /* Don't match with creds that have expired. */
1028         if (time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
1029                 return 0;
1030         if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
1031                 return 0;
1032 out:
1033         if (acred->machine_cred != gss_cred->gc_machine_cred)
1034                 return 0;
1035         return rc->cr_uid == acred->uid;
1036 }
1037
1038 /*
1039 * Marshal credentials.
1040 * Maybe we should keep a cached credential for performance reasons.
1041 */
1042 static __be32 *
1043 gss_marshal(struct rpc_task *task, __be32 *p)
1044 {
1045         struct rpc_rqst *req = task->tk_rqstp;
1046         struct rpc_cred *cred = req->rq_cred;
1047         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1048                                                  gc_base);
1049         struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
1050         __be32          *cred_len;
1051         u32             maj_stat = 0;
1052         struct xdr_netobj mic;
1053         struct kvec     iov;
1054         struct xdr_buf  verf_buf;
1055
1056         dprintk("RPC: %5u gss_marshal\n", task->tk_pid);
1057
1058         *p++ = htonl(RPC_AUTH_GSS);
1059         cred_len = p++;
1060
1061         spin_lock(&ctx->gc_seq_lock);
1062         req->rq_seqno = ctx->gc_seq++;
1063         spin_unlock(&ctx->gc_seq_lock);
1064
1065         *p++ = htonl((u32) RPC_GSS_VERSION);
1066         *p++ = htonl((u32) ctx->gc_proc);
1067         *p++ = htonl((u32) req->rq_seqno);
1068         *p++ = htonl((u32) gss_cred->gc_service);
1069         p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
1070         *cred_len = htonl((p - (cred_len + 1)) << 2);
1071
1072         /* We compute the checksum for the verifier over the xdr-encoded bytes
1073          * starting with the xid and ending at the end of the credential: */
1074         iov.iov_base = xprt_skip_transport_header(task->tk_xprt,
1075                                         req->rq_snd_buf.head[0].iov_base);
1076         iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
1077         xdr_buf_from_iov(&iov, &verf_buf);
1078
1079         /* set verifier flavor*/
1080         *p++ = htonl(RPC_AUTH_GSS);
1081
1082         mic.data = (u8 *)(p + 1);
1083         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1084         if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
1085                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1086         } else if (maj_stat != 0) {
1087                 printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat);
1088                 goto out_put_ctx;
1089         }
1090         p = xdr_encode_opaque(p, NULL, mic.len);
1091         gss_put_ctx(ctx);
1092         return p;
1093 out_put_ctx:
1094         gss_put_ctx(ctx);
1095         return NULL;
1096 }
1097
1098 static int gss_renew_cred(struct rpc_task *task)
1099 {
1100         struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
1101         struct gss_cred *gss_cred = container_of(oldcred,
1102                                                  struct gss_cred,
1103                                                  gc_base);
1104         struct rpc_auth *auth = oldcred->cr_auth;
1105         struct auth_cred acred = {
1106                 .uid = oldcred->cr_uid,
1107                 .machine_cred = gss_cred->gc_machine_cred,
1108         };
1109         struct rpc_cred *new;
1110
1111         new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
1112         if (IS_ERR(new))
1113                 return PTR_ERR(new);
1114         task->tk_rqstp->rq_cred = new;
1115         put_rpccred(oldcred);
1116         return 0;
1117 }
1118
1119 static int gss_cred_is_negative_entry(struct rpc_cred *cred)
1120 {
1121         if (test_bit(RPCAUTH_CRED_NEGATIVE, &cred->cr_flags)) {
1122                 unsigned long now = jiffies;
1123                 unsigned long begin, expire;
1124                 struct gss_cred *gss_cred; 
1125
1126                 gss_cred = container_of(cred, struct gss_cred, gc_base);
1127                 begin = gss_cred->gc_upcall_timestamp;
1128                 expire = begin + gss_expired_cred_retry_delay * HZ;
1129
1130                 if (time_in_range_open(now, begin, expire))
1131                         return 1;
1132         }
1133         return 0;
1134 }
1135
1136 /*
1137 * Refresh credentials. XXX - finish
1138 */
1139 static int
1140 gss_refresh(struct rpc_task *task)
1141 {
1142         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1143         int ret = 0;
1144
1145         if (gss_cred_is_negative_entry(cred))
1146                 return -EKEYEXPIRED;
1147
1148         if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
1149                         !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
