svcauth_gss.c source code [Linux/net/sunrpc/auth_gss/svcauth_gss.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Neil Brown <neilb@cse.unsw.edu.au>
4	* J. Bruce Fields <bfields@umich.edu>
5	* Andy Adamson <andros@umich.edu>
6	* Dug Song <dugsong@monkey.org>
7	*
8	* RPCSEC_GSS server authentication.
9	* This implements RPCSEC_GSS as defined in rfc2203 (rpcsec_gss) and rfc2078
10	* (gssapi)
11	*
12	* The RPCSEC_GSS involves three stages:
13	* 1/ context creation
14	* 2/ data exchange
15	* 3/ context destruction
16	*
17	* Context creation is handled largely by upcalls to user-space.
18	* In particular, GSS_Accept_sec_context is handled by an upcall
19	* Data exchange is handled entirely within the kernel
20	* In particular, GSS_GetMIC, GSS_VerifyMIC, GSS_Seal, GSS_Unseal are in-kernel.
21	* Context destruction is handled in-kernel
22	* GSS_Delete_sec_context is in-kernel
23	*
24	* Context creation is initiated by a RPCSEC_GSS_INIT request arriving.
25	* The context handle and gss_token are used as a key into the rpcsec_init cache.
26	* The content of this cache includes some of the outputs of GSS_Accept_sec_context,
27	* being major_status, minor_status, context_handle, reply_token.
28	* These are sent back to the client.
29	* Sequence window management is handled by the kernel. The window size if currently
30	* a compile time constant.
31	*
32	* When user-space is happy that a context is established, it places an entry
33	* in the rpcsec_context cache. The key for this cache is the context_handle.
34	* The content includes:
35	* uid/gidlist - for determining access rights
36	* mechanism type
37	* mechanism specific information, such as a key
38	*
39	*/
40
41	#include <linux/slab.h>
42	#include <linux/types.h>
43	#include <linux/module.h>
44	#include <linux/pagemap.h>
45	#include <linux/user_namespace.h>
46
47	#include <linux/sunrpc/auth_gss.h>
48	#include <linux/sunrpc/gss_err.h>
49	#include <linux/sunrpc/svcauth.h>
50	#include <linux/sunrpc/svcauth_gss.h>
51	#include <linux/sunrpc/cache.h>
52	#include <linux/sunrpc/gss_krb5.h>
53
54	#include <trace/events/rpcgss.h>
55
56	#include "gss_rpc_upcall.h"
57
58	/*
59	* Unfortunately there isn't a maximum checksum size exported via the
60	* GSS API. Manufacture one based on GSS mechanisms supported by this
61	* implementation.
62	*/
63	#define GSS_MAX_CKSUMSIZE (GSS_KRB5_TOK_HDR_LEN + GSS_KRB5_MAX_CKSUM_LEN)
64
65	/*
66	* This value may be increased in the future to accommodate other
67	* usage of the scratch buffer.
68	*/
69	#define GSS_SCRATCH_SIZE GSS_MAX_CKSUMSIZE
70
71	struct gss_svc_data {
72	/ decoded gss client cred: /
73	struct rpc_gss_wire_cred clcred;
74	u32 gsd_databody_offset;
75	struct rsc *rsci;
76
77	/ for temporary results /
78	__be32 gsd_seq_num;
79	u8 gsd_scratch[GSS_SCRATCH_SIZE];
80	};
81
82	/ The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests*
83	* into replies.
84	*
85	* Key is context handle (\x if empty) and gss_token.
86	* Content is major_status minor_status (integers) context_handle, reply_token.
87	*
88	*/
89
90	static int netobj_equal(struct xdr_netobj a, struct* xdr_netobj *b)
91	{
92	return a->len == b->len && `0` == memcmp(a->data, b->data, a->len);
93	}
94
95	#define RSI_HASHBITS 6
96	#define RSI_HASHMAX (1<<RSI_HASHBITS)
97
98	struct rsi {
99	struct cache_head h;
100	struct xdr_netobj in_handle, in_token;
101	struct xdr_netobj out_handle, out_token;
102	int major_status, minor_status;
103	struct rcu_head rcu_head;
104	};
105
106	static struct rsi rsi_update(struct* cache_detail cd, struct* rsi new, struct* rsi *old);
107	static struct rsi rsi_lookup(struct* cache_detail cd, struct* rsi *item);
108
109	static void rsi_free(struct rsi *rsii)
110	{
111	kfree(objp: rsii->in_handle.data);
112	kfree(objp: rsii->in_token.data);
113	kfree(objp: rsii->out_handle.data);
114	kfree(objp: rsii->out_token.data);
115	}
116
117	static void rsi_free_rcu(struct rcu_head *head)
118	{
119	struct rsi rsii = container_of(head, struct* rsi, rcu_head);
120
121	rsi_free(rsii);
122	kfree(objp: rsii);
123	}
124
125	static void rsi_put(struct kref *ref)
126	{
127	struct rsi rsii = container_of(ref, struct* rsi, h.ref);
128
129	call_rcu(head: &rsii->rcu_head, func: rsi_free_rcu);
130	}
131
132	static inline int rsi_hash(struct rsi *item)
133	{
134	return hash_mem(buf: item->in_handle.data, length: item->in_handle.len, RSI_HASHBITS)
135	^ hash_mem(buf: item->in_token.data, length: item->in_token.len, RSI_HASHBITS);
136	}
137
138	static int rsi_match(struct cache_head a, struct* cache_head *b)
139	{
140	struct rsi item = container_of(a, struct* rsi, h);
141	struct rsi tmp = container_of(b, struct* rsi, h);
142	return netobj_equal(a: &item->in_handle, b: &tmp->in_handle) &&
143	netobj_equal(a: &item->in_token, b: &tmp->in_token);
144	}
145
146	static int dup_to_netobj(struct xdr_netobj dst, char* src, int* len)
147	{
148	dst->len = len;
149	dst->data = (len ? kmemdup(src, len, GFP_KERNEL) : NULL);
150	if (len && !dst->data)
151	return -ENOMEM;
152	return `0`;
153	}
154
155	static inline int dup_netobj(struct xdr_netobj dst, struct* xdr_netobj *src)
156	{
157	return dup_to_netobj(dst, src: src->data, len: src->len);
158	}
159
160	static void rsi_init(struct cache_head cnew, struct* cache_head *citem)
161	{
162	struct rsi new = container_of(cnew, struct* rsi, h);
163	struct rsi item = container_of(citem, struct* rsi, h);
164
165	new->out_handle.data = NULL;
166	new->out_handle.len = `0`;
167	new->out_token.data = NULL;
168	new->out_token.len = `0`;
169	new->in_handle.len = item->in_handle.len;
170	item->in_handle.len = `0`;
171	new->in_token.len = item->in_token.len;
172	item->in_token.len = `0`;
173	new->in_handle.data = item->in_handle.data;
174	item->in_handle.data = NULL;
175	new->in_token.data = item->in_token.data;
176	item->in_token.data = NULL;
177	}
178
179	static void update_rsi(struct cache_head cnew, struct* cache_head *citem)
180	{
181	struct rsi new = container_of(cnew, struct* rsi, h);
182	struct rsi item = container_of(citem, struct* rsi, h);
183
184	BUG_ON(new->out_handle.data \|\| new->out_token.data);
185	new->out_handle.len = item->out_handle.len;
186	item->out_handle.len = `0`;
187	new->out_token.len = item->out_token.len;
188	item->out_token.len = `0`;
189	new->out_handle.data = item->out_handle.data;
190	item->out_handle.data = NULL;
191	new->out_token.data = item->out_token.data;
192	item->out_token.data = NULL;
193
194	new->major_status = item->major_status;
195	new->minor_status = item->minor_status;
196	}
197
198	static struct cache_head rsi_alloc(void*)
199	{
200	struct rsi rsii = kmalloc(sizeof(rsii), GFP_KERNEL);
201	if (rsii)
202	return &rsii->h;
203	else
204	return NULL;
205	}
206
207	static int rsi_upcall(struct cache_detail cd, struct* cache_head *h)
208	{
209	return sunrpc_cache_pipe_upcall_timeout(detail: cd, h);
210	}
211
212	static void rsi_request(struct cache_detail *cd,
213	struct cache_head *h,
214	char *bpp, int* *blen)
215	{
216	struct rsi rsii = container_of(h, struct* rsi, h);
217
218	qword_addhex(bpp, lp: blen, buf: rsii->in_handle.data, blen: rsii->in_handle.len);
219	qword_addhex(bpp, lp: blen, buf: rsii->in_token.data, blen: rsii->in_token.len);
220	(*bpp)[-`1`] = `'\n'`;
221	WARN_ONCE(*blen < `0`,
222	"RPCSEC/GSS credential too large - please use gssproxy\n");
223	}
224
225	static int rsi_parse(struct cache_detail *cd,
226	char mesg, int* mlen)
227	{
228	/ context token expiry major minor context token /
229	char *buf = mesg;
230	char *ep;
231	int len;
232	struct rsi rsii, *rsip = NULL;
233	time64_t expiry;
234	int status = -EINVAL;
235
236	memset(s: &rsii, c: `0`, n: sizeof(rsii));
237	/ handle /
238	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
239	if (len < `0`)
240	goto out;
241	status = -ENOMEM;
242	if (dup_to_netobj(dst: &rsii.in_handle, src: buf, len))
243	goto out;
244
245	/ token /
246	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
247	status = -EINVAL;
248	if (len < `0`)
249	goto out;
250	status = -ENOMEM;
251	if (dup_to_netobj(dst: &rsii.in_token, src: buf, len))
252	goto out;
253
254	rsip = rsi_lookup(cd, item: &rsii);
255	if (!rsip)
256	goto out;
257
258	rsii.h.flags = `0`;
259	/ expiry /
260	status = get_expiry(bpp: &mesg, rvp: &expiry);
261	if (status)
262	goto out;
263
264	status = -EINVAL;
265	/ major/minor /
266	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
267	if (len <= `0`)
268	goto out;
269	rsii.major_status = simple_strtoul(buf, &ep, `10`);
270	if (*ep)
271	goto out;
272	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
273	if (len <= `0`)
274	goto out;
275	rsii.minor_status = simple_strtoul(buf, &ep, `10`);
276	if (*ep)
277	goto out;
278
279	/ out_handle /
280	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
281	if (len < `0`)
282	goto out;
283	status = -ENOMEM;
284	if (dup_to_netobj(dst: &rsii.out_handle, src: buf, len))
285	goto out;
286
287	/ out_token /
288	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
289	status = -EINVAL;
290	if (len < `0`)
291	goto out;
292	status = -ENOMEM;
293	if (dup_to_netobj(dst: &rsii.out_token, src: buf, len))
294	goto out;
295	rsii.h.expiry_time = expiry;
296	rsip = rsi_update(cd, new: &rsii, old: rsip);
297	status = `0`;
298	out:
299	rsi_free(rsii: &rsii);
300	if (rsip)
301	cache_put(h: &rsip->h, cd);
302	else
303	status = -ENOMEM;
304	return status;
305	}
306
307	static const struct cache_detail rsi_cache_template = {
308	.owner = THIS_MODULE,
309	.hash_size = RSI_HASHMAX,
310	.name = "auth.rpcsec.init",
311	.cache_put = rsi_put,
312	.cache_upcall = rsi_upcall,
313	.cache_request = rsi_request,
314	.cache_parse = rsi_parse,
315	.match = rsi_match,
316	.init = rsi_init,
317	.update = update_rsi,
318	.alloc = rsi_alloc,
319	};
320
321	static struct rsi rsi_lookup(struct* cache_detail cd, struct* rsi *item)
322	{
323	struct cache_head *ch;
324	int hash = rsi_hash(item);
325
326	ch = sunrpc_cache_lookup_rcu(detail: cd, key: &item->h, hash);
327	if (ch)
328	return container_of(ch, struct rsi, h);
329	else
330	return NULL;
331	}
332
333	static struct rsi rsi_update(struct* cache_detail cd, struct* rsi new, struct* rsi *old)
334	{
335	struct cache_head *ch;
336	int hash = rsi_hash(item: new);
337
338	ch = sunrpc_cache_update(detail: cd, new: &new->h,
339	old: &old->h, hash);
340	if (ch)
341	return container_of(ch, struct rsi, h);
342	else
343	return NULL;
344	}
345
346
347	/*
348	* The rpcsec_context cache is used to store a context that is
349	* used in data exchange.
