Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/net/sunrpc/auth_gss/gss_mech_switch.c
15112 views
1
/*

2
 *  linux/net/sunrpc/gss_mech_switch.c

3
 *

4
 *  Copyright (c) 2001 The Regents of the University of Michigan.

5
 *  All rights reserved.

6
 *

7
 *  J. Bruce Fields   <[email protected]>

8
 *

9
 *  Redistribution and use in source and binary forms, with or without

10
 *  modification, are permitted provided that the following conditions

11
 *  are met:

12
 *

13
 *  1. Redistributions of source code must retain the above copyright

14
 *     notice, this list of conditions and the following disclaimer.

15
 *  2. Redistributions in binary form must reproduce the above copyright

16
 *     notice, this list of conditions and the following disclaimer in the

17
 *     documentation and/or other materials provided with the distribution.

18
 *  3. Neither the name of the University nor the names of its

19
 *     contributors may be used to endorse or promote products derived

20
 *     from this software without specific prior written permission.

21
 *

22
 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED

23
 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

24
 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

25
 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE

26
 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

27
 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

28
 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

29
 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

30
 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

31
 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

32
 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

33
 *

34
 */

35


36
#include <linux/types.h>

37
#include <linux/slab.h>

38
#include <linux/module.h>

39
#include <linux/sunrpc/msg_prot.h>

40
#include <linux/sunrpc/gss_asn1.h>

41
#include <linux/sunrpc/auth_gss.h>

42
#include <linux/sunrpc/svcauth_gss.h>

43
#include <linux/sunrpc/gss_err.h>

44
#include <linux/sunrpc/sched.h>

45
#include <linux/sunrpc/gss_api.h>

46
#include <linux/sunrpc/clnt.h>

47


48
#ifdef RPC_DEBUG

49
# define RPCDBG_FACILITY        RPCDBG_AUTH

50
#endif

51


52
static LIST_HEAD(registered_mechs);

53
static DEFINE_SPINLOCK(registered_mechs_lock);

54


55
static void

56
gss_mech_free(struct gss_api_mech *gm)

57
{

58
	struct pf_desc *pf;

59
	int i;

60


61
	for (i = 0; i < gm->gm_pf_num; i++) {

62
		pf = &gm->gm_pfs[i];

63
		kfree(pf->auth_domain_name);

64
		pf->auth_domain_name = NULL;

65
	}

66
}

67


68
static inline char *

69
make_auth_domain_name(char *name)

70
{

71
	static char	*prefix = "gss/";

72
	char		*new;

73


74
	new = kmalloc(strlen(name) + strlen(prefix) + 1, GFP_KERNEL);

75
	if (new) {

76
		strcpy(new, prefix);

77
		strcat(new, name);

78
	}

79
	return new;

80
}

81


82
static int

83
gss_mech_svc_setup(struct gss_api_mech *gm)

84
{

85
	struct pf_desc *pf;

86
	int i, status;

87


88
	for (i = 0; i < gm->gm_pf_num; i++) {

89
		pf = &gm->gm_pfs[i];

90
		pf->auth_domain_name = make_auth_domain_name(pf->name);

91
		status = -ENOMEM;

92
		if (pf->auth_domain_name == NULL)

93
			goto out;

94
		status = svcauth_gss_register_pseudoflavor(pf->pseudoflavor,

95
							pf->auth_domain_name);

96
		if (status)

97
			goto out;

98
	}

99
	return 0;

100
out:

101
	gss_mech_free(gm);

102
	return status;

103
}

104


105
int

106
gss_mech_register(struct gss_api_mech *gm)

107
{

108
	int status;

109


110
	status = gss_mech_svc_setup(gm);

111
	if (status)

112
		return status;

113
	spin_lock(&registered_mechs_lock);

114
	list_add(&gm->gm_list, &registered_mechs);

115
	spin_unlock(&registered_mechs_lock);

116
	dprintk("RPC:       registered gss mechanism %s\n", gm->gm_name);

117
	return 0;

118
}

119


120
EXPORT_SYMBOL_GPL(gss_mech_register);

121


122
void

123
gss_mech_unregister(struct gss_api_mech *gm)

124
{

125
	spin_lock(&registered_mechs_lock);

126
	list_del(&gm->gm_list);

127
	spin_unlock(&registered_mechs_lock);

128
	dprintk("RPC:       unregistered gss mechanism %s\n", gm->gm_name);

129
	gss_mech_free(gm);