1150                 ret = gss_renew_cred(task);
1151                 if (ret < 0)
1152                         goto out;
1153                 cred = task->tk_rqstp->rq_cred;
1154         }
1155
1156         if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
1157                 ret = gss_refresh_upcall(task);
1158 out:
1159         return ret;
1160 }
1161
1162 /* Dummy refresh routine: used only when destroying the context */
1163 static int
1164 gss_refresh_null(struct rpc_task *task)
1165 {
1166         return -EACCES;
1167 }
1168
1169 static __be32 *
1170 gss_validate(struct rpc_task *task, __be32 *p)
1171 {
1172         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1173         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1174         __be32          seq;
1175         struct kvec     iov;
1176         struct xdr_buf  verf_buf;
1177         struct xdr_netobj mic;
1178         u32             flav,len;
1179         u32             maj_stat;
1180
1181         dprintk("RPC: %5u gss_validate\n", task->tk_pid);
1182
1183         flav = ntohl(*p++);
1184         if ((len = ntohl(*p++)) > RPC_MAX_AUTH_SIZE)
1185                 goto out_bad;
1186         if (flav != RPC_AUTH_GSS)
1187                 goto out_bad;
1188         seq = htonl(task->tk_rqstp->rq_seqno);
1189         iov.iov_base = &seq;
1190         iov.iov_len = sizeof(seq);
1191         xdr_buf_from_iov(&iov, &verf_buf);
1192         mic.data = (u8 *)p;
1193         mic.len = len;
1194
1195         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
1196         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1197                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1198         if (maj_stat) {
1199                 dprintk("RPC: %5u gss_validate: gss_verify_mic returned "
1200                                 "error 0x%08x\n", task->tk_pid, maj_stat);
1201                 goto out_bad;
1202         }
1203         /* We leave it to unwrap to calculate au_rslack. For now we just
1204          * calculate the length of the verifier: */
1205         cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
1206         gss_put_ctx(ctx);
1207         dprintk("RPC: %5u gss_validate: gss_verify_mic succeeded.\n",
1208                         task->tk_pid);
1209         return p + XDR_QUADLEN(len);
1210 out_bad:
1211         gss_put_ctx(ctx);
1212         dprintk("RPC: %5u gss_validate failed.\n", task->tk_pid);
1213         return NULL;
1214 }
1215
1216 static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
1217                                 __be32 *p, void *obj)
1218 {
1219         struct xdr_stream xdr;
1220
1221         xdr_init_encode(&xdr, &rqstp->rq_snd_buf, p);
1222         encode(rqstp, &xdr, obj);
1223 }
1224
1225 static inline int
1226 gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1227                    kxdreproc_t encode, struct rpc_rqst *rqstp,
1228                    __be32 *p, void *obj)
1229 {
1230         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1231         struct xdr_buf  integ_buf;
1232         __be32          *integ_len = NULL;
1233         struct xdr_netobj mic;
1234         u32             offset;
1235         __be32          *q;
1236         struct kvec     *iov;
1237         u32             maj_stat = 0;
1238         int             status = -EIO;
1239
1240         integ_len = p++;
1241         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1242         *p++ = htonl(rqstp->rq_seqno);
1243
1244         gss_wrap_req_encode(encode, rqstp, p, obj);
1245
1246         if (xdr_buf_subsegment(snd_buf, &integ_buf,
1247                                 offset, snd_buf->len - offset))
1248                 return status;
1249         *integ_len = htonl(integ_buf.len);
1250
1251         /* guess whether we're in the head or the tail: */
1252         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1253                 iov = snd_buf->tail;
1254         else
1255                 iov = snd_buf->head;
1256         p = iov->iov_base + iov->iov_len;
1257         mic.data = (u8 *)(p + 1);
1258
1259         maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1260         status = -EIO; /* XXX? */
1261         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1262                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1263         else if (maj_stat)
1264                 return status;
1265         q = xdr_encode_opaque(p, NULL, mic.len);
1266
1267         offset = (u8 *)q - (u8 *)p;
1268         iov->iov_len += offset;
1269         snd_buf->len += offset;
1270         return 0;
1271 }
1272
1273 static void
1274 priv_release_snd_buf(struct rpc_rqst *rqstp)
1275 {
1276         int i;
1277
1278         for (i=0; i < rqstp->rq_enc_pages_num; i++)
1279                 __free_page(rqstp->rq_enc_pages[i]);
1280         kfree(rqstp->rq_enc_pages);
