2 * GSS Proxy upcall module
4 * Copyright (C) 2012 Simo Sorce <simo@redhat.com>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 #include <linux/sunrpc/svcauth.h>
22 #include "gss_rpc_xdr.h"
24 static int gssx_enc_bool(struct xdr_stream *xdr, int v)
28 p = xdr_reserve_space(xdr, 4);
29 if (unlikely(p == NULL))
31 *p = v ? xdr_one : xdr_zero;
35 static int gssx_dec_bool(struct xdr_stream *xdr, u32 *v)
39 p = xdr_inline_decode(xdr, 4);
40 if (unlikely(p == NULL))
46 static int gssx_enc_buffer(struct xdr_stream *xdr,
51 p = xdr_reserve_space(xdr, sizeof(u32) + buf->len);
54 xdr_encode_opaque(p, buf->data, buf->len);
58 static int gssx_enc_in_token(struct xdr_stream *xdr,
59 struct gssp_in_token *in)
63 p = xdr_reserve_space(xdr, 4);
66 *p = cpu_to_be32(in->page_len);
68 /* all we need to do is to write pages */
69 xdr_write_pages(xdr, in->pages, in->page_base, in->page_len);
75 static int gssx_dec_buffer(struct xdr_stream *xdr,
81 p = xdr_inline_decode(xdr, 4);
82 if (unlikely(p == NULL))
85 length = be32_to_cpup(p);
86 p = xdr_inline_decode(xdr, length);
87 if (unlikely(p == NULL))
91 /* we intentionally are not interested in this buffer */
94 if (length > buf->len)
98 buf->data = kmemdup(p, length, GFP_KERNEL);
102 memcpy(buf->data, p, length);
108 static int gssx_enc_option(struct xdr_stream *xdr,
109 struct gssx_option *opt)
113 err = gssx_enc_buffer(xdr, &opt->option);
116 err = gssx_enc_buffer(xdr, &opt->value);
120 static int gssx_dec_option(struct xdr_stream *xdr,
121 struct gssx_option *opt)
125 err = gssx_dec_buffer(xdr, &opt->option);
128 err = gssx_dec_buffer(xdr, &opt->value);
132 static int dummy_enc_opt_array(struct xdr_stream *xdr,
133 struct gssx_option_array *oa)
140 p = xdr_reserve_space(xdr, 4);
148 static int dummy_dec_opt_array(struct xdr_stream *xdr,
149 struct gssx_option_array *oa)
151 struct gssx_option dummy;
155 p = xdr_inline_decode(xdr, 4);
156 if (unlikely(p == NULL))
158 count = be32_to_cpup(p++);
159 memset(&dummy, 0, sizeof(dummy));
160 for (i = 0; i < count; i++) {
161 gssx_dec_option(xdr, &dummy);
169 static int get_host_u32(struct xdr_stream *xdr, u32 *res)
173 p = xdr_inline_decode(xdr, 4);
176 /* Contents of linux creds are all host-endian: */
177 memcpy(res, p, sizeof(u32));
181 static int gssx_dec_linux_creds(struct xdr_stream *xdr,
182 struct svc_cred *creds)
190 p = xdr_inline_decode(xdr, 4);
191 if (unlikely(p == NULL))
194 length = be32_to_cpup(p);
196 if (length > (3 + NGROUPS_MAX) * sizeof(u32))
200 err = get_host_u32(xdr, &tmp);
203 creds->cr_uid = make_kuid(&init_user_ns, tmp);
206 err = get_host_u32(xdr, &tmp);
209 creds->cr_gid = make_kgid(&init_user_ns, tmp);
211 /* number of additional gid's */
212 err = get_host_u32(xdr, &tmp);
216 if ((3 + N) * sizeof(u32) != length)
218 creds->cr_group_info = groups_alloc(N);
219 if (creds->cr_group_info == NULL)
223 for (i = 0; i < N; i++) {
225 err = get_host_u32(xdr, &tmp);
227 goto out_free_groups;
229 kgid = make_kgid(&init_user_ns, tmp);
230 if (!gid_valid(kgid))
231 goto out_free_groups;
232 creds->cr_group_info->gid[i] = kgid;
234 groups_sort(creds->cr_group_info);
238 groups_free(creds->cr_group_info);
242 static int gssx_dec_option_array(struct xdr_stream *xdr,
243 struct gssx_option_array *oa)
245 struct svc_cred *creds;
