Merge branch 'genirq' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux...

[linux-2.6] / net / sunrpc / auth_gss / auth_gss.c

diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index debcda86467c00698ce5e1a0e564f014e6e80f10..cc12d5f5d5da57e61db43d1d11bf6e2498432970 100644 (file)
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -57,6 +57,7 @@
 static const struct rpc_authops authgss_ops;
 
 static const struct rpc_credops gss_credops;
+static const struct rpc_credops gss_nullops;
 
 #ifdef RPC_DEBUG
 # define RPCDBG_FACILITY       RPCDBG_AUTH
@@ -79,6 +80,7 @@ static const struct rpc_credops gss_credops;
 #define isprint(c)      ((c > 0x1f) && (c < 0x7f))
 
 struct gss_auth {
+       struct kref kref;
        struct rpc_auth rpc_auth;
        struct gss_api_mech *mech;
        enum rpc_gss_svc service;
@@ -112,27 +114,14 @@ static void
 gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
 {
        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
-       struct gss_cl_ctx *old;
 
-       old = gss_cred->gc_ctx;
+       if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
+               return;
+       gss_get_ctx(ctx);
        rcu_assign_pointer(gss_cred->gc_ctx, ctx);
        set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
+       smp_mb__before_clear_bit();
        clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
-       if (old)
-               gss_put_ctx(old);
-}
-
-static int
-gss_cred_is_uptodate_ctx(struct rpc_cred *cred)
-{
-       struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
-       int res = 0;
-
-       rcu_read_lock();
-       if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) && gss_cred->gc_ctx)
-               res = 1;
-       rcu_read_unlock();
-       return res;
 }
 
 static const void *
@@ -264,6 +253,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg)
        BUG_ON(!list_empty(&gss_msg->list));
        if (gss_msg->ctx != NULL)
                gss_put_ctx(gss_msg->ctx);
+       rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue);
        kfree(gss_msg);
 }
 
@@ -337,7 +327,7 @@ gss_upcall_callback(struct rpc_task *task)
 
        spin_lock(&inode->i_lock);
        if (gss_msg->ctx)
-               gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_get_ctx(gss_msg->ctx));
+               gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
        else
                task->tk_status = gss_msg->msg.errno;
        gss_cred->gc_upcall = NULL;
@@ -368,9 +358,16 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid)
 static struct gss_upcall_msg *
 gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cred *cred)
 {
+       struct gss_cred *gss_cred = container_of(cred,
+                       struct gss_cred, gc_base);
        struct gss_upcall_msg *gss_new, *gss_msg;
+       uid_t uid = cred->cr_uid;
+
+       /* Special case: rpc.gssd assumes that uid == 0 implies machine creds */
+       if (gss_cred->gc_machine_cred != 0)
+               uid = 0;
 
-       gss_new = gss_alloc_msg(gss_auth, cred->cr_uid);
+       gss_new = gss_alloc_msg(gss_auth, uid);
        if (gss_new == NULL)
                return ERR_PTR(-ENOMEM);
        gss_msg = gss_add_msg(gss_auth, gss_new);
@@ -406,13 +403,17 @@ gss_refresh_upcall(struct rpc_task *task)
        }
        spin_lock(&inode->i_lock);
        if (gss_cred->gc_upcall != NULL)
-               rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL, NULL);
-       else if (gss_msg->ctx == NULL && gss_msg->msg.errno >= 0) {
+               rpc_sleep_on(&gss_cred->gc_upcall->rpc_waitqueue, task, NULL);
+       else if (gss_msg->ctx != NULL) {
+               gss_cred_set_ctx(task->tk_msg.rpc_cred, gss_msg->ctx);
+               gss_cred->gc_upcall = NULL;
+               rpc_wake_up_status(&gss_msg->rpc_waitqueue, gss_msg->msg.errno);
+       } else if (gss_msg->msg.errno >= 0) {
                task->tk_timeout = 0;
                gss_cred->gc_upcall = gss_msg;
                /* gss_upcall_callback will release the reference to gss_upcall_msg */
                atomic_inc(&gss_msg->count);
-               rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback, NULL);
+               rpc_sleep_on(&gss_msg->rpc_waitqueue, task, gss_upcall_callback);
        } else
                err = gss_msg->msg.errno;
        spin_unlock(&inode->i_lock);
@@ -452,7 +453,7 @@ gss_create_upcall(struct gss_auth *gss_auth, struct gss_cred *gss_cred)
                schedule();
        }
        if (gss_msg->ctx)
-               gss_cred_set_ctx(cred, gss_get_ctx(gss_msg->ctx));
+               gss_cred_set_ctx(cred, gss_msg->ctx);
        else
                err = gss_msg->msg.errno;
        spin_unlock(&inode->i_lock);
@@ -470,16 +471,15 @@ gss_pipe_upcall(struct file *filp, struct rpc_pipe_msg *msg,
                char __user *dst, size_t buflen)
 {
        char *data = (char *)msg->data + msg->copied;
-       ssize_t mlen = msg->len;
-       ssize_t left;
+       size_t mlen = min(msg->len, buflen);
+       unsigned long left;
 
