svcauth_gss.c source code [linux/net/sunrpc/auth_gss/svcauth_gss.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Neil Brown <neilb@cse.unsw.edu.au>
4	* J. Bruce Fields <bfields@umich.edu>
5	* Andy Adamson <andros@umich.edu>
6	* Dug Song <dugsong@monkey.org>
7	*
8	* RPCSEC_GSS server authentication.
9	* This implements RPCSEC_GSS as defined in rfc2203 (rpcsec_gss) and rfc2078
10	* (gssapi)
11	*
12	* The RPCSEC_GSS involves three stages:
13	* 1/ context creation
14	* 2/ data exchange
15	* 3/ context destruction
16	*
17	* Context creation is handled largely by upcalls to user-space.
18	* In particular, GSS_Accept_sec_context is handled by an upcall
19	* Data exchange is handled entirely within the kernel
20	* In particular, GSS_GetMIC, GSS_VerifyMIC, GSS_Seal, GSS_Unseal are in-kernel.
21	* Context destruction is handled in-kernel
22	* GSS_Delete_sec_context is in-kernel
23	*
24	* Context creation is initiated by a RPCSEC_GSS_INIT request arriving.
25	* The context handle and gss_token are used as a key into the rpcsec_init cache.
26	* The content of this cache includes some of the outputs of GSS_Accept_sec_context,
27	* being major_status, minor_status, context_handle, reply_token.
28	* These are sent back to the client.
29	* Sequence window management is handled by the kernel. The window size if currently
30	* a compile time constant.
31	*
32	* When user-space is happy that a context is established, it places an entry
33	* in the rpcsec_context cache. The key for this cache is the context_handle.
34	* The content includes:
35	* uid/gidlist - for determining access rights
36	* mechanism type
37	* mechanism specific information, such as a key
38	*
39	*/
40
41	#include <linux/slab.h>
42	#include <linux/types.h>
43	#include <linux/module.h>
44	#include <linux/pagemap.h>
45	#include <linux/user_namespace.h>
46
47	#include <linux/sunrpc/auth_gss.h>
48	#include <linux/sunrpc/gss_err.h>
49	#include <linux/sunrpc/svcauth.h>
50	#include <linux/sunrpc/svcauth_gss.h>
51	#include <linux/sunrpc/cache.h>
52	#include <linux/sunrpc/gss_krb5.h>
53
54	#include <trace/events/rpcgss.h>
55
56	#include "gss_rpc_upcall.h"
57
58	/*
59	* Unfortunately there isn't a maximum checksum size exported via the
60	* GSS API. Manufacture one based on GSS mechanisms supported by this
61	* implementation.
62	*/
63	#define GSS_MAX_CKSUMSIZE (GSS_KRB5_TOK_HDR_LEN + GSS_KRB5_MAX_CKSUM_LEN)
64
65	/*
66	* This value may be increased in the future to accommodate other
67	* usage of the scratch buffer.
68	*/
69	#define GSS_SCRATCH_SIZE GSS_MAX_CKSUMSIZE
70
71	struct gss_svc_data {
72	/ decoded gss client cred: /
73	struct rpc_gss_wire_cred clcred;
74	u32 gsd_databody_offset;
75	struct rsc *rsci;
76
77	/ for temporary results /
78	__be32 gsd_seq_num;
79	u8 gsd_scratch[GSS_SCRATCH_SIZE];
80	};
81
82	/ The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests*
83	* into replies.
84	*
85	* Key is context handle (\x if empty) and gss_token.
86	* Content is major_status minor_status (integers) context_handle, reply_token.
87	*
88	*/
89
90	static int netobj_equal(struct xdr_netobj a, struct* xdr_netobj *b)
91	{
92	return a->len == b->len && `0` == memcmp(p: a->data, q: b->data, size: a->len);
93	}
94
95	#define RSI_HASHBITS 6
96	#define RSI_HASHMAX (1<<RSI_HASHBITS)
97
98	struct rsi {
99	struct cache_head h;
100	struct xdr_netobj in_handle, in_token;
101	struct xdr_netobj out_handle, out_token;
102	int major_status, minor_status;
103	struct rcu_head rcu_head;
104	};
105
106	static struct rsi rsi_update(struct* cache_detail cd, struct* rsi new, struct* rsi *old);
107	static struct rsi rsi_lookup(struct* cache_detail cd, struct* rsi *item);
108
109	static void rsi_free(struct rsi *rsii)
110	{
111	kfree(objp: rsii->in_handle.data);
112	kfree(objp: rsii->in_token.data);
113	kfree(objp: rsii->out_handle.data);
114	kfree(objp: rsii->out_token.data);
115	}
116
117	static void rsi_free_rcu(struct rcu_head *head)
118	{
119	struct rsi rsii = container_of(head, struct* rsi, rcu_head);
120
121	rsi_free(rsii);
122	kfree(objp: rsii);
123	}
124
125	static void rsi_put(struct kref *ref)
126	{
127	struct rsi rsii = container_of(ref, struct* rsi, h.ref);
128
129	call_rcu(head: &rsii->rcu_head, func: rsi_free_rcu);
130	}
131
132	static inline int rsi_hash(struct rsi *item)
133	{
134	return hash_mem(buf: item->in_handle.data, length: item->in_handle.len, RSI_HASHBITS)
135	^ hash_mem(buf: item->in_token.data, length: item->in_token.len, RSI_HASHBITS);
136	}
137
138	static int rsi_match(struct cache_head a, struct* cache_head *b)
139	{
140	struct rsi item = container_of(a, struct* rsi, h);
141	struct rsi tmp = container_of(b, struct* rsi, h);
142	return netobj_equal(a: &item->in_handle, b: &tmp->in_handle) &&
143	netobj_equal(a: &item->in_token, b: &tmp->in_token);
144	}
145
146	static int dup_to_netobj(struct xdr_netobj dst, char* src, int* len)
147	{
148	dst->len = len;
149	dst->data = (len ? kmemdup(p: src, size: len, GFP_KERNEL) : NULL);
150	if (len && !dst->data)
151	return -ENOMEM;
152	return `0`;
153	}
154
155	static inline int dup_netobj(struct xdr_netobj dst, struct* xdr_netobj *src)
156	{
157	return dup_to_netobj(dst, src: src->data, len: src->len);
158	}
159
160	static void rsi_init(struct cache_head cnew, struct* cache_head *citem)
161	{
162	struct rsi new = container_of(cnew, struct* rsi, h);
163	struct rsi item = container_of(citem, struct* rsi, h);
164
165	new->out_handle.data = NULL;
166	new->out_handle.len = `0`;
167	new->out_token.data = NULL;
168	new->out_token.len = `0`;
169	new->in_handle.len = item->in_handle.len;
170	item->in_handle.len = `0`;
171	new->in_token.len = item->in_token.len;
172	item->in_token.len = `0`;
173	new->in_handle.data = item->in_handle.data;
174	item->in_handle.data = NULL;
175	new->in_token.data = item->in_token.data;
176	item->in_token.data = NULL;
177	}
178
179	static void update_rsi(struct cache_head cnew, struct* cache_head *citem)
180	{
181	struct rsi new = container_of(cnew, struct* rsi, h);
182	struct rsi item = container_of(citem, struct* rsi, h);
183
184	BUG_ON(new->out_handle.data \|\| new->out_token.data);
185	new->out_handle.len = item->out_handle.len;
186	item->out_handle.len = `0`;
187	new->out_token.len = item->out_token.len;
188	item->out_token.len = `0`;
189	new->out_handle.data = item->out_handle.data;
190	item->out_handle.data = NULL;
191	new->out_token.data = item->out_token.data;
192	item->out_token.data = NULL;
193
194	new->major_status = item->major_status;
195	new->minor_status = item->minor_status;
196	}
197
198	static struct cache_head rsi_alloc(void*)
199	{
200	struct rsi rsii = kmalloc(size: sizeof(rsii), GFP_KERNEL);
201	if (rsii)
202	return &rsii->h;
203	else
204	return NULL;
205	}
206
207	static int rsi_upcall(struct cache_detail cd, struct* cache_head *h)
208	{
209	return sunrpc_cache_pipe_upcall_timeout(detail: cd, h);
210	}
211
212	static void rsi_request(struct cache_detail *cd,
213	struct cache_head *h,
214	char *bpp, int* *blen)
215	{
216	struct rsi rsii = container_of(h, struct* rsi, h);
217
218	qword_addhex(bpp, lp: blen, buf: rsii->in_handle.data, blen: rsii->in_handle.len);
219	qword_addhex(bpp, lp: blen, buf: rsii->in_token.data, blen: rsii->in_token.len);
220	(*bpp)[-`1`] = `'\n'`;
221	WARN_ONCE(*blen < `0`,
222	"RPCSEC/GSS credential too large - please use gssproxy\n");
223	}
224
225	static int rsi_parse(struct cache_detail *cd,
226	char mesg, int* mlen)
227	{
228	/ context token expiry major minor context token /
229	char *buf = mesg;
230	char *ep;
231	int len;
232	struct rsi rsii, *rsip = NULL;
233	time64_t expiry;
234	int status = -EINVAL;
235
236	memset(&rsii, `0`, sizeof(rsii));
237	/ handle /
238	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
239	if (len < `0`)
240	goto out;
241	status = -ENOMEM;
242	if (dup_to_netobj(dst: &rsii.in_handle, src: buf, len))
243	goto out;
244
245	/ token /
246	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
247	status = -EINVAL;
248	if (len < `0`)
249	goto out;
250	status = -ENOMEM;
251	if (dup_to_netobj(dst: &rsii.in_token, src: buf, len))
252	goto out;
253
254	rsip = rsi_lookup(cd, item: &rsii);
255	if (!rsip)
256	goto out;
257
258	rsii.h.flags = `0`;
259	/ expiry /
260	status = get_expiry(bpp: &mesg, rvp: &expiry);
261	if (status)
262	goto out;
263
264	status = -EINVAL;
265	/ major/minor /
266	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
267	if (len <= `0`)
268	goto out;
269	rsii.major_status = simple_strtoul(buf, &ep, `10`);
270	if (*ep)
271	goto out;
272	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
273	if (len <= `0`)
274	goto out;
275	rsii.minor_status = simple_strtoul(buf, &ep, `10`);
276	if (*ep)
277	goto out;
278
279	/ out_handle /
280	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
281	if (len < `0`)
282	goto out;
283	status = -ENOMEM;
284	if (dup_to_netobj(dst: &rsii.out_handle, src: buf, len))
285	goto out;
286
287	/ out_token /
288	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
289	status = -EINVAL;
290	if (len < `0`)
291	goto out;
292	status = -ENOMEM;
293	if (dup_to_netobj(dst: &rsii.out_token, src: buf, len))
294	goto out;
295	rsii.h.expiry_time = expiry;
296	rsip = rsi_update(cd, new: &rsii, old: rsip);
297	status = `0`;
298	out:
299	rsi_free(rsii: &rsii);
300	if (rsip)
301	cache_put(h: &rsip->h, cd);
302	else
303	status = -ENOMEM;
304	return status;
305	}
306
307	static const struct cache_detail rsi_cache_template = {
308	.owner = THIS_MODULE,
309	.hash_size = RSI_HASHMAX,
310	.name = "auth.rpcsec.init",
311	.cache_put = rsi_put,
312	.cache_upcall = rsi_upcall,
313	.cache_request = rsi_request,
314	.cache_parse = rsi_parse,
315	.match = rsi_match,
316	.init = rsi_init,
317	.update = update_rsi,
318	.alloc = rsi_alloc,
319	};
320
321	static struct rsi rsi_lookup(struct* cache_detail cd, struct* rsi *item)
322	{
323	struct cache_head *ch;
324	int hash = rsi_hash(item);
325
326	ch = sunrpc_cache_lookup_rcu(detail: cd, key: &item->h, hash);
327	if (ch)
328	return container_of(ch, struct rsi, h);
329	else
330	return NULL;
331	}
332
333	static struct rsi rsi_update(struct* cache_detail cd, struct* rsi new, struct* rsi *old)
334	{
335	struct cache_head *ch;
336	int hash = rsi_hash(item: new);
337
338	ch = sunrpc_cache_update(detail: cd, new: &new->h,
339	old: &old->h, hash);
340	if (ch)
341	return container_of(ch, struct rsi, h);
342	else
343	return NULL;
344	}
345
346
347	/*
348	* The rpcsec_context cache is used to store a context that is
349	* used in data exchange.