250 p = xdr_inline_decode(xdr, 4);
251 if (unlikely(p == NULL))
253 count = be32_to_cpup(p++);
257 /* we recognize only 1 currently: CREDS_VALUE */
260 oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL);
264 creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL);
270 oa->data[0].option.data = CREDS_VALUE;
271 oa->data[0].option.len = sizeof(CREDS_VALUE);
272 oa->data[0].value.data = (void *)creds;
273 oa->data[0].value.len = 0;
275 for (i = 0; i < count; i++) {
276 gssx_buffer dummy = { 0, NULL };
280 p = xdr_inline_decode(xdr, 4);
281 if (unlikely(p == NULL))
284 length = be32_to_cpup(p);
285 p = xdr_inline_decode(xdr, length);
286 if (unlikely(p == NULL))
289 if (length == sizeof(CREDS_VALUE) &&
290 memcmp(p, CREDS_VALUE, sizeof(CREDS_VALUE)) == 0) {
291 /* We have creds here. parse them */
292 err = gssx_dec_linux_creds(xdr, creds);
295 oa->data[0].value.len = 1; /* presence */
297 /* consume uninteresting buffer */
298 err = gssx_dec_buffer(xdr, &dummy);
306 static int gssx_dec_status(struct xdr_stream *xdr,
307 struct gssx_status *status)
312 /* status->major_status */
313 p = xdr_inline_decode(xdr, 8);
314 if (unlikely(p == NULL))
316 p = xdr_decode_hyper(p, &status->major_status);
319 err = gssx_dec_buffer(xdr, &status->mech);
323 /* status->minor_status */
324 p = xdr_inline_decode(xdr, 8);
325 if (unlikely(p == NULL))
327 p = xdr_decode_hyper(p, &status->minor_status);
329 /* status->major_status_string */
330 err = gssx_dec_buffer(xdr, &status->major_status_string);
334 /* status->minor_status_string */
335 err = gssx_dec_buffer(xdr, &status->minor_status_string);
339 /* status->server_ctx */
340 err = gssx_dec_buffer(xdr, &status->server_ctx);
344 /* we assume we have no options for now, so simply consume them */
345 /* status->options */
346 err = dummy_dec_opt_array(xdr, &status->options);
351 static int gssx_enc_call_ctx(struct xdr_stream *xdr,
352 struct gssx_call_ctx *ctx)
354 struct gssx_option opt;
359 err = gssx_enc_buffer(xdr, &ctx->locale);
363 /* ctx->server_ctx */
364 err = gssx_enc_buffer(xdr, &ctx->server_ctx);
368 /* we always want to ask for lucid contexts */
370 p = xdr_reserve_space(xdr, 4);
373 /* we want a lucid_v1 context */
374 opt.option.data = LUCID_OPTION;
375 opt.option.len = sizeof(LUCID_OPTION);
376 opt.value.data = LUCID_VALUE;
377 opt.value.len = sizeof(LUCID_VALUE);
378 err = gssx_enc_option(xdr, &opt);
380 /* ..and user creds */
381 opt.option.data = CREDS_OPTION;
382 opt.option.len = sizeof(CREDS_OPTION);
383 opt.value.data = CREDS_VALUE;
384 opt.value.len = sizeof(CREDS_VALUE);
385 err = gssx_enc_option(xdr, &opt);
390 static int gssx_dec_name_attr(struct xdr_stream *xdr,
391 struct gssx_name_attr *attr)
396 err = gssx_dec_buffer(xdr, &attr->attr);
401 err = gssx_dec_buffer(xdr, &attr->value);
405 /* attr->extensions */
406 err = dummy_dec_opt_array(xdr, &attr->extensions);
411 static int dummy_enc_nameattr_array(struct xdr_stream *xdr,
412 struct gssx_name_attr_array *naa)
419 p = xdr_reserve_space(xdr, 4);
427 static int dummy_dec_nameattr_array(struct xdr_stream *xdr,
428 struct gssx_name_attr_array *naa)
430 struct gssx_name_attr dummy = { .attr = {.len = 0} };
434 p = xdr_inline_decode(xdr, 4);
435 if (unlikely(p == NULL))
437 count = be32_to_cpup(p++);