350	* The key is a context handle. The content is:
351	* uid, gidlist, mechanism, service-set, mech-specific-data
352	*/
353
354	#define RSC_HASHBITS 10
355	#define RSC_HASHMAX (1<<RSC_HASHBITS)
356
357	#define GSS_SEQ_WIN 128
358
359	struct gss_svc_seq_data {
360	/ highest seq number seen so far: /
361	u32 sd_max;
362	/ for i such that sd_max-GSS_SEQ_WIN < i <= sd_max, the i-th bit of*
363	* sd_win is nonzero iff sequence number i has been seen already: */
364	unsigned long sd_win[GSS_SEQ_WIN/BITS_PER_LONG];
365	spinlock_t sd_lock;
366	};
367
368	struct rsc {
369	struct cache_head h;
370	struct xdr_netobj handle;
371	struct svc_cred cred;
372	struct gss_svc_seq_data seqdata;
373	struct gss_ctx *mechctx;
374	struct rcu_head rcu_head;
375	};
376
377	static struct rsc rsc_update(struct* cache_detail cd, struct* rsc new, struct* rsc *old);
378	static struct rsc rsc_lookup(struct* cache_detail cd, struct* rsc *item);
379
380	static void rsc_free(struct rsc *rsci)
381	{
382	kfree(objp: rsci->handle.data);
383	if (rsci->mechctx)
384	gss_delete_sec_context(ctx_id: &rsci->mechctx);
385	free_svc_cred(cred: &rsci->cred);
386	}
387
388	static void rsc_free_rcu(struct rcu_head *head)
389	{
390	struct rsc rsci = container_of(head, struct* rsc, rcu_head);
391
392	kfree(objp: rsci->handle.data);
393	kfree(objp: rsci);
394	}
395
396	static void rsc_put(struct kref *ref)
397	{
398	struct rsc rsci = container_of(ref, struct* rsc, h.ref);
399
400	if (rsci->mechctx)
401	gss_delete_sec_context(ctx_id: &rsci->mechctx);
402	free_svc_cred(cred: &rsci->cred);
403	call_rcu(head: &rsci->rcu_head, func: rsc_free_rcu);
404	}
405
406	static inline int
407	rsc_hash(struct rsc *rsci)
408	{
409	return hash_mem(buf: rsci->handle.data, length: rsci->handle.len, RSC_HASHBITS);
410	}
411
412	static int
413	rsc_match(struct cache_head a, struct* cache_head *b)
414	{
415	struct rsc new = container_of(a, struct* rsc, h);
416	struct rsc tmp = container_of(b, struct* rsc, h);
417
418	return netobj_equal(a: &new->handle, b: &tmp->handle);
419	}
420
421	static void
422	rsc_init(struct cache_head cnew, struct* cache_head *ctmp)
423	{
424	struct rsc new = container_of(cnew, struct* rsc, h);
425	struct rsc tmp = container_of(ctmp, struct* rsc, h);
426
427	new->handle.len = tmp->handle.len;
428	tmp->handle.len = `0`;
429	new->handle.data = tmp->handle.data;
430	tmp->handle.data = NULL;
431	new->mechctx = NULL;
432	init_svc_cred(cred: &new->cred);
433	}
434
435	static void
436	update_rsc(struct cache_head cnew, struct* cache_head *ctmp)
437	{
438	struct rsc new = container_of(cnew, struct* rsc, h);
439	struct rsc tmp = container_of(ctmp, struct* rsc, h);
440
441	new->mechctx = tmp->mechctx;
442	tmp->mechctx = NULL;
443	memset(s: &new->seqdata, c: `0`, n: sizeof(new->seqdata));
444	spin_lock_init(&new->seqdata.sd_lock);
445	new->cred = tmp->cred;
446	init_svc_cred(cred: &tmp->cred);
447	}
448
449	static struct cache_head *
450	rsc_alloc(void)
451	{
452	struct rsc rsci = kmalloc(sizeof(rsci), GFP_KERNEL);
453	if (rsci)
454	return &rsci->h;
455	else
456	return NULL;
457	}
458
459	static int rsc_upcall(struct cache_detail cd, struct* cache_head *h)
460	{
461	return -EINVAL;
462	}
463
464	static int rsc_parse(struct cache_detail *cd,
465	char mesg, int* mlen)
466	{
467	/ contexthandle expiry [ uid gid N <n gids> mechname ...mechdata... ] /
468	char *buf = mesg;
469	int id;
470	int len, rv;
471	struct rsc rsci, *rscp = NULL;
472	time64_t expiry;
473	int status = -EINVAL;
474	struct gss_api_mech *gm = NULL;
475
476	memset(s: &rsci, c: `0`, n: sizeof(rsci));
477	/ context handle /
478	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
479	if (len < `0`) goto out;
480	status = -ENOMEM;
481	if (dup_to_netobj(dst: &rsci.handle, src: buf, len))
482	goto out;
483
484	rsci.h.flags = `0`;
485	/ expiry /
486	status = get_expiry(bpp: &mesg, rvp: &expiry);
487	if (status)
488	goto out;
489
490	status = -EINVAL;
491	rscp = rsc_lookup(cd, item: &rsci);
492	if (!rscp)
493	goto out;
494
495	/ uid, or NEGATIVE /
496	rv = get_int(bpp: &mesg, anint: &id);
497	if (rv == -EINVAL)
498	goto out;
499	if (rv == -ENOENT)
500	set_bit(nr: CACHE_NEGATIVE, addr: &rsci.h.flags);
501	else {
502	int N, i;
503
504	/*
505	* NOTE: we skip uid_valid()/gid_valid() checks here:
506	* instead, * -1 id's are later mapped to the
507	* (export-specific) anonymous id by nfsd_setuser.
508	*
509	* (But supplementary gid's get no such special
510	* treatment so are checked for validity here.)
