2 * linux/net/sunrpc/gss_mech_switch.c
4 * Copyright (c) 2001 The Regents of the University of Michigan.
7 * J. Bruce Fields <bfields@umich.edu>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25 * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
29 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 #include <linux/types.h>
37 #include <linux/slab.h>
38 #include <linux/module.h>
39 #include <linux/sunrpc/msg_prot.h>
40 #include <linux/sunrpc/gss_asn1.h>
41 #include <linux/sunrpc/auth_gss.h>
42 #include <linux/sunrpc/svcauth_gss.h>
43 #include <linux/sunrpc/gss_err.h>
44 #include <linux/sunrpc/sched.h>
45 #include <linux/sunrpc/gss_api.h>
46 #include <linux/sunrpc/clnt.h>
49 # define RPCDBG_FACILITY RPCDBG_AUTH
52 static LIST_HEAD(registered_mechs
);
53 static DEFINE_SPINLOCK(registered_mechs_lock
);
56 gss_mech_free(struct gss_api_mech
*gm
)
61 for (i
= 0; i
< gm
->gm_pf_num
; i
++) {
63 kfree(pf
->auth_domain_name
);
64 pf
->auth_domain_name
= NULL
;
69 make_auth_domain_name(char *name
)
71 static char *prefix
= "gss/";
74 new = kmalloc(strlen(name
) + strlen(prefix
) + 1, GFP_KERNEL
);
83 gss_mech_svc_setup(struct gss_api_mech
*gm
)
88 for (i
= 0; i
< gm
->gm_pf_num
; i
++) {
90 pf
->auth_domain_name
= make_auth_domain_name(pf
->name
);
92 if (pf
->auth_domain_name
== NULL
)
94 status
= svcauth_gss_register_pseudoflavor(pf
->pseudoflavor
,
95 pf
->auth_domain_name
);
106 gss_mech_register(struct gss_api_mech
*gm
)
110 status
= gss_mech_svc_setup(gm
);
113 spin_lock(®istered_mechs_lock
);
114 list_add(&gm
->gm_list
, ®istered_mechs
);
115 spin_unlock(®istered_mechs_lock
);
116 dprintk("RPC: registered gss mechanism %s\n", gm
->gm_name
);
120 EXPORT_SYMBOL_GPL(gss_mech_register
);
123 gss_mech_unregister(struct gss_api_mech
*gm
)
125 spin_lock(®istered_mechs_lock
);
126 list_del(&gm
->gm_list
);
127 spin_unlock(®istered_mechs_lock
);
128 dprintk("RPC: unregistered gss mechanism %s\n", gm
->gm_name
);
132 EXPORT_SYMBOL_GPL(gss_mech_unregister
);
134 struct gss_api_mech
*
135 gss_mech_get(struct gss_api_mech
*gm
)
137 __module_get(gm
->gm_owner
);
141 EXPORT_SYMBOL_GPL(gss_mech_get
);
143 struct gss_api_mech
*
144 gss_mech_get_by_name(const char *name
)
146 struct gss_api_mech
*pos
, *gm
= NULL
;
148 spin_lock(®istered_mechs_lock
);
149 list_for_each_entry(pos
, ®istered_mechs
, gm_list
) {
150 if (0 == strcmp(name
, pos
->gm_name
)) {
151 if (try_module_get(pos
->gm_owner
))
156 spin_unlock(®istered_mechs_lock
);
161 EXPORT_SYMBOL_GPL(gss_mech_get_by_name
);
164 mech_supports_pseudoflavor(struct gss_api_mech
*gm
, u32 pseudoflavor
)
168 for (i
= 0; i
< gm
->gm_pf_num
; i
++) {
169 if (gm
->gm_pfs
[i
].pseudoflavor
== pseudoflavor
)
175 struct gss_api_mech
*
176 gss_mech_get_by_pseudoflavor(u32 pseudoflavor
)
178 struct gss_api_mech
*pos
, *gm
= NULL
;
180 spin_lock(®istered_mechs_lock
);
181 list_for_each_entry(pos
, ®istered_mechs
, gm_list
) {
182 if (!mech_supports_pseudoflavor(pos
, pseudoflavor
)) {
183 module_put(pos
->gm_owner
);
186 if (try_module_get(pos
->gm_owner
))
190 spin_unlock(®istered_mechs_lock
);
194 EXPORT_SYMBOL_GPL(gss_mech_get_by_pseudoflavor
);
197 gss_svc_to_pseudoflavor(struct gss_api_mech
*gm
, u32 service
)
201 for (i
= 0; i
< gm
->gm_pf_num
; i
++) {
202 if (gm
->gm_pfs
[i
].service
== service
