X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=net%2Fsunrpc%2Fauth_gss%2Fauth_gss.c;h=519ebc17c02845a762102c00b35efb6f01b73b46;hb=9464c7cf61b9433057924c36e6e02f303a00e768;hp=e32f2a709e2d87b71c05c1e913276069203df17f;hpb=48ed9e9ed158dedf557fbe4b9e8b09f109e2a79a;p=linux-2.6.git diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index e32f2a709..519ebc17c 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -42,9 +42,8 @@ #include #include #include -#include -#include #include +#include #include #include #include @@ -80,12 +79,14 @@ static struct rpc_credops gss_credops; /* dump the buffer in `emacs-hexl' style */ #define isprint(c) ((c > 0x1f) && (c < 0x7f)) -static rwlock_t gss_ctx_lock = RW_LOCK_UNLOCKED; +static DEFINE_RWLOCK(gss_ctx_lock); struct gss_auth { struct rpc_auth rpc_auth; struct gss_api_mech *mech; + enum rpc_gss_svc service; struct list_head upcalls; + struct rpc_clnt *client; struct dentry *dentry; char path[48]; spinlock_t lock; @@ -157,6 +158,7 @@ gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx) old = gss_cred->gc_ctx; gss_cred->gc_ctx = ctx; cred->cr_flags |= RPCAUTH_CRED_UPTODATE; + cred->cr_flags &= ~RPCAUTH_CRED_NEW; write_unlock(&gss_ctx_lock); if (old) gss_put_ctx(old); @@ -175,42 +177,34 @@ gss_cred_is_uptodate_ctx(struct rpc_cred *cred) return res; } -static inline int -simple_get_bytes(char **ptr, const char *end, void *res, int len) +static const void * +simple_get_bytes(const void *p, const void *end, void *res, size_t len) { - char *p, *q; - p = *ptr; - q = p + len; - if (q > end || q < p) - return -1; + const void *q = (const void *)((const char *)p + len); + if (unlikely(q > end || q < p)) + return ERR_PTR(-EFAULT); memcpy(res, p, len); - *ptr = q; - return 0; + return q; } -static inline int -simple_get_netobj(char **ptr, const char *end, struct xdr_netobj *res) +static inline const void * +simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest) { - char *p, *q; - p = *ptr; - if (simple_get_bytes(&p, end, &res->len, sizeof(res->len))) - return -1; - q = p + res->len; - if (q > end || q < p) - return -1; - res->data = p; - *ptr = q; - return 0; -} - -static int -dup_netobj(struct xdr_netobj *source, struct xdr_netobj *dest) -{ - dest->len = source->len; - if (!(dest->data = kmalloc(dest->len, GFP_KERNEL))) - return -1; - memcpy(dest->data, source->data, dest->len); - return 0; + const void *q; + unsigned int len; + + p = simple_get_bytes(p, end, &len, sizeof(len)); + if (IS_ERR(p)) + return p; + q = (const void *)((const char *)p + len); + if (unlikely(q > end || q < p)) + return ERR_PTR(-EFAULT); + dest->data = kmalloc(len, GFP_KERNEL); + if (unlikely(dest->data == NULL)) + return ERR_PTR(-ENOMEM); + dest->len = len; + memcpy(dest->data, p, len); + return q; } static struct gss_cl_ctx * @@ -226,74 +220,84 @@ gss_cred_get_ctx(struct rpc_cred *cred) return ctx; } -static int -gss_parse_init_downcall(struct gss_api_mech *gm, struct xdr_netobj *buf, - struct gss_cl_ctx **gc, uid_t *uid, int *gss_err) +static struct gss_cl_ctx * +gss_alloc_context(void) { - char *end = buf->data + buf->len; - char *p = buf->data; struct gss_cl_ctx *ctx; - struct xdr_netobj tmp_buf; + + ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); + if (ctx != NULL) { + memset(ctx, 0, sizeof(*ctx)); + ctx->gc_proc = RPC_GSS_PROC_DATA; + ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */ + spin_lock_init(&ctx->gc_seq_lock); + atomic_set(&ctx->count,1); + } + return ctx; +} + +#define GSSD_MIN_TIMEOUT (60 * 60) +static const void * +gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm) +{ + const void *q; + unsigned int seclen; unsigned int timeout; - int err = -EIO; + u32 window_size; + int ret; - if (!(ctx = kmalloc(sizeof(*ctx), GFP_KERNEL))) { - err = -ENOMEM; + /* First unsigned int gives the lifetime (in seconds) of the cred */ + p = simple_get_bytes(p, end, &timeout, sizeof(timeout)); + if (IS_ERR(p)) goto err; - } - ctx->gc_proc = RPC_GSS_PROC_DATA; - ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */ - spin_lock_init(&ctx->gc_seq_lock); - atomic_set(&ctx->count,1); - - if (simple_get_bytes(&p, end, uid, sizeof(uid))) - goto err_free_ctx; - /* FIXME: discarded timeout for now */ - if (simple_get_bytes(&p, end, &timeout, sizeof(timeout))) - goto err_free_ctx; - *gss_err = 0; - if (simple_get_bytes(&p, end, &ctx->gc_win, sizeof(ctx->gc_win))) - goto err_free_ctx; + if (timeout == 0) + timeout = GSSD_MIN_TIMEOUT; + ctx->gc_expiry = jiffies + (unsigned long)timeout * HZ * 3 / 4; + /* Sequence number window. Determines the maximum number of simultaneous requests */ + p = simple_get_bytes(p, end, &window_size, sizeof(window_size)); + if (IS_ERR(p)) + goto err; + ctx->gc_win = window_size; /* gssd signals an error by passing ctx->gc_win = 0: */ - if (!ctx->gc_win) { - /* in which case the next int is an error code: */ - if (simple_get_bytes(&p, end, gss_err, sizeof(*gss_err))) - goto err_free_ctx; - err = 0; - goto err_free_ctx; + if (ctx->gc_win == 0) { + /* in which case, p points to an error code which we ignore */ + p = ERR_PTR(-EACCES); + goto err; } - if (simple_get_netobj(&p, end, &tmp_buf)) - goto err_free_ctx; - if (dup_netobj(&tmp_buf, &ctx->gc_wire_ctx)) { - err = -ENOMEM; - goto err_free_ctx; + /* copy the opaque wire context */ + p = simple_get_netobj(p, end, &ctx->gc_wire_ctx); + if (IS_ERR(p)) + goto err; + /* import the opaque security context */ + p = simple_get_bytes(p, end, &seclen, sizeof(seclen)); + if (IS_ERR(p)) + goto err; + q = (const void *)((const char *)p + seclen); + if (unlikely(q > end || q < p)) { + p = ERR_PTR(-EFAULT); + goto err; } - if (simple_get_netobj(&p, end, &tmp_buf)) - goto err_free_wire_ctx; - if (p != end) - goto err_free_wire_ctx; - if (gss_import_sec_context(&tmp_buf, gm, &ctx->gc_gss_ctx)) - goto err_free_wire_ctx; - *gc = ctx; - return 0; -err_free_wire_ctx: - kfree(ctx->gc_wire_ctx.data); -err_free_ctx: - kfree(ctx); + ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx); + if (ret < 0) { + p = ERR_PTR(ret); + goto err; + } + return q; err: - *gc = NULL; - dprintk("RPC: gss_parse_init_downcall returning %d\n", err); - return err; + dprintk("RPC: gss_fill_context returning %ld\n", -PTR_ERR(p)); + return p; } struct gss_upcall_msg { + atomic_t count; + uid_t uid; struct rpc_pipe_msg msg; struct list_head list; struct gss_auth *auth; - struct rpc_wait_queue waitq; - uid_t uid; - atomic_t count; + struct rpc_wait_queue rpc_waitqueue; + wait_queue_head_t waitqueue; + struct gss_cl_ctx *ctx; }; static void @@ -302,6 +306,8 @@ gss_release_msg(struct gss_upcall_msg *gss_msg) if (!atomic_dec_and_test(&gss_msg->count)) return; BUG_ON(!list_empty(&gss_msg->list)); + if (gss_msg->ctx != NULL) + gss_put_ctx(gss_msg->ctx); kfree(gss_msg); } @@ -320,16 +326,34 @@ __gss_find_upcall(struct gss_auth *gss_auth, uid_t uid) return NULL; } +/* Try to add a upcall to the pipefs queue. + * If an upcall owned by our uid already exists, then we return a reference + * to that upcall instead of adding the new upcall. + */ +static inline struct gss_upcall_msg * +gss_add_msg(struct gss_auth *gss_auth, struct gss_upcall_msg *gss_msg) +{ + struct gss_upcall_msg *old; + + spin_lock(&gss_auth->lock); + old = __gss_find_upcall(gss_auth, gss_msg->uid); + if (old == NULL) { + atomic_inc(&gss_msg->count); + list_add(&gss_msg->list, &gss_auth->upcalls); + } else + gss_msg = old; + spin_unlock(&gss_auth->lock); + return gss_msg; +} + static void __gss_unhash_msg(struct gss_upcall_msg *gss_msg) { if (list_empty(&gss_msg->list)) return; list_del_init(&gss_msg->list); - if (gss_msg->msg.errno < 0) - rpc_wake_up_status(&gss_msg->waitq, gss_msg->msg.errno); - else - rpc_wake_up(&gss_msg->waitq); + rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno); + wake_up_all(&gss_msg->waitqueue); atomic_dec(&gss_msg->count); } @@ -343,76 +367,139 @@ gss_unhash_msg(struct gss_upcall_msg *gss_msg) spin_unlock(&gss_auth->lock); } -static int -gss_upcall(struct rpc_clnt *clnt, struct rpc_task *task, struct rpc_cred *cred) +static void +gss_upcall_callback(struct rpc_task *task) { - struct gss_auth *gss_auth = container_of(clnt->cl_auth, - struct gss_auth, rpc_auth); - struct gss_upcall_msg *gss_msg, *gss_new = NULL; - struct rpc_pipe_msg *msg; - struct dentry *dentry = gss_auth->dentry; - uid_t uid = cred->cr_uid; - int res = 0; + struct gss_cred *gss_cred = container_of(task->tk_msg.rpc_cred, + struct gss_cred, gc_base); + struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall; + + BUG_ON(gss_msg == NULL); + if (gss_msg->ctx) + gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_get_ctx(gss_msg->ctx)); + else + task->tk_status = gss_msg->msg.errno; + spin_lock(&gss_msg->auth->lock); + gss_cred->gc_upcall = NULL; + rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno); + spin_unlock(&gss_msg->auth->lock); + gss_release_msg(gss_msg); +} - dprintk("RPC: %4u gss_upcall for uid %u\n", task->tk_pid, uid); +static inline struct gss_upcall_msg * +gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid) +{ + struct gss_upcall_msg *gss_msg; -retry: - spin_lock(&gss_auth->lock); - gss_msg = __gss_find_upcall(gss_auth, uid); - if (gss_msg) - goto out_sleep; - if (gss_new == NULL) { - spin_unlock(&gss_auth->lock); - gss_new = kmalloc(sizeof(*gss_new), GFP_KERNEL); - if (!gss_new) { - dprintk("RPC: %4u gss_upcall -ENOMEM\n", task->tk_pid); - return -ENOMEM; + gss_msg = kmalloc(sizeof(*gss_msg), GFP_KERNEL); + if (gss_msg != NULL) { + memset(gss_msg, 0, sizeof(*gss_msg)); + INIT_LIST_HEAD(&gss_msg->list); + rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq"); + init_waitqueue_head(&gss_msg->waitqueue); + atomic_set(&gss_msg->count, 1); + gss_msg->msg.data = &gss_msg->uid; + gss_msg->msg.len = sizeof(gss_msg->uid); + gss_msg->uid = uid; + gss_msg->auth = gss_auth; + } + return gss_msg; +} + +static struct gss_upcall_msg * +gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred) +{ + struct gss_upcall_msg *gss_new, *gss_msg; + + gss_new = gss_alloc_msg(gss_auth, cred->cr_uid); + if (gss_new == NULL) + return ERR_PTR(-ENOMEM); + gss_msg = gss_add_msg(gss_auth, gss_new); + if (gss_msg == gss_new) { + int res = rpc_queue_upcall(gss_auth->dentry->d_inode, &gss_new->msg); + if (res) { + gss_unhash_msg(gss_new); + gss_msg = ERR_PTR(res); } - goto retry; + } else + gss_release_msg(gss_new); + return gss_msg; +} + +static inline int +gss_refresh_upcall(struct rpc_task *task) +{ + struct rpc_cred *cred = task->tk_msg.rpc_cred; + struct gss_auth *gss_auth = container_of(task->tk_client->cl_auth, + struct gss_auth, rpc_auth); + struct gss_cred *gss_cred = container_of(cred, + struct gss_cred, gc_base); + struct gss_upcall_msg *gss_msg; + int err = 0; + + dprintk("RPC: %4u gss_refresh_upcall for uid %u\n", task->tk_pid, cred->cr_uid); + gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred); + if (IS_ERR(gss_msg)) { + err = PTR_ERR(gss_msg); + goto out; } - gss_msg = gss_new; - memset(gss_new, 0, sizeof(*gss_new)); - INIT_LIST_HEAD(&gss_new->list); - rpc_init_wait_queue(&gss_new->waitq, "RPCSEC_GSS upcall waitq"); - atomic_set(&gss_new->count, 2); - msg = &gss_new->msg; - msg->data = &gss_new->uid; - msg->len = sizeof(gss_new->uid); - gss_new->uid = uid; - gss_new->auth = gss_auth; - list_add(&gss_new->list, &gss_auth->upcalls); - gss_new = NULL; - /* Has someone updated the credential behind our back? */ - if (!gss_cred_is_uptodate_ctx(cred)) { - /* No, so do upcall and sleep */ + spin_lock(&gss_auth->lock); + if (gss_cred->gc_upcall != NULL) + rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL, NULL); + else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) { task->tk_timeout = 0; - rpc_sleep_on(&gss_msg->waitq, task, NULL, NULL); - spin_unlock(&gss_auth->lock); - res = rpc_queue_upcall(dentry->d_inode, msg); - if (res) - gss_unhash_msg(gss_msg); - } else { - /* Yes, so cancel upcall */ - __gss_unhash_msg(gss_msg); + gss_cred->gc_upcall = gss_msg; + /* gss_upcall_callback will release the reference to gss_upcall_msg */ + atomic_inc(&gss_msg->count); + rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback, NULL); + } else + err = gss_msg->msg.errno; + spin_unlock(&gss_auth->lock); + gss_release_msg(gss_msg); +out: + dprintk("RPC: %4u gss_refresh_upcall for uid %u result %d\n", task->tk_pid, + cred->cr_uid, err); + return err; +} + +static inline int +gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred) +{ + struct rpc_cred *cred = &gss_cred->gc_base; + struct gss_upcall_msg *gss_msg; + DEFINE_WAIT(wait); + int err = 0; + + dprintk("RPC: gss_upcall for uid %u\n", cred->cr_uid); + gss_msg = gss_setup_upcall(gss_auth->client, gss_auth, cred); + if (IS_ERR(gss_msg)) { + err = PTR_ERR(gss_msg); + goto out; + } + for (;;) { + prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_INTERRUPTIBLE); + spin_lock(&gss_auth->lock); + if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) { + spin_unlock(&gss_auth->lock); + break; + } spin_unlock(&gss_auth->lock); + if (signalled()) { + err = -ERESTARTSYS; + goto out_intr; + } + schedule(); } + if (gss_msg->ctx) + gss_cred_set_ctx(cred, gss_get_ctx(gss_msg->ctx)); + else + err = gss_msg->msg.errno; +out_intr: + finish_wait(&gss_msg->waitqueue, &wait); gss_release_msg(gss_msg); - dprintk("RPC: %4u gss_upcall for uid %u result %d", task->tk_pid, - uid, res); - return res; -out_sleep: - task->tk_timeout = 0; - rpc_sleep_on(&gss_msg->waitq, task, NULL, NULL); - spin_unlock(&gss_auth->lock); - dprintk("RPC: %4u gss_upcall sleeping\n", task->tk_pid); - if (gss_new) - kfree(gss_new); - /* Note: we drop the reference here: we are automatically removed - * from the queue when we're woken up, and we should in any case - * have no further responsabilities w.r.t. the upcall. - */ - gss_release_msg(gss_msg); - return 0; +out: + dprintk("RPC: gss_create_upcall for uid %u result %d\n", cred->cr_uid, err); + return err; } static ssize_t @@ -441,66 +528,75 @@ gss_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg, static ssize_t gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen) { - struct xdr_netobj obj = { - .len = mlen, - }; - struct inode *inode = filp->f_dentry->d_inode; - struct rpc_inode *rpci = RPC_I(inode); + const void *p, *end; + void *buf; struct rpc_clnt *clnt; - struct rpc_auth *auth; struct gss_auth *gss_auth; - struct gss_api_mech *mech; - struct auth_cred acred = { 0 }; struct rpc_cred *cred; struct gss_upcall_msg *gss_msg; - struct gss_cl_ctx *ctx = NULL; - ssize_t left; - int err; - int gss_err; + struct gss_cl_ctx *ctx; + uid_t uid; + int err = -EFBIG; if (mlen > MSG_BUF_MAXSIZE) - return -EFBIG; - obj.data = kmalloc(mlen, GFP_KERNEL); - if (!obj.data) - return -ENOMEM; - left = copy_from_user(obj.data, src, mlen); - if (left) { - err = -EFAULT; goto out; - } - clnt = rpci->private; - atomic_inc(&clnt->cl_users); - auth = clnt->cl_auth; - gss_auth = container_of(auth, struct gss_auth, rpc_auth); - mech = gss_auth->mech; - err = gss_parse_init_downcall(mech, &obj, &ctx, &acred.uid, &gss_err); - if (err) + err = -ENOMEM; + buf = kmalloc(mlen, GFP_KERNEL); + if (!buf) + goto out; + + clnt = RPC_I(filp->f_dentry->d_inode)->private; + err = -EFAULT; + if (copy_from_user(buf, src, mlen)) goto err; - cred = rpcauth_lookup_credcache(auth, &acred, 0); - if (!cred) + + end = (const void *)((char *)buf + mlen); + p = simple_get_bytes(buf, end, &uid, sizeof(uid)); + if (IS_ERR(p)) { + err = PTR_ERR(p); goto err; - if (gss_err) - cred->cr_flags |= RPCAUTH_CRED_DEAD; - else - gss_cred_set_ctx(cred, ctx); + } + + err = -ENOMEM; + ctx = gss_alloc_context(); + if (ctx == NULL) + goto err; + err = 0; + gss_auth = container_of(clnt->cl_auth, struct gss_auth, rpc_auth); + p = gss_fill_context(p, end, ctx, gss_auth->mech); + if (IS_ERR(p)) { + err = PTR_ERR(p); + if (err != -EACCES) + goto err_put_ctx; + } spin_lock(&gss_auth->lock); - gss_msg = __gss_find_upcall(gss_auth, acred.uid); + gss_msg = __gss_find_upcall(gss_auth, uid); if (gss_msg) { + if (err == 0 && gss_msg->ctx == NULL) + gss_msg->ctx = gss_get_ctx(ctx); + gss_msg->msg.errno = err; __gss_unhash_msg(gss_msg); spin_unlock(&gss_auth->lock); gss_release_msg(gss_msg); - } else + } else { + struct auth_cred acred = { .uid = uid }; spin_unlock(&gss_auth->lock); - rpc_release_client(clnt); - kfree(obj.data); + cred = rpcauth_lookup_credcache(clnt->cl_auth, &acred, RPCAUTH_LOOKUP_NEW); + if (IS_ERR(cred)) { + err = PTR_ERR(cred); + goto err_put_ctx; + } + gss_cred_set_ctx(cred, gss_get_ctx(ctx)); + } + gss_put_ctx(ctx); + kfree(buf); dprintk("RPC: gss_pipe_downcall returning length %Zu\n", mlen); return mlen; +err_put_ctx: + gss_put_ctx(ctx); err: - if (ctx) - gss_destroy_ctx(ctx); - rpc_release_client(clnt); + kfree(buf); out: - kfree(obj.data); dprintk("RPC: gss_pipe_downcall returning %d\n", err); return err; } @@ -532,7 +628,7 @@ gss_pipe_release(struct inode *inode) spin_unlock(&gss_auth->lock); } -void +static void gss_pipe_destroy_msg(struct rpc_pipe_msg *msg) { struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg); @@ -543,7 +639,7 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg) gss_msg); atomic_inc(&gss_msg->count); gss_unhash_msg(gss_msg); - if (msg->errno == -ETIMEDOUT || msg->errno == -EPIPE) { + if (msg->errno == -ETIMEDOUT) { unsigned long now = jiffies; if (time_after(now, ratelimit)) { printk(KERN_WARNING "RPC: AUTH_GSS upcall timed out.\n" @@ -564,40 +660,55 @@ gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor) { struct gss_auth *gss_auth; struct rpc_auth * auth; + int err = -ENOMEM; /* XXX? */ dprintk("RPC: creating GSS authenticator for client %p\n",clnt); + if (!try_module_get(THIS_MODULE)) + return ERR_PTR(err); if (!