511	*/
512	/ uid /
513	rsci.cred.cr_uid = make_kuid(from: current_user_ns(), uid: id);
514
515	/ gid /
516	if (get_int(bpp: &mesg, anint: &id))
517	goto out;
518	rsci.cred.cr_gid = make_kgid(from: current_user_ns(), gid: id);
519
520	/ number of additional gid's /
521	if (get_int(bpp: &mesg, anint: &N))
522	goto out;
523	if (N < `0` \|\| N > NGROUPS_MAX)
524	goto out;
525	status = -ENOMEM;
526	rsci.cred.cr_group_info = groups_alloc(N);
527	if (rsci.cred.cr_group_info == NULL)
528	goto out;
529
530	/ gid's /
531	status = -EINVAL;
532	for (i=`0`; i<N; i++) {
533	kgid_t kgid;
534	if (get_int(bpp: &mesg, anint: &id))
535	goto out;
536	kgid = make_kgid(from: current_user_ns(), gid: id);
537	if (!gid_valid(gid: kgid))
538	goto out;
539	rsci.cred.cr_group_info->gid[i] = kgid;
540	}
541	groups_sort(rsci.cred.cr_group_info);
542
543	/ mech name /
544	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
545	if (len < `0`)
546	goto out;
547	gm = rsci.cred.cr_gss_mech = gss_mech_get_by_name(buf);
548	status = -EOPNOTSUPP;
549	if (!gm)
550	goto out;
551
552	status = -EINVAL;
553	/ mech-specific data: /
554	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
555	if (len < `0`)
556	goto out;
557	status = gss_import_sec_context(input_token: buf, bufsize: len, mech: gm, ctx_id: &rsci.mechctx,
558	NULL, GFP_KERNEL);
559	if (status)
560	goto out;
561
562	/ get client name /
563	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
564	if (len > `0`) {
565	rsci.cred.cr_principal = kstrdup(s: buf, GFP_KERNEL);
566	if (!rsci.cred.cr_principal) {
567	status = -ENOMEM;
568	goto out;
569	}
570	}
571
572	}
573	rsci.h.expiry_time = expiry;
574	rscp = rsc_update(cd, new: &rsci, old: rscp);
575	status = `0`;
576	out:
577	rsc_free(rsci: &rsci);
578	if (rscp)
579	cache_put(h: &rscp->h, cd);
580	else
581	status = -ENOMEM;
582	return status;
583	}
584
585	static const struct cache_detail rsc_cache_template = {
586	.owner = THIS_MODULE,
587	.hash_size = RSC_HASHMAX,
588	.name = "auth.rpcsec.context",
589	.cache_put = rsc_put,
590	.cache_upcall = rsc_upcall,
591	.cache_parse = rsc_parse,
592	.match = rsc_match,
593	.init = rsc_init,
594	.update = update_rsc,
595	.alloc = rsc_alloc,
596	};
597
598	static struct rsc rsc_lookup(struct* cache_detail cd, struct* rsc *item)
599	{
600	struct cache_head *ch;
601	int hash = rsc_hash(rsci: item);
602
603	ch = sunrpc_cache_lookup_rcu(detail: cd, key: &item->h, hash);
604	if (ch)
605	return container_of(ch, struct rsc, h);
606	else
607	return NULL;
608	}
609
610	static struct rsc rsc_update(struct* cache_detail cd, struct* rsc new, struct* rsc *old)
611	{
612	struct cache_head *ch;
613	int hash = rsc_hash(rsci: new);
614
615	ch = sunrpc_cache_update(detail: cd, new: &new->h,
616	old: &old->h, hash);
617	if (ch)
618	return container_of(ch, struct rsc, h);
619	else
620	return NULL;
621	}
622
623
624	static struct rsc *
625	gss_svc_searchbyctx(struct cache_detail cd, struct* xdr_netobj *handle)
626	{
627	struct rsc rsci;
628	struct rsc *found;
629
630	memset(s: &rsci, c: `0`, n: sizeof(rsci));
631	if (dup_to_netobj(dst: &rsci.handle, src: handle->data, len: handle->len))
632	return NULL;
633	found = rsc_lookup(cd, item: &rsci);
634	rsc_free(rsci: &rsci);
635	if (!found)
636	return NULL;
637	if (cache_check(detail: cd, h: &found->h, NULL))
638	return NULL;
639	return found;
640	}
641
642	/**
643	* gss_check_seq_num - GSS sequence number window check
644	* @rqstp: RPC Call to use when reporting errors
645	* @rsci: cached GSS context state (updated on return)
646	* @seq_num: sequence number to check
647	*
648	* Implements sequence number algorithm as specified in
649	* RFC 2203, Section 5.3.3.1. "Context Management".
650	*
651	* Return values:
652	* %true: @rqstp's GSS sequence number is inside the window
653	* %false: @rqstp's GSS sequence number is outside the window
654	*/
655	static bool gss_check_seq_num(const struct svc_rqst rqstp, struct* rsc *rsci,
656	u32 seq_num)
657	{
658	struct gss_svc_seq_data *sd = &rsci->seqdata;
659	bool result = false;
660
661	spin_lock(lock: &sd->sd_lock);
662	if (seq_num > sd->sd_max) {
663	if (seq_num >= sd->sd_max + GSS_SEQ_WIN) {
664	memset(s: sd->sd_win, c: `0`, n: sizeof(sd->sd_win));
665	sd->sd_max = seq_num;
666	} else while (sd->sd_max < seq_num) {
667	sd->sd_max++;
668	__clear_bit(sd->sd_max % GSS_SEQ_WIN, sd->sd_win);
669	}
670	__set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win);
671	goto ok;
672	} else if (seq_num + GSS_SEQ_WIN <= sd->sd_max) {
673	goto toolow;
674	}
675	if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win))
676	goto alreadyseen;
677
678	ok:
679	result = true;
680	out:
681	spin_unlock(lock: &sd->sd_lock);
682	return result;
683
684	toolow:
685	trace_rpcgss_svc_seqno_low(rqstp, seqno: seq_num,
686	min: sd->sd_max - GSS_SEQ_WIN,
687	max: sd->sd_max);
688	goto out;
689	alreadyseen:
690	trace_rpcgss_svc_seqno_seen(rqstp, seqno: seq_num);
691	goto out;
692	}
693
694	/*
695	* Decode and verify a Call's verifier field. For RPC_AUTH_GSS Calls,
696	* the body of this field contains a variable length checksum.
697	*
698	* GSS-specific auth_stat values are mandated by RFC 2203 Section
699	* 5.3.3.3.
700	*/
701	static int
702	svcauth_gss_verify_header(struct svc_rqst rqstp, struct* rsc *rsci,
703	__be32 rpcstart, struct* rpc_gss_wire_cred *gc)
704	{
705	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
706	struct gss_ctx *ctx_id = rsci->mechctx;
707	u32 flavor, maj_stat;
708	struct xdr_buf rpchdr;
709	struct xdr_netobj checksum;
710	struct kvec iov;
711
712	/*
713	* Compute the checksum of the incoming Call from the
714	* XID field to credential field:
715	*/
716	iov.iov_base = rpcstart;
717	iov.iov_len = (u8 )xdr->p - (u8 )rpcstart;
718	xdr_buf_from_iov(&iov, &rpchdr);
719
720	/ Call's verf field: /
721	if (xdr_stream_decode_opaque_auth(xdr, flavor: &flavor,
722	body: (void **)&checksum.data,
723	body_len: &checksum.len) < `0`) {
724	rqstp->rq_auth_stat = rpc_autherr_badverf;
725	return SVC_DENIED;
726	}
727	if (flavor != RPC_AUTH_GSS \|\| checksum.len < XDR_UNIT) {
728	rqstp->rq_auth_stat = rpc_autherr_badverf;
729	return SVC_DENIED;
730	}
731
732	if (rqstp->rq_deferred)
733	return SVC_OK;
734	maj_stat = gss_verify_mic(ctx_id, message: &rpchdr, mic_token: &checksum);
735	if (maj_stat != GSS_S_COMPLETE) {
736	trace_rpcgss_svc_mic(rqstp, maj_stat);
737	rqstp->rq_auth_stat = rpcsec_gsserr_credproblem;
738	return SVC_DENIED;
739	}
740
741	if (gc->gc_seq > MAXSEQ) {
742	trace_rpcgss_svc_seqno_large(rqstp, seqno: gc->gc_seq);
743	rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem;
744	return SVC_DENIED;
745	}
746	if (!gss_check_seq_num(rqstp, rsci, seq_num: gc->gc_seq))
747	return SVC_DROP;
748	return SVC_OK;
749	}
750
751	/*
752	* Construct and encode a Reply's verifier field. The verifier's body
753	* field contains a variable-length checksum of the GSS sequence
754	* number.
755	*/
756	static bool
757	svcauth_gss_encode_verf(struct svc_rqst rqstp, struct* gss_ctx *ctx_id, u32 seq)
758	{
759	struct gss_svc_data *gsd = rqstp->rq_auth_data;
760	u32 maj_stat;
761	struct xdr_buf verf_data;
762	struct xdr_netobj checksum;
763	struct kvec iov;
764
765	gsd->gsd_seq_num = cpu_to_be32(seq);
766	iov.iov_base = &gsd->gsd_seq_num;
767	iov.iov_len = XDR_UNIT;
768	xdr_buf_from_iov(&iov, &verf_data);
769
770	checksum.data = gsd->gsd_scratch;
771	maj_stat = gss_get_mic(ctx_id, message: &verf_data, mic_token: &checksum);
772	if (maj_stat != GSS_S_COMPLETE)
773	goto bad_mic;
774
775	return xdr_stream_encode_opaque_auth(xdr: &rqstp->rq_res_stream, flavor: RPC_AUTH_GSS,
776	body: checksum.data, body_len: checksum.len) > `0`;
777
778	bad_mic:
779	trace_rpcgss_svc_get_mic(rqstp, maj_stat);
780	return false;
781	}
782
783	struct gss_domain {
784	struct auth_domain h;
785	u32 pseudoflavor;
786	};
787
788	static struct auth_domain *
789	find_gss_auth_domain(struct gss_ctx *ctx, u32 svc)
790	{
791	char *name;
792
793	name = gss_service_to_auth_domain_name(ctx->mech_type, service: svc);
794	if (!name)
795	return NULL;
796	return auth_domain_find(name);
797	}
798
799	static struct auth_ops svcauthops_gss;
800
801	u32 svcauth_gss_flavor(struct auth_domain *dom)
802	{
803	struct gss_domain gd = container_of(dom, struct* gss_domain, h);
804
805	return gd->pseudoflavor;
806	}
807
808	EXPORT_SYMBOL_GPL(svcauth_gss_flavor);
809
810	struct auth_domain *
811	svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
812	{
813	struct gss_domain *new;
814	struct auth_domain *test;
815	int stat = -ENOMEM;
816
817	new = kmalloc(sizeof(*new), GFP_KERNEL);
818	if (!new)
819	goto out;
820	kref_init(kref: &new->h.ref);
821	new->h.name = kstrdup(s: name, GFP_KERNEL);
822	if (!new->h.name)
823	goto out_free_dom;
824	new->h.flavour = &svcauthops_gss;
825	new->pseudoflavor = pseudoflavor;
826
827	test = auth_domain_lookup(name, new: &new->h);
828	if (test != &new->h) {
829	pr_warn("svc: duplicate registration of gss pseudo flavour %s.\n",
830	name);
831	stat = -EADDRINUSE;
832	auth_domain_put(item: test);
833	goto out_free_name;
834	}
835	return test;
836
837	out_free_name:
838	kfree(objp: new->h.name);
839	out_free_dom:
840	kfree(objp: new);
841	out:
842	return ERR_PTR(error: stat);
843	}
844	EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor);
845
846	/*
847	* RFC 2203, Section 5.3.2.2
848	*
849	* struct rpc_gss_integ_data {
850	* opaque databody_integ<>;
851	* opaque checksum<>;
852	* };
853	*
854	* struct rpc_gss_data_t {
855	* unsigned int seq_num;
856	* proc_req_arg_t arg;
857	* };
858	*/
859	static noinline_for_stack int
860	svcauth_gss_unwrap_integ(struct svc_rqst rqstp, u32 seq, struct* gss_ctx *ctx)
861	{
862	struct gss_svc_data *gsd = rqstp->rq_auth_data;
863	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
864	u32 len, offset, seq_num, maj_stat;
865	struct xdr_buf *buf = xdr->buf;
866	struct xdr_buf databody_integ;
867	struct xdr_netobj checksum;
868
869	/ Did we already verify the signature on the original pass through? /
870	if (rqstp->rq_deferred)
871	return `0`;
872
873	if (xdr_stream_decode_u32(xdr, ptr: &len) < `0`)
874	goto unwrap_failed;
875	if (len & `3`)
876	goto unwrap_failed;
877	offset = xdr_stream_pos(xdr);
878	if (xdr_buf_subsegment(buf, &databody_integ, offset, len))
879	goto unwrap_failed;
880
881	/*
882	* The xdr_stream now points to the @seq_num field. The next
883	* XDR data item is the @arg field, which contains the clear
884	* text RPC program payload. The checksum, which follows the
885	* @arg field, is located and decoded without updating the
886	* xdr_stream.