130
}

131


132
EXPORT_SYMBOL_GPL(gss_mech_unregister);

133


134
struct gss_api_mech *

135
gss_mech_get(struct gss_api_mech *gm)

136
{

137
	__module_get(gm->gm_owner);

138
	return gm;

139
}

140


141
EXPORT_SYMBOL_GPL(gss_mech_get);

142


143
struct gss_api_mech *

144
gss_mech_get_by_name(const char *name)

145
{

146
	struct gss_api_mech	*pos, *gm = NULL;

147


148
	spin_lock(&registered_mechs_lock);

149
	list_for_each_entry(pos, &registered_mechs, gm_list) {

150
		if (0 == strcmp(name, pos->gm_name)) {

151
			if (try_module_get(pos->gm_owner))

152
				gm = pos;

153
			break;

154
		}

155
	}

156
	spin_unlock(&registered_mechs_lock);

157
	return gm;

158


159
}

160


161
EXPORT_SYMBOL_GPL(gss_mech_get_by_name);

162


163
struct gss_api_mech *

164
gss_mech_get_by_OID(struct xdr_netobj *obj)

165
{

166
	struct gss_api_mech	*pos, *gm = NULL;

167


168
	spin_lock(&registered_mechs_lock);

169
	list_for_each_entry(pos, &registered_mechs, gm_list) {

170
		if (obj->len == pos->gm_oid.len) {

171
			if (0 == memcmp(obj->data, pos->gm_oid.data, obj->len)) {

172
				if (try_module_get(pos->gm_owner))

173
					gm = pos;

174
				break;

175
			}

176
		}

177
	}

178
	spin_unlock(&registered_mechs_lock);

179
	return gm;

180


181
}

182


183
EXPORT_SYMBOL_GPL(gss_mech_get_by_OID);

184


185
static inline int

186
mech_supports_pseudoflavor(struct gss_api_mech *gm, u32 pseudoflavor)

187
{

188
	int i;

189


190
	for (i = 0; i < gm->gm_pf_num; i++) {

191
		if (gm->gm_pfs[i].pseudoflavor == pseudoflavor)

192
			return 1;

193
	}

194
	return 0;

195
}

196


197
struct gss_api_mech *

198
gss_mech_get_by_pseudoflavor(u32 pseudoflavor)

199
{

200
	struct gss_api_mech *pos, *gm = NULL;

201


202
	spin_lock(&registered_mechs_lock);

203
	list_for_each_entry(pos, &registered_mechs, gm_list) {

204
		if (!mech_supports_pseudoflavor(pos, pseudoflavor)) {

205
			module_put(pos->gm_owner);

206
			continue;

207
		}

208
		if (try_module_get(pos->gm_owner))

209
			gm = pos;

210
		break;

211
	}

212
	spin_unlock(&registered_mechs_lock);

213
	return gm;

214
}

215


216
EXPORT_SYMBOL_GPL(gss_mech_get_by_pseudoflavor);

217


218
int gss_mech_list_pseudoflavors(rpc_authflavor_t *array_ptr)

219
{

220
	struct gss_api_mech *pos = NULL;

221
	int i = 0;

222


223
	spin_lock(&registered_mechs_lock);

224
	list_for_each_entry(pos, &registered_mechs, gm_list) {

225
		array_ptr[i] = pos->gm_pfs->pseudoflavor;

226
		i++;

227
	}

228
	spin_unlock(&registered_mechs_lock);

229
	return i;

230
}

231


232
EXPORT_SYMBOL_GPL(gss_mech_list_pseudoflavors);

233


234
u32

235
gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 service)

236
{

237
	int i;

238


239
	for (i = 0; i < gm->gm_pf_num; i++) {

240
		if (gm->gm_pfs[i].service == service) {

241
			return gm->gm_pfs[i].pseudoflavor;

242
		}

243
	}

244
	return RPC_AUTH_MAXFLAVOR; /* illegal value */

245
}

246
EXPORT_SYMBOL_GPL(gss_svc_to_pseudoflavor);

247


248
u32

249
gss_pseudoflavor_to_service(struct gss_api_mech *gm, u32 pseudoflavor)

250
{

251
	int i;

252


253
	for (i = 0; i < gm->gm_pf_num; i++) {

254
		if (gm->gm_pfs[i].pseudoflavor == pseudoflavor)

255
			return gm->gm_pfs[i].service;

256
	}

257
	return 0;