350	* The key is a context handle. The content is:
351	* uid, gidlist, mechanism, service-set, mech-specific-data
352	*/
353
354	#define RSC_HASHBITS 10
355	#define RSC_HASHMAX (1<<RSC_HASHBITS)
356
357	#define GSS_SEQ_WIN 128
358
359	struct gss_svc_seq_data {
360	/ highest seq number seen so far: /
361	u32 sd_max;
362	/ for i such that sd_max-GSS_SEQ_WIN < i <= sd_max, the i-th bit of*
363	* sd_win is nonzero iff sequence number i has been seen already: */
364	unsigned long sd_win[GSS_SEQ_WIN/BITS_PER_LONG];
365	spinlock_t sd_lock;
366	};
367
368	struct rsc {
369	struct cache_head h;
370	struct xdr_netobj handle;
371	struct svc_cred cred;
372	struct gss_svc_seq_data seqdata;
373	struct gss_ctx *mechctx;
374	struct rcu_head rcu_head;
375	};
376
377	static struct rsc rsc_update(struct* cache_detail cd, struct* rsc new, struct* rsc *old);
378	static struct rsc rsc_lookup(struct* cache_detail cd, struct* rsc *item);
379
380	static void rsc_free(struct rsc *rsci)
381	{
382	kfree(objp: rsci->handle.data);
383	if (rsci->mechctx)
384	gss_delete_sec_context(ctx_id: &rsci->mechctx);
385	free_svc_cred(cred: &rsci->cred);
386	}
387
388	static void rsc_free_rcu(struct rcu_head *head)
389	{
390	struct rsc rsci = container_of(head, struct* rsc, rcu_head);
391
392	kfree(objp: rsci->handle.data);
393	kfree(objp: rsci);
394	}
395
396	static void rsc_put(struct kref *ref)
397	{
398	struct rsc rsci = container_of(ref, struct* rsc, h.ref);
399
400	if (rsci->mechctx)
401	gss_delete_sec_context(ctx_id: &rsci->mechctx);
402	free_svc_cred(cred: &rsci->cred);
403	call_rcu(head: &rsci->rcu_head, func: rsc_free_rcu);
404	}
405
406	static inline int
407	rsc_hash(struct rsc *rsci)
408	{
409	return hash_mem(buf: rsci->handle.data, length: rsci->handle.len, RSC_HASHBITS);
410	}
411
412	static int
413	rsc_match(struct cache_head a, struct* cache_head *b)
414	{
415	struct rsc new = container_of(a, struct* rsc, h);
416	struct rsc tmp = container_of(b, struct* rsc, h);
417
418	return netobj_equal(a: &new->handle, b: &tmp->handle);
419	}
420
421	static void
422	rsc_init(struct cache_head cnew, struct* cache_head *ctmp)
423	{
424	struct rsc new = container_of(cnew, struct* rsc, h);
425	struct rsc tmp = container_of(ctmp, struct* rsc, h);
426
427	new->handle.len = tmp->handle.len;
428	tmp->handle.len = `0`;
429	new->handle.data = tmp->handle.data;
430	tmp->handle.data = NULL;
431	new->mechctx = NULL;
432	init_svc_cred(cred: &new->cred);
433	}
434
435	static void
436	update_rsc(struct cache_head cnew, struct* cache_head *ctmp)
437	{
438	struct rsc new = container_of(cnew, struct* rsc, h);
439	struct rsc tmp = container_of(ctmp, struct* rsc, h);
440
441	new->mechctx = tmp->mechctx;
442	tmp->mechctx = NULL;
443	memset(&new->seqdata, `0`, sizeof(new->seqdata));
444	spin_lock_init(&new->seqdata.sd_lock);
445	new->cred = tmp->cred;
446	init_svc_cred(cred: &tmp->cred);
447	}
448
449	static struct cache_head *
450	rsc_alloc(void)
451	{
452	struct rsc rsci = kmalloc(size: sizeof(rsci), GFP_KERNEL);
453	if (rsci)
454	return &rsci->h;
455	else
456	return NULL;
457	}
458
459	static int rsc_upcall(struct cache_detail cd, struct* cache_head *h)
460	{
461	return -EINVAL;
462	}
463
464	static int rsc_parse(struct cache_detail *cd,
465	char mesg, int* mlen)
466	{
467	/ contexthandle expiry [ uid gid N <n gids> mechname ...mechdata... ] /
468	char *buf = mesg;
469	int id;
470	int len, rv;
471	struct rsc rsci, *rscp = NULL;
472	time64_t expiry;
473	int status = -EINVAL;
474	struct gss_api_mech *gm = NULL;
475
476	memset(&rsci, `0`, sizeof(rsci));
477	/ context handle /
478	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
479	if (len < `0`) goto out;
480	status = -ENOMEM;
481	if (dup_to_netobj(dst: &rsci.handle, src: buf, len))
482	goto out;
483
484	rsci.h.flags = `0`;
485	/ expiry /
486	status = get_expiry(bpp: &mesg, rvp: &expiry);
487	if (status)
488	goto out;
489
490	status = -EINVAL;
491	rscp = rsc_lookup(cd, item: &rsci);
492	if (!rscp)
493	goto out;
494
495	/ uid, or NEGATIVE /
496	rv = get_int(bpp: &mesg, anint: &id);
497	if (rv == -EINVAL)
498	goto out;
499	if (rv == -ENOENT)
500	set_bit(nr: CACHE_NEGATIVE, addr: &rsci.h.flags);
501	else {
502	int N, i;
503
504	/*
505	* NOTE: we skip uid_valid()/gid_valid() checks here:
506	* instead, * -1 id's are later mapped to the
507	* (export-specific) anonymous id by nfsd_setuser.
508	*
509	* (But supplementary gid's get no such special
510	* treatment so are checked for validity here.)
