auth_gss.c 57 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306
  1. // SPDX-License-Identifier: BSD-3-Clause
  2. /*
  3. * linux/net/sunrpc/auth_gss/auth_gss.c
  4. *
  5. * RPCSEC_GSS client authentication.
  6. *
  7. * Copyright (c) 2000 The Regents of the University of Michigan.
  8. * All rights reserved.
  9. *
  10. * Dug Song <dugsong@monkey.org>
  11. * Andy Adamson <andros@umich.edu>
  12. */
  13. #include <linux/module.h>
  14. #include <linux/init.h>
  15. #include <linux/types.h>
  16. #include <linux/slab.h>
  17. #include <linux/sched.h>
  18. #include <linux/pagemap.h>
  19. #include <linux/sunrpc/clnt.h>
  20. #include <linux/sunrpc/auth.h>
  21. #include <linux/sunrpc/auth_gss.h>
  22. #include <linux/sunrpc/gss_krb5.h>
  23. #include <linux/sunrpc/svcauth_gss.h>
  24. #include <linux/sunrpc/gss_err.h>
  25. #include <linux/workqueue.h>
  26. #include <linux/sunrpc/rpc_pipe_fs.h>
  27. #include <linux/sunrpc/gss_api.h>
  28. #include <linux/uaccess.h>
  29. #include <linux/hashtable.h>
  30. #include "auth_gss_internal.h"
  31. #include "../netns.h"
  32. #include <trace/events/rpcgss.h>
  33. static const struct rpc_authops authgss_ops;
  34. static const struct rpc_credops gss_credops;
  35. static const struct rpc_credops gss_nullops;
  36. static void gss_free_callback(struct kref *kref);
  37. #define GSS_RETRY_EXPIRED 5
  38. static unsigned int gss_expired_cred_retry_delay = GSS_RETRY_EXPIRED;
  39. #define GSS_KEY_EXPIRE_TIMEO 240
  40. static unsigned int gss_key_expire_timeo = GSS_KEY_EXPIRE_TIMEO;
  41. #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
  42. # define RPCDBG_FACILITY RPCDBG_AUTH
  43. #endif
  44. /*
  45. * This compile-time check verifies that we will not exceed the
  46. * slack space allotted by the client and server auth_gss code
  47. * before they call gss_wrap().
  48. */
  49. #define GSS_KRB5_MAX_SLACK_NEEDED \
  50. (GSS_KRB5_TOK_HDR_LEN /* gss token header */ \
  51. + GSS_KRB5_MAX_CKSUM_LEN /* gss token checksum */ \
  52. + GSS_KRB5_MAX_BLOCKSIZE /* confounder */ \
  53. + GSS_KRB5_MAX_BLOCKSIZE /* possible padding */ \
  54. + GSS_KRB5_TOK_HDR_LEN /* encrypted hdr in v2 token */ \
  55. + GSS_KRB5_MAX_CKSUM_LEN /* encryption hmac */ \
  56. + XDR_UNIT * 2 /* RPC verifier */ \
  57. + GSS_KRB5_TOK_HDR_LEN \
  58. + GSS_KRB5_MAX_CKSUM_LEN)
  59. #define GSS_CRED_SLACK (RPC_MAX_AUTH_SIZE * 2)
  60. /* length of a krb5 verifier (48), plus data added before arguments when
  61. * using integrity (two 4-byte integers): */
  62. #define GSS_VERF_SLACK 100
  63. static DEFINE_HASHTABLE(gss_auth_hash_table, 4);
  64. static DEFINE_SPINLOCK(gss_auth_hash_lock);
  65. struct gss_pipe {
  66. struct rpc_pipe_dir_object pdo;
  67. struct rpc_pipe *pipe;
  68. struct rpc_clnt *clnt;
  69. const char *name;
  70. struct kref kref;
  71. };
  72. struct gss_auth {
  73. struct kref kref;
  74. struct hlist_node hash;
  75. struct rpc_auth rpc_auth;
  76. struct gss_api_mech *mech;
  77. enum rpc_gss_svc service;
  78. struct rpc_clnt *client;
  79. struct net *net;
  80. netns_tracker ns_tracker;
  81. /*
  82. * There are two upcall pipes; dentry[1], named "gssd", is used
  83. * for the new text-based upcall; dentry[0] is named after the
  84. * mechanism (for example, "krb5") and exists for
  85. * backwards-compatibility with older gssd's.
  86. */
  87. struct gss_pipe *gss_pipe[2];
  88. const char *target_name;
  89. };
  90. /* pipe_version >= 0 if and only if someone has a pipe open. */
  91. static DEFINE_SPINLOCK(pipe_version_lock);
  92. static struct rpc_wait_queue pipe_version_rpc_waitqueue;
  93. static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue);
  94. static void gss_put_auth(struct gss_auth *gss_auth);
  95. static void gss_free_ctx(struct gss_cl_ctx *);
  96. static const struct rpc_pipe_ops gss_upcall_ops_v0;
  97. static const struct rpc_pipe_ops gss_upcall_ops_v1;
  98. static inline struct gss_cl_ctx *
  99. gss_get_ctx(struct gss_cl_ctx *ctx)
  100. {
  101. refcount_inc(&ctx->count);
  102. return ctx;
  103. }
  104. static inline void
  105. gss_put_ctx(struct gss_cl_ctx *ctx)
  106. {
  107. if (refcount_dec_and_test(&ctx->count))
  108. gss_free_ctx(ctx);
  109. }
  110. /* gss_cred_set_ctx:
  111. * called by gss_upcall_callback and gss_create_upcall in order
  112. * to set the gss context. The actual exchange of an old context
  113. * and a new one is protected by the pipe->lock.
  114. */
  115. static void
  116. gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
  117. {
  118. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  119. if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
  120. return;
  121. gss_get_ctx(ctx);
  122. rcu_assign_pointer(gss_cred->gc_ctx, ctx);
  123. set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  124. smp_mb__before_atomic();
  125. clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
  126. }
  127. static struct gss_cl_ctx *
  128. gss_cred_get_ctx(struct rpc_cred *cred)
  129. {
  130. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  131. struct gss_cl_ctx *ctx = NULL;
  132. rcu_read_lock();
  133. ctx = rcu_dereference(gss_cred->gc_ctx);
  134. if (ctx)
  135. gss_get_ctx(ctx);
  136. rcu_read_unlock();
  137. return ctx;
  138. }
  139. static struct gss_cl_ctx *
  140. gss_alloc_context(void)
  141. {
  142. struct gss_cl_ctx *ctx;
  143. ctx = kzalloc_obj(*ctx);
  144. if (ctx != NULL) {
  145. ctx->gc_proc = RPC_GSS_PROC_DATA;
  146. ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */
  147. spin_lock_init(&ctx->gc_seq_lock);
  148. refcount_set(&ctx->count,1);
  149. }
  150. return ctx;
  151. }
  152. #define GSSD_MIN_TIMEOUT (60 * 60)
  153. static const void *
  154. gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
  155. {
  156. const void *q;
  157. unsigned int seclen;
  158. unsigned int timeout;
  159. unsigned long now = jiffies;
  160. u32 window_size;
  161. int ret;
  162. /* First unsigned int gives the remaining lifetime in seconds of the
  163. * credential - e.g. the remaining TGT lifetime for Kerberos or
  164. * the -t value passed to GSSD.
  165. */
  166. p = simple_get_bytes(p, end, &timeout, sizeof(timeout));
  167. if (IS_ERR(p))
  168. goto err;
  169. if (timeout == 0)
  170. timeout = GSSD_MIN_TIMEOUT;
  171. ctx->gc_expiry = now + ((unsigned long)timeout * HZ);
  172. /* Sequence number window. Determines the maximum number of
  173. * simultaneous requests
  174. */
  175. p = simple_get_bytes(p, end, &window_size, sizeof(window_size));
  176. if (IS_ERR(p))
  177. goto err;
  178. ctx->gc_win = window_size;
  179. /* gssd signals an error by passing ctx->gc_win = 0: */
  180. if (ctx->gc_win == 0) {
  181. /*
  182. * in which case, p points to an error code. Anything other
  183. * than -EKEYEXPIRED gets converted to -EACCES.
  184. */
  185. p = simple_get_bytes(p, end, &ret, sizeof(ret));
  186. if (!IS_ERR(p))
  187. p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
  188. ERR_PTR(-EACCES);
  189. goto err;
  190. }
  191. /* copy the opaque wire context */
  192. p = simple_get_netobj(p, end, &ctx->gc_wire_ctx);
  193. if (IS_ERR(p))
  194. goto err;
  195. /* import the opaque security context */
  196. p = simple_get_bytes(p, end, &seclen, sizeof(seclen));
  197. if (IS_ERR(p))
  198. goto err;
  199. q = (const void *)((const char *)p + seclen);
  200. if (unlikely(q > end || q < p)) {
  201. p = ERR_PTR(-EFAULT);
  202. goto err;
  203. }
  204. ret = gss_import_sec_context(p, seclen, gm, &ctx->gc_gss_ctx, NULL, GFP_KERNEL);
  205. if (ret < 0) {
  206. trace_rpcgss_import_ctx(ret);
  207. p = ERR_PTR(ret);
  208. goto err;
  209. }
  210. /* is there any trailing data? */
  211. if (q == end) {
  212. p = q;
  213. goto done;
  214. }
  215. /* pull in acceptor name (if there is one) */
  216. p = simple_get_netobj(q, end, &ctx->gc_acceptor);
  217. if (IS_ERR(p))
  218. goto err;
  219. done:
  220. trace_rpcgss_context(window_size, ctx->gc_expiry, now, timeout,
  221. ctx->gc_acceptor.len, ctx->gc_acceptor.data);
  222. err:
  223. return p;
  224. }
  225. /* XXX: Need some documentation about why UPCALL_BUF_LEN is so small.
  226. * Is user space expecting no more than UPCALL_BUF_LEN bytes?
  227. * Note that there are now _two_ NI_MAXHOST sized data items
  228. * being passed in this string.