887	*/
888
889	offset += len;
890	if (xdr_decode_word(buf, offset, &checksum.len))
891	goto unwrap_failed;
892	if (checksum.len > sizeof(gsd->gsd_scratch))
893	goto unwrap_failed;
894	checksum.data = gsd->gsd_scratch;
895	if (read_bytes_from_xdr_buf(buf, offset + XDR_UNIT, checksum.data,
896	checksum.len))
897	goto unwrap_failed;
898
899	maj_stat = gss_verify_mic(ctx_id: ctx, message: &databody_integ, mic_token: &checksum);
900	if (maj_stat != GSS_S_COMPLETE)
901	goto bad_mic;
902
903	/ The received seqno is protected by the checksum. /
904	if (xdr_stream_decode_u32(xdr, ptr: &seq_num) < `0`)
905	goto unwrap_failed;
906	if (seq_num != seq)
907	goto bad_seqno;
908
909	xdr_truncate_decode(xdr, XDR_UNIT + checksum.len);
910	return `0`;
911
912	unwrap_failed:
913	trace_rpcgss_svc_unwrap_failed(rqstp);
914	return -EINVAL;
915	bad_seqno:
916	trace_rpcgss_svc_seqno_bad(rqstp, expected: seq, received: seq_num);
917	return -EINVAL;
918	bad_mic:
919	trace_rpcgss_svc_mic(rqstp, maj_stat);
920	return -EINVAL;
921	}
922
923	/*
924	* RFC 2203, Section 5.3.2.3
925	*
926	* struct rpc_gss_priv_data {
927	* opaque databody_priv<>
928	* };
929	*
930	* struct rpc_gss_data_t {
931	* unsigned int seq_num;
932	* proc_req_arg_t arg;
933	* };
934	*/
935	static noinline_for_stack int
936	svcauth_gss_unwrap_priv(struct svc_rqst rqstp, u32 seq, struct* gss_ctx *ctx)
937	{
938	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
939	u32 len, maj_stat, seq_num, offset;
940	struct xdr_buf *buf = xdr->buf;
941	unsigned int saved_len;
942
943	if (xdr_stream_decode_u32(xdr, ptr: &len) < `0`)
944	goto unwrap_failed;
945	if (rqstp->rq_deferred) {
946	/ Already decrypted last time through! The sequence number*
947	* check at out_seq is unnecessary but harmless: */
948	goto out_seq;
949	}
950	if (len > xdr_stream_remaining(xdr))
951	goto unwrap_failed;
952	offset = xdr_stream_pos(xdr);
953
954	saved_len = buf->len;
955	maj_stat = gss_unwrap(ctx_id: ctx, offset, len: offset + len, inbuf: buf);
956	if (maj_stat != GSS_S_COMPLETE)
957	goto bad_unwrap;
958	xdr->nwords -= XDR_QUADLEN(saved_len - buf->len);
959
960	out_seq:
961	/ gss_unwrap() decrypted the sequence number. /
962	if (xdr_stream_decode_u32(xdr, ptr: &seq_num) < `0`)
963	goto unwrap_failed;
964	if (seq_num != seq)
965	goto bad_seqno;
966	return `0`;
967
968	unwrap_failed:
969	trace_rpcgss_svc_unwrap_failed(rqstp);
970	return -EINVAL;
971	bad_seqno:
972	trace_rpcgss_svc_seqno_bad(rqstp, expected: seq, received: seq_num);
973	return -EINVAL;
974	bad_unwrap:
975	trace_rpcgss_svc_unwrap(rqstp, maj_stat);
976	return -EINVAL;
977	}
978
979	static enum svc_auth_status
980	svcauth_gss_set_client(struct svc_rqst *rqstp)
981	{
982	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
983	struct rsc *rsci = svcdata->rsci;
984	struct rpc_gss_wire_cred *gc = &svcdata->clcred;
985	int stat;
986
987	rqstp->rq_auth_stat = rpc_autherr_badcred;
988
989	/*
990	* A gss export can be specified either by:
991	* export *(sec=krb5,rw)
992	* or by
993	* export gss/krb5(rw)
994	* The latter is deprecated; but for backwards compatibility reasons
995	* the nfsd code will still fall back on trying it if the former
996	* doesn't work; so we try to make both available to nfsd, below.
997	*/
998	rqstp->rq_gssclient = find_gss_auth_domain(ctx: rsci->mechctx, svc: gc->gc_svc);
999	if (rqstp->rq_gssclient == NULL)
1000	return SVC_DENIED;
1001	stat = svcauth_unix_set_client(rqstp);
1002	if (stat == SVC_DROP \|\| stat == SVC_CLOSE)
1003	return stat;
1004
1005	rqstp->rq_auth_stat = rpc_auth_ok;
1006	return SVC_OK;
1007	}
1008
1009	static bool
1010	svcauth_gss_proc_init_verf(struct cache_detail cd, struct* svc_rqst *rqstp,
1011	struct xdr_netobj out_handle, int* *major_status,
1012	u32 seq_num)
1013	{
1014	struct xdr_stream *xdr = &rqstp->rq_res_stream;
1015	struct rsc *rsci;
1016	bool rc;
1017
1018	if (*major_status != GSS_S_COMPLETE)
1019	goto null_verifier;
1020	rsci = gss_svc_searchbyctx(cd, handle: out_handle);
1021	if (rsci == NULL) {
1022	*major_status = GSS_S_NO_CONTEXT;
1023	goto null_verifier;
1024	}
1025
1026	rc = svcauth_gss_encode_verf(rqstp, ctx_id: rsci->mechctx, seq: seq_num);
1027	cache_put(h: &rsci->h, cd);
1028	return rc;
1029
1030	null_verifier:
1031	return xdr_stream_encode_opaque_auth(xdr, flavor: RPC_AUTH_NULL, NULL, body_len: `0`) > `0`;
1032	}
1033
1034	static void gss_free_in_token_pages(struct gssp_in_token *in_token)
1035	{
1036	int i;
1037
1038	i = `0`;
1039	while (in_token->pages[i])
1040	put_page(page: in_token->pages[i++]);
1041	kfree(objp: in_token->pages);
1042	in_token->pages = NULL;
1043	}
1044
1045	static int gss_read_proxy_verf(struct svc_rqst *rqstp,
1046	struct rpc_gss_wire_cred *gc,
1047	struct xdr_netobj *in_handle,
1048	struct gssp_in_token *in_token)
1049	{
1050	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
1051	unsigned int length, pgto_offs, pgfrom_offs;
1052	int pages, i, pgto, pgfrom;
1053	size_t to_offs, from_offs;
1054	u32 inlen;
1055
1056	if (dup_netobj(dst: in_handle, src: &gc->gc_ctx))
1057	return SVC_CLOSE;
1058
1059	/*
1060	* RFC 2203 Section 5.2.2
1061	*
1062	* struct rpc_gss_init_arg {
1063	* opaque gss_token<>;
1064	* };
1065	*/
1066	if (xdr_stream_decode_u32(xdr, ptr: &inlen) < `0`)
1067	goto out_denied_free;
1068	if (inlen > xdr_stream_remaining(xdr))
1069	goto out_denied_free;
1070
1071	pages = DIV_ROUND_UP(inlen, PAGE_SIZE);
1072	in_token->pages = kcalloc(pages + `1`, sizeof(struct page *), GFP_KERNEL);
1073	if (!in_token->pages)
1074	goto out_denied_free;
1075	in_token->page_base = `0`;
1076	in_token->page_len = inlen;
1077	for (i = `0`; i < pages; i++) {
1078	in_token->pages[i] = alloc_page(GFP_KERNEL);
1079	if (!in_token->pages[i]) {
1080	gss_free_in_token_pages(in_token);
1081	goto out_denied_free;
1082	}
1083	}
1084
1085	length = min_t(unsigned int, inlen, (char )xdr->end - (char* *)xdr->p);
1086	memcpy(page_address(in_token->pages[`0`]), from: xdr->p, len: length);
1087	inlen -= length;
1088
1089	to_offs = length;
1090	from_offs = rqstp->rq_arg.page_base;
1091	while (inlen) {
1092	pgto = to_offs >> PAGE_SHIFT;
1093	pgfrom = from_offs >> PAGE_SHIFT;
1094	pgto_offs = to_offs & ~PAGE_MASK;
1095	pgfrom_offs = from_offs & ~PAGE_MASK;
1096
1097	length = min_t(unsigned int, inlen,
1098	min_t(unsigned int, PAGE_SIZE - pgto_offs,
1099	PAGE_SIZE - pgfrom_offs));
1100	memcpy(page_address(in_token->pages[pgto]) + pgto_offs,
1101	page_address(rqstp->rq_arg.pages[pgfrom]) + pgfrom_offs,
1102	len: length);
1103
1104	to_offs += length;
1105	from_offs += length;
1106	inlen -= length;
1107	}
1108	return `0`;
1109
1110	out_denied_free:
1111	kfree(objp: in_handle->data);
1112	return SVC_DENIED;
1113	}
1114
1115	/*
1116	* RFC 2203, Section 5.2.3.1.
