search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drm/ast: Only warn about unsupported TX chips on Gen4 and later
[drm/drm-misc.git] / net / sunrpc / auth_gss / gss_rpc_upcall.c
blobf549e4c05defcbc3bfc536aaac3d1e1c23580eaa
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * linux/net/sunrpc/gss_rpc_upcall.c
4 *
5 * Copyright (C) 2012 Simo Sorce <simo@redhat.com>
6 */
7
8 #include <linux/types.h>
9 #include <linux/un.h>
10
11 #include <linux/sunrpc/svcauth.h>
12 #include "gss_rpc_upcall.h"
13
14 #define GSSPROXY_SOCK_PATHNAME "/var/run/gssproxy.sock"
15
16 #define GSSPROXY_PROGRAM (400112u)
17 #define GSSPROXY_VERS_1 (1u)
18
19 /*
20 * Encoding/Decoding functions
21 */
22
23 enum {
24 GSSX_NULL = 0, /* Unused */
25 GSSX_INDICATE_MECHS = 1,
26 GSSX_GET_CALL_CONTEXT = 2,
27 GSSX_IMPORT_AND_CANON_NAME = 3,
28 GSSX_EXPORT_CRED = 4,
29 GSSX_IMPORT_CRED = 5,
30 GSSX_ACQUIRE_CRED = 6,
31 GSSX_STORE_CRED = 7,
32 GSSX_INIT_SEC_CONTEXT = 8,
33 GSSX_ACCEPT_SEC_CONTEXT = 9,
34 GSSX_RELEASE_HANDLE = 10,
35 GSSX_GET_MIC = 11,
36 GSSX_VERIFY = 12,
37 GSSX_WRAP = 13,
38 GSSX_UNWRAP = 14,
39 GSSX_WRAP_SIZE_LIMIT = 15,
40 };
41
42 #define PROC(proc, name) \
43 [GSSX_##proc] = { \
44 .p_proc = GSSX_##proc, \
45 .p_encode = gssx_enc_##name, \
46 .p_decode = gssx_dec_##name, \
47 .p_arglen = GSSX_ARG_##name##_sz, \
48 .p_replen = GSSX_RES_##name##_sz, \
49 .p_statidx = GSSX_##proc, \
50 .p_name = #proc, \
51 }
52
53 static const struct rpc_procinfo gssp_procedures[] = {
54 PROC(INDICATE_MECHS, indicate_mechs),
55 PROC(GET_CALL_CONTEXT, get_call_context),
56 PROC(IMPORT_AND_CANON_NAME, import_and_canon_name),
57 PROC(EXPORT_CRED, export_cred),
58 PROC(IMPORT_CRED, import_cred),
59 PROC(ACQUIRE_CRED, acquire_cred),
60 PROC(STORE_CRED, store_cred),
61 PROC(INIT_SEC_CONTEXT, init_sec_context),
62 PROC(ACCEPT_SEC_CONTEXT, accept_sec_context),
63 PROC(RELEASE_HANDLE, release_handle),
64 PROC(GET_MIC, get_mic),
65 PROC(VERIFY, verify),
66 PROC(WRAP, wrap),
67 PROC(UNWRAP, unwrap),
68 PROC(WRAP_SIZE_LIMIT, wrap_size_limit),
69 };
70
71
72
73 /*
74 * Common transport functions
75 */
76
77 static const struct rpc_program gssp_program;
78
79 static int gssp_rpc_create(struct net *net, struct rpc_clnt **_clnt)
80 {
81 static const struct sockaddr_un gssp_localaddr = {
82 .sun_family = AF_LOCAL,
83 .sun_path = GSSPROXY_SOCK_PATHNAME,
84 };
85 struct rpc_create_args args = {
86 .net = net,
87 .protocol = XPRT_TRANSPORT_LOCAL,
88 .address = (struct sockaddr *)&gssp_localaddr,
89 .addrsize = sizeof(gssp_localaddr),
90 .servername = "localhost",
91 .program = &gssp_program,
92 .version = GSSPROXY_VERS_1,
93 .authflavor = RPC_AUTH_NULL,
94 /*
95 * Note we want connection to be done in the caller's
96 * filesystem namespace. We therefore turn off the idle
97 * timeout, which would result in reconnections being
98 * done without the correct namespace:
99 */
100 .flags = RPC_CLNT_CREATE_NOPING |
101 RPC_CLNT_CREATE_CONNECTED |
102 RPC_CLNT_CREATE_NO_IDLE_TIMEOUT
103 };
104 struct rpc_clnt *clnt;
105 int result = 0;
106
107 clnt = rpc_create(&args);
108 if (IS_ERR(clnt)) {
109 dprintk("RPC: failed to create AF_LOCAL gssproxy "
110 "client (errno %ld).\n", PTR_ERR(clnt));
111 result = PTR_ERR(clnt);
112 *_clnt = NULL;
113 goto out;
114 }
115
116 dprintk("RPC: created new gssp local client (gssp_local_clnt: "
117 "%p)\n", clnt);
118 *_clnt = clnt;
119
120 out:
121 return result;
122 }
123
124 void init_gssp_clnt(struct sunrpc_net *sn)
125 {
126 mutex_init(&sn->gssp_lock);
127 sn->gssp_clnt = NULL;
128 }
129
130 int set_gssp_clnt(struct net *net)