  229. */
  230. #define UPCALL_BUF_LEN 256
  231. struct gss_upcall_msg {
  232. refcount_t count;
  233. kuid_t uid;
  234. const char *service_name;
  235. struct rpc_pipe_msg msg;
  236. struct list_head list;
  237. struct gss_auth *auth;
  238. struct rpc_pipe *pipe;
  239. struct rpc_wait_queue rpc_waitqueue;
  240. wait_queue_head_t waitqueue;
  241. struct gss_cl_ctx *ctx;
  242. char databuf[UPCALL_BUF_LEN];
  243. };
  244. static int get_pipe_version(struct net *net)
  245. {
  246. struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
  247. int ret;
  248. spin_lock(&pipe_version_lock);
  249. if (sn->pipe_version >= 0) {
  250. atomic_inc(&sn->pipe_users);
  251. ret = sn->pipe_version;
  252. } else
  253. ret = -EAGAIN;
  254. spin_unlock(&pipe_version_lock);
  255. return ret;
  256. }
  257. static void put_pipe_version(struct net *net)
  258. {
  259. struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
  260. if (atomic_dec_and_lock(&sn->pipe_users, &pipe_version_lock)) {
  261. sn->pipe_version = -1;
  262. spin_unlock(&pipe_version_lock);
  263. }
  264. }
  265. static void
  266. gss_release_msg(struct gss_upcall_msg *gss_msg)
  267. {
  268. struct net *net = gss_msg->auth->net;
  269. if (!refcount_dec_and_test(&gss_msg->count))
  270. return;
  271. put_pipe_version(net);
  272. BUG_ON(!list_empty(&gss_msg->list));
  273. if (gss_msg->ctx != NULL)
  274. gss_put_ctx(gss_msg->ctx);
  275. rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
  276. gss_put_auth(gss_msg->auth);
  277. kfree_const(gss_msg->service_name);
  278. kfree(gss_msg);
  279. }
  280. static struct gss_upcall_msg *
  281. __gss_find_upcall(struct rpc_pipe *pipe, kuid_t uid, const struct gss_auth *auth)
  282. {
  283. struct gss_upcall_msg *pos;
  284. list_for_each_entry(pos, &pipe->in_downcall, list) {
  285. if (!uid_eq(pos->uid, uid))
  286. continue;
  287. if (pos->auth->service != auth->service)
  288. continue;
  289. refcount_inc(&pos->count);
  290. return pos;
  291. }
  292. return NULL;
  293. }
  294. /* Try to add an upcall to the pipefs queue.
  295. * If an upcall owned by our uid already exists, then we return a reference
  296. * to that upcall instead of adding the new upcall.
  297. */
  298. static inline struct gss_upcall_msg *
  299. gss_add_msg(struct gss_upcall_msg *gss_msg)
  300. {
  301. struct rpc_pipe *pipe = gss_msg->pipe;
  302. struct gss_upcall_msg *old;
  303. spin_lock(&pipe->lock);
  304. old = __gss_find_upcall(pipe, gss_msg->uid, gss_msg->auth);
  305. if (old == NULL) {
  306. refcount_inc(&gss_msg->count);
  307. list_add(&gss_msg->list, &pipe->in_downcall);
  308. } else
  309. gss_msg = old;
  310. spin_unlock(&pipe->lock);
  311. return gss_msg;
  312. }
  313. static void
  314. __gss_unhash_msg(struct gss_upcall_msg *gss_msg)
  315. {
  316. list_del_init(&gss_msg->list);
  317. rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
  318. wake_up_all(&gss_msg->waitqueue);
  319. refcount_dec(&gss_msg->count);
  320. }
  321. static void
  322. gss_unhash_msg(struct gss_upcall_msg *gss_msg)
  323. {
  324. struct rpc_pipe *pipe = gss_msg->pipe;
  325. if (list_empty(&gss_msg->list))
  326. return;
  327. spin_lock(&pipe->lock);
  328. if (!list_empty(&gss_msg->list))
  329. __gss_unhash_msg(gss_msg);
  330. spin_unlock(&pipe->lock);
  331. }
  332. static void
  333. gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss_msg)
  334. {
  335. switch (gss_msg->msg.errno) {
  336. case 0:
  337. if (gss_msg->ctx == NULL)
  338. break;
  339. clear_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
  340. gss_cred_set_ctx(&gss_cred->gc_base, gss_msg->ctx);
  341. break;
  342. case -EKEYEXPIRED:
  343. set_bit(RPCAUTH_CRED_NEGATIVE, &gss_cred->gc_base.cr_flags);
  344. }
  345. gss_cred->gc_upcall_timestamp = jiffies;
  346. gss_cred->gc_upcall = NULL;
  347. rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
  348. }
  349. static void
  350. gss_upcall_callback(struct rpc_task *task)
  351. {
  352. struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
  353. struct gss_cred, gc_base);
  354. struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
  355. struct rpc_pipe *pipe = gss_msg->pipe;
  356. spin_lock(&pipe->lock);
  357. gss_handle_downcall_result(gss_cred, gss_msg);
  358. spin_unlock(&pipe->lock);
  359. task->tk_status = gss_msg->msg.errno;
  360. gss_release_msg(gss_msg);
  361. }
  362. static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg,
  363. const struct cred *cred)
  364. {
  365. struct user_namespace *userns = cred->user_ns;
  366. uid_t uid = from_kuid_munged(userns, gss_msg->uid);
  367. memcpy(gss_msg->databuf, &uid, sizeof(uid));
  368. gss_msg->msg.data = gss_msg->databuf;
  369. gss_msg->msg.len = sizeof(uid);
  370. BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
  371. }
  372. static ssize_t
  373. gss_v0_upcall(struct file *file, struct rpc_pipe_msg *msg,
  374. char __user *buf, size_t buflen)
  375. {
  376. struct gss_upcall_msg *gss_msg = container_of(msg,
  377. struct gss_upcall_msg,
  378. msg);
  379. if (msg->copied == 0)
  380. gss_encode_v0_msg(gss_msg, file->f_cred);
  381. return rpc_pipe_generic_upcall(file, msg, buf, buflen);
  382. }
  383. static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
  384. const char *service_name,
  385. const char *target_name,
  386. const struct cred *cred)
  387. {
  388. struct user_namespace *userns = cred->user_ns;
  389. struct gss_api_mech *mech = gss_msg->auth->mech;
  390. char *p = gss_msg->databuf;
  391. size_t buflen = sizeof(gss_msg->databuf);
  392. int len;
  393. len = scnprintf(p, buflen, "mech=%s uid=%d", mech->gm_name,
  394. from_kuid_munged(userns, gss_msg->uid));
  395. buflen -= len;
  396. p += len;
  397. gss_msg->msg.len = len;
  398. /*
  399. * target= is a full service principal that names the remote
  400. * identity that we are authenticating to.
  401. */
  402. if (target_name) {
  403. len = scnprintf(p, buflen, " target=%s", target_name);
  404. buflen -= len;
  405. p += len;
  406. gss_msg->msg.len += len;
  407. }
  408. /*
  409. * gssd uses service= and srchost= to select a matching key from
  410. * the system's keytab to use as the source principal.
  411. *
  412. * service= is the service name part of the source principal,
  413. * or "*" (meaning choose any).
  414. *
  415. * srchost= is the hostname part of the source principal. When
  416. * not provided, gssd uses the local hostname.
  417. */
  418. if (service_name) {
  419. char *c = strchr(service_name, '@');
  420. if (!c)
  421. len = scnprintf(p, buflen, " service=%s",
  422. service_name);
  423. else
  424. len = scnprintf(p, buflen,
  425. " service=%.*s srchost=%s",
  426. (int)(c - service_name),
  427. service_name, c + 1);
  428. buflen -= len;
  429. p += len;
  430. gss_msg->msg.len += len;
  431. }
  432. if (mech->gm_upcall_enctypes) {
  433. len = scnprintf(p, buflen, " enctypes=%s",
  434. mech->gm_upcall_enctypes);
  435. buflen -= len;
  436. p += len;
  437. gss_msg->msg.len += len;
  438. }
  439. trace_rpcgss_upcall_msg(gss_msg->databuf);
  440. len = scnprintf(p, buflen, "\n");
  441. if (len == 0)
  442. goto out_overflow;
  443. gss_msg->msg.len += len;
  444. gss_msg->msg.data = gss_msg->databuf;
  445. return 0;
  446. out_overflow:
  447. WARN_ON_ONCE(1);
  448. return -ENOMEM;
  449. }
  450. static ssize_t
  451. gss_v1_upcall(struct file *file, struct rpc_pipe_msg *msg,
  452. char __user *buf, size_t buflen)
  453. {
  454. struct gss_upcall_msg *gss_msg = container_of(msg,
  455. struct gss_upcall_msg,
  456. msg);
  457. int err;
  458. if (msg->copied == 0) {
  459. err = gss_encode_v1_msg(gss_msg,
  460. gss_msg->service_name,
  461. gss_msg->auth->target_name,
  462. file->f_cred);
  463. if (err)
  464. return err;
  465. }
  466. return rpc_pipe_generic_upcall(file, msg, buf, buflen);
  467. }
  468. static struct gss_upcall_msg *
  469. gss_alloc_msg(struct gss_auth *gss_auth,
  470. kuid_t uid, const char *service_name)
  471. {
  472. struct gss_upcall_msg *gss_msg;
  473. int vers;
  474. int err = -ENOMEM;
  475. gss_msg = kzalloc_obj(*gss_msg);
  476. if (gss_msg == NULL)
  477. goto err;
  478. vers = get_pipe_version(gss_auth->net);
  479. err = vers;
  480. if (err < 0)
  481. goto err_free_msg;
  482. gss_msg->pipe = gss_auth->gss_pipe[vers]->pipe;
  483. INIT_LIST_HEAD(&gss_msg->list);
  484. rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
  485. init_waitqueue_head(&gss_msg->waitqueue);
  486. refcount_set(&gss_msg->count, 1);
  487. gss_msg->uid = uid;
  488. gss_msg->auth = gss_auth;
  489. kref_get(&gss_auth->kref);
  490. if (service_name) {
  491. gss_msg->service_name = kstrdup_const(service_name, GFP_KERNEL);
  492. if (!gss_msg->service_name) {
  493. err = -ENOMEM;
  494. goto err_put_pipe_version;