438 for (i = 0; i < count; i++) {
439 gssx_dec_name_attr(xdr, &dummy);
447 static struct xdr_netobj zero_netobj = {};
449 static struct gssx_name_attr_array zero_name_attr_array = {};
451 static struct gssx_option_array zero_option_array = {};
453 static int gssx_enc_name(struct xdr_stream *xdr,
454 struct gssx_name *name)
458 /* name->display_name */
459 err = gssx_enc_buffer(xdr, &name->display_name);
463 /* name->name_type */
464 err = gssx_enc_buffer(xdr, &zero_netobj);
468 /* name->exported_name */
469 err = gssx_enc_buffer(xdr, &zero_netobj);
473 /* name->exported_composite_name */
474 err = gssx_enc_buffer(xdr, &zero_netobj);
478 /* leave name_attributes empty for now, will add once we have any
479 * to pass up at all */
480 /* name->name_attributes */
481 err = dummy_enc_nameattr_array(xdr, &zero_name_attr_array);
485 /* leave options empty for now, will add once we have any options
486 * to pass up at all */
487 /* name->extensions */
488 err = dummy_enc_opt_array(xdr, &zero_option_array);
494 static int gssx_dec_name(struct xdr_stream *xdr,
495 struct gssx_name *name)
497 struct xdr_netobj dummy_netobj = { .len = 0 };
498 struct gssx_name_attr_array dummy_name_attr_array = { .count = 0 };
499 struct gssx_option_array dummy_option_array = { .count = 0 };
502 /* name->display_name */
503 err = gssx_dec_buffer(xdr, &name->display_name);
507 /* name->name_type */
508 err = gssx_dec_buffer(xdr, &dummy_netobj);
512 /* name->exported_name */
513 err = gssx_dec_buffer(xdr, &dummy_netobj);
517 /* name->exported_composite_name */
518 err = gssx_dec_buffer(xdr, &dummy_netobj);
522 /* we assume we have no attributes for now, so simply consume them */
523 /* name->name_attributes */
524 err = dummy_dec_nameattr_array(xdr, &dummy_name_attr_array);
528 /* we assume we have no options for now, so simply consume them */
529 /* name->extensions */
530 err = dummy_dec_opt_array(xdr, &dummy_option_array);
535 static int dummy_enc_credel_array(struct xdr_stream *xdr,
536 struct gssx_cred_element_array *cea)
543 p = xdr_reserve_space(xdr, 4);
551 static int gssx_enc_cred(struct xdr_stream *xdr,
552 struct gssx_cred *cred)
556 /* cred->desired_name */
557 err = gssx_enc_name(xdr, &cred->desired_name);
562 err = dummy_enc_credel_array(xdr, &cred->elements);
566 /* cred->cred_handle_reference */
567 err = gssx_enc_buffer(xdr, &cred->cred_handle_reference);
571 /* cred->needs_release */
572 err = gssx_enc_bool(xdr, cred->needs_release);
577 static int gssx_enc_ctx(struct xdr_stream *xdr,
578 struct gssx_ctx *ctx)
583 /* ctx->exported_context_token */
584 err = gssx_enc_buffer(xdr, &ctx->exported_context_token);
589 err = gssx_enc_buffer(xdr, &ctx->state);
593 /* ctx->need_release */
594 err = gssx_enc_bool(xdr, ctx->need_release);
599 err = gssx_enc_buffer(xdr, &ctx->mech);
604 err = gssx_enc_name(xdr, &ctx->src_name);
609 err = gssx_enc_name(xdr, &ctx->targ_name);
614 p = xdr_reserve_space(xdr, 8+8);
617 p = xdr_encode_hyper(p, ctx->lifetime);
620 p = xdr_encode_hyper(p, ctx->ctx_flags);
622 /* ctx->locally_initiated */
623 err = gssx_enc_bool(xdr, ctx->locally_initiated);
628 err = gssx_enc_bool(xdr, ctx->open);
632 /* leave options empty for now, will add once we have any options
633 * to pass up at all */
635 err = dummy_enc_opt_array(xdr, &ctx->options);
