2 * GSS Proxy upcall module
4 * Copyright (C) 2012 Simo Sorce <simo@redhat.com>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 #include <linux/sunrpc/svcauth.h>
22 #include "gss_rpc_xdr.h"
24 static bool gssx_check_pointer(struct xdr_stream *xdr)
28 p = xdr_reserve_space(xdr, 4);
29 if (unlikely(p == NULL))
34 static int gssx_enc_bool(struct xdr_stream *xdr, int v)
38 p = xdr_reserve_space(xdr, 4);
39 if (unlikely(p == NULL))
41 *p = v ? xdr_one : xdr_zero;
45 static int gssx_dec_bool(struct xdr_stream *xdr, u32 *v)
49 p = xdr_inline_decode(xdr, 4);
50 if (unlikely(p == NULL))
56 static int gssx_enc_buffer(struct xdr_stream *xdr,
61 p = xdr_reserve_space(xdr, sizeof(u32) + buf->len);
64 xdr_encode_opaque(p, buf->data, buf->len);
68 static int gssx_enc_in_token(struct xdr_stream *xdr,
69 struct gssp_in_token *in)
73 p = xdr_reserve_space(xdr, 4);
76 *p = cpu_to_be32(in->page_len);
78 /* all we need to do is to write pages */
79 xdr_write_pages(xdr, in->pages, in->page_base, in->page_len);
85 static int gssx_dec_buffer(struct xdr_stream *xdr,
91 p = xdr_inline_decode(xdr, 4);
92 if (unlikely(p == NULL))
95 length = be32_to_cpup(p);
96 p = xdr_inline_decode(xdr, length);
97 if (unlikely(p == NULL))
101 /* we intentionally are not interested in this buffer */
104 if (length > buf->len)
108 buf->data = kmemdup(p, length, GFP_KERNEL);
112 memcpy(buf->data, p, length);
118 static int gssx_enc_option(struct xdr_stream *xdr,
119 struct gssx_option *opt)
123 err = gssx_enc_buffer(xdr, &opt->option);
126 err = gssx_enc_buffer(xdr, &opt->value);
130 static int gssx_dec_option(struct xdr_stream *xdr,
131 struct gssx_option *opt)
135 err = gssx_dec_buffer(xdr, &opt->option);
138 err = gssx_dec_buffer(xdr, &opt->value);
142 static int dummy_enc_opt_array(struct xdr_stream *xdr,
143 struct gssx_option_array *oa)
150 p = xdr_reserve_space(xdr, 4);
158 static int dummy_dec_opt_array(struct xdr_stream *xdr,
159 struct gssx_option_array *oa)
161 struct gssx_option dummy;
165 p = xdr_inline_decode(xdr, 4);
166 if (unlikely(p == NULL))
168 count = be32_to_cpup(p++);
169 memset(&dummy, 0, sizeof(dummy));
170 for (i = 0; i < count; i++) {
171 gssx_dec_option(xdr, &dummy);
179 static int get_s32(void **p, void *max, s32 *res)
182 void *next = (void *)((char *)base + sizeof(s32));
183 if (unlikely(next > max || next < base))
185 memcpy(res, base, sizeof(s32));
190 static int gssx_dec_linux_creds(struct xdr_stream *xdr,
191 struct svc_cred *creds)
199 p = xdr_inline_decode(xdr, 4);
200 if (unlikely(p == NULL))
203 length = be32_to_cpup(p);
205 /* FIXME: we do not want to use the scratch buffer for this one
206 * may need to use functions that allows us to access an io vector
208 p = xdr_inline_decode(xdr, length);
209 if (unlikely(p == NULL))
216 err = get_s32(&q, end, &tmp);
219 creds->cr_uid = make_kuid(&init_user_ns, tmp);
222 err = get_s32(&q, end, &tmp);
225 creds->cr_gid = make_kgid(&init_user_ns, tmp);
227 /* number of additional gid's */
228 err = get_s32(&q, end, &tmp);
232 creds->cr_group_info = groups_alloc(N);
233 if (creds->cr_group_info == NULL)
237 for (i = 0; i < N; i++) {
239 err = get_s32(&q, end, &tmp);
241 goto out_free_groups;
243 kgid = make_kgid(&init_user_ns, tmp);