131 {
132 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
133 struct rpc_clnt *clnt;
134 int ret;
135
136 mutex_lock(&sn->gssp_lock);
137 ret = gssp_rpc_create(net, &clnt);
138 if (!ret) {
139 if (sn->gssp_clnt)
140 rpc_shutdown_client(sn->gssp_clnt);
141 sn->gssp_clnt = clnt;
142 }
143 mutex_unlock(&sn->gssp_lock);
144 return ret;
145 }
146
147 void clear_gssp_clnt(struct sunrpc_net *sn)
148 {
149 mutex_lock(&sn->gssp_lock);
150 if (sn->gssp_clnt) {
151 rpc_shutdown_client(sn->gssp_clnt);
152 sn->gssp_clnt = NULL;
153 }
154 mutex_unlock(&sn->gssp_lock);
155 }
156
157 static struct rpc_clnt *get_gssp_clnt(struct sunrpc_net *sn)
158 {
159 struct rpc_clnt *clnt;
160
161 mutex_lock(&sn->gssp_lock);
162 clnt = sn->gssp_clnt;
163 if (clnt)
164 refcount_inc(&clnt->cl_count);
165 mutex_unlock(&sn->gssp_lock);
166 return clnt;
167 }
168
169 static int gssp_call(struct net *net, struct rpc_message *msg)
170 {
171 struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
172 struct rpc_clnt *clnt;
173 int status;
174
175 clnt = get_gssp_clnt(sn);
176 if (!clnt)
177 return -EIO;
178 status = rpc_call_sync(clnt, msg, 0);
179 if (status < 0) {
180 dprintk("gssp: rpc_call returned error %d\n", -status);
181 switch (status) {
182 case -EPROTONOSUPPORT:
183 status = -EINVAL;
184 break;
185 case -ECONNREFUSED:
186 case -ETIMEDOUT:
187 case -ENOTCONN:
188 status = -EAGAIN;
189 break;
190 case -ERESTARTSYS:
191 if (signalled ())
192 status = -EINTR;
193 break;
194 default:
195 break;
196 }
197 }
198 rpc_release_client(clnt);
199 return status;
200 }
201
202 static void gssp_free_receive_pages(struct gssx_arg_accept_sec_context *arg)
203 {
204 unsigned int i;
205
206 for (i = 0; i < arg->npages && arg->pages[i]; i++)
207 __free_page(arg->pages[i]);
208
209 kfree(arg->pages);
210 }
211
212 static int gssp_alloc_receive_pages(struct gssx_arg_accept_sec_context *arg)
213 {
214 unsigned int i;
215
216 arg->npages = DIV_ROUND_UP(NGROUPS_MAX * 4, PAGE_SIZE);
217 arg->pages = kcalloc(arg->npages, sizeof(struct page *), GFP_KERNEL);
218 if (!arg->pages)
219 return -ENOMEM;
220 for (i = 0; i < arg->npages; i++) {
221 arg->pages[i] = alloc_page(GFP_KERNEL);
222 if (!arg->pages[i]) {
223 gssp_free_receive_pages(arg);
224 return -ENOMEM;
225 }
226 }
227 return 0;
228 }
229
230 static char *gssp_stringify(struct xdr_netobj *netobj)
231 {
232 return kmemdup_nul(netobj->data, netobj->len, GFP_KERNEL);
233 }
234
235 static void gssp_hostbased_service(char **principal)
236 {
237 char *c;
238
239 if (!*principal)
240 return;
241
242 /* terminate and remove realm part */
243 c = strchr(*principal, '@');
244 if (c) {
245 *c = '\0';
246
247 /* change service-hostname delimiter */
248 c = strchr(*principal, '/');
249 if (c)
250 *c = '@';
251 }
252 if (!c) {
253 /* not a service principal */
254 kfree(*principal);
255 *principal = NULL;
256 }
257 }
258
259 /*
260 * Public functions
261 */
262
263 /* numbers somewhat arbitrary but large enough for current needs */
264 #define GSSX_MAX_OUT_HANDLE 128
265 #define GSSX_MAX_SRC_PRINC 256
266 #define GSSX_KMEMBUF (GSSX_max_output_handle_sz + \
267 GSSX_max_oid_sz + \
268 GSSX_max_princ_sz + \
269 sizeof(struct svc_cred))
270
271 int gssp_accept_sec_context_upcall(struct net *net,
272 struct gssp_upcall_data *data)
273 {
274 struct gssx_ctx ctxh = {
275 .state = data->in_handle
276 };
277 struct gssx_arg_accept_sec_context arg = {
278 .input_token = data->in_token,
279 };
280 struct gssx_ctx rctxh = {
281 /*
282 * pass in the max length we expect for each of these