1117	*
1118	* struct rpc_gss_init_res {
1119	* opaque handle<>;
1120	* unsigned int gss_major;
1121	* unsigned int gss_minor;
1122	* unsigned int seq_window;
1123	* opaque gss_token<>;
1124	* };
1125	*/
1126	static bool
1127	svcxdr_encode_gss_init_res(struct xdr_stream *xdr,
1128	struct xdr_netobj *handle,
1129	struct xdr_netobj *gss_token,
1130	unsigned int major_status,
1131	unsigned int minor_status, u32 seq_num)
1132	{
1133	if (xdr_stream_encode_opaque(xdr, ptr: handle->data, len: handle->len) < `0`)
1134	return false;
1135	if (xdr_stream_encode_u32(xdr, n: major_status) < `0`)
1136	return false;
1137	if (xdr_stream_encode_u32(xdr, n: minor_status) < `0`)
1138	return false;
1139	if (xdr_stream_encode_u32(xdr, n: seq_num) < `0`)
1140	return false;
1141	if (xdr_stream_encode_opaque(xdr, ptr: gss_token->data, len: gss_token->len) < `0`)
1142	return false;
1143	return true;
1144	}
1145
1146	/*
1147	* Having read the cred already and found we're in the context
1148	* initiation case, read the verifier and initiate (or check the results
1149	* of) upcalls to userspace for help with context initiation. If
1150	* the upcall results are available, write the verifier and result.
1151	* Otherwise, drop the request pending an answer to the upcall.
1152	*/
1153	static int
1154	svcauth_gss_legacy_init(struct svc_rqst *rqstp,
1155	struct rpc_gss_wire_cred *gc)
1156	{
1157	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
1158	struct rsi *rsip, rsikey;
1159	__be32 *p;
1160	u32 len;
1161	int ret;
1162	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), id: sunrpc_net_id);
1163
1164	memset(s: &rsikey, c: `0`, n: sizeof(rsikey));
1165	if (dup_netobj(dst: &rsikey.in_handle, src: &gc->gc_ctx))
1166	return SVC_CLOSE;
1167
1168	/*
1169	* RFC 2203 Section 5.2.2
1170	*
1171	* struct rpc_gss_init_arg {
1172	* opaque gss_token<>;
1173	* };
1174	*/
1175	if (xdr_stream_decode_u32(xdr, ptr: &len) < `0`) {
1176	kfree(objp: rsikey.in_handle.data);
1177	return SVC_DENIED;
1178	}
1179	p = xdr_inline_decode(xdr, nbytes: len);
1180	if (!p) {
1181	kfree(objp: rsikey.in_handle.data);
1182	return SVC_DENIED;
1183	}
1184	rsikey.in_token.data = kmalloc(len, GFP_KERNEL);
1185	if (ZERO_OR_NULL_PTR(rsikey.in_token.data)) {
1186	kfree(objp: rsikey.in_handle.data);
1187	return SVC_CLOSE;
1188	}
1189	memcpy(to: rsikey.in_token.data, from: p, len);
1190	rsikey.in_token.len = len;
1191
1192	/ Perform upcall, or find upcall result: /
1193	rsip = rsi_lookup(cd: sn->rsi_cache, item: &rsikey);
1194	rsi_free(rsii: &rsikey);
1195	if (!rsip)
1196	return SVC_CLOSE;
1197	if (cache_check(detail: sn->rsi_cache, h: &rsip->h, rqstp: &rqstp->rq_chandle) < `0`)
1198	/ No upcall result: /
1199	return SVC_CLOSE;
1200
1201	ret = SVC_CLOSE;
1202	if (!svcauth_gss_proc_init_verf(cd: sn->rsc_cache, rqstp, out_handle: &rsip->out_handle,
1203	major_status: &rsip->major_status, GSS_SEQ_WIN))
1204	goto out;
1205	if (!svcxdr_set_accept_stat(rqstp))
1206	goto out;
1207	if (!svcxdr_encode_gss_init_res(xdr: &rqstp->rq_res_stream, handle: &rsip->out_handle,
1208	gss_token: &rsip->out_token, major_status: rsip->major_status,
1209	minor_status: rsip->minor_status, GSS_SEQ_WIN))
1210	goto out;
1211
1212	ret = SVC_COMPLETE;
1213	out:
1214	cache_put(h: &rsip->h, cd: sn->rsi_cache);
1215	return ret;
1216	}
1217
1218	static int gss_proxy_save_rsc(struct cache_detail *cd,
1219	struct gssp_upcall_data *ud,
1220	uint64_t *handle)
1221	{
1222	struct rsc rsci, *rscp = NULL;
1223	static atomic64_t ctxhctr;
1224	long long ctxh;
1225	struct gss_api_mech *gm = NULL;
1226	time64_t expiry;
1227	int status;
1228
1229	memset(s: &rsci, c: `0`, n: sizeof(rsci));
1230	/ context handle /
1231	status = -ENOMEM;
1232	/ the handle needs to be just a unique id,*
1233	* use a static counter */
1234	ctxh = atomic64_inc_return(v: &ctxhctr);
1235
1236	/ make a copy for the caller /
1237	*handle = ctxh;
1238
1239	/ make a copy for the rsc cache /
1240	if (dup_to_netobj(dst: &rsci.handle, src: (char )handle, len: sizeof*(uint64_t)))
1241	goto out;
1242	rscp = rsc_lookup(cd, item: &rsci);
1243	if (!rscp)
1244	goto out;
1245
1246	/ creds /
1247	if (!ud->found_creds) {
1248	/ userspace seem buggy, we should always get at least a*
1249	* mapping to nobody */
1250	goto out;
1251	} else {
1252	struct timespec64 boot;
1253
1254	/ steal creds /
1255	rsci.cred = ud->creds;
1256	memset(s: &ud->creds, c: `0`, n: sizeof(struct svc_cred));
1257
1258	status = -EOPNOTSUPP;
1259	/ get mech handle from OID /
1260	gm = gss_mech_get_by_OID(&ud->mech_oid);
1261	if (!gm)
1262	goto out;
1263	rsci.cred.cr_gss_mech = gm;
1264
1265	status = -EINVAL;
1266	/ mech-specific data: /
1267	status = gss_import_sec_context(input_token: ud->out_handle.data,
1268	bufsize: ud->out_handle.len,
1269	mech: gm, ctx_id: &rsci.mechctx,
1270	endtime: &expiry, GFP_KERNEL);
1271	if (status)
1272	goto out;
1273
1274	getboottime64(ts: &boot);
1275	expiry -= boot.tv_sec;
1276	}
1277
1278	rsci.h.expiry_time = expiry;
1279	rscp = rsc_update(cd, new: &rsci, old: rscp);
1280	status = `0`;
1281	out:
1282	rsc_free(rsci: &rsci);
1283	if (rscp)
1284	cache_put(h: &rscp->h, cd);
1285	else
1286	status = -ENOMEM;
1287	return status;
1288	}
1289
1290	static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,
1291	struct rpc_gss_wire_cred *gc)
1292	{
1293	struct xdr_netobj cli_handle;
1294	struct gssp_upcall_data ud;
1295	uint64_t handle;
1296	int status;
1297	int ret;
1298	struct net *net = SVC_NET(rqstp);
1299	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1300
1301	memset(s: &ud, c: `0`, n: sizeof(ud));
1302	ret = gss_read_proxy_verf(rqstp, gc, in_handle: &ud.in_handle, in_token: &ud.in_token);
1303	if (ret)
1304	return ret;
1305
1306	ret = SVC_CLOSE;
1307
1308	/ Perform synchronous upcall to gss-proxy /
1309	status = gssp_accept_sec_context_upcall(net, data: &ud);
1310	if (status)
1311	goto out;
1312
1313	trace_rpcgss_svc_accept_upcall(rqstp, major_status: ud.major_status, minor_status: ud.minor_status);
1314
1315	switch (ud.major_status) {
1316	case GSS_S_CONTINUE_NEEDED:
1317	cli_handle = ud.out_handle;
1318	break;
1319	case GSS_S_COMPLETE:
1320	status = gss_proxy_save_rsc(cd: sn->rsc_cache, ud: &ud, handle: &handle);
1321	if (status)
1322	goto out;
1323	cli_handle.data = (u8 *)&handle;
1324	cli_handle.len = sizeof(handle);
1325	break;
1326	default:
1327	goto out;
1328	}
1329
1330	if (!svcauth_gss_proc_init_verf(cd: sn->rsc_cache, rqstp, out_handle: &cli_handle,
1331	major_status: &ud.major_status, GSS_SEQ_WIN))
1332	goto out;
1333	if (!svcxdr_set_accept_stat(rqstp))
1334	goto out;
1335	if (!svcxdr_encode_gss_init_res(xdr: &rqstp->rq_res_stream, handle: &cli_handle,
1336	gss_token: &ud.out_token, major_status: ud.major_status,
1337	minor_status: ud.minor_status, GSS_SEQ_WIN))
1338	goto out;
1339
1340	ret = SVC_COMPLETE;
1341	out:
1342	gss_free_in_token_pages(in_token: &ud.in_token);
1343	gssp_free_upcall_data(data: &ud);
1344	return ret;
1345	}
1346
1347	/*
1348	* Try to set the sn->use_gss_proxy variable to a new value. We only allow
1349	* it to be changed if it's currently undefined (-1). If it's any other value
1350	* then return -EBUSY unless the type wouldn't have changed anyway.