  495. }
  496. }
  497. return gss_msg;
  498. err_put_pipe_version:
  499. kref_put(&gss_auth->kref, gss_free_callback);
  500. put_pipe_version(gss_auth->net);
  501. err_free_msg:
  502. kfree(gss_msg);
  503. err:
  504. return ERR_PTR(err);
  505. }
  506. static struct gss_upcall_msg *
  507. gss_setup_upcall(struct gss_auth *gss_auth, struct rpc_cred *cred)
  508. {
  509. struct gss_cred *gss_cred = container_of(cred,
  510. struct gss_cred, gc_base);
  511. struct gss_upcall_msg *gss_new, *gss_msg;
  512. kuid_t uid = cred->cr_cred->fsuid;
  513. gss_new = gss_alloc_msg(gss_auth, uid, gss_cred->gc_principal);
  514. if (IS_ERR(gss_new))
  515. return gss_new;
  516. gss_msg = gss_add_msg(gss_new);
  517. if (gss_msg == gss_new) {
  518. int res;
  519. refcount_inc(&gss_msg->count);
  520. res = rpc_queue_upcall(gss_new->pipe, &gss_new->msg);
  521. if (res) {
  522. gss_unhash_msg(gss_new);
  523. refcount_dec(&gss_msg->count);
  524. gss_release_msg(gss_new);
  525. gss_msg = ERR_PTR(res);
  526. }
  527. } else
  528. gss_release_msg(gss_new);
  529. return gss_msg;
  530. }
  531. static void warn_gssd(void)
  532. {
  533. dprintk("AUTH_GSS upcall failed. Please check user daemon is running.\n");
  534. }
  535. static inline int
  536. gss_refresh_upcall(struct rpc_task *task)
  537. {
  538. struct rpc_cred *cred = task->tk_rqstp->rq_cred;
  539. struct gss_auth *gss_auth = container_of(cred->cr_auth,
  540. struct gss_auth, rpc_auth);
  541. struct gss_cred *gss_cred = container_of(cred,
  542. struct gss_cred, gc_base);
  543. struct gss_upcall_msg *gss_msg;
  544. struct rpc_pipe *pipe;
  545. int err = 0;
  546. gss_msg = gss_setup_upcall(gss_auth, cred);
  547. if (PTR_ERR(gss_msg) == -EAGAIN) {
  548. /* XXX: warning on the first, under the assumption we
  549. * shouldn't normally hit this case on a refresh. */
  550. warn_gssd();
  551. rpc_sleep_on_timeout(&pipe_version_rpc_waitqueue,
  552. task, NULL, jiffies + (15 * HZ));
  553. err = -EAGAIN;
  554. goto out;
  555. }
  556. if (IS_ERR(gss_msg)) {
  557. err = PTR_ERR(gss_msg);
  558. goto out;
  559. }
  560. pipe = gss_msg->pipe;
  561. spin_lock(&pipe->lock);
  562. if (gss_cred->gc_upcall != NULL)
  563. rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
  564. else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
  565. gss_cred->gc_upcall = gss_msg;
  566. /* gss_upcall_callback will release the reference to gss_upcall_msg */
  567. refcount_inc(&gss_msg->count);
  568. rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
  569. } else {
  570. gss_handle_downcall_result(gss_cred, gss_msg);
  571. err = gss_msg->msg.errno;
  572. }
  573. spin_unlock(&pipe->lock);
  574. gss_release_msg(gss_msg);
  575. out:
  576. trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
  577. cred->cr_cred->fsuid), err);
  578. return err;
  579. }
  580. static inline int
  581. gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
  582. {
  583. struct net *net = gss_auth->net;
  584. struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
  585. struct rpc_pipe *pipe;
  586. struct rpc_cred *cred = &gss_cred->gc_base;
  587. struct gss_upcall_msg *gss_msg;
  588. DEFINE_WAIT(wait);
  589. int err;
  590. retry:
  591. err = 0;
  592. /* if gssd is down, just skip upcalling altogether */
  593. if (!gssd_running(net)) {
  594. warn_gssd();
  595. err = -EACCES;
  596. goto out;
  597. }
  598. gss_msg = gss_setup_upcall(gss_auth, cred);
  599. if (PTR_ERR(gss_msg) == -EAGAIN) {
  600. err = wait_event_interruptible_timeout(pipe_version_waitqueue,
  601. sn->pipe_version >= 0, 15 * HZ);
  602. if (sn->pipe_version < 0) {
  603. warn_gssd();
  604. err = -EACCES;
  605. }
  606. if (err < 0)
  607. goto out;
  608. goto retry;
  609. }
  610. if (IS_ERR(gss_msg)) {
  611. err = PTR_ERR(gss_msg);
  612. goto out;
  613. }
  614. pipe = gss_msg->pipe;
  615. for (;;) {
  616. prepare_to_wait(&gss_msg->waitqueue, &wait, TASK_KILLABLE);
  617. spin_lock(&pipe->lock);
  618. if (gss_msg->ctx != NULL || gss_msg->msg.errno < 0) {
  619. break;
  620. }
  621. spin_unlock(&pipe->lock);
  622. if (fatal_signal_pending(current)) {
  623. err = -ERESTARTSYS;
  624. goto out_intr;
  625. }
  626. schedule();
  627. }
  628. if (gss_msg->ctx) {
  629. trace_rpcgss_ctx_init(gss_cred);
  630. gss_cred_set_ctx(cred, gss_msg->ctx);
  631. } else {
  632. err = gss_msg->msg.errno;
  633. }
  634. spin_unlock(&pipe->lock);
  635. out_intr:
  636. finish_wait(&gss_msg->waitqueue, &wait);
  637. gss_release_msg(gss_msg);
  638. out:
  639. trace_rpcgss_upcall_result(from_kuid(&init_user_ns,
  640. cred->cr_cred->fsuid), err);
  641. return err;
  642. }
  643. static struct gss_upcall_msg *
  644. gss_find_downcall(struct rpc_pipe *pipe, kuid_t uid)
  645. {
  646. struct gss_upcall_msg *pos;
  647. list_for_each_entry(pos, &pipe->in_downcall, list) {
  648. if (!uid_eq(pos->uid, uid))
  649. continue;
  650. if (!rpc_msg_is_inflight(&pos->msg))
  651. continue;
  652. refcount_inc(&pos->count);
  653. return pos;
  654. }
  655. return NULL;
  656. }
  657. #define MSG_BUF_MAXSIZE 1024
  658. static ssize_t
  659. gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
  660. {
  661. const void *p, *end;
  662. void *buf;
  663. struct gss_upcall_msg *gss_msg;
  664. struct rpc_pipe *pipe = RPC_I(file_inode(filp))->pipe;
  665. struct gss_cl_ctx *ctx;
  666. uid_t id;
  667. kuid_t uid;
  668. ssize_t err = -EFBIG;
  669. if (mlen > MSG_BUF_MAXSIZE)
  670. goto out;
  671. err = -ENOMEM;
  672. buf = kmalloc(mlen, GFP_KERNEL);
  673. if (!buf)
  674. goto out;
  675. err = -EFAULT;
  676. if (copy_from_user(buf, src, mlen))
  677. goto err;
  678. end = (const void *)((char *)buf + mlen);
  679. p = simple_get_bytes(buf, end, &id, sizeof(id));
  680. if (IS_ERR(p)) {
  681. err = PTR_ERR(p);
  682. goto err;
  683. }
  684. uid = make_kuid(current_user_ns(), id);
  685. if (!uid_valid(uid)) {
  686. err = -EINVAL;
  687. goto err;
  688. }
  689. err = -ENOMEM;
  690. ctx = gss_alloc_context();
  691. if (ctx == NULL)
  692. goto err;
  693. err = -ENOENT;
  694. /* Find a matching upcall */
  695. spin_lock(&pipe->lock);
  696. gss_msg = gss_find_downcall(pipe, uid);
  697. if (gss_msg == NULL) {
  698. spin_unlock(&pipe->lock);
  699. goto err_put_ctx;
  700. }
  701. list_del_init(&gss_msg->list);
  702. spin_unlock(&pipe->lock);
  703. p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
  704. if (IS_ERR(p)) {
  705. err = PTR_ERR(p);
  706. switch (err) {
  707. case -EACCES:
  708. case -EKEYEXPIRED:
  709. gss_msg->msg.errno = err;
  710. err = mlen;
  711. break;
  712. case -EFAULT:
  713. case -ENOMEM:
  714. case -EINVAL:
  715. case -ENOSYS:
  716. gss_msg->msg.errno = -EAGAIN;
  717. break;
  718. default:
  719. printk(KERN_CRIT "%s: bad return from "
  720. "gss_fill_context: %zd\n", __func__, err);
  721. gss_msg->msg.errno = -EIO;
  722. }
  723. goto err_release_msg;
  724. }
  725. gss_msg->ctx = gss_get_ctx(ctx);
  726. err = mlen;
  727. err_release_msg:
  728. spin_lock(&pipe->lock);
  729. __gss_unhash_msg(gss_msg);
  730. spin_unlock(&pipe->lock);
  731. gss_release_msg(gss_msg);
  732. err_put_ctx:
  733. gss_put_ctx(ctx);
  734. err:
  735. kfree(buf);
  736. out:
  737. return err;
  738. }
  739. static int gss_pipe_open(struct inode *inode, int new_version)
  740. {
  741. struct net *net = inode->i_sb->s_fs_info;
  742. struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
  743. int ret = 0;
  744. spin_lock(&pipe_version_lock);
  745. if (sn->pipe_version < 0) {
  746. /* First open of any gss pipe determines the version: */
  747. sn->pipe_version = new_version;
  748. rpc_wake_up(&pipe_version_rpc_waitqueue);
  749. wake_up(&pipe_version_waitqueue);
  750. } else if (sn->pipe_version != new_version) {
  751. /* Trying to open a pipe of a different version */
  752. ret = -EBUSY;
  753. goto out;
  754. }
  755. atomic_inc(&sn->pipe_users);
  756. out:
  757. spin_unlock(&pipe_version_lock);
  758. return ret;
  759. }
  760. static int gss_pipe_open_v0(struct inode *inode)
  761. {
  762. return gss_pipe_open(inode, 0);
  763. }
  764. static int gss_pipe_open_v1(struct inode *inode)
  765. {
  766. return gss_pipe_open(inode, 1);
  767. }
  768. static void
  769. gss_pipe_release(struct inode *inode)
  770. {
  771. struct net *net = inode->i_sb->s_fs_info;
  772. struct rpc_pipe *pipe = RPC_I(inode)->pipe;
  773. struct gss_upcall_msg *gss_msg;
  774. restart:
  775. spin_lock(&pipe->lock);
  776. list_for_each_entry(gss_msg, &pipe->in_downcall, list) {
  777. if (!list_empty(&gss_msg->msg.list))
  778. continue;
  779. gss_msg->msg.errno = -EPIPE;
  780. refcount_inc(&gss_msg->count);
  781. __gss_unhash_msg(gss_msg);
  782. spin_unlock(&pipe->lock);
  783. gss_release_msg(gss_msg);
  784. goto restart;
  785. }