(gss_auth = kmalloc(sizeof(*gss_auth), GFP_KERNEL))) goto out_dec; + gss_auth->client = clnt; + err = -EINVAL; gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor); if (!gss_auth->mech) { printk(KERN_WARNING "%s: Pseudoflavor %d not found!", __FUNCTION__, flavor); goto err_free; } + gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor); + if (gss_auth->service == 0) + goto err_put_mech; INIT_LIST_HEAD(&gss_auth->upcalls); spin_lock_init(&gss_auth->lock); auth = &gss_auth->rpc_auth; auth->au_cslack = GSS_CRED_SLACK >> 2; auth->au_rslack = GSS_VERF_SLACK >> 2; - auth->au_expire = GSS_CRED_EXPIRE; auth->au_ops = &authgss_ops; auth->au_flavor = flavor; + atomic_set(&auth->au_count, 1); - rpcauth_init_credcache(auth); + err = rpcauth_init_credcache(auth, GSS_CRED_EXPIRE); + if (err) + goto err_put_mech; snprintf(gss_auth->path, sizeof(gss_auth->path), "%s/%s", clnt->cl_pathname, gss_auth->mech->gm_name); gss_auth->dentry = rpc_mkpipe(gss_auth->path, clnt, &gss_upcall_ops, RPC_PIPE_WAIT_FOR_OPEN); - if (IS_ERR(gss_auth->dentry)) - goto err_free; + if (IS_ERR(gss_auth->dentry)) { + err = PTR_ERR(gss_auth->dentry); + goto err_put_mech; + } return auth; +err_put_mech: + gss_mech_put(gss_auth->mech); err_free: kfree(gss_auth); out_dec: - return NULL; + module_put(THIS_MODULE); + return ERR_PTR(err); } static void @@ -610,8 +721,13 @@ gss_destroy(struct rpc_auth *auth) gss_auth = container_of(auth, struct gss_auth, rpc_auth); rpc_unlink(gss_auth->path); + dput(gss_auth->dentry); + gss_auth->dentry = NULL; + gss_mech_put(gss_auth->mech); rpcauth_free_credcache(auth); + kfree(gss_auth); + module_put(THIS_MODULE); } /* gss_destroy_cred (and gss_destroy_ctx) are used to clean up after failure @@ -625,19 +741,14 @@ gss_destroy_ctx(struct gss_cl_ctx *ctx) if (ctx->gc_gss_ctx) gss_delete_sec_context(&ctx->gc_gss_ctx); - if (ctx->gc_wire_ctx.len > 0) { - kfree(ctx->gc_wire_ctx.data); - ctx->gc_wire_ctx.len = 0; - } - + kfree(ctx->gc_wire_ctx.data); kfree(ctx); - } static void gss_destroy_cred(struct rpc_cred *rc) { - struct gss_cred *cred = (struct gss_cred *)rc; + struct gss_cred *cred = container_of(rc, struct gss_cred, gc_base); dprintk("RPC: gss_destroy_cred \n"); @@ -646,10 +757,21 @@ gss_destroy_cred(struct rpc_cred *rc) kfree(cred); } +/* + * Lookup RPCSEC_GSS cred for the current process + */ static struct rpc_cred * -gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int taskflags) +gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) { + return rpcauth_lookup_credcache(auth, acred, flags); +} + +static struct rpc_cred * +gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) +{ + struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth); struct gss_cred *cred = NULL; + int err = -ENOMEM; dprintk("RPC: gss_create_cred for uid %d, flavor %d\n", acred->uid, auth->au_flavor); @@ -658,7 +780,7 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int taskflags) goto out_err; memset(cred, 0, sizeof(*cred)); - atomic_set(&cred->gc_count, 0); + atomic_set(&cred->gc_count, 1); cred->gc_uid = acred->uid; /* * Note: in order to force a call to call_refresh(), we deliberately @@ -666,19 +788,44 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int taskflags) */ cred->gc_flags = 0; cred->gc_base.cr_ops = &gss_credops; - cred->gc_flavor = auth->au_flavor; - - return (struct rpc_cred *) cred; + cred->gc_base.cr_flags = RPCAUTH_CRED_NEW; + cred->gc_service = gss_auth->service; + return &cred->gc_base; out_err: - dprintk("RPC: gss_create_cred failed\n"); - if (cred) gss_destroy_cred((struct rpc_cred *)cred); - return NULL; + dprintk("RPC: gss_create_cred failed with error %d\n", err); + return ERR_PTR(err); } static int -gss_match(struct auth_cred *acred, struct rpc_cred *rc, int taskflags) +gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred) { + struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth); + struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base); + int err; + + do { + err = gss_create_upcall(gss_auth, gss_cred); + } while (err == -EAGAIN); + return err; +} + +static int +gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags) +{ + struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base); + + /* + * If the searchflags have set RPCAUTH_LOOKUP_NEW, then + * we don't really care if the credential has expired or not, + * since the caller should be prepared to reinitialise it. + */ + if ((flags & RPCAUTH_LOOKUP_NEW) && (rc->cr_flags & RPCAUTH_CRED_NEW)) + goto out; + /* Don't match