1351	*/
1352	static int set_gss_proxy(struct net net, int* type)
1353	{
1354	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1355	int ret;
1356
1357	WARN_ON_ONCE(type != `0` && type != `1`);
1358	ret = cmpxchg(&sn->use_gss_proxy, -`1`, type);
1359	if (ret != -`1` && ret != type)
1360	return -EBUSY;
1361	return `0`;
1362	}
1363
1364	static bool use_gss_proxy(struct net *net)
1365	{
1366	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1367
1368	/ If use_gss_proxy is still undefined, then try to disable it /
1369	if (sn->use_gss_proxy == -`1`)
1370	set_gss_proxy(net, type: `0`);
1371	return sn->use_gss_proxy;
1372	}
1373
1374	static noinline_for_stack int
1375	svcauth_gss_proc_init(struct svc_rqst rqstp, struct* rpc_gss_wire_cred *gc)
1376	{
1377	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
1378	u32 flavor, len;
1379	void *body;
1380
1381	/ Call's verf field: /
1382	if (xdr_stream_decode_opaque_auth(xdr, flavor: &flavor, body: &body, body_len: &len) < `0`)
1383	return SVC_GARBAGE;
1384	if (flavor != RPC_AUTH_NULL \|\| len != `0`) {
1385	rqstp->rq_auth_stat = rpc_autherr_badverf;
1386	return SVC_DENIED;
1387	}
1388
1389	if (gc->gc_proc == RPC_GSS_PROC_INIT && gc->gc_ctx.len != `0`) {
1390	rqstp->rq_auth_stat = rpc_autherr_badcred;
1391	return SVC_DENIED;
1392	}
1393
1394	if (!use_gss_proxy(SVC_NET(rqstp)))
1395	return svcauth_gss_legacy_init(rqstp, gc);
1396	return svcauth_gss_proxy_init(rqstp, gc);
1397	}
1398
1399	#ifdef CONFIG_PROC_FS
1400
1401	static ssize_t write_gssp(struct file file, const* char __user *buf,
1402	size_t count, loff_t *ppos)
1403	{
1404	struct net *net = pde_data(inode: file_inode(f: file));
1405	char tbuf[`20`];
1406	unsigned long i;
1407	int res;
1408
1409	if (ppos \|\| count > sizeof*(tbuf)-`1`)
1410	return -EINVAL;
1411	if (copy_from_user(to: tbuf, from: buf, n: count))
1412	return -EFAULT;
1413
1414	tbuf[count] = `0`;
1415	res = kstrtoul(s: tbuf, base: `0`, res: &i);
1416	if (res)
1417	return res;
1418	if (i != `1`)
1419	return -EINVAL;
1420	res = set_gssp_clnt(net);
1421	if (res)
1422	return res;
1423	res = set_gss_proxy(net, type: `1`);
1424	if (res)
1425	return res;
1426	return count;
1427	}
1428
1429	static ssize_t read_gssp(struct file file, char* __user *buf,
1430	size_t count, loff_t *ppos)
1431	{
1432	struct net *net = pde_data(inode: file_inode(f: file));
1433	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1434	unsigned long p = *ppos;
1435	char tbuf[`10`];
1436	size_t len;
1437
1438	snprintf(buf: tbuf, size: sizeof(tbuf), fmt: "%d\n", sn->use_gss_proxy);
1439	len = strlen(tbuf);
1440	if (p >= len)
1441	return `0`;
1442	len -= p;
1443	if (len > count)
1444	len = count;
1445	if (copy_to_user(to: buf, from: (void *)(tbuf+p), n: len))
1446	return -EFAULT;
1447	*ppos += len;
1448	return len;
1449	}
1450
1451	static const struct proc_ops use_gss_proxy_proc_ops = {
1452	.proc_open = nonseekable_open,
1453	.proc_write = write_gssp,
1454	.proc_read = read_gssp,
1455	};
1456
1457	static int create_use_gss_proxy_proc_entry(struct net *net)
1458	{
1459	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1460	struct proc_dir_entry **p = &sn->use_gssp_proc;
1461
1462	sn->use_gss_proxy = -`1`;
1463	*p = proc_create_data("use-gss-proxy", S_IFREG \| `0600`,
1464	sn->proc_net_rpc,
1465	&use_gss_proxy_proc_ops, net);
1466	if (!*p)
1467	return -ENOMEM;
1468	init_gssp_clnt(sn);
1469	return `0`;
1470	}
1471
1472	static void destroy_use_gss_proxy_proc_entry(struct net *net)
1473	{
1474	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1475
1476	if (sn->use_gssp_proc) {
1477	remove_proc_entry("use-gss-proxy", sn->proc_net_rpc);
1478	clear_gssp_clnt(sn);
1479	}
1480	}
1481
1482	static ssize_t read_gss_krb5_enctypes(struct file file, char* __user *buf,
1483	size_t count, loff_t *ppos)
1484	{
1485	struct rpcsec_gss_oid oid = {
1486	.len = `9`,
1487	.data = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02",
1488	};
1489	struct gss_api_mech *mech;
1490	ssize_t ret;
1491
1492	mech = gss_mech_get_by_OID(&oid);
1493	if (!mech)
1494	return `0`;
1495	if (!mech->gm_upcall_enctypes) {
1496	gss_mech_put(mech);
1497	return `0`;
1498	}
1499
1500	ret = simple_read_from_buffer(to: buf, count, ppos,
1501	from: mech->gm_upcall_enctypes,
1502	available: strlen(mech->gm_upcall_enctypes));
1503	gss_mech_put(mech);
1504	return ret;
1505	}
1506
1507	static const struct proc_ops gss_krb5_enctypes_proc_ops = {
1508	.proc_open = nonseekable_open,
1509	.proc_read = read_gss_krb5_enctypes,
1510	};
1511
1512	static int create_krb5_enctypes_proc_entry(struct net *net)
1513	{
1514	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1515
1516	sn->gss_krb5_enctypes =
1517	proc_create_data("gss_krb5_enctypes", S_IFREG \| `0444`,
1518	sn->proc_net_rpc, &gss_krb5_enctypes_proc_ops,
1519	net);
1520	return sn->gss_krb5_enctypes ? `0` : -ENOMEM;
1521	}
1522
1523	static void destroy_krb5_enctypes_proc_entry(struct net *net)
1524	{
1525	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1526
1527	if (sn->gss_krb5_enctypes)
1528	remove_proc_entry("gss_krb5_enctypes", sn->proc_net_rpc);
1529	}
1530
1531	#else /* CONFIG_PROC_FS */
1532
1533	static int create_use_gss_proxy_proc_entry(struct net *net)
1534	{
1535	return `0`;
1536	}
1537
1538	static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
1539
1540	static int create_krb5_enctypes_proc_entry(struct net *net)
1541	{
1542	return `0`;
1543	}
1544
1545	static void destroy_krb5_enctypes_proc_entry(struct net *net) {}
1546
1547	#endif /* CONFIG_PROC_FS */
1548
1549	/*
1550	* The Call's credential body should contain a struct rpc_gss_cred_t.
1551	*
1552	* RFC 2203 Section 5
1553	*
1554	* struct rpc_gss_cred_t {
1555	* union switch (unsigned int version) {
1556	* case RPCSEC_GSS_VERS_1:
1557	* struct {
1558	* rpc_gss_proc_t gss_proc;
1559	* unsigned int seq_num;
1560	* rpc_gss_service_t service;
1561	* opaque handle<>;
1562	* } rpc_gss_cred_vers_1_t;
1563	* }
1564	* };
1565	*/
1566	static bool
1567	svcauth_gss_decode_credbody(struct xdr_stream *xdr,
1568	struct rpc_gss_wire_cred *gc,
1569	__be32 **rpcstart)
1570	{
1571	ssize_t handle_len;
1572	u32 body_len;
1573	__be32 *p;
1574
1575	p = xdr_inline_decode(xdr, XDR_UNIT);
1576	if (!p)
1577	return false;
1578	/*
1579	* start of rpc packet is 7 u32's back from here:
1580	* xid direction rpcversion prog vers proc flavour
1581	*/
1582	*rpcstart = p - `7`;
1583	body_len = be32_to_cpup(p);
1584	if (body_len > RPC_MAX_AUTH_SIZE)
1585	return false;
1586
1587	/ struct rpc_gss_cred_t /
1588	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_v) < `0`)
1589	return false;
1590	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_proc) < `0`)
1591	return false;
1592	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_seq) < `0`)
1593	return false;
1594	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_svc) < `0`)
1595	return false;
1596	handle_len = xdr_stream_decode_opaque_inline(xdr,
1597	ptr: (void **)&gc->gc_ctx.data,
1598	maxlen: body_len);
1599	if (handle_len < `0`)
1600	return false;
1601	if (body_len != XDR_UNIT * `5` + xdr_align_size(n: handle_len))
1602	return false;
1603
1604	gc->gc_ctx.len = handle_len;
1605	return true;
1606	}
1607
1608	/**
1609	* svcauth_gss_accept - Decode and validate incoming RPC_AUTH_GSS credential
1610	* @rqstp: RPC transaction
1611	*
1612	* Return values:
1613	* %SVC_OK: Success
1614	* %SVC_COMPLETE: GSS context lifetime event
1615	* %SVC_DENIED: Credential or verifier is not valid
1616	* %SVC_GARBAGE: Failed to decode credential or verifier
1617	* %SVC_CLOSE: Temporary failure
1618	*
1619	* The rqstp->rq_auth_stat field is also set (see RFCs 2203 and 5531).
