xref: /kernel/linux/linux-5.10/net/sunrpc/auth_gss/svcauth_gss.c

618  * @rqstp: RPC Call to use when reporting errors
626  *   %true: @rqstp's GSS sequence number is inside the window
627  *   %false: @rqstp's GSS sequence number is outside the window
629 static bool gss_check_seq_num(const struct svc_rqst *rqstp, struct rsc *rsci,
659 	trace_rpcgss_svc_seqno_low(rqstp, seq_num,
664 	trace_rpcgss_svc_seqno_seen(rqstp, seq_num);
713 gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci,
720 	struct kvec		*argv = &rqstp->rq_arg.head[0];
737 	if (rqstp->rq_deferred) /* skip verification of revisited request */
745 		trace_rpcgss_svc_seqno_large(rqstp, gc->gc_seq);
749 	if (!gss_check_seq_num(rqstp, rsci, gc->gc_seq))
755 gss_write_null_verf(struct svc_rqst *rqstp)
759 	svc_putnl(rqstp->rq_res.head, RPC_AUTH_NULL);
760 	p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;
763 	if (!xdr_ressize_check(rqstp, p))
769 gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq)
779 	svc_putnl(rqstp->rq_res.head, RPC_AUTH_GSS);
788 	p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;
796 	if (!xdr_ressize_check(rqstp, p))
886 unwrap_integ_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)
901 	clear_bit(RQ_SPLICE_OK, &rqstp->rq_flags);
904 	if (rqstp->rq_deferred)
939 	trace_rpcgss_svc_unwrap_failed(rqstp);
942 	trace_rpcgss_svc_seqno_bad(rqstp, seq, rseqno);
945 	trace_rpcgss_svc_mic(rqstp, maj_stat);
967 unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx)
973 	clear_bit(RQ_SPLICE_OK, &rqstp->rq_flags);
976 	if (rqstp->rq_deferred) {
1014 	trace_rpcgss_svc_unwrap_failed(rqstp);
1017 	trace_rpcgss_svc_seqno_bad(rqstp, seq, rseqno);
1020 	trace_rpcgss_svc_unwrap(rqstp, maj_stat);
1034 svcauth_gss_set_client(struct svc_rqst *rqstp)
1036 	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
1050 	rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);
1051 	if (rqstp->rq_gssclient == NULL)
1053 	stat = svcauth_unix_set_client(rqstp);
1060 gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp,
1067 		return gss_write_null_verf(rqstp);
1071 		return gss_write_null_verf(rqstp);
1073 	rc = gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN);
1144 static int gss_read_proxy_verf(struct svc_rqst *rqstp,
1149 	struct kvec *argv = &rqstp->rq_arg.head[0];
1159 	if (inlen > (argv->iov_len + rqstp->rq_arg.page_len)) {
1186 	from_offs = rqstp->rq_arg.page_base;
1197 		       page_address(rqstp->rq_arg.pages[pgfrom]) + pgfrom_offs,
1234 static int svcauth_gss_legacy_init(struct svc_rqst *rqstp,
1237 	struct kvec *argv = &rqstp->rq_arg.head[0];
1238 	struct kvec *resv = &rqstp->rq_res.head[0];
1241 	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);
1254 	if (cache_check(sn->rsi_cache, &rsip->h, &rqstp->rq_chandle) < 0)
1260 	if (gss_write_init_verf(sn->rsc_cache, rqstp,
1346 static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,
1349 	struct kvec *resv = &rqstp->rq_res.head[0];
1355 	struct net *net = SVC_NET(rqstp);
1359 	ret = gss_read_proxy_verf(rqstp, gc, authp,
1371 	trace_rpcgss_svc_accept_upcall(rqstp, ud.major_status, ud.minor_status);
1389 	if (gss_write_init_verf(sn->rsc_cache, rqstp,
1533 svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
1535 	struct kvec	*argv = &rqstp->rq_arg.head[0];
1536 	struct kvec	*resv = &rqstp->rq_res.head[0];
1538 	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
1544 	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);
1551 	rqstp->rq_auth_data = svcdata;
1580 	if ((gc->gc_proc != RPC_GSS_PROC_DATA) && (rqstp->rq_proc != 0))
1587 		if (use_gss_proxy(SVC_NET(rqstp)))
1588 			return svcauth_gss_proxy_init(rqstp, gc, authp);
1590 			return svcauth_gss_legacy_init(rqstp, gc, authp);
1598 		switch (gss_verify_header(rqstp, rsci, rpcstart, gc, authp)) {
1615 		if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
1626 		if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
1628 		rqstp->rq_cred = rsci->cred;
1638 			if (unwrap_integ_data(rqstp, &rqstp->rq_arg,
1641 			rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE;
1647 			if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
1650 			rqstp->rq_auth_slack = RPC_MAX_AUTH_SIZE * 2;
1657 		rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor(
1662 		trace_rpcgss_svc_authenticate(rqstp, gc);
1670 	xdr_ressize_check(rqstp, reject_stat);
1712 svcauth_gss_wrap_resp_integ(struct svc_rqst *rqstp)
1714 	struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;
1716 	struct xdr_buf *resbuf = &rqstp->rq_res;
1763 svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp)
1765 	struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;
1767 	struct xdr_buf *resbuf = &rqstp->rq_res;
1830 svcauth_gss_release(struct svc_rqst *rqstp)
1832 	struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;
1834 	struct xdr_buf *resbuf = &rqstp->rq_res;
1836 	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);
1854 		stat = svcauth_gss_wrap_resp_integ(rqstp);
1859 		stat = svcauth_gss_wrap_resp_priv(rqstp);
1872 	if (rqstp->rq_client)
1873 		auth_domain_put(rqstp->rq_client);
1874 	rqstp->rq_client = NULL;
1875 	if (rqstp->rq_gssclient)
1876 		auth_domain_put(rqstp->rq_gssclient);
1877 	rqstp->rq_gssclient = NULL;
1878 	if (rqstp->rq_cred.cr_group_info)
1879 		put_group_info(rqstp->rq_cred.cr_group_info);
1880 	rqstp->rq_cred.cr_group_info = NULL;

Indexes created Thu Nov 07 10:32:03 CST 2024