with creds that have expired. */ + if (gss_cred->gc_ctx && time_after(jiffies, gss_cred->gc_ctx->gc_expiry)) + return 0; +out: return (rc->cr_uid == acred->uid); } @@ -687,7 +834,7 @@ gss_match(struct auth_cred *acred, struct rpc_cred *rc, int taskflags) * Maybe we should keep a cached credential for performance reasons. */ static u32 * -gss_marshal(struct rpc_task *task, u32 *p, int ruid) +gss_marshal(struct rpc_task *task, u32 *p) { struct rpc_cred *cred = task->tk_msg.rpc_cred; struct gss_cred *gss_cred = container_of(cred, struct gss_cred, @@ -699,20 +846,12 @@ gss_marshal(struct rpc_task *task, u32 *p, int ruid) struct xdr_netobj mic; struct kvec iov; struct xdr_buf verf_buf; - u32 service; dprintk("RPC: %4u gss_marshal\n", task->tk_pid); *p++ = htonl(RPC_AUTH_GSS); cred_len = p++; - service = gss_pseudoflavor_to_service(ctx->gc_gss_ctx->mech_type, - gss_cred->gc_flavor); - if (service == 0) { - dprintk("RPC: %4u Bad pseudoflavor %d in gss_marshal\n", - task->tk_pid, gss_cred->gc_flavor); - goto out_put_ctx; - } spin_lock(&ctx->gc_seq_lock); req->rq_seqno = ctx->gc_seq++; spin_unlock(&ctx->gc_seq_lock); @@ -720,16 +859,14 @@ gss_marshal(struct rpc_task *task, u32 *p, int ruid) *p++ = htonl((u32) RPC_GSS_VERSION); *p++ = htonl((u32) ctx->gc_proc); *p++ = htonl((u32) req->rq_seqno); - *p++ = htonl((u32) service); + *p++ = htonl((u32) gss_cred->gc_service); p = xdr_encode_netobj(p, &ctx->gc_wire_ctx); *cred_len = htonl((p - (cred_len + 1)) << 2); /* We compute the checksum for the verifier over the xdr-encoded bytes * starting with the xid and ending at the end of the credential: */ - iov.iov_base = req->rq_snd_buf.head[0].iov_base; - if (task->tk_client->cl_xprt->stream) - /* See clnt.c:call_header() */ - iov.iov_base += 4; + iov.iov_base = xprt_skip_transport_header(task->tk_xprt, + req->rq_snd_buf.head[0].iov_base); iov.iov_len = (u8 *)p - (u8 *)iov.iov_base; xdr_buf_from_iov(&iov, &verf_buf); @@ -737,10 +874,10 @@ gss_marshal(struct rpc_task *task, u32 *p, int ruid) *p++ = htonl(RPC_AUTH_GSS); mic.data = (u8 *)(p + 1); - maj_stat = gss_get_mic(ctx->gc_gss_ctx, - GSS_C_QOP_DEFAULT, - &verf_buf, &mic); - if(maj_stat != 0){ + maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic); + if (maj_stat == GSS_S_CONTEXT_EXPIRED) { + cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; + } else if (maj_stat != 0) { printk("gss_marshal: gss_get_mic FAILED (%d)\n", maj_stat); goto out_put_ctx; } @@ -758,11 +895,9 @@ out_put_ctx: static int gss_refresh(struct rpc_task *task) { - struct rpc_clnt *clnt = task->tk_client; - struct rpc_cred *cred = task->tk_msg.rpc_cred; - if (!gss_cred_is_uptodate_ctx(cred)) - return gss_upcall(clnt, task, cred); + if (!gss_cred_is_uptodate_ctx(task->tk_msg.rpc_cred)) + return gss_refresh_upcall(task); return 0; } @@ -770,15 +905,13 @@ static u32 * gss_validate(struct rpc_task *task, u32 *p) { struct rpc_cred *cred = task->tk_msg.rpc_cred; - struct gss_cred *gss_cred = container_of(cred, struct gss_cred, - gc_base); struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred); - u32 seq, qop_state; + u32 seq; struct kvec iov; struct xdr_buf verf_buf; struct xdr_netobj mic; u32 flav,len; - u32 service; + u32 maj_stat; dprintk("RPC: %4u gss_validate\n", task->tk_pid); @@ -794,22 +927,14 @@ gss_validate(struct rpc_task *task, u32 *p) mic.data = (u8 *)p; mic.len = len; - if (gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic, &qop_state)) - goto out_bad; - service = gss_pseudoflavor_to_service(ctx->gc_gss_ctx->mech_type, - gss_cred->gc_flavor); - switch (service) { - case RPC_GSS_SVC_NONE: - /* verifier data, flavor, length: */ - task->tk_auth->au_rslack = XDR_QUADLEN(len) + 2; - break; - case RPC_GSS_SVC_INTEGRITY: - /* verifier data, flavor, length, length, sequence number: */ - task->tk_auth->au_rslack = XDR_QUADLEN(len) + 4; - break; - default: - goto out_bad; - } + maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic); + if (maj_stat == GSS_S_CONTEXT_EXPIRED) + cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; + if (maj_stat) + goto out_bad; + /* We leave it to unwrap to calculate au_rslack. For now we just + * calculate the length of the verifier: */ + task->tk_auth->au_verfsize = XDR_QUADLEN(len) + 2; gss_put_ctx(ctx); dprintk("RPC: %4u GSS gss_validate: gss_verify_mic succeeded.