511	*/
512	/ uid /
513	rsci.cred.cr_uid = make_kuid(current_user_ns(), uid: id);
514
515	/ gid /
516	if (get_int(bpp: &mesg, anint: &id))
517	goto out;
518	rsci.cred.cr_gid = make_kgid(current_user_ns(), gid: id);
519
520	/ number of additional gid's /
521	if (get_int(bpp: &mesg, anint: &N))
522	goto out;
523	if (N < `0` \|\| N > NGROUPS_MAX)
524	goto out;
525	status = -ENOMEM;
526	rsci.cred.cr_group_info = groups_alloc(N);
527	if (rsci.cred.cr_group_info == NULL)
528	goto out;
529
530	/ gid's /
531	status = -EINVAL;
532	for (i=`0`; i<N; i++) {
533	kgid_t kgid;
534	if (get_int(bpp: &mesg, anint: &id))
535	goto out;
536	kgid = make_kgid(current_user_ns(), gid: id);
537	if (!gid_valid(gid: kgid))
538	goto out;
539	rsci.cred.cr_group_info->gid[i] = kgid;
540	}
541	groups_sort(rsci.cred.cr_group_info);
542
543	/ mech name /
544	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
545	if (len < `0`)
546	goto out;
547	gm = rsci.cred.cr_gss_mech = gss_mech_get_by_name(buf);
548	status = -EOPNOTSUPP;
549	if (!gm)
550	goto out;
551
552	status = -EINVAL;
553	/ mech-specific data: /
554	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
555	if (len < `0`)
556	goto out;
557	status = gss_import_sec_context(input_token: buf, bufsize: len, mech: gm, ctx_id: &rsci.mechctx,
558	NULL, GFP_KERNEL);
559	if (status)
560	goto out;
561
562	/ get client name /
563	len = qword_get(bpp: &mesg, dest: buf, bufsize: mlen);
564	if (len > `0`) {
565	rsci.cred.cr_principal = kstrdup(s: buf, GFP_KERNEL);
566	if (!rsci.cred.cr_principal) {
567	status = -ENOMEM;
568	goto out;
569	}
570	}
571
572	}
573	rsci.h.expiry_time = expiry;
574	rscp = rsc_update(cd, new: &rsci, old: rscp);
575	status = `0`;
576	out:
577	rsc_free(rsci: &rsci);
578	if (rscp)
579	cache_put(h: &rscp->h, cd);
580	else
581	status = -ENOMEM;
582	return status;
583	}
584
585	static const struct cache_detail rsc_cache_template = {
586	.owner = THIS_MODULE,
587	.hash_size = RSC_HASHMAX,
588	.name = "auth.rpcsec.context",
589	.cache_put = rsc_put,
590	.cache_upcall = rsc_upcall,
591	.cache_parse = rsc_parse,
592	.match = rsc_match,
593	.init = rsc_init,
594	.update = update_rsc,
595	.alloc = rsc_alloc,
596	};
597
598	static struct rsc rsc_lookup(struct* cache_detail cd, struct* rsc *item)
599	{
600	struct cache_head *ch;
601	int hash = rsc_hash(rsci: item);
602
603	ch = sunrpc_cache_lookup_rcu(detail: cd, key: &item->h, hash);
604	if (ch)
605	return container_of(ch, struct rsc, h);
606	else
607	return NULL;
608	}
609
610	static struct rsc rsc_update(struct* cache_detail cd, struct* rsc new, struct* rsc *old)
611	{
612	struct cache_head *ch;
613	int hash = rsc_hash(rsci: new);
614
615	ch = sunrpc_cache_update(detail: cd, new: &new->h,
616	old: &old->h, hash);
617	if (ch)
618	return container_of(ch, struct rsc, h);
619	else
620	return NULL;
621	}
622
623
624	static struct rsc *
625	gss_svc_searchbyctx(struct cache_detail cd, struct* xdr_netobj *handle)
626	{
627	struct rsc rsci;
628	struct rsc *found;
629
630	memset(&rsci, `0`, sizeof(rsci));
631	if (dup_to_netobj(dst: &rsci.handle, src: handle->data, len: handle->len))
632	return NULL;
633	found = rsc_lookup(cd, item: &rsci);
634	rsc_free(rsci: &rsci);
635	if (!found)
636	return NULL;
637	if (cache_check(detail: cd, h: &found->h, NULL))
638	return NULL;
639	return found;
640	}
641
642	/**
643	* gss_check_seq_num - GSS sequence number window check
644	* @rqstp: RPC Call to use when reporting errors
645	* @rsci: cached GSS context state (updated on return)
646	* @seq_num: sequence number to check
647	*
648	* Implements sequence number algorithm as specified in
649	* RFC 2203, Section 5.3.3.1. "Context Management".
650	*
651	* Return values:
652	* %true: @rqstp's GSS sequence number is inside the window
653	* %false: @rqstp's GSS sequence number is outside the window
654	*/
655	static bool gss_check_seq_num(const struct svc_rqst rqstp, struct* rsc *rsci,
656	u32 seq_num)
657	{
658	struct gss_svc_seq_data *sd = &rsci->seqdata;
659	bool result = false;
660
661	spin_lock(lock: &sd->sd_lock);
662	if (seq_num > sd->sd_max) {
663	if (seq_num >= sd->sd_max + GSS_SEQ_WIN) {
664	memset(sd->sd_win, `0`, sizeof(sd->sd_win));
665	sd->sd_max = seq_num;
666	} else while (sd->sd_max < seq_num) {
667	sd->sd_max++;
668	__clear_bit(sd->sd_max % GSS_SEQ_WIN, sd->sd_win);
669	}
670	__set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win);
671	goto ok;
672	} else if (seq_num + GSS_SEQ_WIN <= sd->sd_max) {
673	goto toolow;
674	}
675	if (__test_and_set_bit(seq_num % GSS_SEQ_WIN, sd->sd_win))
676	goto alreadyseen;
677
678	ok:
679	result = true;
680	out:
681	spin_unlock(lock: &sd->sd_lock);
682	return result;
683
684	toolow:
685	trace_rpcgss_svc_seqno_low(rqstp, seqno: seq_num,
686	min: sd->sd_max - GSS_SEQ_WIN,
687	max: sd->sd_max);
688	goto out;
689	alreadyseen:
690	trace_rpcgss_svc_seqno_seen(rqstp, seqno: seq_num);
691	goto out;
692	}
693
694	/*
695	* Decode and verify a Call's verifier field. For RPC_AUTH_GSS Calls,
696	* the body of this field contains a variable length checksum.
697	*
698	* GSS-specific auth_stat values are mandated by RFC 2203 Section
699	* 5.3.3.3.
700	*/
701	static int
702	svcauth_gss_verify_header(struct svc_rqst rqstp, struct* rsc *rsci,
703	__be32 rpcstart, struct* rpc_gss_wire_cred *gc)
704	{
705	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
706	struct gss_ctx *ctx_id = rsci->mechctx;
707	u32 flavor, maj_stat;
708	struct xdr_buf rpchdr;
709	struct xdr_netobj checksum;
710	struct kvec iov;
711
712	/*
713	* Compute the checksum of the incoming Call from the
714	* XID field to credential field:
715	*/
716	iov.iov_base = rpcstart;
717	iov.iov_len = (u8 )xdr->p - (u8 )rpcstart;
718	xdr_buf_from_iov(&iov, &rpchdr);
719
720	/ Call's verf field: /
721	if (xdr_stream_decode_opaque_auth(xdr, flavor: &flavor,
722	body: (void **)&checksum.data,
723	body_len: &checksum.len) < `0`) {
724	rqstp->rq_auth_stat = rpc_autherr_badverf;
725	return SVC_DENIED;
726	}
727	if (flavor != RPC_AUTH_GSS) {
728	rqstp->rq_auth_stat = rpc_autherr_badverf;
729	return SVC_DENIED;
730	}
731
732	if (rqstp->rq_deferred)
733	return SVC_OK;
734	maj_stat = gss_verify_mic(ctx_id, message: &rpchdr, mic_token: &checksum);
735	if (maj_stat != GSS_S_COMPLETE) {
736	trace_rpcgss_svc_mic(rqstp, maj_stat);
737	rqstp->rq_auth_stat = rpcsec_gsserr_credproblem;
738	return SVC_DENIED;
739	}
740
741	if (gc->gc_seq > MAXSEQ) {
742	trace_rpcgss_svc_seqno_large(rqstp, seqno: gc->gc_seq);
743	rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem;
744	return SVC_DENIED;
745	}
746	if (!gss_check_seq_num(rqstp, rsci, seq_num: gc->gc_seq))
747	return SVC_DROP;
748	return SVC_OK;
749	}
750
751	/*
752	* Construct and encode a Reply's verifier field. The verifier's body
753	* field contains a variable-length checksum of the GSS sequence
754	* number.
755	*/
756	static bool
757	svcauth_gss_encode_verf(struct svc_rqst rqstp, struct* gss_ctx *ctx_id, u32 seq)
758	{
759	struct gss_svc_data *gsd = rqstp->rq_auth_data;
760	u32 maj_stat;
761	struct xdr_buf verf_data;
762	struct xdr_netobj checksum;
763	struct kvec iov;
764
765	gsd->gsd_seq_num = cpu_to_be32(seq);
766	iov.iov_base = &gsd->gsd_seq_num;
767	iov.iov_len = XDR_UNIT;
768	xdr_buf_from_iov(&iov, &verf_data);
769
770	checksum.data = gsd->gsd_scratch;
771	maj_stat = gss_get_mic(ctx_id, message: &verf_data, mic_token: &checksum);
772	if (maj_stat != GSS_S_COMPLETE)
773	goto bad_mic;
774
775	return xdr_stream_encode_opaque_auth(xdr: &rqstp->rq_res_stream, flavor: RPC_AUTH_GSS,
776	body: checksum.data, body_len: checksum.len) > `0`;
777
778	bad_mic:
779	trace_rpcgss_svc_get_mic(rqstp, maj_stat);
780	return false;
781	}
782
783	struct gss_domain {
784	struct auth_domain h;
785	u32 pseudoflavor;
786	};
787
788	static struct auth_domain *
789	find_gss_auth_domain(struct gss_ctx *ctx, u32 svc)
790	{
791	char *name;
792
793	name = gss_service_to_auth_domain_name(ctx->mech_type, service: svc);
794	if (!name)
795	return NULL;
796	return auth_domain_find(name);
797	}
798
799	static struct auth_ops svcauthops_gss;
800
801	u32 svcauth_gss_flavor(struct auth_domain *dom)
802	{
803	struct gss_domain gd = container_of(dom, struct* gss_domain, h);
804
805	return gd->pseudoflavor;
806	}
807
808	EXPORT_SYMBOL_GPL(svcauth_gss_flavor);
809
810	struct auth_domain *
811	svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
812	{
813	struct gss_domain *new;
814	struct auth_domain *test;
815	int stat = -ENOMEM;
816
817	new = kmalloc(size: sizeof(*new), GFP_KERNEL);
818	if (!new)
819	goto out;
820	kref_init(kref: &new->h.ref);
821	new->h.name = kstrdup(s: name, GFP_KERNEL);
822	if (!new->h.name)
823	goto out_free_dom;
824	new->h.flavour = &svcauthops_gss;
825	new->pseudoflavor = pseudoflavor;
826
827	test = auth_domain_lookup(name, new: &new->h);
828	if (test != &new->h) {
829	pr_warn("svc: duplicate registration of gss pseudo flavour %s.\n",
830	name);
831	stat = -EADDRINUSE;
832	auth_domain_put(item: test);
833	goto out_free_name;
834	}
835	return test;
836
837	out_free_name:
838	kfree(objp: new->h.name);
839	out_free_dom:
840	kfree(objp: new);
841	out:
842	return ERR_PTR(error: stat);
843	}
844	EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor);
845
846	/*
847	* RFC 2203, Section 5.3.2.2
848	*
849	* struct rpc_gss_integ_data {
850	* opaque databody_integ<>;
851	* opaque checksum<>;
852	* };
853	*
854	* struct rpc_gss_data_t {
855	* unsigned int seq_num;
856	* proc_req_arg_t arg;
857	* };
858	*/
859	static noinline_for_stack int
860	svcauth_gss_unwrap_integ(struct svc_rqst rqstp, u32 seq, struct* gss_ctx *ctx)
861	{
862	struct gss_svc_data *gsd = rqstp->rq_auth_data;
863	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
864	u32 len, offset, seq_num, maj_stat;
865	struct xdr_buf *buf = xdr->buf;
866	struct xdr_buf databody_integ;
867	struct xdr_netobj checksum;
868
869	/ Did we already verify the signature on the original pass through? /
870	if (rqstp->rq_deferred)
871	return `0`;
872
873	if (xdr_stream_decode_u32(xdr, ptr: &len) < `0`)
874	goto unwrap_failed;
875	if (len & `3`)
876	goto unwrap_failed;
877	offset = xdr_stream_pos(xdr);
878	if (xdr_buf_subsegment(buf, &databody_integ, offset, len))
879	goto unwrap_failed;
880
881	/*
882	* The xdr_stream now points to the @seq_num field. The next
883	* XDR data item is the @arg field, which contains the clear
884	* text RPC program payload. The checksum, which follows the
885	* @arg field, is located and decoded without updating the
886	* xdr_stream.