1620	*/
1621	static enum svc_auth_status
1622	svcauth_gss_accept(struct svc_rqst *rqstp)
1623	{
1624	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
1625	__be32 *rpcstart;
1626	struct rpc_gss_wire_cred *gc;
1627	struct rsc *rsci = NULL;
1628	int ret;
1629	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), id: sunrpc_net_id);
1630
1631	rqstp->rq_auth_stat = rpc_autherr_failed;
1632	if (!svcdata)
1633	svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL);
1634	if (!svcdata)
1635	goto auth_err;
1636	rqstp->rq_auth_data = svcdata;
1637	svcdata->gsd_databody_offset = `0`;
1638	svcdata->rsci = NULL;
1639	gc = &svcdata->clcred;
1640
1641	rqstp->rq_auth_stat = rpc_autherr_badcred;
1642	if (!svcauth_gss_decode_credbody(xdr: &rqstp->rq_arg_stream, gc, rpcstart: &rpcstart))
1643	goto auth_err;
1644	if (gc->gc_v != RPC_GSS_VERSION)
1645	goto auth_err;
1646
1647	switch (gc->gc_proc) {
1648	case RPC_GSS_PROC_INIT:
1649	case RPC_GSS_PROC_CONTINUE_INIT:
1650	if (rqstp->rq_proc != `0`)
1651	goto auth_err;
1652	return svcauth_gss_proc_init(rqstp, gc);
1653	case RPC_GSS_PROC_DESTROY:
1654	if (rqstp->rq_proc != `0`)
1655	goto auth_err;
1656	fallthrough;
1657	case RPC_GSS_PROC_DATA:
1658	rqstp->rq_auth_stat = rpcsec_gsserr_credproblem;
1659	rsci = gss_svc_searchbyctx(cd: sn->rsc_cache, handle: &gc->gc_ctx);
1660	if (!rsci)
1661	goto auth_err;
1662	switch (svcauth_gss_verify_header(rqstp, rsci, rpcstart, gc)) {
1663	case SVC_OK:
1664	break;
1665	case SVC_DENIED:
1666	goto auth_err;
1667	case SVC_DROP:
1668	goto drop;
1669	}
1670	break;
1671	default:
1672	if (rqstp->rq_proc != `0`)
1673	goto auth_err;
1674	rqstp->rq_auth_stat = rpc_autherr_rejectedcred;
1675	goto auth_err;
1676	}
1677
1678	/ now act upon the command: /
1679	switch (gc->gc_proc) {
1680	case RPC_GSS_PROC_DESTROY:
1681	if (!svcauth_gss_encode_verf(rqstp, ctx_id: rsci->mechctx, seq: gc->gc_seq))
1682	goto auth_err;
1683	if (!svcxdr_set_accept_stat(rqstp))
1684	goto auth_err;
1685	/ Delete the entry from the cache_list and call cache_put /
1686	sunrpc_cache_unhash(sn->rsc_cache, &rsci->h);
1687	goto complete;
1688	case RPC_GSS_PROC_DATA:
1689	rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem;
1690	if (!svcauth_gss_encode_verf(rqstp, ctx_id: rsci->mechctx, seq: gc->gc_seq))
1691	goto auth_err;
1692	if (!svcxdr_set_accept_stat(rqstp))
1693	goto auth_err;
1694	svcdata->gsd_databody_offset = xdr_stream_pos(xdr: &rqstp->rq_res_stream);
1695	rqstp->rq_cred = rsci->cred;
1696	get_group_info(gi: rsci->cred.cr_group_info);
1697	rqstp->rq_auth_stat = rpc_autherr_badcred;
1698	switch (gc->gc_svc) {
1699	case RPC_GSS_SVC_NONE:
1700	break;
1701	case RPC_GSS_SVC_INTEGRITY:
1702	/ placeholders for body length and seq. number: /
1703	xdr_reserve_space(xdr: &rqstp->rq_res_stream, XDR_UNIT * `2`);
1704	if (svcauth_gss_unwrap_integ(rqstp, seq: gc->gc_seq,
1705	ctx: rsci->mechctx))
1706	goto garbage_args;
1707	svcxdr_set_auth_slack(rqstp, RPC_MAX_AUTH_SIZE);
1708	break;
1709	case RPC_GSS_SVC_PRIVACY:
1710	/ placeholders for body length and seq. number: /
1711	xdr_reserve_space(xdr: &rqstp->rq_res_stream, XDR_UNIT * `2`);
1712	if (svcauth_gss_unwrap_priv(rqstp, seq: gc->gc_seq,
1713	ctx: rsci->mechctx))
1714	goto garbage_args;
1715	svcxdr_set_auth_slack(rqstp, RPC_MAX_AUTH_SIZE * `2`);
1716	break;
1717	default:
1718	goto auth_err;
1719	}
1720	svcdata->rsci = rsci;
1721	cache_get(h: &rsci->h);
1722	rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor(
1723	rsci->mechctx->mech_type,
1724	GSS_C_QOP_DEFAULT,
1725	service: gc->gc_svc);
1726	ret = SVC_OK;
1727	trace_rpcgss_svc_authenticate(rqstp, gc);
1728	goto out;
1729	}
1730	garbage_args:
1731	ret = SVC_GARBAGE;
1732	goto out;
1733	auth_err:
1734	xdr_truncate_encode(xdr: &rqstp->rq_res_stream, XDR_UNIT * `2`);
1735	ret = SVC_DENIED;
1736	goto out;
1737	complete:
1738	ret = SVC_COMPLETE;
1739	goto out;
1740	drop:
1741	ret = SVC_CLOSE;
1742	out:
1743	if (rsci)
1744	cache_put(h: &rsci->h, cd: sn->rsc_cache);
1745	return ret;
1746	}
1747
1748	static u32
1749	svcauth_gss_prepare_to_wrap(struct svc_rqst rqstp, struct* gss_svc_data *gsd)
1750	{
1751	u32 offset;
1752
1753	/ Release can be called twice, but we only wrap once. /
1754	offset = gsd->gsd_databody_offset;
1755	gsd->gsd_databody_offset = `0`;
1756
1757	/ AUTH_ERROR replies are not wrapped. /
1758	if (rqstp->rq_auth_stat != rpc_auth_ok)
1759	return `0`;
1760
1761	/ Also don't wrap if the accept_stat is nonzero: /
1762	if (*rqstp->rq_accept_statp != rpc_success)
1763	return `0`;
1764
1765	return offset;
1766	}
1767
1768	/*
1769	* RFC 2203, Section 5.3.2.2
1770	*
1771	* struct rpc_gss_integ_data {
1772	* opaque databody_integ<>;
1773	* opaque checksum<>;
1774	* };
1775	*
1776	* struct rpc_gss_data_t {
1777	* unsigned int seq_num;
1778	* proc_req_arg_t arg;
1779	* };
1780	*
1781	* The RPC Reply message has already been XDR-encoded. rq_res_stream
1782	* is now positioned so that the checksum can be written just past
1783	* the RPC Reply message.
1784	*/
1785	static int svcauth_gss_wrap_integ(struct svc_rqst *rqstp)
1786	{
1787	struct gss_svc_data *gsd = rqstp->rq_auth_data;
1788	struct xdr_stream *xdr = &rqstp->rq_res_stream;
1789	struct rpc_gss_wire_cred *gc = &gsd->clcred;
1790	struct xdr_buf *buf = xdr->buf;
1791	struct xdr_buf databody_integ;
1792	struct xdr_netobj checksum;
1793	u32 offset, maj_stat;
1794
1795	offset = svcauth_gss_prepare_to_wrap(rqstp, gsd);
1796	if (!offset)
1797	goto out;
1798
1799	if (xdr_buf_subsegment(buf, &databody_integ, offset + XDR_UNIT,
1800	buf->len - offset - XDR_UNIT))
1801	goto wrap_failed;
1802	/ Buffer space for these has already been reserved in*
1803	* svcauth_gss_accept(). */
1804	if (xdr_encode_word(buf, offset, databody_integ.len))
1805	goto wrap_failed;
1806	if (xdr_encode_word(buf, offset + XDR_UNIT, gc->gc_seq))
1807	goto wrap_failed;
1808
1809	checksum.data = gsd->gsd_scratch;
1810	maj_stat = gss_get_mic(ctx_id: gsd->rsci->mechctx, message: &databody_integ, mic_token: &checksum);
1811	if (maj_stat != GSS_S_COMPLETE)
1812	goto bad_mic;
1813
1814	if (xdr_stream_encode_opaque(xdr, ptr: checksum.data, len: checksum.len) < `0`)
1815	goto wrap_failed;
1816	xdr_commit_encode(xdr);
1817
1818	out:
1819	return `0`;
1820
1821	bad_mic:
1822	trace_rpcgss_svc_get_mic(rqstp, maj_stat);
1823	return -EINVAL;
1824	wrap_failed:
1825	trace_rpcgss_svc_wrap_failed(rqstp);
1826	return -EINVAL;
1827	}
1828
1829	/*
1830	* RFC 2203, Section 5.3.2.3
1831	*
1832	* struct rpc_gss_priv_data {
1833	* opaque databody_priv<>
1834	* };
1835	*
1836	* struct rpc_gss_data_t {
1837	* unsigned int seq_num;
1838	* proc_req_arg_t arg;
1839	* };
1840	*
1841	* gss_wrap() expands the size of the RPC message payload in the
1842	* response buffer. The main purpose of svcauth_gss_wrap_priv()
1843	* is to ensure there is adequate space in the response buffer to
1844	* avoid overflow during the wrap.
1845	*/
1846	static int svcauth_gss_wrap_priv(struct svc_rqst *rqstp)
1847	{
1848	struct gss_svc_data *gsd = rqstp->rq_auth_data;
1849	struct rpc_gss_wire_cred *gc = &gsd->clcred;
1850	struct xdr_buf *buf = &rqstp->rq_res;
1851	struct kvec *head = buf->head;
1852	struct kvec *tail = buf->tail;
1853	u32 offset, pad, maj_stat;
1854	__be32 *p;
1855
1856	offset = svcauth_gss_prepare_to_wrap(rqstp, gsd);
1857	if (!offset)
1858	return `0`;
1859
1860	/*
1861	* Buffer space for this field has already been reserved
1862	* in svcauth_gss_accept(). Note that the GSS sequence
1863	* number is encrypted along with the RPC reply payload.
