xref: /linux/net/sunrpc/auth_gss/svcauth_gss.c

631 static bool gss_check_seq_num(const struct svc_rqst *rqstp, struct rsc *rsci,  in gss_check_seq_num()  argument
661 	trace_rpcgss_svc_seqno_low(rqstp, seq_num,  in gss_check_seq_num()
666 	trace_rpcgss_svc_seqno_seen(rqstp, seq_num);  in gss_check_seq_num()
715 gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci,  in gss_verify_header()  argument
722 	struct kvec		*argv = &rqstp->rq_arg.head[0];  in gss_verify_header()
730 	rqstp->rq_auth_stat = rpc_autherr_badverf;  in gss_verify_header()
739 	if (rqstp->rq_deferred) /* skip verification of revisited request */  in gss_verify_header()
742 		rqstp->rq_auth_stat = rpcsec_gsserr_credproblem;  in gss_verify_header()
747 		trace_rpcgss_svc_seqno_large(rqstp, gc->gc_seq);  in gss_verify_header()
748 		rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem;  in gss_verify_header()
751 	if (!gss_check_seq_num(rqstp, rsci, gc->gc_seq))  in gss_verify_header()
757 gss_write_null_verf(struct svc_rqst *rqstp)  in gss_write_null_verf()  argument
761 	svc_putnl(rqstp->rq_res.head, RPC_AUTH_NULL);  in gss_write_null_verf()
762 	p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;  in gss_write_null_verf()
765 	if (!xdr_ressize_check(rqstp, p))  in gss_write_null_verf()
771 gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq)  in gss_write_verf()  argument
781 	svc_putnl(rqstp->rq_res.head, RPC_AUTH_GSS);  in gss_write_verf()
790 	p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;  in gss_write_verf()
798 	if (!xdr_ressize_check(rqstp, p))  in gss_write_verf()
888 unwrap_integ_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)  in unwrap_integ_data()  argument
903 	clear_bit(RQ_SPLICE_OK, &rqstp->rq_flags);  in unwrap_integ_data()
906 	if (rqstp->rq_deferred)  in unwrap_integ_data()
941 	trace_rpcgss_svc_unwrap_failed(rqstp);  in unwrap_integ_data()
944 	trace_rpcgss_svc_seqno_bad(rqstp, seq, rseqno);  in unwrap_integ_data()
947 	trace_rpcgss_svc_mic(rqstp, maj_stat);  in unwrap_integ_data()
969 unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)  in unwrap_priv_data()  argument
975 	clear_bit(RQ_SPLICE_OK, &rqstp->rq_flags);  in unwrap_priv_data()
978 	if (rqstp->rq_deferred) {  in unwrap_priv_data()
1016 	trace_rpcgss_svc_unwrap_failed(rqstp);  in unwrap_priv_data()
1019 	trace_rpcgss_svc_seqno_bad(rqstp, seq, rseqno);  in unwrap_priv_data()
1022 	trace_rpcgss_svc_unwrap(rqstp, maj_stat);  in unwrap_priv_data()
1036 svcauth_gss_set_client(struct svc_rqst *rqstp)  in svcauth_gss_set_client()  argument
1038 	struct gss_svc_data *svcdata = rqstp->rq_auth_data;  in svcauth_gss_set_client()
1043 	rqstp->rq_auth_stat = rpc_autherr_badcred;  in svcauth_gss_set_client()
1054 	rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);  in svcauth_gss_set_client()
1055 	if (rqstp->rq_gssclient == NULL)  in svcauth_gss_set_client()
1057 	stat = svcauth_unix_set_client(rqstp);  in svcauth_gss_set_client()
1061 	rqstp->rq_auth_stat = rpc_auth_ok;  in svcauth_gss_set_client()
1066 gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp,  in gss_write_init_verf()  argument
1073 		return gss_write_null_verf(rqstp);  in gss_write_init_verf()
1077 		return gss_write_null_verf(rqstp);  in gss_write_init_verf()
1079 	rc = gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN);  in gss_write_init_verf()
1150 static int gss_read_proxy_verf(struct svc_rqst *rqstp,  in gss_read_proxy_verf()  argument
1155 	struct kvec *argv = &rqstp->rq_arg.head[0];  in gss_read_proxy_verf()
1160 	res = gss_read_common_verf(gc, argv, &rqstp->rq_auth_stat, in_handle);  in gss_read_proxy_verf()
1165 	if (inlen > (argv->iov_len + rqstp->rq_arg.page_len))  in gss_read_proxy_verf()
1187 	from_offs = rqstp->rq_arg.page_base;  in gss_read_proxy_verf()
1198 		       page_address(rqstp->rq_arg.pages[pgfrom]) + pgfrom_offs,  in gss_read_proxy_verf()
1235 static int svcauth_gss_legacy_init(struct svc_rqst *rqstp,  in svcauth_gss_legacy_init()  argument
1238 	struct kvec *argv = &rqstp->rq_arg.head[0];  in svcauth_gss_legacy_init()
1239 	struct kvec *resv = &rqstp->rq_res.head[0];  in svcauth_gss_legacy_init()
1242 	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);  in svcauth_gss_legacy_init()
1245 	ret = gss_read_verf(gc, argv, &rqstp->rq_auth_stat,  in svcauth_gss_legacy_init()
1255 	if (cache_check(sn->rsi_cache, &rsip->h, &rqstp->rq_chandle) < 0)  in svcauth_gss_legacy_init()