887	*/
888
889	offset += len;
890	if (xdr_decode_word(buf, offset, &checksum.len))
891	goto unwrap_failed;
892	if (checksum.len > sizeof(gsd->gsd_scratch))
893	goto unwrap_failed;
894	checksum.data = gsd->gsd_scratch;
895	if (read_bytes_from_xdr_buf(buf, offset + XDR_UNIT, checksum.data,
896	checksum.len))
897	goto unwrap_failed;
898
899	maj_stat = gss_verify_mic(ctx_id: ctx, message: &databody_integ, mic_token: &checksum);
900	if (maj_stat != GSS_S_COMPLETE)
901	goto bad_mic;
902
903	/ The received seqno is protected by the checksum. /
904	if (xdr_stream_decode_u32(xdr, ptr: &seq_num) < `0`)
905	goto unwrap_failed;
906	if (seq_num != seq)
907	goto bad_seqno;
908
909	xdr_truncate_decode(xdr, XDR_UNIT + checksum.len);
910	return `0`;
911
912	unwrap_failed:
913	trace_rpcgss_svc_unwrap_failed(rqstp);
914	return -EINVAL;
915	bad_seqno:
916	trace_rpcgss_svc_seqno_bad(rqstp, expected: seq, received: seq_num);
917	return -EINVAL;
918	bad_mic:
919	trace_rpcgss_svc_mic(rqstp, maj_stat);
920	return -EINVAL;
921	}
922
923	/*
924	* RFC 2203, Section 5.3.2.3
925	*
926	* struct rpc_gss_priv_data {
927	* opaque databody_priv<>
928	* };
929	*
930	* struct rpc_gss_data_t {
931	* unsigned int seq_num;
932	* proc_req_arg_t arg;
933	* };
934	*/
935	static noinline_for_stack int
936	svcauth_gss_unwrap_priv(struct svc_rqst rqstp, u32 seq, struct* gss_ctx *ctx)
937	{
938	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
939	u32 len, maj_stat, seq_num, offset;
940	struct xdr_buf *buf = xdr->buf;
941	unsigned int saved_len;
942
943	if (xdr_stream_decode_u32(xdr, ptr: &len) < `0`)
944	goto unwrap_failed;
945	if (rqstp->rq_deferred) {
946	/ Already decrypted last time through! The sequence number*
947	* check at out_seq is unnecessary but harmless: */
948	goto out_seq;
949	}
950	if (len > xdr_stream_remaining(xdr))
951	goto unwrap_failed;
952	offset = xdr_stream_pos(xdr);
953
954	saved_len = buf->len;
955	maj_stat = gss_unwrap(ctx_id: ctx, offset, len: offset + len, inbuf: buf);
956	if (maj_stat != GSS_S_COMPLETE)
957	goto bad_unwrap;
958	xdr->nwords -= XDR_QUADLEN(saved_len - buf->len);
959
960	out_seq:
961	/ gss_unwrap() decrypted the sequence number. /
962	if (xdr_stream_decode_u32(xdr, ptr: &seq_num) < `0`)
963	goto unwrap_failed;
964	if (seq_num != seq)
965	goto bad_seqno;
966	return `0`;
967
968	unwrap_failed:
969	trace_rpcgss_svc_unwrap_failed(rqstp);
970	return -EINVAL;
971	bad_seqno:
972	trace_rpcgss_svc_seqno_bad(rqstp, expected: seq, received: seq_num);
973	return -EINVAL;
974	bad_unwrap:
975	trace_rpcgss_svc_unwrap(rqstp, maj_stat);
976	return -EINVAL;
977	}
978
979	static enum svc_auth_status
980	svcauth_gss_set_client(struct svc_rqst *rqstp)
981	{
982	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
983	struct rsc *rsci = svcdata->rsci;
984	struct rpc_gss_wire_cred *gc = &svcdata->clcred;
985	int stat;
986
987	rqstp->rq_auth_stat = rpc_autherr_badcred;
988
989	/*
990	* A gss export can be specified either by:
991	* export *(sec=krb5,rw)
992	* or by
993	* export gss/krb5(rw)
994	* The latter is deprecated; but for backwards compatibility reasons
995	* the nfsd code will still fall back on trying it if the former
996	* doesn't work; so we try to make both available to nfsd, below.
997	*/
998	rqstp->rq_gssclient = find_gss_auth_domain(ctx: rsci->mechctx, svc: gc->gc_svc);
999	if (rqstp->rq_gssclient == NULL)
1000	return SVC_DENIED;
1001	stat = svcauth_unix_set_client(rqstp);
1002	if (stat == SVC_DROP \|\| stat == SVC_CLOSE)
1003	return stat;
1004
1005	rqstp->rq_auth_stat = rpc_auth_ok;
1006	return SVC_OK;
1007	}
1008
1009	static bool
1010	svcauth_gss_proc_init_verf(struct cache_detail cd, struct* svc_rqst *rqstp,
1011	struct xdr_netobj out_handle, int* *major_status,
1012	u32 seq_num)
1013	{
1014	struct xdr_stream *xdr = &rqstp->rq_res_stream;
1015	struct rsc *rsci;
1016	bool rc;
1017
1018	if (*major_status != GSS_S_COMPLETE)
1019	goto null_verifier;
1020	rsci = gss_svc_searchbyctx(cd, handle: out_handle);
1021	if (rsci == NULL) {
1022	*major_status = GSS_S_NO_CONTEXT;
1023	goto null_verifier;
1024	}
1025
1026	rc = svcauth_gss_encode_verf(rqstp, ctx_id: rsci->mechctx, seq: seq_num);
1027	cache_put(h: &rsci->h, cd);
1028	return rc;
1029
1030	null_verifier:
1031	return xdr_stream_encode_opaque_auth(xdr, flavor: RPC_AUTH_NULL, NULL, body_len: `0`) > `0`;
1032	}
1033
1034	static void gss_free_in_token_pages(struct gssp_in_token *in_token)
1035	{
1036	u32 inlen;
1037	int i;
1038
1039	i = `0`;
1040	inlen = in_token->page_len;
1041	while (inlen) {
1042	if (in_token->pages[i])
1043	put_page(page: in_token->pages[i]);
1044	inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen;
1045	}
1046
1047	kfree(objp: in_token->pages);
1048	in_token->pages = NULL;
1049	}
1050
1051	static int gss_read_proxy_verf(struct svc_rqst *rqstp,
1052	struct rpc_gss_wire_cred *gc,
1053	struct xdr_netobj *in_handle,
1054	struct gssp_in_token *in_token)
1055	{
1056	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
1057	unsigned int length, pgto_offs, pgfrom_offs;
1058	int pages, i, pgto, pgfrom;
1059	size_t to_offs, from_offs;
1060	u32 inlen;
1061
1062	if (dup_netobj(dst: in_handle, src: &gc->gc_ctx))
1063	return SVC_CLOSE;
1064
1065	/*
1066	* RFC 2203 Section 5.2.2
1067	*
1068	* struct rpc_gss_init_arg {
1069	* opaque gss_token<>;
1070	* };
1071	*/
1072	if (xdr_stream_decode_u32(xdr, ptr: &inlen) < `0`)
1073	goto out_denied_free;
1074	if (inlen > xdr_stream_remaining(xdr))
1075	goto out_denied_free;
1076
1077	pages = DIV_ROUND_UP(inlen, PAGE_SIZE);
1078	in_token->pages = kcalloc(n: pages, size: sizeof(struct page *), GFP_KERNEL);
1079	if (!in_token->pages)
1080	goto out_denied_free;
1081	in_token->page_base = `0`;
1082	in_token->page_len = inlen;
1083	for (i = `0`; i < pages; i++) {
1084	in_token->pages[i] = alloc_page(GFP_KERNEL);
1085	if (!in_token->pages[i]) {
1086	gss_free_in_token_pages(in_token);
1087	goto out_denied_free;
1088	}
1089	}
1090
1091	length = min_t(unsigned int, inlen, (char )xdr->end - (char* *)xdr->p);
1092	memcpy(page_address(in_token->pages[`0`]), xdr->p, length);
1093	inlen -= length;
1094
1095	to_offs = length;
1096	from_offs = rqstp->rq_arg.page_base;
1097	while (inlen) {
1098	pgto = to_offs >> PAGE_SHIFT;
1099	pgfrom = from_offs >> PAGE_SHIFT;
1100	pgto_offs = to_offs & ~PAGE_MASK;
1101	pgfrom_offs = from_offs & ~PAGE_MASK;
1102
1103	length = min_t(unsigned int, inlen,
1104	min_t(unsigned int, PAGE_SIZE - pgto_offs,
1105	PAGE_SIZE - pgfrom_offs));
1106	memcpy(page_address(in_token->pages[pgto]) + pgto_offs,
1107	page_address(rqstp->rq_arg.pages[pgfrom]) + pgfrom_offs,
1108	length);
1109
1110	to_offs += length;
1111	from_offs += length;
1112	inlen -= length;
1113	}
1114	return `0`;
1115
1116	out_denied_free:
1117	kfree(objp: in_handle->data);
1118	return SVC_DENIED;
1119	}
1120
1121	/*
1122	* RFC 2203, Section 5.2.3.1.