1281 }
1282
1283 static int
1284 alloc_enc_pages(struct rpc_rqst *rqstp)
1285 {
1286         struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
1287         int first, last, i;
1288
1289         if (snd_buf->page_len == 0) {
1290                 rqstp->rq_enc_pages_num = 0;
1291                 return 0;
1292         }
1293
1294         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1295         last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT;
1296         rqstp->rq_enc_pages_num = last - first + 1 + 1;
1297         rqstp->rq_enc_pages
1298                 = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *),
1299                                 GFP_NOFS);
1300         if (!rqstp->rq_enc_pages)
1301                 goto out;
1302         for (i=0; i < rqstp->rq_enc_pages_num; i++) {
1303                 rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS);
1304                 if (rqstp->rq_enc_pages[i] == NULL)
1305                         goto out_free;
1306         }
1307         rqstp->rq_release_snd_buf = priv_release_snd_buf;
1308         return 0;
1309 out_free:
1310         rqstp->rq_enc_pages_num = i;
1311         priv_release_snd_buf(rqstp);
1312 out:
1313         return -EAGAIN;
1314 }
1315
1316 static inline int
1317 gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1318                   kxdreproc_t encode, struct rpc_rqst *rqstp,
1319                   __be32 *p, void *obj)
1320 {
1321         struct xdr_buf  *snd_buf = &rqstp->rq_snd_buf;
1322         u32             offset;
1323         u32             maj_stat;
1324         int             status;
1325         __be32          *opaque_len;
1326         struct page     **inpages;
1327         int             first;
1328         int             pad;
1329         struct kvec     *iov;
1330         char            *tmp;
1331
1332         opaque_len = p++;
1333         offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
1334         *p++ = htonl(rqstp->rq_seqno);
1335
1336         gss_wrap_req_encode(encode, rqstp, p, obj);
1337
1338         status = alloc_enc_pages(rqstp);
1339         if (status)
1340                 return status;
1341         first = snd_buf->page_base >> PAGE_CACHE_SHIFT;
1342         inpages = snd_buf->pages + first;
1343         snd_buf->pages = rqstp->rq_enc_pages;
1344         snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1345         /*
1346          * Give the tail its own page, in case we need extra space in the
1347          * head when wrapping:
1348          *
1349          * call_allocate() allocates twice the slack space required
1350          * by the authentication flavor to rq_callsize.
1351          * For GSS, slack is GSS_CRED_SLACK.
1352          */
1353         if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1354                 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1355                 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1356                 snd_buf->tail[0].iov_base = tmp;
1357         }
1358         maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1359         /* slack space should prevent this ever happening: */
1360         BUG_ON(snd_buf->len > snd_buf->buflen);
1361         status = -EIO;
1362         /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
1363          * done anyway, so it's safe to put the request on the wire: */
1364         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1365                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1366         else if (maj_stat)
1367                 return status;
1368
1369         *opaque_len = htonl(snd_buf->len - offset);
1370         /* guess whether we're in the head or the tail: */
1371         if (snd_buf->page_len || snd_buf->tail[0].iov_len)
1372                 iov = snd_buf->tail;
1373         else
1374                 iov = snd_buf->head;
1375         p = iov->iov_base + iov->iov_len;
1376         pad = 3 - ((snd_buf->len - offset - 1) & 3);
1377         memset(p, 0, pad);
1378         iov->iov_len += pad;
1379         snd_buf->len += pad;
1380
1381         return 0;
1382 }
1383
1384 static int
1385 gss_wrap_req(struct rpc_task *task,
1386              kxdreproc_t encode, void *rqstp, __be32 *p, void *obj)
1387 {
1388         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1389         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1390                         gc_base);
1391         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1392         int             status = -EIO;
1393
1394         dprintk("RPC: %5u gss_wrap_req\n", task->tk_pid);
1395         if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
1396                 /* The spec seems a little ambiguous here, but I think that not
1397                  * wrapping context destruction requests makes the most sense.