  786. spin_unlock(&pipe->lock);
  787. put_pipe_version(net);
  788. }
  789. static void
  790. gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
  791. {
  792. struct gss_upcall_msg *gss_msg = container_of(msg, struct gss_upcall_msg, msg);
  793. if (msg->errno < 0) {
  794. refcount_inc(&gss_msg->count);
  795. gss_unhash_msg(gss_msg);
  796. if (msg->errno == -ETIMEDOUT)
  797. warn_gssd();
  798. gss_release_msg(gss_msg);
  799. }
  800. gss_release_msg(gss_msg);
  801. }
  802. static void gss_pipe_dentry_destroy(struct dentry *dir,
  803. struct rpc_pipe_dir_object *pdo)
  804. {
  805. struct gss_pipe *gss_pipe = pdo->pdo_data;
  806. rpc_unlink(gss_pipe->pipe);
  807. }
  808. static int gss_pipe_dentry_create(struct dentry *dir,
  809. struct rpc_pipe_dir_object *pdo)
  810. {
  811. struct gss_pipe *p = pdo->pdo_data;
  812. return rpc_mkpipe_dentry(dir, p->name, p->clnt, p->pipe);
  813. }
  814. static const struct rpc_pipe_dir_object_ops gss_pipe_dir_object_ops = {
  815. .create = gss_pipe_dentry_create,
  816. .destroy = gss_pipe_dentry_destroy,
  817. };
  818. static struct gss_pipe *gss_pipe_alloc(struct rpc_clnt *clnt,
  819. const char *name,
  820. const struct rpc_pipe_ops *upcall_ops)
  821. {
  822. struct gss_pipe *p;
  823. int err = -ENOMEM;
  824. p = kmalloc_obj(*p);
  825. if (p == NULL)
  826. goto err;
  827. p->pipe = rpc_mkpipe_data(upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
  828. if (IS_ERR(p->pipe)) {
  829. err = PTR_ERR(p->pipe);
  830. goto err_free_gss_pipe;
  831. }
  832. p->name = name;
  833. p->clnt = clnt;
  834. kref_init(&p->kref);
  835. rpc_init_pipe_dir_object(&p->pdo,
  836. &gss_pipe_dir_object_ops,
  837. p);
  838. return p;
  839. err_free_gss_pipe:
  840. kfree(p);
  841. err:
  842. return ERR_PTR(err);
  843. }
  844. struct gss_alloc_pdo {
  845. struct rpc_clnt *clnt;
  846. const char *name;
  847. const struct rpc_pipe_ops *upcall_ops;
  848. };
  849. static int gss_pipe_match_pdo(struct rpc_pipe_dir_object *pdo, void *data)
  850. {
  851. struct gss_pipe *gss_pipe;
  852. struct gss_alloc_pdo *args = data;
  853. if (pdo->pdo_ops != &gss_pipe_dir_object_ops)
  854. return 0;
  855. gss_pipe = container_of(pdo, struct gss_pipe, pdo);
  856. if (strcmp(gss_pipe->name, args->name) != 0)
  857. return 0;
  858. if (!kref_get_unless_zero(&gss_pipe->kref))
  859. return 0;
  860. return 1;
  861. }
  862. static struct rpc_pipe_dir_object *gss_pipe_alloc_pdo(void *data)
  863. {
  864. struct gss_pipe *gss_pipe;
  865. struct gss_alloc_pdo *args = data;
  866. gss_pipe = gss_pipe_alloc(args->clnt, args->name, args->upcall_ops);
  867. if (!IS_ERR(gss_pipe))
  868. return &gss_pipe->pdo;
  869. return NULL;
  870. }
  871. static struct gss_pipe *gss_pipe_get(struct rpc_clnt *clnt,
  872. const char *name,
  873. const struct rpc_pipe_ops *upcall_ops)
  874. {
  875. struct net *net = rpc_net_ns(clnt);
  876. struct rpc_pipe_dir_object *pdo;
  877. struct gss_alloc_pdo args = {
  878. .clnt = clnt,
  879. .name = name,
  880. .upcall_ops = upcall_ops,
  881. };
  882. pdo = rpc_find_or_alloc_pipe_dir_object(net,
  883. &clnt->cl_pipedir_objects,
  884. gss_pipe_match_pdo,
  885. gss_pipe_alloc_pdo,
  886. &args);
  887. if (pdo != NULL)
  888. return container_of(pdo, struct gss_pipe, pdo);
  889. return ERR_PTR(-ENOMEM);
  890. }
  891. static void __gss_pipe_free(struct gss_pipe *p)
  892. {
  893. struct rpc_clnt *clnt = p->clnt;
  894. struct net *net = rpc_net_ns(clnt);
  895. rpc_remove_pipe_dir_object(net,
  896. &clnt->cl_pipedir_objects,
  897. &p->pdo);
  898. rpc_destroy_pipe_data(p->pipe);
  899. kfree(p);
  900. }
  901. static void __gss_pipe_release(struct kref *kref)
  902. {
  903. struct gss_pipe *p = container_of(kref, struct gss_pipe, kref);
  904. __gss_pipe_free(p);
  905. }
  906. static void gss_pipe_free(struct gss_pipe *p)
  907. {
  908. if (p != NULL)
  909. kref_put(&p->kref, __gss_pipe_release);
  910. }
  911. /*
  912. * NOTE: we have the opportunity to use different
  913. * parameters based on the input flavor (which must be a pseudoflavor)
  914. */
  915. static struct gss_auth *
  916. gss_create_new(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
  917. {
  918. rpc_authflavor_t flavor = args->pseudoflavor;
  919. struct gss_auth *gss_auth;
  920. struct gss_pipe *gss_pipe;
  921. struct rpc_auth * auth;
  922. int err = -ENOMEM; /* XXX? */
  923. if (!try_module_get(THIS_MODULE))
  924. return ERR_PTR(err);
  925. if (!(gss_auth = kmalloc_obj(*gss_auth)))
  926. goto out_dec;
  927. INIT_HLIST_NODE(&gss_auth->hash);
  928. gss_auth->target_name = NULL;
  929. if (args->target_name) {
  930. gss_auth->target_name = kstrdup(args->target_name, GFP_KERNEL);
  931. if (gss_auth->target_name == NULL)
  932. goto err_free;
  933. }
  934. gss_auth->client = clnt;
  935. gss_auth->net = get_net_track(rpc_net_ns(clnt), &gss_auth->ns_tracker,
  936. GFP_KERNEL);
  937. err = -EINVAL;
  938. gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
  939. if (!gss_auth->mech)
  940. goto err_put_net;
  941. gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
  942. if (gss_auth->service == 0)
  943. goto err_put_mech;
  944. if (!gssd_running(gss_auth->net))
  945. goto err_put_mech;
  946. auth = &gss_auth->rpc_auth;
  947. auth->au_cslack = GSS_CRED_SLACK >> 2;
  948. BUILD_BUG_ON(GSS_KRB5_MAX_SLACK_NEEDED > RPC_MAX_AUTH_SIZE);
  949. auth->au_rslack = GSS_KRB5_MAX_SLACK_NEEDED >> 2;
  950. auth->au_verfsize = GSS_VERF_SLACK >> 2;
  951. auth->au_ralign = GSS_VERF_SLACK >> 2;
  952. __set_bit(RPCAUTH_AUTH_UPDATE_SLACK, &auth->au_flags);
  953. auth->au_ops = &authgss_ops;
  954. auth->au_flavor = flavor;
  955. if (gss_pseudoflavor_to_datatouch(gss_auth->mech, flavor))
  956. __set_bit(RPCAUTH_AUTH_DATATOUCH, &auth->au_flags);
  957. refcount_set(&auth->au_count, 1);
  958. kref_init(&gss_auth->kref);
  959. err = rpcauth_init_credcache(auth);
  960. if (err)
  961. goto err_put_mech;
  962. /*
  963. * Note: if we created the old pipe first, then someone who
  964. * examined the directory at the right moment might conclude
  965. * that we supported only the old pipe. So we instead create
  966. * the new pipe first.
  967. */
  968. gss_pipe = gss_pipe_get(clnt, "gssd", &gss_upcall_ops_v1);
  969. if (IS_ERR(gss_pipe)) {
  970. err = PTR_ERR(gss_pipe);
  971. goto err_destroy_credcache;
  972. }
  973. gss_auth->gss_pipe[1] = gss_pipe;
  974. gss_pipe = gss_pipe_get(clnt, gss_auth->mech->gm_name,
  975. &gss_upcall_ops_v0);
  976. if (IS_ERR(gss_pipe)) {
  977. err = PTR_ERR(gss_pipe);
  978. goto err_destroy_pipe_1;
  979. }
  980. gss_auth->gss_pipe[0] = gss_pipe;
  981. return gss_auth;
  982. err_destroy_pipe_1:
  983. gss_pipe_free(gss_auth->gss_pipe[1]);
  984. err_destroy_credcache:
  985. rpcauth_destroy_credcache(auth);
  986. err_put_mech:
  987. gss_mech_put(gss_auth->mech);
  988. err_put_net:
  989. put_net_track(gss_auth->net, &gss_auth->ns_tracker);
  990. err_free:
  991. kfree(gss_auth->target_name);
  992. kfree(gss_auth);
  993. out_dec:
  994. module_put(THIS_MODULE);
  995. trace_rpcgss_createauth(flavor, err);
  996. return ERR_PTR(err);
  997. }
  998. static void
  999. gss_free(struct gss_auth *gss_auth)
  1000. {
  1001. gss_pipe_free(gss_auth->gss_pipe[0]);
  1002. gss_pipe_free(gss_auth->gss_pipe[1]);
  1003. gss_mech_put(gss_auth->mech);
  1004. put_net_track(gss_auth->net, &gss_auth->ns_tracker);
  1005. kfree(gss_auth->target_name);
  1006. kfree(gss_auth);
  1007. module_put(THIS_MODULE);
  1008. }
  1009. static void
  1010. gss_free_callback(struct kref *kref)
  1011. {
  1012. struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
  1013. gss_free(gss_auth);
  1014. }
  1015. static void
  1016. gss_put_auth(struct gss_auth *gss_auth)
  1017. {
  1018. kref_put(&gss_auth->kref, gss_free_callback);
  1019. }
  1020. static void
  1021. gss_destroy(struct rpc_auth *auth)
  1022. {
  1023. struct gss_auth *gss_auth = container_of(auth,
  1024. struct gss_auth, rpc_auth);
  1025. if (hash_hashed(&gss_auth->hash)) {
  1026. spin_lock(&gss_auth_hash_lock);
  1027. hash_del(&gss_auth->hash);
  1028. spin_unlock(&gss_auth_hash_lock);
  1029. }
  1030. gss_pipe_free(gss_auth->gss_pipe[0]);
  1031. gss_auth->gss_pipe[0] = NULL;
  1032. gss_pipe_free(gss_auth->gss_pipe[1]);
  1033. gss_auth->gss_pipe[1] = NULL;
  1034. rpcauth_destroy_credcache(auth);
  1035. gss_put_auth(gss_auth);
  1036. }
  1037. /*
  1038. * Auths may be shared between rpc clients that were cloned from a
  1039. * common client with the same xprt, if they also share the flavor and
  1040. * target_name.
  1041. *
  1042. * The auth is looked up from the oldest parent sharing the same
  1043. * cl_xprt, and the auth itself references only that common parent
  1044. * (which is guaranteed to last as long as any of its descendants).