1123	*
1124	* struct rpc_gss_init_res {
1125	* opaque handle<>;
1126	* unsigned int gss_major;
1127	* unsigned int gss_minor;
1128	* unsigned int seq_window;
1129	* opaque gss_token<>;
1130	* };
1131	*/
1132	static bool
1133	svcxdr_encode_gss_init_res(struct xdr_stream *xdr,
1134	struct xdr_netobj *handle,
1135	struct xdr_netobj *gss_token,
1136	unsigned int major_status,
1137	unsigned int minor_status, u32 seq_num)
1138	{
1139	if (xdr_stream_encode_opaque(xdr, ptr: handle->data, len: handle->len) < `0`)
1140	return false;
1141	if (xdr_stream_encode_u32(xdr, n: major_status) < `0`)
1142	return false;
1143	if (xdr_stream_encode_u32(xdr, n: minor_status) < `0`)
1144	return false;
1145	if (xdr_stream_encode_u32(xdr, n: seq_num) < `0`)
1146	return false;
1147	if (xdr_stream_encode_opaque(xdr, ptr: gss_token->data, len: gss_token->len) < `0`)
1148	return false;
1149	return true;
1150	}
1151
1152	/*
1153	* Having read the cred already and found we're in the context
1154	* initiation case, read the verifier and initiate (or check the results
1155	* of) upcalls to userspace for help with context initiation. If
1156	* the upcall results are available, write the verifier and result.
1157	* Otherwise, drop the request pending an answer to the upcall.
1158	*/
1159	static int
1160	svcauth_gss_legacy_init(struct svc_rqst *rqstp,
1161	struct rpc_gss_wire_cred *gc)
1162	{
1163	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
1164	struct rsi *rsip, rsikey;
1165	__be32 *p;
1166	u32 len;
1167	int ret;
1168	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), id: sunrpc_net_id);
1169
1170	memset(&rsikey, `0`, sizeof(rsikey));
1171	if (dup_netobj(dst: &rsikey.in_handle, src: &gc->gc_ctx))
1172	return SVC_CLOSE;
1173
1174	/*
1175	* RFC 2203 Section 5.2.2
1176	*
1177	* struct rpc_gss_init_arg {
1178	* opaque gss_token<>;
1179	* };
1180	*/
1181	if (xdr_stream_decode_u32(xdr, ptr: &len) < `0`) {
1182	kfree(objp: rsikey.in_handle.data);
1183	return SVC_DENIED;
1184	}
1185	p = xdr_inline_decode(xdr, nbytes: len);
1186	if (!p) {
1187	kfree(objp: rsikey.in_handle.data);
1188	return SVC_DENIED;
1189	}
1190	rsikey.in_token.data = kmalloc(size: len, GFP_KERNEL);
1191	if (ZERO_OR_NULL_PTR(rsikey.in_token.data)) {
1192	kfree(objp: rsikey.in_handle.data);
1193	return SVC_CLOSE;
1194	}
1195	memcpy(rsikey.in_token.data, p, len);
1196	rsikey.in_token.len = len;
1197
1198	/ Perform upcall, or find upcall result: /
1199	rsip = rsi_lookup(cd: sn->rsi_cache, item: &rsikey);
1200	rsi_free(rsii: &rsikey);
1201	if (!rsip)
1202	return SVC_CLOSE;
1203	if (cache_check(detail: sn->rsi_cache, h: &rsip->h, rqstp: &rqstp->rq_chandle) < `0`)
1204	/ No upcall result: /
1205	return SVC_CLOSE;
1206
1207	ret = SVC_CLOSE;
1208	if (!svcauth_gss_proc_init_verf(cd: sn->rsc_cache, rqstp, out_handle: &rsip->out_handle,
1209	major_status: &rsip->major_status, GSS_SEQ_WIN))
1210	goto out;
1211	if (!svcxdr_set_accept_stat(rqstp))
1212	goto out;
1213	if (!svcxdr_encode_gss_init_res(xdr: &rqstp->rq_res_stream, handle: &rsip->out_handle,
1214	gss_token: &rsip->out_token, major_status: rsip->major_status,
1215	minor_status: rsip->minor_status, GSS_SEQ_WIN))
1216	goto out;
1217
1218	ret = SVC_COMPLETE;
1219	out:
1220	cache_put(h: &rsip->h, cd: sn->rsi_cache);
1221	return ret;
1222	}
1223
1224	static int gss_proxy_save_rsc(struct cache_detail *cd,
1225	struct gssp_upcall_data *ud,
1226	uint64_t *handle)
1227	{
1228	struct rsc rsci, *rscp = NULL;
1229	static atomic64_t ctxhctr;
1230	long long ctxh;
1231	struct gss_api_mech *gm = NULL;
1232	time64_t expiry;
1233	int status;
1234
1235	memset(&rsci, `0`, sizeof(rsci));
1236	/ context handle /
1237	status = -ENOMEM;
1238	/ the handle needs to be just a unique id,*
1239	* use a static counter */
1240	ctxh = atomic64_inc_return(v: &ctxhctr);
1241
1242	/ make a copy for the caller /
1243	*handle = ctxh;
1244
1245	/ make a copy for the rsc cache /
1246	if (dup_to_netobj(dst: &rsci.handle, src: (char )handle, len: sizeof*(uint64_t)))
1247	goto out;
1248	rscp = rsc_lookup(cd, item: &rsci);
1249	if (!rscp)
1250	goto out;
1251
1252	/ creds /
1253	if (!ud->found_creds) {
1254	/ userspace seem buggy, we should always get at least a*
1255	* mapping to nobody */
1256	goto out;
1257	} else {
1258	struct timespec64 boot;
1259
1260	/ steal creds /
1261	rsci.cred = ud->creds;
1262	memset(&ud->creds, `0`, sizeof(struct svc_cred));
1263
1264	status = -EOPNOTSUPP;
1265	/ get mech handle from OID /
1266	gm = gss_mech_get_by_OID(&ud->mech_oid);
1267	if (!gm)
1268	goto out;
1269	rsci.cred.cr_gss_mech = gm;
1270
1271	status = -EINVAL;
1272	/ mech-specific data: /
1273	status = gss_import_sec_context(input_token: ud->out_handle.data,
1274	bufsize: ud->out_handle.len,
1275	mech: gm, ctx_id: &rsci.mechctx,
1276	endtime: &expiry, GFP_KERNEL);
1277	if (status)
1278	goto out;
1279
1280	getboottime64(ts: &boot);
1281	expiry -= boot.tv_sec;
1282	}
1283
1284	rsci.h.expiry_time = expiry;
1285	rscp = rsc_update(cd, new: &rsci, old: rscp);
1286	status = `0`;
1287	out:
1288	rsc_free(rsci: &rsci);
1289	if (rscp)
1290	cache_put(h: &rscp->h, cd);
1291	else
1292	status = -ENOMEM;
1293	return status;
1294	}
1295
1296	static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,
1297	struct rpc_gss_wire_cred *gc)
1298	{
1299	struct xdr_netobj cli_handle;
1300	struct gssp_upcall_data ud;
1301	uint64_t handle;
1302	int status;
1303	int ret;
1304	struct net *net = SVC_NET(rqstp);
1305	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1306
1307	memset(&ud, `0`, sizeof(ud));
1308	ret = gss_read_proxy_verf(rqstp, gc, in_handle: &ud.in_handle, in_token: &ud.in_token);
1309	if (ret)
1310	return ret;
1311
1312	ret = SVC_CLOSE;
1313
1314	/ Perform synchronous upcall to gss-proxy /
1315	status = gssp_accept_sec_context_upcall(net, data: &ud);
1316	if (status)
1317	goto out;
1318
1319	trace_rpcgss_svc_accept_upcall(rqstp, major_status: ud.major_status, minor_status: ud.minor_status);
1320
1321	switch (ud.major_status) {
1322	case GSS_S_CONTINUE_NEEDED:
1323	cli_handle = ud.out_handle;
1324	break;
1325	case GSS_S_COMPLETE:
1326	status = gss_proxy_save_rsc(cd: sn->rsc_cache, ud: &ud, handle: &handle);
1327	if (status)
1328	goto out;
1329	cli_handle.data = (u8 *)&handle;
1330	cli_handle.len = sizeof(handle);
1331	break;
1332	default:
1333	goto out;
1334	}
1335
1336	if (!svcauth_gss_proc_init_verf(cd: sn->rsc_cache, rqstp, out_handle: &cli_handle,
1337	major_status: &ud.major_status, GSS_SEQ_WIN))
1338	goto out;
1339	if (!svcxdr_set_accept_stat(rqstp))
1340	goto out;
1341	if (!svcxdr_encode_gss_init_res(xdr: &rqstp->rq_res_stream, handle: &cli_handle,
1342	gss_token: &ud.out_token, major_status: ud.major_status,
1343	minor_status: ud.minor_status, GSS_SEQ_WIN))
1344	goto out;
1345
1346	ret = SVC_COMPLETE;
1347	out:
1348	gss_free_in_token_pages(in_token: &ud.in_token);
1349	gssp_free_upcall_data(data: &ud);
1350	return ret;
1351	}
1352
1353	/*
1354	* Try to set the sn->use_gss_proxy variable to a new value. We only allow
1355	* it to be changed if it's currently undefined (-1). If it's any other value
1356	* then return -EBUSY unless the type wouldn't have changed anyway.