244 if (!gid_valid(kgid))
245 goto out_free_groups;
246 GROUP_AT(creds->cr_group_info, i) = kgid;
251 groups_free(creds->cr_group_info);
255 static int gssx_dec_option_array(struct xdr_stream *xdr,
256 struct gssx_option_array *oa)
258 struct svc_cred *creds;
263 p = xdr_inline_decode(xdr, 4);
264 if (unlikely(p == NULL))
266 count = be32_to_cpup(p++);
268 /* we recognize only 1 currently: CREDS_VALUE */
271 oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL);
275 creds = kmalloc(sizeof(struct svc_cred), GFP_KERNEL);
281 oa->data[0].option.data = CREDS_VALUE;
282 oa->data[0].option.len = sizeof(CREDS_VALUE);
283 oa->data[0].value.data = (void *)creds;
284 oa->data[0].value.len = 0;
286 for (i = 0; i < count; i++) {
287 gssx_buffer dummy = { 0, NULL };
291 p = xdr_inline_decode(xdr, 4);
292 if (unlikely(p == NULL))
295 length = be32_to_cpup(p);
296 p = xdr_inline_decode(xdr, length);
297 if (unlikely(p == NULL))
300 if (length == sizeof(CREDS_VALUE) &&
301 memcmp(p, CREDS_VALUE, sizeof(CREDS_VALUE)) == 0) {
302 /* We have creds here. parse them */
303 err = gssx_dec_linux_creds(xdr, creds);
306 oa->data[0].value.len = 1; /* presence */
308 /* consume uninteresting buffer */
309 err = gssx_dec_buffer(xdr, &dummy);
317 static int gssx_dec_status(struct xdr_stream *xdr,
318 struct gssx_status *status)
323 /* status->major_status */
324 p = xdr_inline_decode(xdr, 8);
325 if (unlikely(p == NULL))
327 p = xdr_decode_hyper(p, &status->major_status);
330 err = gssx_dec_buffer(xdr, &status->mech);
334 /* status->minor_status */
335 p = xdr_inline_decode(xdr, 8);
336 if (unlikely(p == NULL))
338 p = xdr_decode_hyper(p, &status->minor_status);
340 /* status->major_status_string */
341 err = gssx_dec_buffer(xdr, &status->major_status_string);
345 /* status->minor_status_string */
346 err = gssx_dec_buffer(xdr, &status->minor_status_string);
350 /* status->server_ctx */
351 err = gssx_dec_buffer(xdr, &status->server_ctx);
355 /* we assume we have no options for now, so simply consume them */
356 /* status->options */
357 err = dummy_dec_opt_array(xdr, &status->options);
362 static int gssx_enc_call_ctx(struct xdr_stream *xdr,
363 struct gssx_call_ctx *ctx)
365 struct gssx_option opt;
370 err = gssx_enc_buffer(xdr, &ctx->locale);
374 /* ctx->server_ctx */
375 err = gssx_enc_buffer(xdr, &ctx->server_ctx);
379 /* we always want to ask for lucid contexts */
381 p = xdr_reserve_space(xdr, 4);
384 /* we want a lucid_v1 context */
385 opt.option.data = LUCID_OPTION;
386 opt.option.len = sizeof(LUCID_OPTION);
387 opt.value.data = LUCID_VALUE;
388 opt.value.len = sizeof(LUCID_VALUE);
389 err = gssx_enc_option(xdr, &opt);
391 /* ..and user creds */
392 opt.option.data = CREDS_OPTION;
393 opt.option.len = sizeof(CREDS_OPTION);
394 opt.value.data = CREDS_VALUE;
395 opt.value.len = sizeof(CREDS_VALUE);
396 err = gssx_enc_option(xdr, &opt);
401 static int gssx_dec_name_attr(struct xdr_stream *xdr,
402 struct gssx_name_attr *attr)
407 err = gssx_dec_buffer(xdr, &attr->attr);
412 err = gssx_dec_buffer(xdr, &attr->value);
416 /* attr->extensions */
417 err = dummy_dec_opt_array(xdr, &attr->extensions);
422 static int dummy_enc_nameattr_array(struct xdr_stream *xdr,
423 struct gssx_name_attr_array *naa)