  1045. */
  1046. static struct gss_auth *
  1047. gss_auth_find_or_add_hashed(const struct rpc_auth_create_args *args,
  1048. struct rpc_clnt *clnt,
  1049. struct gss_auth *new)
  1050. {
  1051. struct gss_auth *gss_auth;
  1052. unsigned long hashval = (unsigned long)clnt;
  1053. spin_lock(&gss_auth_hash_lock);
  1054. hash_for_each_possible(gss_auth_hash_table,
  1055. gss_auth,
  1056. hash,
  1057. hashval) {
  1058. if (gss_auth->client != clnt)
  1059. continue;
  1060. if (gss_auth->rpc_auth.au_flavor != args->pseudoflavor)
  1061. continue;
  1062. if (gss_auth->target_name != args->target_name) {
  1063. if (gss_auth->target_name == NULL)
  1064. continue;
  1065. if (args->target_name == NULL)
  1066. continue;
  1067. if (strcmp(gss_auth->target_name, args->target_name))
  1068. continue;
  1069. }
  1070. if (!refcount_inc_not_zero(&gss_auth->rpc_auth.au_count))
  1071. continue;
  1072. goto out;
  1073. }
  1074. if (new)
  1075. hash_add(gss_auth_hash_table, &new->hash, hashval);
  1076. gss_auth = new;
  1077. out:
  1078. spin_unlock(&gss_auth_hash_lock);
  1079. return gss_auth;
  1080. }
  1081. static struct gss_auth *
  1082. gss_create_hashed(const struct rpc_auth_create_args *args,
  1083. struct rpc_clnt *clnt)
  1084. {
  1085. struct gss_auth *gss_auth;
  1086. struct gss_auth *new;
  1087. gss_auth = gss_auth_find_or_add_hashed(args, clnt, NULL);
  1088. if (gss_auth != NULL)
  1089. goto out;
  1090. new = gss_create_new(args, clnt);
  1091. if (IS_ERR(new))
  1092. return new;
  1093. gss_auth = gss_auth_find_or_add_hashed(args, clnt, new);
  1094. if (gss_auth != new)
  1095. gss_destroy(&new->rpc_auth);
  1096. out:
  1097. return gss_auth;
  1098. }
  1099. static struct rpc_auth *
  1100. gss_create(const struct rpc_auth_create_args *args, struct rpc_clnt *clnt)
  1101. {
  1102. struct gss_auth *gss_auth;
  1103. struct rpc_xprt_switch *xps = rcu_access_pointer(clnt->cl_xpi.xpi_xpswitch);
  1104. while (clnt != clnt->cl_parent) {
  1105. struct rpc_clnt *parent = clnt->cl_parent;
  1106. /* Find the original parent for this transport */
  1107. if (rcu_access_pointer(parent->cl_xpi.xpi_xpswitch) != xps)
  1108. break;
  1109. clnt = parent;
  1110. }
  1111. gss_auth = gss_create_hashed(args, clnt);
  1112. if (IS_ERR(gss_auth))
  1113. return ERR_CAST(gss_auth);
  1114. return &gss_auth->rpc_auth;
  1115. }
  1116. static struct gss_cred *
  1117. gss_dup_cred(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
  1118. {
  1119. struct gss_cred *new;
  1120. /* Make a copy of the cred so that we can reference count it */
  1121. new = kzalloc_obj(*gss_cred);
  1122. if (new) {
  1123. struct auth_cred acred = {
  1124. .cred = gss_cred->gc_base.cr_cred,
  1125. };
  1126. struct gss_cl_ctx *ctx =
  1127. rcu_dereference_protected(gss_cred->gc_ctx, 1);
  1128. rpcauth_init_cred(&new->gc_base, &acred,
  1129. &gss_auth->rpc_auth,
  1130. &gss_nullops);
  1131. new->gc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;
  1132. new->gc_service = gss_cred->gc_service;
  1133. new->gc_principal = gss_cred->gc_principal;
  1134. kref_get(&gss_auth->kref);
  1135. rcu_assign_pointer(new->gc_ctx, ctx);
  1136. gss_get_ctx(ctx);
  1137. }
  1138. return new;
  1139. }
  1140. /*
  1141. * gss_send_destroy_context will cause the RPCSEC_GSS to send a NULL RPC call
  1142. * to the server with the GSS control procedure field set to
  1143. * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
  1144. * all RPCSEC_GSS state associated with that context.
  1145. */
  1146. static void
  1147. gss_send_destroy_context(struct rpc_cred *cred)
  1148. {
  1149. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  1150. struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
  1151. struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
  1152. struct gss_cred *new;
  1153. struct rpc_task *task;
  1154. new = gss_dup_cred(gss_auth, gss_cred);
  1155. if (new) {
  1156. ctx->gc_proc = RPC_GSS_PROC_DESTROY;
  1157. trace_rpcgss_ctx_destroy(gss_cred);
  1158. task = rpc_call_null(gss_auth->client, &new->gc_base,
  1159. RPC_TASK_ASYNC);
  1160. if (!IS_ERR(task))
  1161. rpc_put_task(task);
  1162. put_rpccred(&new->gc_base);
  1163. }
  1164. }
  1165. /* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
  1166. * to create a new cred or context, so they check that things have been
  1167. * allocated before freeing them. */
  1168. static void
  1169. gss_do_free_ctx(struct gss_cl_ctx *ctx)
  1170. {
  1171. gss_delete_sec_context(&ctx->gc_gss_ctx);
  1172. kfree(ctx->gc_wire_ctx.data);
  1173. kfree(ctx->gc_acceptor.data);
  1174. kfree(ctx);
  1175. }
  1176. static void
  1177. gss_free_ctx_callback(struct rcu_head *head)
  1178. {
  1179. struct gss_cl_ctx *ctx = container_of(head, struct gss_cl_ctx, gc_rcu);
  1180. gss_do_free_ctx(ctx);
  1181. }
  1182. static void
  1183. gss_free_ctx(struct gss_cl_ctx *ctx)
  1184. {
  1185. call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
  1186. }
  1187. static void
  1188. gss_free_cred(struct gss_cred *gss_cred)
  1189. {
  1190. kfree(gss_cred);
  1191. }
  1192. static void
  1193. gss_free_cred_callback(struct rcu_head *head)
  1194. {
  1195. struct gss_cred *gss_cred = container_of(head, struct gss_cred, gc_base.cr_rcu);
  1196. gss_free_cred(gss_cred);
  1197. }
  1198. static void
  1199. gss_destroy_nullcred(struct rpc_cred *cred)
  1200. {
  1201. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  1202. struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
  1203. struct gss_cl_ctx *ctx = rcu_dereference_protected(gss_cred->gc_ctx, 1);
  1204. RCU_INIT_POINTER(gss_cred->gc_ctx, NULL);
  1205. put_cred(cred->cr_cred);
  1206. call_rcu(&cred->cr_rcu, gss_free_cred_callback);
  1207. if (ctx)
  1208. gss_put_ctx(ctx);
  1209. gss_put_auth(gss_auth);
  1210. }
  1211. static void
  1212. gss_destroy_cred(struct rpc_cred *cred)
  1213. {
  1214. if (test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0)
  1215. gss_send_destroy_context(cred);
  1216. gss_destroy_nullcred(cred);
  1217. }
  1218. static int
  1219. gss_hash_cred(struct auth_cred *acred, unsigned int hashbits)
  1220. {
  1221. return hash_64(from_kuid(&init_user_ns, acred->cred->fsuid), hashbits);
  1222. }
  1223. /*
  1224. * Lookup RPCSEC_GSS cred for the current process
  1225. */
  1226. static struct rpc_cred *gss_lookup_cred(struct rpc_auth *auth,
  1227. struct auth_cred *acred, int flags)
  1228. {
  1229. return rpcauth_lookup_credcache(auth, acred, flags,
  1230. rpc_task_gfp_mask());
  1231. }
  1232. static struct rpc_cred *
  1233. gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags, gfp_t gfp)
  1234. {
  1235. struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
  1236. struct gss_cred *cred = NULL;
  1237. int err = -ENOMEM;
  1238. if (!(cred = kzalloc_obj(*cred, gfp)))
  1239. goto out_err;
  1240. rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
  1241. /*
  1242. * Note: in order to force a call to call_refresh(), we deliberately
  1243. * fail to flag the credential as RPCAUTH_CRED_UPTODATE.
  1244. */
  1245. cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
  1246. cred->gc_service = gss_auth->service;
  1247. cred->gc_principal = acred->principal;
  1248. kref_get(&gss_auth->kref);
  1249. return &cred->gc_base;
  1250. out_err:
  1251. return ERR_PTR(err);
  1252. }
  1253. static int
  1254. gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred)
  1255. {
  1256. struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
  1257. struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base);
  1258. int err;
  1259. do {
  1260. err = gss_create_upcall(gss_auth, gss_cred);
  1261. } while (err == -EAGAIN);
  1262. return err;
  1263. }
  1264. static char *
  1265. gss_stringify_acceptor(struct rpc_cred *cred)
  1266. {
  1267. char *string = NULL;
  1268. struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
  1269. struct gss_cl_ctx *ctx;
  1270. unsigned int len;
  1271. struct xdr_netobj *acceptor;
  1272. rcu_read_lock();
  1273. ctx = rcu_dereference(gss_cred->gc_ctx);
  1274. if (!ctx)
  1275. goto out;
  1276. len = ctx->gc_acceptor.len;
  1277. rcu_read_unlock();
  1278. /* no point if there's no string */
  1279. if (!len)
  1280. return NULL;
  1281. realloc:
  1282. string = kmalloc(len + 1, GFP_KERNEL);
  1283. if (!string)
  1284. return NULL;
  1285. rcu_read_lock();
  1286. ctx = rcu_dereference(gss_cred->gc_ctx);
  1287. /* did the ctx disappear or was it replaced by one with no acceptor? */
  1288. if (!ctx || !ctx->gc_acceptor.len) {
  1289. kfree(string);
  1290. string = NULL;
  1291. goto out;
  1292. }
  1293. acceptor = &ctx->gc_acceptor;
  1294. /*
  1295. * Did we find a new acceptor that's longer than the original? Allocate
  1296. * a longer buffer and try again.