1357	*/
1358	static int set_gss_proxy(struct net net, int* type)
1359	{
1360	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1361	int ret;
1362
1363	WARN_ON_ONCE(type != `0` && type != `1`);
1364	ret = cmpxchg(&sn->use_gss_proxy, -`1`, type);
1365	if (ret != -`1` && ret != type)
1366	return -EBUSY;
1367	return `0`;
1368	}
1369
1370	static bool use_gss_proxy(struct net *net)
1371	{
1372	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1373
1374	/ If use_gss_proxy is still undefined, then try to disable it /
1375	if (sn->use_gss_proxy == -`1`)
1376	set_gss_proxy(net, type: `0`);
1377	return sn->use_gss_proxy;
1378	}
1379
1380	static noinline_for_stack int
1381	svcauth_gss_proc_init(struct svc_rqst rqstp, struct* rpc_gss_wire_cred *gc)
1382	{
1383	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
1384	u32 flavor, len;
1385	void *body;
1386
1387	/ Call's verf field: /
1388	if (xdr_stream_decode_opaque_auth(xdr, flavor: &flavor, body: &body, body_len: &len) < `0`)
1389	return SVC_GARBAGE;
1390	if (flavor != RPC_AUTH_NULL \|\| len != `0`) {
1391	rqstp->rq_auth_stat = rpc_autherr_badverf;
1392	return SVC_DENIED;
1393	}
1394
1395	if (gc->gc_proc == RPC_GSS_PROC_INIT && gc->gc_ctx.len != `0`) {
1396	rqstp->rq_auth_stat = rpc_autherr_badcred;
1397	return SVC_DENIED;
1398	}
1399
1400	if (!use_gss_proxy(SVC_NET(rqstp)))
1401	return svcauth_gss_legacy_init(rqstp, gc);
1402	return svcauth_gss_proxy_init(rqstp, gc);
1403	}
1404
1405	#ifdef CONFIG_PROC_FS
1406
1407	static ssize_t write_gssp(struct file file, const* char __user *buf,
1408	size_t count, loff_t *ppos)
1409	{
1410	struct net *net = pde_data(inode: file_inode(f: file));
1411	char tbuf[`20`];
1412	unsigned long i;
1413	int res;
1414
1415	if (ppos \|\| count > sizeof*(tbuf)-`1`)
1416	return -EINVAL;
1417	if (copy_from_user(to: tbuf, from: buf, n: count))
1418	return -EFAULT;
1419
1420	tbuf[count] = `0`;
1421	res = kstrtoul(s: tbuf, base: `0`, res: &i);
1422	if (res)
1423	return res;
1424	if (i != `1`)
1425	return -EINVAL;
1426	res = set_gssp_clnt(net);
1427	if (res)
1428	return res;
1429	res = set_gss_proxy(net, type: `1`);
1430	if (res)
1431	return res;
1432	return count;
1433	}
1434
1435	static ssize_t read_gssp(struct file file, char* __user *buf,
1436	size_t count, loff_t *ppos)
1437	{
1438	struct net *net = pde_data(inode: file_inode(f: file));
1439	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1440	unsigned long p = *ppos;
1441	char tbuf[`10`];
1442	size_t len;
1443
1444	snprintf(buf: tbuf, size: sizeof(tbuf), fmt: "%d\n", sn->use_gss_proxy);
1445	len = strlen(tbuf);
1446	if (p >= len)
1447	return `0`;
1448	len -= p;
1449	if (len > count)
1450	len = count;
1451	if (copy_to_user(to: buf, from: (void *)(tbuf+p), n: len))
1452	return -EFAULT;
1453	*ppos += len;
1454	return len;
1455	}
1456
1457	static const struct proc_ops use_gss_proxy_proc_ops = {
1458	.proc_open = nonseekable_open,
1459	.proc_write = write_gssp,
1460	.proc_read = read_gssp,
1461	};
1462
1463	static int create_use_gss_proxy_proc_entry(struct net *net)
1464	{
1465	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1466	struct proc_dir_entry **p = &sn->use_gssp_proc;
1467
1468	sn->use_gss_proxy = -`1`;
1469	*p = proc_create_data("use-gss-proxy", S_IFREG \| `0600`,
1470	sn->proc_net_rpc,
1471	&use_gss_proxy_proc_ops, net);
1472	if (!*p)
1473	return -ENOMEM;
1474	init_gssp_clnt(sn);
1475	return `0`;
1476	}
1477
1478	static void destroy_use_gss_proxy_proc_entry(struct net *net)
1479	{
1480	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1481
1482	if (sn->use_gssp_proc) {
1483	remove_proc_entry("use-gss-proxy", sn->proc_net_rpc);
1484	clear_gssp_clnt(sn);
1485	}
1486	}
1487
1488	static ssize_t read_gss_krb5_enctypes(struct file file, char* __user *buf,
1489	size_t count, loff_t *ppos)
1490	{
1491	struct rpcsec_gss_oid oid = {
1492	.len = `9`,
1493	.data = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02",
1494	};
1495	struct gss_api_mech *mech;
1496	ssize_t ret;
1497
1498	mech = gss_mech_get_by_OID(&oid);
1499	if (!mech)
1500	return `0`;
1501	if (!mech->gm_upcall_enctypes) {
1502	gss_mech_put(mech);
1503	return `0`;
1504	}
1505
1506	ret = simple_read_from_buffer(to: buf, count, ppos,
1507	from: mech->gm_upcall_enctypes,
1508	strlen(mech->gm_upcall_enctypes));
1509	gss_mech_put(mech);
1510	return ret;
1511	}
1512
1513	static const struct proc_ops gss_krb5_enctypes_proc_ops = {
1514	.proc_open = nonseekable_open,
1515	.proc_read = read_gss_krb5_enctypes,
1516	};
1517
1518	static int create_krb5_enctypes_proc_entry(struct net *net)
1519	{
1520	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1521
1522	sn->gss_krb5_enctypes =
1523	proc_create_data("gss_krb5_enctypes", S_IFREG \| `0444`,
1524	sn->proc_net_rpc, &gss_krb5_enctypes_proc_ops,
1525	net);
1526	return sn->gss_krb5_enctypes ? `0` : -ENOMEM;
1527	}
1528
1529	static void destroy_krb5_enctypes_proc_entry(struct net *net)
1530	{
1531	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
1532
1533	if (sn->gss_krb5_enctypes)
1534	remove_proc_entry("gss_krb5_enctypes", sn->proc_net_rpc);
1535	}
1536
1537	#else /* CONFIG_PROC_FS */
1538
1539	static int create_use_gss_proxy_proc_entry(struct net *net)
1540	{
1541	return `0`;
1542	}
1543
1544	static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
1545
1546	static int create_krb5_enctypes_proc_entry(struct net *net)
1547	{
1548	return `0`;
1549	}
1550
1551	static void destroy_krb5_enctypes_proc_entry(struct net *net) {}
1552
1553	#endif /* CONFIG_PROC_FS */
1554
1555	/*
1556	* The Call's credential body should contain a struct rpc_gss_cred_t.
1557	*
1558	* RFC 2203 Section 5
1559	*
1560	* struct rpc_gss_cred_t {
1561	* union switch (unsigned int version) {
1562	* case RPCSEC_GSS_VERS_1:
1563	* struct {
1564	* rpc_gss_proc_t gss_proc;
1565	* unsigned int seq_num;
1566	* rpc_gss_service_t service;
1567	* opaque handle<>;
1568	* } rpc_gss_cred_vers_1_t;
1569	* }
1570	* };
1571	*/
1572	static bool
1573	svcauth_gss_decode_credbody(struct xdr_stream *xdr,
1574	struct rpc_gss_wire_cred *gc,
1575	__be32 **rpcstart)
1576	{
1577	ssize_t handle_len;
1578	u32 body_len;
1579	__be32 *p;
1580
1581	p = xdr_inline_decode(xdr, XDR_UNIT);
1582	if (!p)
1583	return false;
1584	/*
1585	* start of rpc packet is 7 u32's back from here:
1586	* xid direction rpcversion prog vers proc flavour
1587	*/
1588	*rpcstart = p - `7`;
1589	body_len = be32_to_cpup(p);
1590	if (body_len > RPC_MAX_AUTH_SIZE)
1591	return false;
1592
1593	/ struct rpc_gss_cred_t /
1594	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_v) < `0`)
1595	return false;
1596	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_proc) < `0`)
1597	return false;
1598	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_seq) < `0`)
1599	return false;
1600	if (xdr_stream_decode_u32(xdr, ptr: &gc->gc_svc) < `0`)
1601	return false;
1602	handle_len = xdr_stream_decode_opaque_inline(xdr,
1603	ptr: (void **)&gc->gc_ctx.data,
1604	maxlen: body_len);
1605	if (handle_len < `0`)
1606	return false;
1607	if (body_len != XDR_UNIT * `5` + xdr_align_size(n: handle_len))
1608	return false;
1609
1610	gc->gc_ctx.len = handle_len;
1611	return true;
1612	}
1613
1614	/**
1615	* svcauth_gss_accept - Decode and validate incoming RPC_AUTH_GSS credential
1616	* @rqstp: RPC transaction
1617	*
1618	* Return values:
1619	* %SVC_OK: Success
1620	* %SVC_COMPLETE: GSS context lifetime event
1621	* %SVC_DENIED: Credential or verifier is not valid
1622	* %SVC_GARBAGE: Failed to decode credential or verifier
1623	* %SVC_CLOSE: Temporary failure
1624	*
1625	* The rqstp->rq_auth_stat field is also set (see RFCs 2203 and 5531).