1261 	if (gss_write_init_verf(sn->rsc_cache, rqstp,  in svcauth_gss_legacy_init()
1347 static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,  in svcauth_gss_proxy_init()  argument
1350 	struct kvec *resv = &rqstp->rq_res.head[0];  in svcauth_gss_proxy_init()
1356 	struct net *net = SVC_NET(rqstp);  in svcauth_gss_proxy_init()
1360 	ret = gss_read_proxy_verf(rqstp, gc, &ud.in_handle, &ud.in_token);  in svcauth_gss_proxy_init()
1371 	trace_rpcgss_svc_accept_upcall(rqstp, ud.major_status, ud.minor_status);  in svcauth_gss_proxy_init()
1389 	if (gss_write_init_verf(sn->rsc_cache, rqstp,  in svcauth_gss_proxy_init()
1533 svcauth_gss_accept(struct svc_rqst *rqstp)  in svcauth_gss_accept()  argument
1535 	struct kvec	*argv = &rqstp->rq_arg.head[0];  in svcauth_gss_accept()
1536 	struct kvec	*resv = &rqstp->rq_res.head[0];  in svcauth_gss_accept()
1538 	struct gss_svc_data *svcdata = rqstp->rq_auth_data;  in svcauth_gss_accept()
1544 	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);  in svcauth_gss_accept()
1546 	rqstp->rq_auth_stat = rpc_autherr_badcred;  in svcauth_gss_accept()
1551 	rqstp->rq_auth_data = svcdata;  in svcauth_gss_accept()
1580 	if ((gc->gc_proc != RPC_GSS_PROC_DATA) && (rqstp->rq_proc != 0))  in svcauth_gss_accept()
1583 	rqstp->rq_auth_stat = rpc_autherr_badverf;  in svcauth_gss_accept()
1587 		if (use_gss_proxy(SVC_NET(rqstp)))  in svcauth_gss_accept()
1588 			return svcauth_gss_proxy_init(rqstp, gc);  in svcauth_gss_accept()
1590 			return svcauth_gss_legacy_init(rqstp, gc);  in svcauth_gss_accept()
1594 		rqstp->rq_auth_stat = rpcsec_gsserr_credproblem;  in svcauth_gss_accept()
1598 		switch (gss_verify_header(rqstp, rsci, rpcstart, gc)) {  in svcauth_gss_accept()
1608 		rqstp->rq_auth_stat = rpc_autherr_rejectedcred;  in svcauth_gss_accept()
1615 		if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))  in svcauth_gss_accept()
1624 		rqstp->rq_auth_stat = rpcsec_gsserr_ctxproblem;  in svcauth_gss_accept()
1626 		if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))  in svcauth_gss_accept()
1628 		rqstp->rq_cred = rsci->cred;  in svcauth_gss_accept()
1630 		rqstp->rq_auth_stat = rpc_autherr_badcred;  in svcauth_gss_accept()
1638 			if (unwrap_integ_data(rqstp, &rqstp->rq_arg,  in svcauth_gss_accept()
1641 			rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE;  in svcauth_gss_accept()
1647 			if (unwrap_priv_data(rqstp, &rqstp->rq_arg,  in svcauth_gss_accept()
1650 			rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE * 2;  in svcauth_gss_accept()
1657 		rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor(  in svcauth_gss_accept()
1662 		trace_rpcgss_svc_authenticate(rqstp, gc);  in svcauth_gss_accept()
1670 	xdr_ressize_check(rqstp, reject_stat);  in svcauth_gss_accept()
1712 svcauth_gss_wrap_resp_integ(struct svc_rqst *rqstp)  in svcauth_gss_wrap_resp_integ()  argument
1714 	struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;  in svcauth_gss_wrap_resp_integ()
1716 	struct xdr_buf *resbuf = &rqstp->rq_res;  in svcauth_gss_wrap_resp_integ()
1763 svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp)  in svcauth_gss_wrap_resp_priv()  argument
1765 	struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;  in svcauth_gss_wrap_resp_priv()
1767 	struct xdr_buf *resbuf = &rqstp->rq_res;  in svcauth_gss_wrap_resp_priv()
1830 svcauth_gss_release(struct svc_rqst *rqstp)  in svcauth_gss_release()  argument
1832 	struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;  in svcauth_gss_release()
1834 	struct xdr_buf *resbuf = &rqstp->rq_res;  in svcauth_gss_release()
1836 	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);  in svcauth_gss_release()
1854 		stat = svcauth_gss_wrap_resp_integ(rqstp);  in svcauth_gss_release()
1859 		stat = svcauth_gss_wrap_resp_priv(rqstp);  in svcauth_gss_release()
1872 	if (rqstp->rq_client)  in svcauth_gss_release()
1873 		auth_domain_put(rqstp->rq_client);  in svcauth_gss_release()
1874 	rqstp->rq_client = NULL;  in svcauth_gss_release()
1875 	if (rqstp->rq_gssclient)  in svcauth_gss_release()
1876 		auth_domain_put(rqstp->rq_gssclient);  in svcauth_gss_release()
1877 	rqstp->rq_gssclient = NULL;  in svcauth_gss_release()
1878 	if (rqstp->rq_cred.cr_group_info)  in svcauth_gss_release()
1879 		put_group_info(rqstp->rq_cred.cr_group_info);  in svcauth_gss_release()
1880 	rqstp->rq_cred.cr_group_info = NULL;  in svcauth_gss_release()

Last Index update Sat Jun 03 09:59:21 CST 2023