  1297. */
  1298. if (len < acceptor->len) {
  1299. len = acceptor->len;
  1300. rcu_read_unlock();
  1301. kfree(string);
  1302. goto realloc;
  1303. }
  1304. memcpy(string, acceptor->data, acceptor->len);
  1305. string[acceptor->len] = '\0';
  1306. out:
  1307. rcu_read_unlock();
  1308. return string;
  1309. }
  1310. /*
  1311. * Returns -EACCES if GSS context is NULL or will expire within the
  1312. * timeout (miliseconds)
  1313. */
  1314. static int
  1315. gss_key_timeout(struct rpc_cred *rc)
  1316. {
  1317. struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
  1318. struct gss_cl_ctx *ctx;
  1319. unsigned long timeout = jiffies + (gss_key_expire_timeo * HZ);
  1320. int ret = 0;
  1321. rcu_read_lock();
  1322. ctx = rcu_dereference(gss_cred->gc_ctx);
  1323. if (!ctx || time_after(timeout, ctx->gc_expiry))
  1324. ret = -EACCES;
  1325. rcu_read_unlock();
  1326. return ret;
  1327. }
  1328. static int
  1329. gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
  1330. {
  1331. struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
  1332. struct gss_cl_ctx *ctx;
  1333. int ret;
  1334. if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
  1335. goto out;
  1336. /* Don't match with creds that have expired. */
  1337. rcu_read_lock();
  1338. ctx = rcu_dereference(gss_cred->gc_ctx);
  1339. if (!ctx || time_after(jiffies, ctx->gc_expiry)) {
  1340. rcu_read_unlock();
  1341. return 0;
  1342. }
  1343. rcu_read_unlock();
  1344. if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
  1345. return 0;
  1346. out:
  1347. if (acred->principal != NULL) {
  1348. if (gss_cred->gc_principal == NULL)
  1349. return 0;
  1350. ret = strcmp(acred->principal, gss_cred->gc_principal) == 0;
  1351. } else {
  1352. if (gss_cred->gc_principal != NULL)
  1353. return 0;
  1354. ret = uid_eq(rc->cr_cred->fsuid, acred->cred->fsuid);
  1355. }
  1356. return ret;
  1357. }
  1358. /*
  1359. * Marshal credentials.
  1360. *
  1361. * The expensive part is computing the verifier. We can't cache a
  1362. * pre-computed version of the verifier because the seqno, which
  1363. * is different every time, is included in the MIC.
  1364. */
  1365. static int gss_marshal(struct rpc_task *task, struct xdr_stream *xdr)
  1366. {
  1367. struct rpc_rqst *req = task->tk_rqstp;
  1368. struct rpc_cred *cred = req->rq_cred;
  1369. struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
  1370. gc_base);
  1371. struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
  1372. __be32 *p, *cred_len;
  1373. u32 maj_stat = 0;
  1374. struct xdr_netobj mic;
  1375. struct kvec iov;
  1376. struct xdr_buf verf_buf;
  1377. int status;
  1378. u32 seqno;
  1379. /* Credential */
  1380. p = xdr_reserve_space(xdr, 7 * sizeof(*p) +
  1381. ctx->gc_wire_ctx.len);
  1382. if (!p)
  1383. goto marshal_failed;
  1384. *p++ = rpc_auth_gss;
  1385. cred_len = p++;
  1386. spin_lock(&ctx->gc_seq_lock);
  1387. seqno = (ctx->gc_seq < MAXSEQ) ? ctx->gc_seq++ : MAXSEQ;
  1388. xprt_rqst_add_seqno(req, seqno);
  1389. spin_unlock(&ctx->gc_seq_lock);
  1390. if (*req->rq_seqnos == MAXSEQ)
  1391. goto expired;
  1392. trace_rpcgss_seqno(task);
  1393. *p++ = cpu_to_be32(RPC_GSS_VERSION);
  1394. *p++ = cpu_to_be32(ctx->gc_proc);
  1395. *p++ = cpu_to_be32(*req->rq_seqnos);
  1396. *p++ = cpu_to_be32(gss_cred->gc_service);
  1397. p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
  1398. *cred_len = cpu_to_be32((p - (cred_len + 1)) << 2);
  1399. /* Verifier */
  1400. /* We compute the checksum for the verifier over the xdr-encoded bytes
  1401. * starting with the xid and ending at the end of the credential: */
  1402. iov.iov_base = req->rq_snd_buf.head[0].iov_base;
  1403. iov.iov_len = (u8 *)p - (u8 *)iov.iov_base;
  1404. xdr_buf_from_iov(&iov, &verf_buf);
  1405. p = xdr_reserve_space(xdr, sizeof(*p));
  1406. if (!p)
  1407. goto marshal_failed;
  1408. *p++ = rpc_auth_gss;
  1409. mic.data = (u8 *)(p + 1);
  1410. maj_stat = gss_get_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
  1411. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  1412. goto expired;
  1413. else if (maj_stat != 0)
  1414. goto bad_mic;
  1415. if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
  1416. goto marshal_failed;
  1417. status = 0;
  1418. out:
  1419. gss_put_ctx(ctx);
  1420. return status;
  1421. expired:
  1422. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  1423. status = -EKEYEXPIRED;
  1424. goto out;
  1425. marshal_failed:
  1426. status = -EMSGSIZE;
  1427. goto out;
  1428. bad_mic:
  1429. trace_rpcgss_get_mic(task, maj_stat);
  1430. status = -EIO;
  1431. goto out;
  1432. }
  1433. static int gss_renew_cred(struct rpc_task *task)
  1434. {
  1435. struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
  1436. struct gss_cred *gss_cred = container_of(oldcred,
  1437. struct gss_cred,
  1438. gc_base);
  1439. struct rpc_auth *auth = oldcred->cr_auth;
  1440. struct auth_cred acred = {
  1441. .cred = oldcred->cr_cred,
  1442. .principal = gss_cred->gc_principal,
  1443. };
  1444. struct rpc_cred *new;
  1445. new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
  1446. if (IS_ERR(new))
  1447. return PTR_ERR(new);
  1448. task->tk_rqstp->rq_cred = new;
  1449. put_rpccred(oldcred);
  1450. return 0;
  1451. }
  1452. static int gss_cred_is_negative_entry(struct rpc_cred *cred)
  1453. {
  1454. if (test_bit(RPCAUTH_CRED_NEGATIVE, &cred->cr_flags)) {
  1455. unsigned long now = jiffies;
  1456. unsigned long begin, expire;
  1457. struct gss_cred *gss_cred;
  1458. gss_cred = container_of(cred, struct gss_cred, gc_base);
  1459. begin = gss_cred->gc_upcall_timestamp;
  1460. expire = begin + gss_expired_cred_retry_delay * HZ;
  1461. if (time_in_range_open(now, begin, expire))
  1462. return 1;
  1463. }
  1464. return 0;
  1465. }
  1466. /*
  1467. * Refresh credentials. XXX - finish
  1468. */
  1469. static int
  1470. gss_refresh(struct rpc_task *task)
  1471. {
  1472. struct rpc_cred *cred = task->tk_rqstp->rq_cred;
  1473. int ret = 0;
  1474. if (gss_cred_is_negative_entry(cred))
  1475. return -EKEYEXPIRED;
  1476. if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
  1477. !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
  1478. ret = gss_renew_cred(task);
  1479. if (ret < 0)
  1480. goto out;
  1481. cred = task->tk_rqstp->rq_cred;
  1482. }
  1483. if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
  1484. ret = gss_refresh_upcall(task);
  1485. out:
  1486. return ret;
  1487. }
  1488. /* Dummy refresh routine: used only when destroying the context */
  1489. static int
  1490. gss_refresh_null(struct rpc_task *task)
  1491. {
  1492. return 0;
  1493. }
  1494. static u32
  1495. gss_validate_seqno_mic(struct gss_cl_ctx *ctx, u32 seqno, __be32 *seq, __be32 *p, u32 len)
  1496. {
  1497. struct kvec iov;
  1498. struct xdr_buf verf_buf;
  1499. struct xdr_netobj mic;
  1500. *seq = cpu_to_be32(seqno);
  1501. iov.iov_base = seq;
  1502. iov.iov_len = 4;
  1503. xdr_buf_from_iov(&iov, &verf_buf);
  1504. mic.data = (u8 *)p;
  1505. mic.len = len;
  1506. return gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
  1507. }
  1508. static int
  1509. gss_validate(struct rpc_task *task, struct xdr_stream *xdr)
  1510. {
  1511. struct rpc_cred *cred = task->tk_rqstp->rq_cred;
  1512. struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
  1513. __be32 *p, *seq = NULL;
  1514. u32 len, maj_stat;
  1515. int status;
  1516. int i = 1; /* don't recheck the first item */
  1517. p = xdr_inline_decode(xdr, 2 * sizeof(*p));
  1518. if (!p)
  1519. goto validate_failed;
  1520. if (*p++ != rpc_auth_gss)
  1521. goto validate_failed;
  1522. len = be32_to_cpup(p);
  1523. if (len > RPC_MAX_AUTH_SIZE)
  1524. goto validate_failed;
  1525. p = xdr_inline_decode(xdr, len);
  1526. if (!p)
  1527. goto validate_failed;
  1528. seq = kmalloc(4, GFP_KERNEL);
  1529. if (!seq)
  1530. goto validate_failed;
  1531. maj_stat = gss_validate_seqno_mic(ctx, task->tk_rqstp->rq_seqnos[0], seq, p, len);
  1532. /* RFC 2203 5.3.3.1 - compute the checksum of each sequence number in the cache */
  1533. while (unlikely(maj_stat == GSS_S_BAD_SIG && i < task->tk_rqstp->rq_seqno_count))
  1534. maj_stat = gss_validate_seqno_mic(ctx, task->tk_rqstp->rq_seqnos[i++], seq, p, len);
  1535. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  1536. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  1537. if (maj_stat)
  1538. goto bad_mic;
  1539. /* We leave it to unwrap to calculate au_rslack. For now we just
  1540. * calculate the length of the verifier: */
  1541. if (test_bit(RPCAUTH_AUTH_UPDATE_SLACK, &cred->cr_auth->au_flags))
  1542. cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
  1543. status = 0;
  1544. out:
  1545. gss_put_ctx(ctx);
  1546. kfree(seq);
  1547. return status;
  1548. validate_failed:
  1549. status = -EIO;
  1550. goto out;
  1551. bad_mic:
  1552. trace_rpcgss_verify_mic(task, maj_stat);
  1553. status = -EACCES;
  1554. goto out;
  1555. }