1398                  */
1399                 gss_wrap_req_encode(encode, rqstp, p, obj);
1400                 status = 0;
1401                 goto out;
1402         }
1403         switch (gss_cred->gc_service) {
1404         case RPC_GSS_SVC_NONE:
1405                 gss_wrap_req_encode(encode, rqstp, p, obj);
1406                 status = 0;
1407                 break;
1408         case RPC_GSS_SVC_INTEGRITY:
1409                 status = gss_wrap_req_integ(cred, ctx, encode, rqstp, p, obj);
1410                 break;
1411         case RPC_GSS_SVC_PRIVACY:
1412                 status = gss_wrap_req_priv(cred, ctx, encode, rqstp, p, obj);
1413                 break;
1414         }
1415 out:
1416         gss_put_ctx(ctx);
1417         dprintk("RPC: %5u gss_wrap_req returning %d\n", task->tk_pid, status);
1418         return status;
1419 }
1420
1421 static inline int
1422 gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1423                 struct rpc_rqst *rqstp, __be32 **p)
1424 {
1425         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1426         struct xdr_buf integ_buf;
1427         struct xdr_netobj mic;
1428         u32 data_offset, mic_offset;
1429         u32 integ_len;
1430         u32 maj_stat;
1431         int status = -EIO;
1432
1433         integ_len = ntohl(*(*p)++);
1434         if (integ_len & 3)
1435                 return status;
1436         data_offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1437         mic_offset = integ_len + data_offset;
1438         if (mic_offset > rcv_buf->len)
1439                 return status;
1440         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1441                 return status;
1442
1443         if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset,
1444                                 mic_offset - data_offset))
1445                 return status;
1446
1447         if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset))
1448                 return status;
1449
1450         maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
1451         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1452                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1453         if (maj_stat != GSS_S_COMPLETE)
1454                 return status;
1455         return 0;
1456 }
1457
1458 static inline int
1459 gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1460                 struct rpc_rqst *rqstp, __be32 **p)
1461 {
1462         struct xdr_buf  *rcv_buf = &rqstp->rq_rcv_buf;
1463         u32 offset;
1464         u32 opaque_len;
1465         u32 maj_stat;
1466         int status = -EIO;
1467
1468         opaque_len = ntohl(*(*p)++);
1469         offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base;
1470         if (offset + opaque_len > rcv_buf->len)
1471                 return status;
1472         /* remove padding: */
1473         rcv_buf->len = offset + opaque_len;
1474
1475         maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf);
1476         if (maj_stat == GSS_S_CONTEXT_EXPIRED)
1477                 clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
1478         if (maj_stat != GSS_S_COMPLETE)
1479                 return status;
1480         if (ntohl(*(*p)++) != rqstp->rq_seqno)
1481                 return status;
1482
1483         return 0;
1484 }
1485
1486 static int
1487 gss_unwrap_req_decode(kxdrdproc_t decode, struct rpc_rqst *rqstp,
1488                       __be32 *p, void *obj)
1489 {
1490         struct xdr_stream xdr;
1491
1492         xdr_init_decode(&xdr, &rqstp->rq_rcv_buf, p);
1493         return decode(rqstp, &xdr, obj);
1494 }
1495
1496 static int
1497 gss_unwrap_resp(struct rpc_task *task,
1498                 kxdrdproc_t decode, void *rqstp, __be32 *p, void *obj)
1499 {
1500         struct rpc_cred *cred = task->tk_rqstp->rq_cred;
1501         struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
1502                         gc_base);
1503         struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
1504         __be32          *savedp = p;
1505         struct kvec     *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head;
1506         int             savedlen = head->iov_len;
1507         int             status = -EIO;
1508
1509         if (ctx->gc_proc != RPC_GSS_PROC_DATA)