258
}

259


260
EXPORT_SYMBOL_GPL(gss_pseudoflavor_to_service);

261


262
char *

263
gss_service_to_auth_domain_name(struct gss_api_mech *gm, u32 service)

264
{

265
	int i;

266


267
	for (i = 0; i < gm->gm_pf_num; i++) {

268
		if (gm->gm_pfs[i].service == service)

269
			return gm->gm_pfs[i].auth_domain_name;

270
	}

271
	return NULL;

272
}

273


274
EXPORT_SYMBOL_GPL(gss_service_to_auth_domain_name);

275


276
void

277
gss_mech_put(struct gss_api_mech * gm)

278
{

279
	if (gm)

280
		module_put(gm->gm_owner);

281
}

282


283
EXPORT_SYMBOL_GPL(gss_mech_put);

284


285
/* The mech could probably be determined from the token instead, but it's just

286
 * as easy for now to pass it in. */

287
int

288
gss_import_sec_context(const void *input_token, size_t bufsize,

289
		       struct gss_api_mech	*mech,

290
		       struct gss_ctx		**ctx_id,

291
		       gfp_t gfp_mask)

292
{

293
	if (!(*ctx_id = kzalloc(sizeof(**ctx_id), gfp_mask)))

294
		return -ENOMEM;

295
	(*ctx_id)->mech_type = gss_mech_get(mech);

296


297
	return mech->gm_ops

298
		->gss_import_sec_context(input_token, bufsize, *ctx_id, gfp_mask);

299
}

300


301
/* gss_get_mic: compute a mic over message and return mic_token. */

302


303
u32

304
gss_get_mic(struct gss_ctx	*context_handle,

305
	    struct xdr_buf	*message,

306
	    struct xdr_netobj	*mic_token)

307
{

308
	 return context_handle->mech_type->gm_ops

309
		->gss_get_mic(context_handle,

310
			      message,

311
			      mic_token);

312
}

313


314
/* gss_verify_mic: check whether the provided mic_token verifies message. */

315


316
u32

317
gss_verify_mic(struct gss_ctx		*context_handle,

318
	       struct xdr_buf		*message,

319
	       struct xdr_netobj	*mic_token)

320
{

321
	return context_handle->mech_type->gm_ops

322
		->gss_verify_mic(context_handle,

323
				 message,

324
				 mic_token);

325
}

326


327
/*

328
 * This function is called from both the client and server code.

329
 * Each makes guarantees about how much "slack" space is available

330
 * for the underlying function in "buf"'s head and tail while

331
 * performing the wrap.

332
 *

333
 * The client and server code allocate RPC_MAX_AUTH_SIZE extra

334
 * space in both the head and tail which is available for use by

335
 * the wrap function.

336
 *

337
 * Underlying functions should verify they do not use more than

338
 * RPC_MAX_AUTH_SIZE of extra space in either the head or tail

339
 * when performing the wrap.

340
 */

341
u32

342
gss_wrap(struct gss_ctx	*ctx_id,

343
	 int		offset,

344
	 struct xdr_buf	*buf,

345
	 struct page	**inpages)

346
{

347
	return ctx_id->mech_type->gm_ops

348
		->gss_wrap(ctx_id, offset, buf, inpages);

349
}

350


351
u32

352
gss_unwrap(struct gss_ctx	*ctx_id,

353
	   int			offset,

354
	   struct xdr_buf	*buf)

355
{

356
	return ctx_id->mech_type->gm_ops

357
		->gss_unwrap(ctx_id, offset, buf);

358
}

359


360


361
/* gss_delete_sec_context: free all resources associated with context_handle.

362
 * Note this differs from the RFC 2744-specified prototype in that we don't

363
 * bother returning an output token, since it would never be used anyway. */

364


365
u32

366
gss_delete_sec_context(struct gss_ctx	**context_handle)

367
{

368
	dprintk("RPC:       gss_delete_sec_context deleting %p\n",

369
			*context_handle);

370


371
	if (!*context_handle)

372
		return GSS_S_NO_CONTEXT;

373
	if ((*context_handle)->internal_ctx_id)

374
		(*context_handle)->mech_type->gm_ops

375
			->gss_delete_sec_context((*context_handle)

376
							->internal_ctx_id);

377
	gss_mech_put((*context_handle)->mech_type);

378
	kfree(*context_handle);

379
	*context_handle=NULL;

380
	return GSS_S_COMPLETE;

381
}

382


383