1864	*/
1865	if (xdr_encode_word(buf, offset + XDR_UNIT, gc->gc_seq))
1866	goto wrap_failed;
1867
1868	/*
1869	* If there is currently tail data, make sure there is
1870	* room for the head, tail, and 2 * RPC_MAX_AUTH_SIZE in
1871	* the page, and move the current tail data such that
1872	* there is RPC_MAX_AUTH_SIZE slack space available in
1873	* both the head and tail.
1874	*/
1875	if (tail->iov_base) {
1876	if (tail->iov_base >= head->iov_base + PAGE_SIZE)
1877	goto wrap_failed;
1878	if (tail->iov_base < head->iov_base)
1879	goto wrap_failed;
1880	if (tail->iov_len + head->iov_len
1881	+ `2` * RPC_MAX_AUTH_SIZE > PAGE_SIZE)
1882	goto wrap_failed;
1883	memmove(dest: tail->iov_base + RPC_MAX_AUTH_SIZE, src: tail->iov_base,
1884	count: tail->iov_len);
1885	tail->iov_base += RPC_MAX_AUTH_SIZE;
1886	}
1887	/*
1888	* If there is no current tail data, make sure there is
1889	* room for the head data, and 2 * RPC_MAX_AUTH_SIZE in the
1890	* allotted page, and set up tail information such that there
1891	* is RPC_MAX_AUTH_SIZE slack space available in both the
1892	* head and tail.
1893	*/
1894	if (!tail->iov_base) {
1895	if (head->iov_len + `2` * RPC_MAX_AUTH_SIZE > PAGE_SIZE)
1896	goto wrap_failed;
1897	tail->iov_base = head->iov_base
1898	+ head->iov_len + RPC_MAX_AUTH_SIZE;
1899	tail->iov_len = `0`;
1900	}
1901
1902	maj_stat = gss_wrap(ctx_id: gsd->rsci->mechctx, offset: offset + XDR_UNIT, outbuf: buf,
1903	inpages: buf->pages);
1904	if (maj_stat != GSS_S_COMPLETE)
1905	goto bad_wrap;
1906
1907	/ Wrapping can change the size of databody_priv. /
1908	if (xdr_encode_word(buf, offset, buf->len - offset - XDR_UNIT))
1909	goto wrap_failed;
1910	pad = xdr_pad_size(n: buf->len - offset - XDR_UNIT);
1911	p = (__be32 *)(tail->iov_base + tail->iov_len);
1912	memset(s: p, c: `0`, n: pad);
1913	tail->iov_len += pad;
1914	buf->len += pad;
1915
1916	return `0`;
1917	wrap_failed:
1918	trace_rpcgss_svc_wrap_failed(rqstp);
1919	return -EINVAL;
1920	bad_wrap:
1921	trace_rpcgss_svc_wrap(rqstp, maj_stat);
1922	return -ENOMEM;
1923	}
1924
1925	/**
1926	* svcauth_gss_release - Wrap payload and release resources
1927	* @rqstp: RPC transaction context
1928	*
1929	* Return values:
1930	* %0: the Reply is ready to be sent
1931	* %-ENOMEM: failed to allocate memory
1932	* %-EINVAL: encoding error
1933	*/
1934	static int
1935	svcauth_gss_release(struct svc_rqst *rqstp)
1936	{
1937	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), id: sunrpc_net_id);
1938	struct gss_svc_data *gsd = rqstp->rq_auth_data;
1939	struct rpc_gss_wire_cred *gc;
1940	int stat;
1941
1942	if (!gsd)
1943	goto out;
1944	gc = &gsd->clcred;
1945	if (gc->gc_proc != RPC_GSS_PROC_DATA)
1946	goto out;
1947
1948	switch (gc->gc_svc) {
1949	case RPC_GSS_SVC_NONE:
1950	break;
1951	case RPC_GSS_SVC_INTEGRITY:
1952	stat = svcauth_gss_wrap_integ(rqstp);
1953	if (stat)
1954	goto out_err;
1955	break;
1956	case RPC_GSS_SVC_PRIVACY:
1957	stat = svcauth_gss_wrap_priv(rqstp);
1958	if (stat)
1959	goto out_err;
1960	break;
1961	/*
1962	* For any other gc_svc value, svcauth_gss_accept() already set
1963	* the auth_error appropriately; just fall through:
1964	*/
1965	}
1966
1967	out:
1968	stat = `0`;
1969	out_err:
1970	if (rqstp->rq_client)
1971	auth_domain_put(item: rqstp->rq_client);
1972	rqstp->rq_client = NULL;
1973	if (rqstp->rq_gssclient)
1974	auth_domain_put(item: rqstp->rq_gssclient);
1975	rqstp->rq_gssclient = NULL;
1976	if (rqstp->rq_cred.cr_group_info)
1977	put_group_info(rqstp->rq_cred.cr_group_info);
1978	rqstp->rq_cred.cr_group_info = NULL;
1979	if (gsd && gsd->rsci) {
1980	cache_put(h: &gsd->rsci->h, cd: sn->rsc_cache);
1981	gsd->rsci = NULL;
1982	}
1983	return stat;
1984	}
1985
1986	static void
1987	svcauth_gss_domain_release_rcu(struct rcu_head *head)
1988	{
1989	struct auth_domain dom = container_of(head, struct* auth_domain, rcu_head);
1990	struct gss_domain gd = container_of(dom, struct* gss_domain, h);
1991
1992	kfree(objp: dom->name);
1993	kfree(objp: gd);
1994	}
1995
1996	static void
1997	svcauth_gss_domain_release(struct auth_domain *dom)
1998	{
1999	call_rcu(head: &dom->rcu_head, func: svcauth_gss_domain_release_rcu);
2000	}
2001
2002	static rpc_authflavor_t svcauth_gss_pseudoflavor(struct svc_rqst *rqstp)
2003	{
2004	return svcauth_gss_flavor(rqstp->rq_gssclient);
2005	}
2006
2007	static struct auth_ops svcauthops_gss = {
2008	.name = "rpcsec_gss",
2009	.owner = THIS_MODULE,
2010	.flavour = RPC_AUTH_GSS,
2011	.accept = svcauth_gss_accept,
2012	.release = svcauth_gss_release,
2013	.domain_release = svcauth_gss_domain_release,
2014	.set_client = svcauth_gss_set_client,
2015	.pseudoflavor = svcauth_gss_pseudoflavor,
2016	};
2017
2018	static int rsi_cache_create_net(struct net *net)
2019	{
2020	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2021	struct cache_detail *cd;
2022	int err;
2023
2024	cd = cache_create_net(tmpl: &rsi_cache_template, net);
2025	if (IS_ERR(ptr: cd))
2026	return PTR_ERR(ptr: cd);
2027	err = cache_register_net(cd, net);
2028	if (err) {
2029	cache_destroy_net(cd, net);
2030	return err;
2031	}
2032	sn->rsi_cache = cd;
2033	return `0`;
2034	}
2035
2036	static void rsi_cache_destroy_net(struct net *net)
2037	{
2038	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2039	struct cache_detail *cd = sn->rsi_cache;
2040
2041	sn->rsi_cache = NULL;
2042	cache_purge(detail: cd);
2043	cache_unregister_net(cd, net);
2044	cache_destroy_net(cd, net);
2045	}
2046
2047	static int rsc_cache_create_net(struct net *net)
2048	{
2049	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2050	struct cache_detail *cd;
2051	int err;
2052
2053	cd = cache_create_net(tmpl: &rsc_cache_template, net);
2054	if (IS_ERR(ptr: cd))
2055	return PTR_ERR(ptr: cd);
2056	err = cache_register_net(cd, net);
2057	if (err) {
2058	cache_destroy_net(cd, net);
2059	return err;
2060	}
2061	sn->rsc_cache = cd;
2062	return `0`;
2063	}
2064
2065	static void rsc_cache_destroy_net(struct net *net)
2066	{
2067	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2068	struct cache_detail *cd = sn->rsc_cache;
2069
2070	sn->rsc_cache = NULL;
2071	cache_purge(detail: cd);
2072	cache_unregister_net(cd, net);
2073	cache_destroy_net(cd, net);
2074	}
2075
2076	int
2077	gss_svc_init_net(struct net *net)
2078	{
2079	int rv;
2080
2081	rv = rsc_cache_create_net(net);
2082	if (rv)
2083	return rv;
2084	rv = rsi_cache_create_net(net);
2085	if (rv)
2086	goto out1;
2087	rv = create_use_gss_proxy_proc_entry(net);
2088	if (rv)
2089	goto out2;
2090
2091	rv = create_krb5_enctypes_proc_entry(net);
2092	if (rv)
2093	goto out3;
2094
2095	return `0`;
2096
2097	out3:
2098	destroy_use_gss_proxy_proc_entry(net);
2099	out2:
2100	rsi_cache_destroy_net(net);
2101	out1:
2102	rsc_cache_destroy_net(net);
2103	return rv;
2104	}
2105
2106	void
2107	gss_svc_shutdown_net(struct net *net)
2108	{
2109	destroy_krb5_enctypes_proc_entry(net);
2110	destroy_use_gss_proxy_proc_entry(net);
2111	rsi_cache_destroy_net(net);
2112	rsc_cache_destroy_net(net);
2113	}
2114
2115	int
2116	gss_svc_init(void)
2117	{
2118	return svc_auth_register(flavor: RPC_AUTH_GSS, aops: &svcauthops_gss);
2119	}
2120
2121	void
2122	gss_svc_shutdown(void)
2123	{
2124	svc_auth_unregister(flavor: RPC_AUTH_GSS);
2125	}
2126

Browse the source code of Linux/net/sunrpc/auth_gss/svcauth_gss.c