640 static int gssx_dec_ctx(struct xdr_stream *xdr,
641 struct gssx_ctx *ctx)
646 /* ctx->exported_context_token */
647 err = gssx_dec_buffer(xdr, &ctx->exported_context_token);
652 err = gssx_dec_buffer(xdr, &ctx->state);
656 /* ctx->need_release */
657 err = gssx_dec_bool(xdr, &ctx->need_release);
662 err = gssx_dec_buffer(xdr, &ctx->mech);
667 err = gssx_dec_name(xdr, &ctx->src_name);
672 err = gssx_dec_name(xdr, &ctx->targ_name);
677 p = xdr_inline_decode(xdr, 8+8);
678 if (unlikely(p == NULL))
680 p = xdr_decode_hyper(p, &ctx->lifetime);
683 p = xdr_decode_hyper(p, &ctx->ctx_flags);
685 /* ctx->locally_initiated */
686 err = gssx_dec_bool(xdr, &ctx->locally_initiated);
691 err = gssx_dec_bool(xdr, &ctx->open);
695 /* we assume we have no options for now, so simply consume them */
697 err = dummy_dec_opt_array(xdr, &ctx->options);
702 static int gssx_enc_cb(struct xdr_stream *xdr, struct gssx_cb *cb)
707 /* cb->initiator_addrtype */
708 p = xdr_reserve_space(xdr, 8);
711 p = xdr_encode_hyper(p, cb->initiator_addrtype);
713 /* cb->initiator_address */
714 err = gssx_enc_buffer(xdr, &cb->initiator_address);
718 /* cb->acceptor_addrtype */
719 p = xdr_reserve_space(xdr, 8);
722 p = xdr_encode_hyper(p, cb->acceptor_addrtype);
724 /* cb->acceptor_address */
725 err = gssx_enc_buffer(xdr, &cb->acceptor_address);
729 /* cb->application_data */
730 err = gssx_enc_buffer(xdr, &cb->application_data);
735 void gssx_enc_accept_sec_context(struct rpc_rqst *req,
736 struct xdr_stream *xdr,
737 struct gssx_arg_accept_sec_context *arg)
741 err = gssx_enc_call_ctx(xdr, &arg->call_ctx);
745 /* arg->context_handle */
746 if (arg->context_handle)
747 err = gssx_enc_ctx(xdr, arg->context_handle);
749 err = gssx_enc_bool(xdr, 0);
753 /* arg->cred_handle */
754 if (arg->cred_handle)
755 err = gssx_enc_cred(xdr, arg->cred_handle);
757 err = gssx_enc_bool(xdr, 0);
761 /* arg->input_token */
762 err = gssx_enc_in_token(xdr, &arg->input_token);
768 err = gssx_enc_cb(xdr, arg->input_cb);
770 err = gssx_enc_bool(xdr, 0);
774 err = gssx_enc_bool(xdr, arg->ret_deleg_cred);
778 /* leave options empty for now, will add once we have any options
779 * to pass up at all */
781 err = dummy_enc_opt_array(xdr, &arg->options);
783 xdr_inline_pages(&req->rq_rcv_buf,
784 PAGE_SIZE/2 /* pretty arbitrary */,
785 arg->pages, 0 /* page base */, arg->npages * PAGE_SIZE);
788 dprintk("RPC: gssx_enc_accept_sec_context: %d\n", err);
791 int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
792 struct xdr_stream *xdr,
793 struct gssx_res_accept_sec_context *res)
797 struct page *scratch;
799 scratch = alloc_page(GFP_KERNEL);
802 xdr_set_scratch_buffer(xdr, page_address(scratch), PAGE_SIZE);
805 err = gssx_dec_status(xdr, &res->status);
809 /* res->context_handle */
810 err = gssx_dec_bool(xdr, &value_follows);
814 err = gssx_dec_ctx(xdr, res->context_handle);
818 res->context_handle = NULL;
821 /* res->output_token */
822 err = gssx_dec_bool(xdr, &value_follows);
826 err = gssx_dec_buffer(xdr, res->output_token);
830 res->output_token = NULL;
833 /* res->delegated_cred_handle */
834 err = gssx_dec_bool(xdr, &value_follows);
838 /* we do not support upcall servers sending this data. */
844 err = gssx_dec_option_array(xdr, &res->options);
847 __free_page(scratch);