1510                 goto out_decode;
1511         switch (gss_cred->gc_service) {
1512         case RPC_GSS_SVC_NONE:
1513                 break;
1514         case RPC_GSS_SVC_INTEGRITY:
1515                 status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
1516                 if (status)
1517                         goto out;
1518                 break;
1519         case RPC_GSS_SVC_PRIVACY:
1520                 status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p);
1521                 if (status)
1522                         goto out;
1523                 break;
1524         }
1525         /* take into account extra slack for integrity and privacy cases: */
1526         cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
1527                                                 + (savedlen - head->iov_len);
1528 out_decode:
1529         status = gss_unwrap_req_decode(decode, rqstp, p, obj);
1530 out:
1531         gss_put_ctx(ctx);
1532         dprintk("RPC: %5u gss_unwrap_resp returning %d\n", task->tk_pid,
1533                         status);
1534         return status;
1535 }
1536
1537 static const struct rpc_authops authgss_ops = {
1538         .owner          = THIS_MODULE,
1539         .au_flavor      = RPC_AUTH_GSS,
1540         .au_name        = "RPCSEC_GSS",
1541         .create         = gss_create,
1542         .destroy        = gss_destroy,
1543         .lookup_cred    = gss_lookup_cred,
1544         .crcreate       = gss_create_cred
1545 };
1546
1547 static const struct rpc_credops gss_credops = {
1548         .cr_name        = "AUTH_GSS",
1549         .crdestroy      = gss_destroy_cred,
1550         .cr_init        = gss_cred_init,
1551         .crbind         = rpcauth_generic_bind_cred,
1552         .crmatch        = gss_match,
1553         .crmarshal      = gss_marshal,
1554         .crrefresh      = gss_refresh,
1555         .crvalidate     = gss_validate,
1556         .crwrap_req     = gss_wrap_req,
1557         .crunwrap_resp  = gss_unwrap_resp,
1558 };
1559
1560 static const struct rpc_credops gss_nullops = {
1561         .cr_name        = "AUTH_GSS",
1562         .crdestroy      = gss_destroy_nullcred,
1563         .crbind         = rpcauth_generic_bind_cred,
1564         .crmatch        = gss_match,
1565         .crmarshal      = gss_marshal,
1566         .crrefresh      = gss_refresh_null,
1567         .crvalidate     = gss_validate,
1568         .crwrap_req     = gss_wrap_req,
1569         .crunwrap_resp  = gss_unwrap_resp,
1570 };
1571
1572 static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
1573         .upcall         = rpc_pipe_generic_upcall,
1574         .downcall       = gss_pipe_downcall,
1575         .destroy_msg    = gss_pipe_destroy_msg,
1576         .open_pipe      = gss_pipe_open_v0,
1577         .release_pipe   = gss_pipe_release,
1578 };
1579
1580 static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
1581         .upcall         = rpc_pipe_generic_upcall,
1582         .downcall       = gss_pipe_downcall,
1583         .destroy_msg    = gss_pipe_destroy_msg,
1584         .open_pipe      = gss_pipe_open_v1,
1585         .release_pipe   = gss_pipe_release,
1586 };
1587
1588 /*
1589  * Initialize RPCSEC_GSS module
1590  */
1591 static int __init init_rpcsec_gss(void)
1592 {
1593         int err = 0;
1594
1595         err = rpcauth_register(&authgss_ops);
1596         if (err)
1597                 goto out;
1598         err = gss_svc_init();
1599         if (err)
1600                 goto out_unregister;
1601         rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
1602         return 0;
1603 out_unregister:
1604         rpcauth_unregister(&authgss_ops);
1605 out:
1606         return err;
1607 }
1608
1609 static void __exit exit_rpcsec_gss(void)
1610 {
1611         gss_svc_shutdown();
1612         rpcauth_unregister(&authgss_ops);
1613         rcu_barrier(); /* Wait for completion of call_rcu()'s */
1614 }
1615
1616 MODULE_LICENSE("GPL");
1617 module_param_named(expired_cred_retry_delay,
1618                    gss_expired_cred_retry_delay,
1619                    uint, 0644);
1620 MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
1621                 "the RPC engine retries an expired credential");
1622
1623 module_init(init_rpcsec_gss)
1624 module_exit(exit_rpcsec_gss)