  1556. static noinline_for_stack int
  1557. gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
  1558. struct rpc_task *task, struct xdr_stream *xdr)
  1559. {
  1560. struct rpc_rqst *rqstp = task->tk_rqstp;
  1561. struct xdr_buf integ_buf, *snd_buf = &rqstp->rq_snd_buf;
  1562. struct xdr_netobj mic;
  1563. __be32 *p, *integ_len;
  1564. u32 offset, maj_stat;
  1565. p = xdr_reserve_space(xdr, 2 * sizeof(*p));
  1566. if (!p)
  1567. goto wrap_failed;
  1568. integ_len = p++;
  1569. *p = cpu_to_be32(*rqstp->rq_seqnos);
  1570. if (rpcauth_wrap_req_encode(task, xdr))
  1571. goto wrap_failed;
  1572. offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
  1573. if (xdr_buf_subsegment(snd_buf, &integ_buf,
  1574. offset, snd_buf->len - offset))
  1575. goto wrap_failed;
  1576. *integ_len = cpu_to_be32(integ_buf.len);
  1577. p = xdr_reserve_space(xdr, 0);
  1578. if (!p)
  1579. goto wrap_failed;
  1580. mic.data = (u8 *)(p + 1);
  1581. maj_stat = gss_get_mic(ctx->gc_gss_ctx, &integ_buf, &mic);
  1582. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  1583. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  1584. else if (maj_stat)
  1585. goto bad_mic;
  1586. /* Check that the trailing MIC fit in the buffer, after the fact */
  1587. if (xdr_stream_encode_opaque_inline(xdr, (void **)&p, mic.len) < 0)
  1588. goto wrap_failed;
  1589. return 0;
  1590. wrap_failed:
  1591. return -EMSGSIZE;
  1592. bad_mic:
  1593. trace_rpcgss_get_mic(task, maj_stat);
  1594. return -EIO;
  1595. }
  1596. static void
  1597. priv_release_snd_buf(struct rpc_rqst *rqstp)
  1598. {
  1599. int i;
  1600. for (i=0; i < rqstp->rq_enc_pages_num; i++)
  1601. __free_page(rqstp->rq_enc_pages[i]);
  1602. kfree(rqstp->rq_enc_pages);
  1603. rqstp->rq_release_snd_buf = NULL;
  1604. }
  1605. static int
  1606. alloc_enc_pages(struct rpc_rqst *rqstp)
  1607. {
  1608. struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
  1609. int first, last, i;
  1610. if (rqstp->rq_release_snd_buf)
  1611. rqstp->rq_release_snd_buf(rqstp);
  1612. if (snd_buf->page_len == 0) {
  1613. rqstp->rq_enc_pages_num = 0;
  1614. return 0;
  1615. }
  1616. first = snd_buf->page_base >> PAGE_SHIFT;
  1617. last = (snd_buf->page_base + snd_buf->page_len - 1) >> PAGE_SHIFT;
  1618. rqstp->rq_enc_pages_num = last - first + 1 + 1;
  1619. rqstp->rq_enc_pages
  1620. = kmalloc_objs(struct page *, rqstp->rq_enc_pages_num);
  1621. if (!rqstp->rq_enc_pages)
  1622. goto out;
  1623. for (i=0; i < rqstp->rq_enc_pages_num; i++) {
  1624. rqstp->rq_enc_pages[i] = alloc_page(GFP_KERNEL);
  1625. if (rqstp->rq_enc_pages[i] == NULL)
  1626. goto out_free;
  1627. }
  1628. rqstp->rq_release_snd_buf = priv_release_snd_buf;
  1629. return 0;
  1630. out_free:
  1631. rqstp->rq_enc_pages_num = i;
  1632. priv_release_snd_buf(rqstp);
  1633. out:
  1634. return -EAGAIN;
  1635. }
  1636. static noinline_for_stack int
  1637. gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
  1638. struct rpc_task *task, struct xdr_stream *xdr)
  1639. {
  1640. struct rpc_rqst *rqstp = task->tk_rqstp;
  1641. struct xdr_buf *snd_buf = &rqstp->rq_snd_buf;
  1642. u32 pad, offset, maj_stat;
  1643. int status;
  1644. __be32 *p, *opaque_len;
  1645. struct page **inpages;
  1646. int first;
  1647. struct kvec *iov;
  1648. status = -EIO;
  1649. p = xdr_reserve_space(xdr, 2 * sizeof(*p));
  1650. if (!p)
  1651. goto wrap_failed;
  1652. opaque_len = p++;
  1653. *p = cpu_to_be32(*rqstp->rq_seqnos);
  1654. if (rpcauth_wrap_req_encode(task, xdr))
  1655. goto wrap_failed;
  1656. status = alloc_enc_pages(rqstp);
  1657. if (unlikely(status))
  1658. goto wrap_failed;
  1659. first = snd_buf->page_base >> PAGE_SHIFT;
  1660. inpages = snd_buf->pages + first;
  1661. snd_buf->pages = rqstp->rq_enc_pages;
  1662. snd_buf->page_base -= first << PAGE_SHIFT;
  1663. /*
  1664. * Move the tail into its own page, in case gss_wrap needs
  1665. * more space in the head when wrapping.
  1666. *
  1667. * Still... Why can't gss_wrap just slide the tail down?
  1668. */
  1669. if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
  1670. char *tmp;
  1671. tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
  1672. memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
  1673. snd_buf->tail[0].iov_base = tmp;
  1674. }
  1675. offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
  1676. maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
  1677. /* slack space should prevent this ever happening: */
  1678. if (unlikely(snd_buf->len > snd_buf->buflen)) {
  1679. status = -EIO;
  1680. goto wrap_failed;
  1681. }
  1682. /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
  1683. * done anyway, so it's safe to put the request on the wire: */
  1684. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  1685. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  1686. else if (maj_stat)
  1687. goto bad_wrap;
  1688. *opaque_len = cpu_to_be32(snd_buf->len - offset);
  1689. /* guess whether the pad goes into the head or the tail: */
  1690. if (snd_buf->page_len || snd_buf->tail[0].iov_len)
  1691. iov = snd_buf->tail;
  1692. else
  1693. iov = snd_buf->head;
  1694. p = iov->iov_base + iov->iov_len;
  1695. pad = xdr_pad_size(snd_buf->len - offset);
  1696. memset(p, 0, pad);
  1697. iov->iov_len += pad;
  1698. snd_buf->len += pad;
  1699. return 0;
  1700. wrap_failed:
  1701. return status;
  1702. bad_wrap:
  1703. trace_rpcgss_wrap(task, maj_stat);
  1704. return -EIO;
  1705. }
  1706. static int gss_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
  1707. {
  1708. struct rpc_cred *cred = task->tk_rqstp->rq_cred;
  1709. struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
  1710. gc_base);
  1711. struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
  1712. int status;
  1713. status = -EIO;
  1714. if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
  1715. /* The spec seems a little ambiguous here, but I think that not
  1716. * wrapping context destruction requests makes the most sense.
  1717. */
  1718. status = rpcauth_wrap_req_encode(task, xdr);
  1719. goto out;
  1720. }
  1721. switch (gss_cred->gc_service) {
  1722. case RPC_GSS_SVC_NONE:
  1723. status = rpcauth_wrap_req_encode(task, xdr);
  1724. break;
  1725. case RPC_GSS_SVC_INTEGRITY:
  1726. status = gss_wrap_req_integ(cred, ctx, task, xdr);
  1727. break;
  1728. case RPC_GSS_SVC_PRIVACY:
  1729. status = gss_wrap_req_priv(cred, ctx, task, xdr);
  1730. break;
  1731. default:
  1732. status = -EIO;
  1733. }
  1734. out:
  1735. gss_put_ctx(ctx);
  1736. return status;
  1737. }
  1738. /**
  1739. * gss_update_rslack - Possibly update RPC receive buffer size estimates
  1740. * @task: rpc_task for incoming RPC Reply being unwrapped
  1741. * @cred: controlling rpc_cred for @task
  1742. * @before: XDR words needed before each RPC Reply message
  1743. * @after: XDR words needed following each RPC Reply message
  1744. *
  1745. */
  1746. static void gss_update_rslack(struct rpc_task *task, struct rpc_cred *cred,
  1747. unsigned int before, unsigned int after)
  1748. {
  1749. struct rpc_auth *auth = cred->cr_auth;
  1750. if (test_and_clear_bit(RPCAUTH_AUTH_UPDATE_SLACK, &auth->au_flags)) {
  1751. auth->au_ralign = auth->au_verfsize + before;
  1752. auth->au_rslack = auth->au_verfsize + after;
  1753. trace_rpcgss_update_slack(task, auth);
  1754. }
  1755. }
  1756. static int
  1757. gss_unwrap_resp_auth(struct rpc_task *task, struct rpc_cred *cred)
  1758. {
  1759. gss_update_rslack(task, cred, 0, 0);
  1760. return 0;
  1761. }
  1762. /*
  1763. * RFC 2203, Section 5.3.2.2
  1764. *
  1765. * struct rpc_gss_integ_data {
  1766. * opaque databody_integ<>;
  1767. * opaque checksum<>;
  1768. * };
  1769. *
  1770. * struct rpc_gss_data_t {
  1771. * unsigned int seq_num;
  1772. * proc_req_arg_t arg;
  1773. * };
  1774. */
  1775. static noinline_for_stack int
  1776. gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred,
  1777. struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
  1778. struct xdr_stream *xdr)
  1779. {
  1780. struct xdr_buf gss_data, *rcv_buf = &rqstp->rq_rcv_buf;
  1781. u32 len, offset, seqno, maj_stat;
  1782. struct xdr_netobj mic;
  1783. int ret;
  1784. ret = -EIO;
  1785. mic.data = NULL;
  1786. /* opaque databody_integ<>; */
  1787. if (xdr_stream_decode_u32(xdr, &len))
  1788. goto unwrap_failed;
  1789. if (len & 3)
  1790. goto unwrap_failed;
  1791. offset = rcv_buf->len - xdr_stream_remaining(xdr);
  1792. if (xdr_stream_decode_u32(xdr, &seqno))
  1793. goto unwrap_failed;
  1794. if (seqno != *rqstp->rq_seqnos)
  1795. goto bad_seqno;
  1796. if (xdr_buf_subsegment(rcv_buf, &gss_data, offset, len))
  1797. goto unwrap_failed;
  1798. /*
  1799. * The xdr_stream now points to the beginning of the
  1800. * upper layer payload, to be passed below to
  1801. * rpcauth_unwrap_resp_decode(). The checksum, which
  1802. * follows the upper layer payload in @rcv_buf, is
  1803. * located and parsed without updating the xdr_stream.