283 * buffers but let the xdr code kmalloc them:
284 */
285 .exported_context_token.len = GSSX_max_output_handle_sz,
286 .mech.len = GSS_OID_MAX_LEN,
287 .targ_name.display_name.len = GSSX_max_princ_sz,
288 .src_name.display_name.len = GSSX_max_princ_sz
289 };
290 struct gssx_res_accept_sec_context res = {
291 .context_handle = &rctxh,
292 .output_token = &data->out_token
293 };
294 struct rpc_message msg = {
295 .rpc_proc = &gssp_procedures[GSSX_ACCEPT_SEC_CONTEXT],
296 .rpc_argp = &arg,
297 .rpc_resp = &res,
298 .rpc_cred = NULL, /* FIXME ? */
299 };
300 struct xdr_netobj client_name = { 0 , NULL };
301 struct xdr_netobj target_name = { 0, NULL };
302 int ret;
303
304 if (data->in_handle.len != 0)
305 arg.context_handle = &ctxh;
306 res.output_token->len = GSSX_max_output_token_sz;
307
308 ret = gssp_alloc_receive_pages(&arg);
309 if (ret)
310 return ret;
311
312 ret = gssp_call(net, &msg);
313
314 gssp_free_receive_pages(&arg);
315
316 /* we need to fetch all data even in case of error so
317 * that we can free special strctures is they have been allocated */
318 data->major_status = res.status.major_status;
319 data->minor_status = res.status.minor_status;
320 if (res.context_handle) {
321 data->out_handle = rctxh.exported_context_token;
322 data->mech_oid.len = rctxh.mech.len;
323 if (rctxh.mech.data) {
324 memcpy(data->mech_oid.data, rctxh.mech.data,
325 data->mech_oid.len);
326 kfree(rctxh.mech.data);
327 }
328 client_name = rctxh.src_name.display_name;
329 target_name = rctxh.targ_name.display_name;
330 }
331
332 if (res.options.count == 1) {
333 gssx_buffer *value = &res.options.data[0].value;
334 /* Currently we only decode CREDS_VALUE, if we add
335 * anything else we'll have to loop and match on the
336 * option name */
337 if (value->len == 1) {
338 /* steal group info from struct svc_cred */
339 data->creds = *(struct svc_cred *)value->data;
340 data->found_creds = 1;
341 }
342 /* whether we use it or not, free data */
343 kfree(value->data);
344 }
345
346 if (res.options.count != 0) {
347 kfree(res.options.data);
348 }
349
350 /* convert to GSS_NT_HOSTBASED_SERVICE form and set into creds */
351 if (data->found_creds) {
352 if (client_name.data) {
353 data->creds.cr_raw_principal =
354 gssp_stringify(&client_name);
355 data->creds.cr_principal =
356 gssp_stringify(&client_name);
357 gssp_hostbased_service(&data->creds.cr_principal);
358 }
359 if (target_name.data) {
360 data->creds.cr_targ_princ =
361 gssp_stringify(&target_name);
362 gssp_hostbased_service(&data->creds.cr_targ_princ);
363 }
364 }
365 kfree(client_name.data);
366 kfree(target_name.data);
367
368 return ret;
369 }
370
371 void gssp_free_upcall_data(struct gssp_upcall_data *data)
372 {
373 kfree(data->in_handle.data);
374 kfree(data->out_handle.data);
375 kfree(data->out_token.data);
376 free_svc_cred(&data->creds);
377 }
378
379 /*
380 * Initialization stuff
381 */
382 static unsigned int gssp_version1_counts[ARRAY_SIZE(gssp_procedures)];
383 static const struct rpc_version gssp_version1 = {
384 .number = GSSPROXY_VERS_1,
385 .nrprocs = ARRAY_SIZE(gssp_procedures),
386 .procs = gssp_procedures,
387 .counts = gssp_version1_counts,
388 };
389
390 static const struct rpc_version *gssp_version[] = {
391 NULL,
392 &gssp_version1,
393 };
394
395 static struct rpc_stat gssp_stats;
396
397 static const struct rpc_program gssp_program = {
398 .name = "gssproxy",
399 .number = GSSPROXY_PROGRAM,
400 .nrvers = ARRAY_SIZE(gssp_version),
401 .version = gssp_version,
402 .stats = &gssp_stats,
403 };
Kernel DRM miscellaneous fixes and cross-tree changes