430 p = xdr_reserve_space(xdr, 4);
438 static int dummy_dec_nameattr_array(struct xdr_stream *xdr,
439 struct gssx_name_attr_array *naa)
441 struct gssx_name_attr dummy;
445 p = xdr_inline_decode(xdr, 4);
446 if (unlikely(p == NULL))
448 count = be32_to_cpup(p++);
449 for (i = 0; i < count; i++) {
450 gssx_dec_name_attr(xdr, &dummy);
458 static struct xdr_netobj zero_netobj = {};
460 static struct gssx_name_attr_array zero_name_attr_array = {};
462 static struct gssx_option_array zero_option_array = {};
464 static int gssx_enc_name(struct xdr_stream *xdr,
465 struct gssx_name *name)
469 /* name->display_name */
470 err = gssx_enc_buffer(xdr, &name->display_name);
474 /* name->name_type */
475 err = gssx_enc_buffer(xdr, &zero_netobj);
479 /* name->exported_name */
480 err = gssx_enc_buffer(xdr, &zero_netobj);
484 /* name->exported_composite_name */
485 err = gssx_enc_buffer(xdr, &zero_netobj);
489 /* leave name_attributes empty for now, will add once we have any
490 * to pass up at all */
491 /* name->name_attributes */
492 err = dummy_enc_nameattr_array(xdr, &zero_name_attr_array);
496 /* leave options empty for now, will add once we have any options
497 * to pass up at all */
498 /* name->extensions */
499 err = dummy_enc_opt_array(xdr, &zero_option_array);
504 static int gssx_dec_name(struct xdr_stream *xdr,
505 struct gssx_name *name)
507 struct xdr_netobj dummy_netobj;
508 struct gssx_name_attr_array dummy_name_attr_array;
509 struct gssx_option_array dummy_option_array;
512 /* name->display_name */
513 err = gssx_dec_buffer(xdr, &name->display_name);
517 /* name->name_type */
518 err = gssx_dec_buffer(xdr, &dummy_netobj);
522 /* name->exported_name */
523 err = gssx_dec_buffer(xdr, &dummy_netobj);
527 /* name->exported_composite_name */
528 err = gssx_dec_buffer(xdr, &dummy_netobj);
532 /* we assume we have no attributes for now, so simply consume them */
533 /* name->name_attributes */
534 err = dummy_dec_nameattr_array(xdr, &dummy_name_attr_array);
538 /* we assume we have no options for now, so simply consume them */
539 /* name->extensions */
540 err = dummy_dec_opt_array(xdr, &dummy_option_array);
545 static int dummy_enc_credel_array(struct xdr_stream *xdr,
546 struct gssx_cred_element_array *cea)
553 p = xdr_reserve_space(xdr, 4);
561 static int gssx_enc_cred(struct xdr_stream *xdr,
562 struct gssx_cred *cred)
566 /* cred->desired_name */
567 err = gssx_enc_name(xdr, &cred->desired_name);
572 err = dummy_enc_credel_array(xdr, &cred->elements);
574 /* cred->cred_handle_reference */
575 err = gssx_enc_buffer(xdr, &cred->cred_handle_reference);
579 /* cred->needs_release */
580 err = gssx_enc_bool(xdr, cred->needs_release);
585 static int gssx_enc_ctx(struct xdr_stream *xdr,
586 struct gssx_ctx *ctx)
591 /* ctx->exported_context_token */
592 err = gssx_enc_buffer(xdr, &ctx->exported_context_token);
597 err = gssx_enc_buffer(xdr, &ctx->state);
601 /* ctx->need_release */
602 err = gssx_enc_bool(xdr, ctx->need_release);
607 err = gssx_enc_buffer(xdr, &ctx->mech);
612 err = gssx_enc_name(xdr, &ctx->src_name);
617 err = gssx_enc_name(xdr, &ctx->targ_name);
622 p = xdr_reserve_space(xdr, 8+8);
625 p = xdr_encode_hyper(p, ctx->lifetime);
628 p = xdr_encode_hyper(p, ctx->ctx_flags);