1626	*/
1627	static enum svc_auth_status
1628	svcauth_gss_accept(struct svc_rqst *rqstp)
1629	{
1630	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
1631	__be32 *rpcstart;
1632	struct rpc_gss_wire_cred *gc;
1633	struct rsc *rsci = NULL;
1634	int ret;
1635	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), id: sunrpc_net_id);
1636
1637	rqstp->rq_auth_stat = rpc_autherr_badcred;
1638	if (!svcdata)
1639	svcdata = kmalloc(size: sizeof(*svcdata), GFP_KERNEL);
1640	if (!svcdata)
1641	goto auth_err;
1642	rqstp->rq_auth_data = svcdata;
1643	svcdata->gsd_databody_offset = `0`;
1644	svcdata->rsci = NULL;
1645	gc = &svcdata->clcred;
1646
1647	if (!svcauth_gss_decode_credbody(xdr: &rqstp->rq_arg_stream, gc, rpcstart: &rpcstart))
1648	goto auth_err;
1649	if (gc->gc_v != RPC_GSS_VERSION)
1650	goto auth_err;
1651
1652	switch (gc->gc_proc) {
1653	case RPC_GSS_PROC_INIT:
1654	case RPC_GSS_PROC_CONTINUE_INIT:
1655	if (rqstp->rq_proc != `0`)
1656	goto auth_err;
1657	return svcauth_gss_proc_init(rqstp, gc);
1658	case RPC_GSS_PROC_DESTROY:
1659	if (rqstp->rq_proc != `0`)
1660	goto auth_err;
1661	fallthrough;
1662	case RPC_GSS_PROC_DATA:
1663	rqstp->rq_auth_stat = rpcsec_gsserr_credproblem;
1664	rsci = gss_svc_searchbyctx(cd: sn->rsc_cache, handle: &gc->gc_ctx);
1665	if (!rsci)
1666	goto auth_err;
1667	switch (svcauth_gss_verify_header(rqstp, rsci, rpcstart, gc)) {
1668	case SVC_OK:
1669	break;
1670	case SVC_DENIED:
1671	goto auth_err;
1672	case SVC_DROP:
1673	goto drop;
1674	}
1675	break;
1676	default:
1677	if (rqstp->rq_proc != `0`)
1678	goto auth_err;
1679	rqstp->rq_auth_stat = rpc_autherr_rejectedcred;
1680	goto auth_err;
1681	}
1682
1683	/ now act upon the command: /
1684	switch (gc->gc_proc) {
1685	case RPC_GSS_PROC_DESTROY:
1686	if (!svcauth_gss_encode_verf(rqstp, ctx_id: rsci->mechctx, seq: gc->gc_seq))
1687	goto auth_err;
1688	if (!svcxdr_set_accept_stat(rqstp))
1689	goto auth_err;
1690	/ Delete the entry from the cache_list and call cache_put /
1691	sunrpc_cache_unhash(sn->rsc_cache, &rsci->h);
1692	goto complete;
1693	case RPC_GSS_PROC_DATA:
1694	rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem;
1695	if (!svcauth_gss_encode_verf(rqstp, ctx_id: rsci->mechctx, seq: gc->gc_seq))
1696	goto auth_err;
1697	if (!svcxdr_set_accept_stat(rqstp))
1698	goto auth_err;
1699	svcdata->gsd_databody_offset = xdr_stream_pos(xdr: &rqstp->rq_res_stream);
1700	rqstp->rq_cred = rsci->cred;
1701	get_group_info(gi: rsci->cred.cr_group_info);
1702	rqstp->rq_auth_stat = rpc_autherr_badcred;
1703	switch (gc->gc_svc) {
1704	case RPC_GSS_SVC_NONE:
1705	break;
1706	case RPC_GSS_SVC_INTEGRITY:
1707	/ placeholders for body length and seq. number: /
1708	xdr_reserve_space(xdr: &rqstp->rq_res_stream, XDR_UNIT * `2`);
1709	if (svcauth_gss_unwrap_integ(rqstp, seq: gc->gc_seq,
1710	ctx: rsci->mechctx))
1711	goto garbage_args;
1712	svcxdr_set_auth_slack(rqstp, RPC_MAX_AUTH_SIZE);
1713	break;
1714	case RPC_GSS_SVC_PRIVACY:
1715	/ placeholders for body length and seq. number: /
1716	xdr_reserve_space(xdr: &rqstp->rq_res_stream, XDR_UNIT * `2`);
1717	if (svcauth_gss_unwrap_priv(rqstp, seq: gc->gc_seq,
1718	ctx: rsci->mechctx))
1719	goto garbage_args;
1720	svcxdr_set_auth_slack(rqstp, RPC_MAX_AUTH_SIZE * `2`);
1721	break;
1722	default:
1723	goto auth_err;
1724	}
1725	svcdata->rsci = rsci;
1726	cache_get(h: &rsci->h);
1727	rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor(
1728	rsci->mechctx->mech_type,
1729	GSS_C_QOP_DEFAULT,
1730	service: gc->gc_svc);
1731	ret = SVC_OK;
1732	trace_rpcgss_svc_authenticate(rqstp, gc);
1733	goto out;
1734	}
1735	garbage_args:
1736	ret = SVC_GARBAGE;
1737	goto out;
1738	auth_err:
1739	xdr_truncate_encode(xdr: &rqstp->rq_res_stream, XDR_UNIT * `2`);
1740	ret = SVC_DENIED;
1741	goto out;
1742	complete:
1743	ret = SVC_COMPLETE;
1744	goto out;
1745	drop:
1746	ret = SVC_CLOSE;
1747	out:
1748	if (rsci)
1749	cache_put(h: &rsci->h, cd: sn->rsc_cache);
1750	return ret;
1751	}
1752
1753	static u32
1754	svcauth_gss_prepare_to_wrap(struct svc_rqst rqstp, struct* gss_svc_data *gsd)
1755	{
1756	u32 offset;
1757
1758	/ Release can be called twice, but we only wrap once. /
1759	offset = gsd->gsd_databody_offset;
1760	gsd->gsd_databody_offset = `0`;
1761
1762	/ AUTH_ERROR replies are not wrapped. /
1763	if (rqstp->rq_auth_stat != rpc_auth_ok)
1764	return `0`;
1765
1766	/ Also don't wrap if the accept_stat is nonzero: /
1767	if (*rqstp->rq_accept_statp != rpc_success)
1768	return `0`;
1769
1770	return offset;
1771	}
1772
1773	/*
1774	* RFC 2203, Section 5.3.2.2
1775	*
1776	* struct rpc_gss_integ_data {
1777	* opaque databody_integ<>;
1778	* opaque checksum<>;
1779	* };
1780	*
1781	* struct rpc_gss_data_t {
1782	* unsigned int seq_num;
1783	* proc_req_arg_t arg;
1784	* };
1785	*
1786	* The RPC Reply message has already been XDR-encoded. rq_res_stream
1787	* is now positioned so that the checksum can be written just past
1788	* the RPC Reply message.
1789	*/
1790	static int svcauth_gss_wrap_integ(struct svc_rqst *rqstp)
1791	{
1792	struct gss_svc_data *gsd = rqstp->rq_auth_data;
1793	struct xdr_stream *xdr = &rqstp->rq_res_stream;
1794	struct rpc_gss_wire_cred *gc = &gsd->clcred;
1795	struct xdr_buf *buf = xdr->buf;
1796	struct xdr_buf databody_integ;
1797	struct xdr_netobj checksum;
1798	u32 offset, maj_stat;
1799
1800	offset = svcauth_gss_prepare_to_wrap(rqstp, gsd);
1801	if (!offset)
1802	goto out;
1803
1804	if (xdr_buf_subsegment(buf, &databody_integ, offset + XDR_UNIT,
1805	buf->len - offset - XDR_UNIT))
1806	goto wrap_failed;
1807	/ Buffer space for these has already been reserved in*
1808	* svcauth_gss_accept(). */
1809	if (xdr_encode_word(buf, offset, databody_integ.len))
1810	goto wrap_failed;
1811	if (xdr_encode_word(buf, offset + XDR_UNIT, gc->gc_seq))
1812	goto wrap_failed;
1813
1814	checksum.data = gsd->gsd_scratch;
1815	maj_stat = gss_get_mic(ctx_id: gsd->rsci->mechctx, message: &databody_integ, mic_token: &checksum);
1816	if (maj_stat != GSS_S_COMPLETE)
1817	goto bad_mic;
1818
1819	if (xdr_stream_encode_opaque(xdr, ptr: checksum.data, len: checksum.len) < `0`)
1820	goto wrap_failed;
1821	xdr_commit_encode(xdr);
1822
1823	out:
1824	return `0`;
1825
1826	bad_mic:
1827	trace_rpcgss_svc_get_mic(rqstp, maj_stat);
1828	return -EINVAL;
1829	wrap_failed:
1830	trace_rpcgss_svc_wrap_failed(rqstp);
1831	return -EINVAL;
1832	}
1833
1834	/*
1835	* RFC 2203, Section 5.3.2.3
1836	*
1837	* struct rpc_gss_priv_data {
1838	* opaque databody_priv<>
1839	* };
1840	*
1841	* struct rpc_gss_data_t {
1842	* unsigned int seq_num;
1843	* proc_req_arg_t arg;
1844	* };
1845	*
1846	* gss_wrap() expands the size of the RPC message payload in the
1847	* response buffer. The main purpose of svcauth_gss_wrap_priv()
1848	* is to ensure there is adequate space in the response buffer to
1849	* avoid overflow during the wrap.
1850	*/
1851	static int svcauth_gss_wrap_priv(struct svc_rqst *rqstp)
1852	{
1853	struct gss_svc_data *gsd = rqstp->rq_auth_data;
1854	struct rpc_gss_wire_cred *gc = &gsd->clcred;
1855	struct xdr_buf *buf = &rqstp->rq_res;
1856	struct kvec *head = buf->head;
1857	struct kvec *tail = buf->tail;
1858	u32 offset, pad, maj_stat;
1859	__be32 *p;
1860
1861	offset = svcauth_gss_prepare_to_wrap(rqstp, gsd);
1862	if (!offset)
1863	return `0`;
1864
1865	/*
1866	* Buffer space for this field has already been reserved
1867	* in svcauth_gss_accept(). Note that the GSS sequence
1868	* number is encrypted along with the RPC reply payload.