  1804. */
  1805. /* opaque checksum<>; */
  1806. offset += len;
  1807. if (xdr_decode_word(rcv_buf, offset, &len))
  1808. goto unwrap_failed;
  1809. offset += sizeof(__be32);
  1810. if (offset + len > rcv_buf->len)
  1811. goto unwrap_failed;
  1812. mic.len = len;
  1813. mic.data = kmalloc(len, GFP_KERNEL);
  1814. if (ZERO_OR_NULL_PTR(mic.data))
  1815. goto unwrap_failed;
  1816. if (read_bytes_from_xdr_buf(rcv_buf, offset, mic.data, mic.len))
  1817. goto unwrap_failed;
  1818. maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &gss_data, &mic);
  1819. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  1820. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  1821. if (maj_stat != GSS_S_COMPLETE)
  1822. goto bad_mic;
  1823. gss_update_rslack(task, cred, 2, 2 + 1 + XDR_QUADLEN(mic.len));
  1824. ret = 0;
  1825. out:
  1826. kfree(mic.data);
  1827. return ret;
  1828. unwrap_failed:
  1829. trace_rpcgss_unwrap_failed(task);
  1830. goto out;
  1831. bad_seqno:
  1832. trace_rpcgss_bad_seqno(task, *rqstp->rq_seqnos, seqno);
  1833. goto out;
  1834. bad_mic:
  1835. trace_rpcgss_verify_mic(task, maj_stat);
  1836. goto out;
  1837. }
  1838. static noinline_for_stack int
  1839. gss_unwrap_resp_priv(struct rpc_task *task, struct rpc_cred *cred,
  1840. struct gss_cl_ctx *ctx, struct rpc_rqst *rqstp,
  1841. struct xdr_stream *xdr)
  1842. {
  1843. struct xdr_buf *rcv_buf = &rqstp->rq_rcv_buf;
  1844. struct kvec *head = rqstp->rq_rcv_buf.head;
  1845. u32 offset, opaque_len, maj_stat;
  1846. __be32 *p;
  1847. p = xdr_inline_decode(xdr, 2 * sizeof(*p));
  1848. if (unlikely(!p))
  1849. goto unwrap_failed;
  1850. opaque_len = be32_to_cpup(p++);
  1851. offset = (u8 *)(p) - (u8 *)head->iov_base;
  1852. if (offset + opaque_len > rcv_buf->len)
  1853. goto unwrap_failed;
  1854. maj_stat = gss_unwrap(ctx->gc_gss_ctx, offset,
  1855. offset + opaque_len, rcv_buf);
  1856. if (maj_stat == GSS_S_CONTEXT_EXPIRED)
  1857. clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
  1858. if (maj_stat != GSS_S_COMPLETE)
  1859. goto bad_unwrap;
  1860. /* gss_unwrap decrypted the sequence number */
  1861. if (be32_to_cpup(p++) != *rqstp->rq_seqnos)
  1862. goto bad_seqno;
  1863. /* gss_unwrap redacts the opaque blob from the head iovec.
  1864. * rcv_buf has changed, thus the stream needs to be reset.
  1865. */
  1866. xdr_init_decode(xdr, rcv_buf, p, rqstp);
  1867. gss_update_rslack(task, cred, 2 + ctx->gc_gss_ctx->align,
  1868. 2 + ctx->gc_gss_ctx->slack);
  1869. return 0;
  1870. unwrap_failed:
  1871. trace_rpcgss_unwrap_failed(task);
  1872. return -EIO;
  1873. bad_seqno:
  1874. trace_rpcgss_bad_seqno(task, *rqstp->rq_seqnos, be32_to_cpup(--p));
  1875. return -EIO;
  1876. bad_unwrap:
  1877. trace_rpcgss_unwrap(task, maj_stat);
  1878. return -EIO;
  1879. }
  1880. static bool
  1881. gss_seq_is_newer(u32 new, u32 old)
  1882. {
  1883. return (s32)(new - old) > 0;
  1884. }
  1885. static bool
  1886. gss_xmit_need_reencode(struct rpc_task *task)
  1887. {
  1888. struct rpc_rqst *req = task->tk_rqstp;
  1889. struct rpc_cred *cred = req->rq_cred;
  1890. struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
  1891. u32 win, seq_xmit = 0;
  1892. bool ret = true;
  1893. if (!ctx)
  1894. goto out;
  1895. if (gss_seq_is_newer(*req->rq_seqnos, READ_ONCE(ctx->gc_seq)))
  1896. goto out_ctx;
  1897. seq_xmit = READ_ONCE(ctx->gc_seq_xmit);
  1898. while (gss_seq_is_newer(*req->rq_seqnos, seq_xmit)) {
  1899. u32 tmp = seq_xmit;
  1900. seq_xmit = cmpxchg(&ctx->gc_seq_xmit, tmp, *req->rq_seqnos);
  1901. if (seq_xmit == tmp) {
  1902. ret = false;
  1903. goto out_ctx;
  1904. }
  1905. }
  1906. win = ctx->gc_win;
  1907. if (win > 0)
  1908. ret = !gss_seq_is_newer(*req->rq_seqnos, seq_xmit - win);
  1909. out_ctx:
  1910. gss_put_ctx(ctx);
  1911. out:
  1912. trace_rpcgss_need_reencode(task, seq_xmit, ret);
  1913. return ret;
  1914. }
  1915. static int
  1916. gss_unwrap_resp(struct rpc_task *task, struct xdr_stream *xdr)
  1917. {
  1918. struct rpc_rqst *rqstp = task->tk_rqstp;
  1919. struct rpc_cred *cred = rqstp->rq_cred;
  1920. struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
  1921. gc_base);
  1922. struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
  1923. int status = -EIO;
  1924. if (ctx->gc_proc != RPC_GSS_PROC_DATA)
  1925. goto out_decode;
  1926. switch (gss_cred->gc_service) {
  1927. case RPC_GSS_SVC_NONE:
  1928. status = gss_unwrap_resp_auth(task, cred);
  1929. break;
  1930. case RPC_GSS_SVC_INTEGRITY:
  1931. status = gss_unwrap_resp_integ(task, cred, ctx, rqstp, xdr);
  1932. break;
  1933. case RPC_GSS_SVC_PRIVACY:
  1934. status = gss_unwrap_resp_priv(task, cred, ctx, rqstp, xdr);
  1935. break;
  1936. }
  1937. if (status)
  1938. goto out;
  1939. out_decode:
  1940. status = rpcauth_unwrap_resp_decode(task, xdr);
  1941. out:
  1942. gss_put_ctx(ctx);
  1943. return status;
  1944. }
  1945. static const struct rpc_authops authgss_ops = {
  1946. .owner = THIS_MODULE,
  1947. .au_flavor = RPC_AUTH_GSS,
  1948. .au_name = "RPCSEC_GSS",
  1949. .create = gss_create,
  1950. .destroy = gss_destroy,
  1951. .hash_cred = gss_hash_cred,
  1952. .lookup_cred = gss_lookup_cred,
  1953. .crcreate = gss_create_cred,
  1954. .info2flavor = gss_mech_info2flavor,
  1955. .flavor2info = gss_mech_flavor2info,
  1956. };
  1957. static const struct rpc_credops gss_credops = {
  1958. .cr_name = "AUTH_GSS",
  1959. .crdestroy = gss_destroy_cred,
  1960. .cr_init = gss_cred_init,
  1961. .crmatch = gss_match,
  1962. .crmarshal = gss_marshal,
  1963. .crrefresh = gss_refresh,
  1964. .crvalidate = gss_validate,
  1965. .crwrap_req = gss_wrap_req,
  1966. .crunwrap_resp = gss_unwrap_resp,
  1967. .crkey_timeout = gss_key_timeout,
  1968. .crstringify_acceptor = gss_stringify_acceptor,
  1969. .crneed_reencode = gss_xmit_need_reencode,
  1970. };
  1971. static const struct rpc_credops gss_nullops = {
  1972. .cr_name = "AUTH_GSS",
  1973. .crdestroy = gss_destroy_nullcred,
  1974. .crmatch = gss_match,
  1975. .crmarshal = gss_marshal,
  1976. .crrefresh = gss_refresh_null,
  1977. .crvalidate = gss_validate,
  1978. .crwrap_req = gss_wrap_req,
  1979. .crunwrap_resp = gss_unwrap_resp,
  1980. .crstringify_acceptor = gss_stringify_acceptor,
  1981. };
  1982. static const struct rpc_pipe_ops gss_upcall_ops_v0 = {
  1983. .upcall = gss_v0_upcall,
  1984. .downcall = gss_pipe_downcall,
  1985. .destroy_msg = gss_pipe_destroy_msg,
  1986. .open_pipe = gss_pipe_open_v0,
  1987. .release_pipe = gss_pipe_release,
  1988. };
  1989. static const struct rpc_pipe_ops gss_upcall_ops_v1 = {
  1990. .upcall = gss_v1_upcall,
  1991. .downcall = gss_pipe_downcall,
  1992. .destroy_msg = gss_pipe_destroy_msg,
  1993. .open_pipe = gss_pipe_open_v1,
  1994. .release_pipe = gss_pipe_release,
  1995. };
  1996. static __net_init int rpcsec_gss_init_net(struct net *net)
  1997. {
  1998. return gss_svc_init_net(net);
  1999. }
  2000. static __net_exit void rpcsec_gss_exit_net(struct net *net)
  2001. {
  2002. gss_svc_shutdown_net(net);
  2003. }
  2004. static struct pernet_operations rpcsec_gss_net_ops = {
  2005. .init = rpcsec_gss_init_net,
  2006. .exit = rpcsec_gss_exit_net,
  2007. };
  2008. /*
  2009. * Initialize RPCSEC_GSS module
  2010. */
  2011. static int __init init_rpcsec_gss(void)
  2012. {
  2013. int err = 0;
  2014. err = rpcauth_register(&authgss_ops);
  2015. if (err)
  2016. goto out;
  2017. err = gss_svc_init();
  2018. if (err)
  2019. goto out_unregister;
  2020. err = register_pernet_subsys(&rpcsec_gss_net_ops);
  2021. if (err)
  2022. goto out_svc_exit;
  2023. rpc_init_wait_queue(&pipe_version_rpc_waitqueue, "gss pipe version");
  2024. return 0;
  2025. out_svc_exit:
  2026. gss_svc_shutdown();
  2027. out_unregister:
  2028. rpcauth_unregister(&authgss_ops);
  2029. out:
  2030. return err;
  2031. }
  2032. static void __exit exit_rpcsec_gss(void)
  2033. {
  2034. unregister_pernet_subsys(&rpcsec_gss_net_ops);
  2035. gss_svc_shutdown();
  2036. rpcauth_unregister(&authgss_ops);
  2037. rcu_barrier(); /* Wait for completion of call_rcu()'s */
  2038. }
  2039. MODULE_ALIAS("rpc-auth-6");
  2040. MODULE_DESCRIPTION("Sun RPC Kerberos RPCSEC_GSS client authentication");
  2041. MODULE_LICENSE("GPL");
  2042. module_param_named(expired_cred_retry_delay,
  2043. gss_expired_cred_retry_delay,
  2044. uint, 0644);
  2045. MODULE_PARM_DESC(expired_cred_retry_delay, "Timeout (in seconds) until "
  2046. "the RPC engine retries an expired credential");
  2047. module_param_named(key_expire_timeo,
  2048. gss_key_expire_timeo,
  2049. uint, 0644);
  2050. MODULE_PARM_DESC(key_expire_timeo, "Time (in seconds) at the end of a "
  2051. "credential keys lifetime where the NFS layer cleans up "
  2052. "prior to key expiration");
  2053. module_init(init_rpcsec_gss)
  2054. module_exit(exit_rpcsec_gss)