630 /* ctx->locally_initiated */
631 err = gssx_enc_bool(xdr, ctx->locally_initiated);
636 err = gssx_enc_bool(xdr, ctx->open);
640 /* leave options empty for now, will add once we have any options
641 * to pass up at all */
643 err = dummy_enc_opt_array(xdr, &ctx->options);
648 static int gssx_dec_ctx(struct xdr_stream *xdr,
649 struct gssx_ctx *ctx)
654 /* ctx->exported_context_token */
655 err = gssx_dec_buffer(xdr, &ctx->exported_context_token);
660 err = gssx_dec_buffer(xdr, &ctx->state);
664 /* ctx->need_release */
665 err = gssx_dec_bool(xdr, &ctx->need_release);
670 err = gssx_dec_buffer(xdr, &ctx->mech);
675 err = gssx_dec_name(xdr, &ctx->src_name);
680 err = gssx_dec_name(xdr, &ctx->targ_name);
685 p = xdr_inline_decode(xdr, 8+8);
686 if (unlikely(p == NULL))
688 p = xdr_decode_hyper(p, &ctx->lifetime);
691 p = xdr_decode_hyper(p, &ctx->ctx_flags);
693 /* ctx->locally_initiated */
694 err = gssx_dec_bool(xdr, &ctx->locally_initiated);
699 err = gssx_dec_bool(xdr, &ctx->open);
703 /* we assume we have no options for now, so simply consume them */
705 err = dummy_dec_opt_array(xdr, &ctx->options);
710 static int gssx_enc_cb(struct xdr_stream *xdr, struct gssx_cb *cb)
715 /* cb->initiator_addrtype */
716 p = xdr_reserve_space(xdr, 8);
719 p = xdr_encode_hyper(p, cb->initiator_addrtype);
721 /* cb->initiator_address */
722 err = gssx_enc_buffer(xdr, &cb->initiator_address);
726 /* cb->acceptor_addrtype */
727 p = xdr_reserve_space(xdr, 8);
730 p = xdr_encode_hyper(p, cb->acceptor_addrtype);
732 /* cb->acceptor_address */
733 err = gssx_enc_buffer(xdr, &cb->acceptor_address);
737 /* cb->application_data */
738 err = gssx_enc_buffer(xdr, &cb->application_data);
743 void gssx_enc_accept_sec_context(struct rpc_rqst *req,
744 struct xdr_stream *xdr,
745 struct gssx_arg_accept_sec_context *arg)
749 err = gssx_enc_call_ctx(xdr, &arg->call_ctx);
753 /* arg->context_handle */
754 if (arg->context_handle) {
755 err = gssx_enc_ctx(xdr, arg->context_handle);
759 err = gssx_enc_bool(xdr, 0);
762 /* arg->cred_handle */
763 if (arg->cred_handle) {
764 err = gssx_enc_cred(xdr, arg->cred_handle);
768 err = gssx_enc_bool(xdr, 0);
771 /* arg->input_token */
772 err = gssx_enc_in_token(xdr, &arg->input_token);
778 err = gssx_enc_cb(xdr, arg->input_cb);
782 err = gssx_enc_bool(xdr, 0);
785 err = gssx_enc_bool(xdr, arg->ret_deleg_cred);
789 /* leave options empty for now, will add once we have any options
790 * to pass up at all */
792 err = dummy_enc_opt_array(xdr, &arg->options);
796 dprintk("RPC: gssx_enc_accept_sec_context: %d\n", err);
799 int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
800 struct xdr_stream *xdr,
801 struct gssx_res_accept_sec_context *res)
806 err = gssx_dec_status(xdr, &res->status);
810 /* res->context_handle */
811 if (gssx_check_pointer(xdr)) {
812 err = gssx_dec_ctx(xdr, res->context_handle);
816 res->context_handle = NULL;
819 /* res->output_token */
820 if (gssx_check_pointer(xdr)) {
821 err = gssx_dec_buffer(xdr, res->output_token);
825 res->output_token = NULL;
828 /* res->delegated_cred_handle */
829 if (gssx_check_pointer(xdr)) {
830 /* we do not support upcall servers sending this data. */
835 err = gssx_dec_option_array(xdr, &res->options);