\n", task->tk_pid); @@ -821,11 +946,10 @@ out_bad: } static inline int -gss_wrap_req_integ(struct gss_cl_ctx *ctx, - kxdrproc_t encode, void *rqstp, u32 *p, void *obj) +gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx, + kxdrproc_t encode, struct rpc_rqst *rqstp, u32 *p, void *obj) { - struct rpc_rqst *req = (struct rpc_rqst *)rqstp; - struct xdr_buf *snd_buf = &req->rq_snd_buf; + struct xdr_buf *snd_buf = &rqstp->rq_snd_buf; struct xdr_buf integ_buf; u32 *integ_len = NULL; struct xdr_netobj mic; @@ -836,7 +960,7 @@ gss_wrap_req_integ(struct gss_cl_ctx *ctx, integ_len = p++; offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base; - *p++ = htonl(req->rq_seqno); + *p++ = htonl(rqstp->rq_seqno); status = encode(rqstp, p, obj); if (status) @@ -855,10 +979,11 @@ gss_wrap_req_integ(struct gss_cl_ctx *ctx, p = iov->iov_base + iov->iov_len; mic.data = (u8 *)(p + 1); - maj_stat = gss_get_mic(ctx->gc_gss_ctx, - GSS_C_QOP_DEFAULT, &integ_buf, &mic); + maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic); status = -EIO; /* XXX? */ - if (maj_stat) + if (maj_stat == GSS_S_CONTEXT_EXPIRED) + cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; + else if (maj_stat) return status; q = xdr_encode_opaque(p, NULL, mic.len); @@ -868,6 +993,113 @@ gss_wrap_req_integ(struct gss_cl_ctx *ctx, return 0; } +static void +priv_release_snd_buf(struct rpc_rqst *rqstp) +{ + int i; + + for (i=0; i < rqstp->rq_enc_pages_num; i++) + __free_page(rqstp->rq_enc_pages[i]); + kfree(rqstp->rq_enc_pages); +} + +static int +alloc_enc_pages(struct rpc_rqst *rqstp) +{ + struct xdr_buf *snd_buf = &rqstp->rq_snd_buf; + int first, last, i; + + if (snd_buf->page_len == 0) { + rqstp->rq_enc_pages_num = 0; + return 0; + } + + first = snd_buf->page_base >> PAGE_CACHE_SHIFT; + last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_CACHE_SHIFT; + rqstp->rq_enc_pages_num = last - first + 1 + 1; + rqstp->rq_enc_pages + = kmalloc(rqstp->rq_enc_pages_num * sizeof(struct page *), + GFP_NOFS); + if (!rqstp->rq_enc_pages) + goto out; + for (i=0; i < rqstp->rq_enc_pages_num; i++) { + rqstp->rq_enc_pages[i] = alloc_page(GFP_NOFS); + if (rqstp->rq_enc_pages[i] == NULL) + goto out_free; + } + rqstp->rq_release_snd_buf = priv_release_snd_buf; + return 0; +out_free: + for (i--; i >= 0; i--) { + __free_page(rqstp->rq_enc_pages[i]); + } +out: + return -EAGAIN; +} + +static inline int +gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx, + kxdrproc_t encode, struct rpc_rqst *rqstp, u32 *p, void *obj) +{ + struct xdr_buf *snd_buf = &rqstp->rq_snd_buf; + u32 offset; + u32 maj_stat; + int status; + u32 *opaque_len; + struct page **inpages; + int first; + int pad; + struct kvec *iov; + char *tmp; + + opaque_len = p++; + offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base; + *p++ = htonl(rqstp->rq_seqno); + + status = encode(rqstp, p, obj); + if (status) + return status; + + status = alloc_enc_pages(rqstp); + if (status) + return status; + first = snd_buf->page_base >> PAGE_CACHE_SHIFT; + inpages = snd_buf->pages + first; + snd_buf->pages = rqstp->rq_enc_pages; + snd_buf->page_base -= first << PAGE_CACHE_SHIFT; + /* Give the tail its own page, in case we need extra space in the + * head when wrapping: */ + if (snd_buf->page_len || snd_buf->tail[0].iov_len) { + tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]); + memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len); + snd_buf->tail[0].iov_base = tmp; + } + maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages); + /* RPC_SLACK_SPACE should prevent this ever happening: */ + BUG_ON(snd_buf->len > snd_buf->buflen); + status = -EIO; + /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was + * done anyway, so it's safe to put the request on the wire: */ + if (maj_stat == GSS_S_CONTEXT_EXPIRED) + cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; + else if (maj_stat) + return status; + + *opaque_len = htonl(snd_buf->len - offset); + /* guess whether we're in the head or the tail: */ + if (snd_buf->page_len || snd_buf->tail[0].iov_len) + iov = snd_buf->tail; + else + iov = snd_buf->head; + p = iov->iov_base + iov->iov_len; + pad = 3 - ((snd_buf->len - offset - 1) & 3); + memset(p, 0, pad); + iov->iov_len += pad; + snd_buf->len += pad; + + return 0; +} + static int gss_wrap_req(struct rpc_task *task, kxdrproc_t encode, void *rqstp, u32 *p, void *obj) @@ -877,7 +1109,6 @@ gss_wrap_req(struct rpc_task *task, gc_base); struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred); int status = -EIO; - u32 service; dprintk("RPC: %4u