) {
203 return gm
->gm_pfs
[i
].pseudoflavor
;
206 return RPC_AUTH_MAXFLAVOR
; /* illegal value */
208 EXPORT_SYMBOL_GPL(gss_svc_to_pseudoflavor
);
211 gss_pseudoflavor_to_service(struct gss_api_mech
*gm
, u32 pseudoflavor
)
215 for (i
= 0; i
< gm
->gm_pf_num
; i
++) {
216 if (gm
->gm_pfs
[i
].pseudoflavor
== pseudoflavor
)
217 return gm
->gm_pfs
[i
].service
;
222 EXPORT_SYMBOL_GPL(gss_pseudoflavor_to_service
);
225 gss_service_to_auth_domain_name(struct gss_api_mech
*gm
, u32 service
)
229 for (i
= 0; i
< gm
->gm_pf_num
; i
++) {
230 if (gm
->gm_pfs
[i
].service
== service
)
231 return gm
->gm_pfs
[i
].auth_domain_name
;
236 EXPORT_SYMBOL_GPL(gss_service_to_auth_domain_name
);
239 gss_mech_put(struct gss_api_mech
* gm
)
242 module_put(gm
->gm_owner
);
245 EXPORT_SYMBOL_GPL(gss_mech_put
);
247 /* The mech could probably be determined from the token instead, but it's just
248 * as easy for now to pass it in. */
250 gss_import_sec_context(const void *input_token
, size_t bufsize
,
251 struct gss_api_mech
*mech
,
252 struct gss_ctx
**ctx_id
,
255 if (!(*ctx_id
= kzalloc(sizeof(**ctx_id
), gfp_mask
)))
257 (*ctx_id
)->mech_type
= gss_mech_get(mech
);
260 ->gss_import_sec_context(input_token
, bufsize
, *ctx_id
, gfp_mask
);
263 /* gss_get_mic: compute a mic over message and return mic_token. */
266 gss_get_mic(struct gss_ctx
*context_handle
,
267 struct xdr_buf
*message
,
268 struct xdr_netobj
*mic_token
)
270 return context_handle
->mech_type
->gm_ops
271 ->gss_get_mic(context_handle
,
276 /* gss_verify_mic: check whether the provided mic_token verifies message. */
279 gss_verify_mic(struct gss_ctx
*context_handle
,
280 struct xdr_buf
*message
,
281 struct xdr_netobj
*mic_token
)
283 return context_handle
->mech_type
->gm_ops
284 ->gss_verify_mic(context_handle
,
290 * This function is called from both the client and server code.
291 * Each makes guarantees about how much "slack" space is available
292 * for the underlying function in "buf"'s head and tail while
293 * performing the wrap.
295 * The client and server code allocate RPC_MAX_AUTH_SIZE extra
296 * space in both the head and tail which is available for use by
299 * Underlying functions should verify they do not use more than
300 * RPC_MAX_AUTH_SIZE of extra space in either the head or tail
301 * when performing the wrap.
304 gss_wrap(struct gss_ctx
*ctx_id
,
307 struct page
**inpages
)
309 return ctx_id
->mech_type
->gm_ops
310 ->gss_wrap(ctx_id
, offset
, buf
, inpages
);
314 gss_unwrap(struct gss_ctx
*ctx_id
,
318 return ctx_id
->mech_type
->gm_ops
319 ->gss_unwrap(ctx_id
, offset
, buf
);
323 /* gss_delete_sec_context: free all resources associated with context_handle.
324 * Note this differs from the RFC 2744-specified prototype in that we don't
325 * bother returning an output token, since it would never be used anyway. */
328 gss_delete_sec_context(struct gss_ctx
**context_handle
)
330 dprintk("RPC: gss_delete_sec_context deleting %p\n",
333 if (!*context_handle
)
334 return(GSS_S_NO_CONTEXT
);
335 if ((*context_handle
)->internal_ctx_id
)
336 (*context_handle
)->mech_type
->gm_ops
337 ->gss_delete_sec_context((*context_handle
)
339 gss_mech_put((*context_handle
)->mech_type
);
340 kfree(*context_handle
);
341 *context_handle
=NULL
;
342 return GSS_S_COMPLETE
;