1869	*/
1870	if (xdr_encode_word(buf, offset + XDR_UNIT, gc->gc_seq))
1871	goto wrap_failed;
1872
1873	/*
1874	* If there is currently tail data, make sure there is
1875	* room for the head, tail, and 2 * RPC_MAX_AUTH_SIZE in
1876	* the page, and move the current tail data such that
1877	* there is RPC_MAX_AUTH_SIZE slack space available in
1878	* both the head and tail.
1879	*/
1880	if (tail->iov_base) {
1881	if (tail->iov_base >= head->iov_base + PAGE_SIZE)
1882	goto wrap_failed;
1883	if (tail->iov_base < head->iov_base)
1884	goto wrap_failed;
1885	if (tail->iov_len + head->iov_len
1886	+ `2` * RPC_MAX_AUTH_SIZE > PAGE_SIZE)
1887	goto wrap_failed;
1888	memmove(tail->iov_base + RPC_MAX_AUTH_SIZE, tail->iov_base,
1889	tail->iov_len);
1890	tail->iov_base += RPC_MAX_AUTH_SIZE;
1891	}
1892	/*
1893	* If there is no current tail data, make sure there is
1894	* room for the head data, and 2 * RPC_MAX_AUTH_SIZE in the
1895	* allotted page, and set up tail information such that there
1896	* is RPC_MAX_AUTH_SIZE slack space available in both the
1897	* head and tail.
1898	*/
1899	if (!tail->iov_base) {
1900	if (head->iov_len + `2` * RPC_MAX_AUTH_SIZE > PAGE_SIZE)
1901	goto wrap_failed;
1902	tail->iov_base = head->iov_base
1903	+ head->iov_len + RPC_MAX_AUTH_SIZE;
1904	tail->iov_len = `0`;
1905	}
1906
1907	maj_stat = gss_wrap(ctx_id: gsd->rsci->mechctx, offset: offset + XDR_UNIT, outbuf: buf,
1908	inpages: buf->pages);
1909	if (maj_stat != GSS_S_COMPLETE)
1910	goto bad_wrap;
1911
1912	/ Wrapping can change the size of databody_priv. /
1913	if (xdr_encode_word(buf, offset, buf->len - offset - XDR_UNIT))
1914	goto wrap_failed;
1915	pad = xdr_pad_size(n: buf->len - offset - XDR_UNIT);
1916	p = (__be32 *)(tail->iov_base + tail->iov_len);
1917	memset(p, `0`, pad);
1918	tail->iov_len += pad;
1919	buf->len += pad;
1920
1921	return `0`;
1922	wrap_failed:
1923	trace_rpcgss_svc_wrap_failed(rqstp);
1924	return -EINVAL;
1925	bad_wrap:
1926	trace_rpcgss_svc_wrap(rqstp, maj_stat);
1927	return -ENOMEM;
1928	}
1929
1930	/**
1931	* svcauth_gss_release - Wrap payload and release resources
1932	* @rqstp: RPC transaction context
1933	*
1934	* Return values:
1935	* %0: the Reply is ready to be sent
1936	* %-ENOMEM: failed to allocate memory
1937	* %-EINVAL: encoding error
1938	*/
1939	static int
1940	svcauth_gss_release(struct svc_rqst *rqstp)
1941	{
1942	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), id: sunrpc_net_id);
1943	struct gss_svc_data *gsd = rqstp->rq_auth_data;
1944	struct rpc_gss_wire_cred *gc;
1945	int stat;
1946
1947	if (!gsd)
1948	goto out;
1949	gc = &gsd->clcred;
1950	if (gc->gc_proc != RPC_GSS_PROC_DATA)
1951	goto out;
1952
1953	switch (gc->gc_svc) {
1954	case RPC_GSS_SVC_NONE:
1955	break;
1956	case RPC_GSS_SVC_INTEGRITY:
1957	stat = svcauth_gss_wrap_integ(rqstp);
1958	if (stat)
1959	goto out_err;
1960	break;
1961	case RPC_GSS_SVC_PRIVACY:
1962	stat = svcauth_gss_wrap_priv(rqstp);
1963	if (stat)
1964	goto out_err;
1965	break;
1966	/*
1967	* For any other gc_svc value, svcauth_gss_accept() already set
1968	* the auth_error appropriately; just fall through:
1969	*/
1970	}
1971
1972	out:
1973	stat = `0`;
1974	out_err:
1975	if (rqstp->rq_client)
1976	auth_domain_put(item: rqstp->rq_client);
1977	rqstp->rq_client = NULL;
1978	if (rqstp->rq_gssclient)
1979	auth_domain_put(item: rqstp->rq_gssclient);
1980	rqstp->rq_gssclient = NULL;
1981	if (rqstp->rq_cred.cr_group_info)
1982	put_group_info(rqstp->rq_cred.cr_group_info);
1983	rqstp->rq_cred.cr_group_info = NULL;
1984	if (gsd && gsd->rsci) {
1985	cache_put(h: &gsd->rsci->h, cd: sn->rsc_cache);
1986	gsd->rsci = NULL;
1987	}
1988	return stat;
1989	}
1990
1991	static void
1992	svcauth_gss_domain_release_rcu(struct rcu_head *head)
1993	{
1994	struct auth_domain dom = container_of(head, struct* auth_domain, rcu_head);
1995	struct gss_domain gd = container_of(dom, struct* gss_domain, h);
1996
1997	kfree(objp: dom->name);
1998	kfree(objp: gd);
1999	}
2000
2001	static void
2002	svcauth_gss_domain_release(struct auth_domain *dom)
2003	{
2004	call_rcu(head: &dom->rcu_head, func: svcauth_gss_domain_release_rcu);
2005	}
2006
2007	static rpc_authflavor_t svcauth_gss_pseudoflavor(struct svc_rqst *rqstp)
2008	{
2009	return svcauth_gss_flavor(rqstp->rq_gssclient);
2010	}
2011
2012	static struct auth_ops svcauthops_gss = {
2013	.name = "rpcsec_gss",
2014	.owner = THIS_MODULE,
2015	.flavour = RPC_AUTH_GSS,
2016	.accept = svcauth_gss_accept,
2017	.release = svcauth_gss_release,
2018	.domain_release = svcauth_gss_domain_release,
2019	.set_client = svcauth_gss_set_client,
2020	.pseudoflavor = svcauth_gss_pseudoflavor,
2021	};
2022
2023	static int rsi_cache_create_net(struct net *net)
2024	{
2025	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2026	struct cache_detail *cd;
2027	int err;
2028
2029	cd = cache_create_net(tmpl: &rsi_cache_template, net);
2030	if (IS_ERR(ptr: cd))
2031	return PTR_ERR(ptr: cd);
2032	err = cache_register_net(cd, net);
2033	if (err) {
2034	cache_destroy_net(cd, net);
2035	return err;
2036	}
2037	sn->rsi_cache = cd;
2038	return `0`;
2039	}
2040
2041	static void rsi_cache_destroy_net(struct net *net)
2042	{
2043	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2044	struct cache_detail *cd = sn->rsi_cache;
2045
2046	sn->rsi_cache = NULL;
2047	cache_purge(detail: cd);
2048	cache_unregister_net(cd, net);
2049	cache_destroy_net(cd, net);
2050	}
2051
2052	static int rsc_cache_create_net(struct net *net)
2053	{
2054	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2055	struct cache_detail *cd;
2056	int err;
2057
2058	cd = cache_create_net(tmpl: &rsc_cache_template, net);
2059	if (IS_ERR(ptr: cd))
2060	return PTR_ERR(ptr: cd);
2061	err = cache_register_net(cd, net);
2062	if (err) {
2063	cache_destroy_net(cd, net);
2064	return err;
2065	}
2066	sn->rsc_cache = cd;
2067	return `0`;
2068	}
2069
2070	static void rsc_cache_destroy_net(struct net *net)
2071	{
2072	struct sunrpc_net *sn = net_generic(net, id: sunrpc_net_id);
2073	struct cache_detail *cd = sn->rsc_cache;
2074
2075	sn->rsc_cache = NULL;
2076	cache_purge(detail: cd);
2077	cache_unregister_net(cd, net);
2078	cache_destroy_net(cd, net);
2079	}
2080
2081	int
2082	gss_svc_init_net(struct net *net)
2083	{
2084	int rv;
2085
2086	rv = rsc_cache_create_net(net);
2087	if (rv)
2088	return rv;
2089	rv = rsi_cache_create_net(net);
2090	if (rv)
2091	goto out1;
2092	rv = create_use_gss_proxy_proc_entry(net);
2093	if (rv)
2094	goto out2;
2095
2096	rv = create_krb5_enctypes_proc_entry(net);
2097	if (rv)
2098	goto out3;
2099
2100	return `0`;
2101
2102	out3:
2103	destroy_use_gss_proxy_proc_entry(net);
2104	out2:
2105	rsi_cache_destroy_net(net);
2106	out1:
2107	rsc_cache_destroy_net(net);
2108	return rv;
2109	}
2110
2111	void
2112	gss_svc_shutdown_net(struct net *net)
2113	{
2114	destroy_krb5_enctypes_proc_entry(net);
2115	destroy_use_gss_proxy_proc_entry(net);
2116	rsi_cache_destroy_net(net);
2117	rsc_cache_destroy_net(net);
2118	}
2119
2120	int
2121	gss_svc_init(void)
2122	{
2123	return svc_auth_register(flavor: RPC_AUTH_GSS, aops: &svcauthops_gss);
2124	}
2125
2126	void
2127	gss_svc_shutdown(void)
2128	{
2129	svc_auth_unregister(flavor: RPC_AUTH_GSS);
2130	}
2131

source code of linux/net/sunrpc/auth_gss/svcauth_gss.c