gss_wrap_req\n", task->tk_pid); if (ctx->gc_proc != RPC_GSS_PROC_DATA) { @@ -887,18 +1118,18 @@ gss_wrap_req(struct rpc_task *task, status = encode(rqstp, p, obj); goto out; } - service = gss_pseudoflavor_to_service(ctx->gc_gss_ctx->mech_type, - gss_cred->gc_flavor); - switch (service) { + switch (gss_cred->gc_service) { case RPC_GSS_SVC_NONE: status = encode(rqstp, p, obj); - goto out; + break; case RPC_GSS_SVC_INTEGRITY: - status = gss_wrap_req_integ(ctx, encode, rqstp, p, obj); - goto out; - case RPC_GSS_SVC_PRIVACY: - default: - goto out; + status = gss_wrap_req_integ(cred, ctx, encode, + rqstp, p, obj); + break; + case RPC_GSS_SVC_PRIVACY: + status = gss_wrap_req_priv(cred, ctx, encode, + rqstp, p, obj); + break; } out: gss_put_ctx(ctx); @@ -907,11 +1138,10 @@ out: } static inline int -gss_unwrap_resp_integ(struct gss_cl_ctx *ctx, - kxdrproc_t decode, void *rqstp, u32 **p, void *obj) +gss_unwrap_resp_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx, + struct rpc_rqst *rqstp, u32 **p) { - struct rpc_rqst *req = (struct rpc_rqst *)rqstp; - struct xdr_buf *rcv_buf = &req->rq_rcv_buf; + struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf; struct xdr_buf integ_buf; struct xdr_netobj mic; u32 data_offset, mic_offset; @@ -926,7 +1156,7 @@ gss_unwrap_resp_integ(struct gss_cl_ctx *ctx, mic_offset = integ_len + data_offset; if (mic_offset > rcv_buf->len) return status; - if (ntohl(*(*p)++) != req->rq_seqno) + if (ntohl(*(*p)++) != rqstp->rq_seqno) return status; if (xdr_buf_subsegment(rcv_buf, &integ_buf, data_offset, @@ -936,13 +1166,43 @@ gss_unwrap_resp_integ(struct gss_cl_ctx *ctx, if (xdr_buf_read_netobj(rcv_buf, &mic, mic_offset)) return status; - maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, - &mic, NULL); + maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &integ_buf, &mic); + if (maj_stat == GSS_S_CONTEXT_EXPIRED) + cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; if (maj_stat != GSS_S_COMPLETE) return status; return 0; } +static inline int +gss_unwrap_resp_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx, + struct rpc_rqst *rqstp, u32 **p) +{ + struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf; + u32 offset; + u32 opaque_len; + u32 maj_stat; + int status = -EIO; + + opaque_len = ntohl(*(*p)++); + offset = (u8 *)(*p) - (u8 *)rcv_buf->head[0].iov_base; + if (offset + opaque_len > rcv_buf->len) + return status; + /* remove padding: */ + rcv_buf->len = offset + opaque_len; + + maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset, rcv_buf); + if (maj_stat == GSS_S_CONTEXT_EXPIRED) + cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE; + if (maj_stat != GSS_S_COMPLETE) + return status; + if (ntohl(*(*p)++) != rqstp->rq_seqno) + return status; + + return 0; +} + + static int gss_unwrap_resp(struct rpc_task *task, kxdrproc_t decode, void *rqstp, u32 *p, void *obj) @@ -951,26 +1211,30 @@ gss_unwrap_resp(struct rpc_task *task, struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base); struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred); + u32 *savedp = p; + struct kvec *head = ((struct rpc_rqst *)rqstp)->rq_rcv_buf.head; + int savedlen = head->iov_len; int status = -EIO; - u32 service; if (ctx->gc_proc != RPC_GSS_PROC_DATA) goto out_decode; - service = gss_pseudoflavor_to_service(ctx->gc_gss_ctx->mech_type, - gss_cred->gc_flavor); - switch (service) { + switch (gss_cred->gc_service) { case RPC_GSS_SVC_NONE: - goto out_decode; + break; case RPC_GSS_SVC_INTEGRITY: - status = gss_unwrap_resp_integ(ctx, decode, - rqstp, &p, obj); + status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p); + if (status) + goto out; + break; + case RPC_GSS_SVC_PRIVACY: + status = gss_unwrap_resp_priv(cred, ctx, rqstp, &p); if (status) goto out; break; - case RPC_GSS_SVC_PRIVACY: - default: - goto out; } + /* take into account extra slack for integrity and privacy cases: */ + task->tk_auth->au_rslack = task->tk_auth->au_verfsize + (p - savedp) + + (savedlen - head->iov_len); out_decode: status = decode(rqstp, p, obj); out: @@ -988,11 +1252,14 @@ static struct rpc_authops authgss_ops = { #endif .create = gss_create, .destroy = gss_destroy, + .lookup_cred = gss_lookup_cred, .crcreate = gss_create_cred }; static struct rpc_credops gss_credops = { + .cr_name = "AUTH_GSS", .crdestroy = gss_destroy_cred, + .cr_init = gss_cred_init, .crmatch = gss_match, .crmarshal = gss_marshal, .crrefresh = gss_refresh,