-       if (mlen > buflen)
-               mlen = buflen;
        left = copy_to_user(dst, data, mlen);
-       if (left < 0) {
-               msg->errno = left;
-               return left;
+       if (left == mlen) {
+               msg->errno = -EFAULT;
+               return -EFAULT;
        }
+
        mlen -= left;
        msg->copied += mlen;
        msg->errno = 0;
@@ -538,7 +538,7 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
        p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
        if (IS_ERR(p)) {
                err = PTR_ERR(p);
-               gss_msg->msg.errno = (err == -EACCES) ? -EACCES : -EAGAIN;
+               gss_msg->msg.errno = (err == -EAGAIN) ? -EAGAIN : -EACCES;
                goto err_release_msg;
        }
        gss_msg->ctx = gss_get_ctx(ctx);
@@ -623,8 +623,8 @@ gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
        err = -EINVAL;
        gss_auth->mech = gss_mech_get_by_pseudoflavor(flavor);
        if (!gss_auth->mech) {
-               printk(KERN_WARNING "%s: Pseudoflavor %d not found!",
-                               __FUNCTION__, flavor);
+               printk(KERN_WARNING "%s: Pseudoflavor %d not found!\n",
+                               __func__, flavor);
                goto err_free;
        }
        gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
@@ -636,6 +636,7 @@ gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
        auth->au_ops = &authgss_ops;
        auth->au_flavor = flavor;
        atomic_set(&auth->au_count, 1);
+       kref_init(&gss_auth->kref);
 
        gss_auth->dentry = rpc_mkpipe(clnt->cl_dentry, gss_auth->mech->gm_name,
                        clnt, &gss_upcall_ops, RPC_PIPE_WAIT_FOR_OPEN);
@@ -660,6 +661,25 @@ out_dec:
        return ERR_PTR(err);
 }
 
+static void
+gss_free(struct gss_auth *gss_auth)
+{
+       rpc_unlink(gss_auth->dentry);
+       gss_auth->dentry = NULL;
+       gss_mech_put(gss_auth->mech);
+
+       kfree(gss_auth);
+       module_put(THIS_MODULE);
+}
+
+static void
+gss_free_callback(struct kref *kref)
+{
+       struct gss_auth *gss_auth = container_of(kref, struct gss_auth, kref);
+
+       gss_free(gss_auth);
+}
+
 static void
 gss_destroy(struct rpc_auth *auth)
 {
@@ -671,15 +691,42 @@ gss_destroy(struct rpc_auth *auth)
        rpcauth_destroy_credcache(auth);
 
        gss_auth = container_of(auth, struct gss_auth, rpc_auth);
-       rpc_unlink(gss_auth->dentry);
-       gss_auth->dentry = NULL;
-       gss_mech_put(gss_auth->mech);
+       kref_put(&gss_auth->kref, gss_free_callback);
+}
 
-       kfree(gss_auth);
-       module_put(THIS_MODULE);
+/*
+ * gss_destroying_context will cause the RPCSEC_GSS to send a NULL RPC call
+ * to the server with the GSS control procedure field set to
+ * RPC_GSS_PROC_DESTROY. This should normally cause the server to release
+ * all RPCSEC_GSS state associated with that context.
+ */
+static int
+gss_destroying_context(struct rpc_cred *cred)
+{
+       struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
+       struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
+       struct rpc_task *task;
+
+       if (gss_cred->gc_ctx == NULL ||
+           test_and_clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
+               return 0;
+
+       gss_cred->gc_ctx->gc_proc = RPC_GSS_PROC_DESTROY;
+       cred->cr_ops = &gss_nullops;
+
+       /* Take a reference to ensure the cred will be destroyed either
+        * by the RPC call or by the put_rpccred() below */
+       get_rpccred(cred);
+
+       task = rpc_call_null(gss_auth->client, cred, RPC_TASK_ASYNC|RPC_TASK_SOFT);
+       if (!IS_ERR(task))
+               rpc_put_task(task);
+
+       put_rpccred(cred);
+       return 1;
 }
 
-/* gss_destroy_cred (and gss_destroy_ctx) are used to clean up after failure
+/* gss_destroy_cred (and gss_free_ctx) are used to clean up after failure
  * to create a new cred or context, so they check that things have been
  * allocated before freeing them. */
 static void
@@ -687,9 +734,6 @@ gss_do_free_ctx(struct gss_cl_ctx *ctx)
 {
        dprintk("RPC:       gss_free_ctx\n");
 
-       if (ctx->gc_gss_ctx)
-               gss_delete_sec_context(&ctx->gc_gss_ctx);
-
        kfree(ctx->gc_wire_ctx.data);
        kfree(ctx);
 }
@@ -704,7 +748,13 @@ gss_free_ctx_callback(struct rcu_head *head)
 static void
 gss_free_ctx(struct gss_cl_ctx *ctx)
 {
+       struct gss_ctx *gc_gss_ctx;
+
+       gc_gss_ctx = rcu_dereference(ctx->gc_gss_ctx);
+       rcu_assign_pointer(ctx->gc_gss_ctx, NULL);
        call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
+       if (gc_gss_ctx)
+               gss_delete_sec_context(&gc_gss_ctx);
 }
 
 static void
@@ -725,12 +775,16 @@ static void
 gss_destroy_cred(struct rpc_cred *cred)
 {
        struct gss_cred *gss_cred = container_of(cred, struct gss_cred, gc_base);
+       struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth, rpc_auth);
        struct gss_cl_ctx *ctx = gss_cred->gc_ctx;
 
+       if (gss_destroying_context(cred))
+               return;
        rcu_assign_pointer(gss_cred->gc_ctx, NULL);
        call_rcu(&cred->cr_rcu, gss_free_cred_callback);
        if (ctx)
                gss_put_ctx(ctx);
+       kref_put(&gss_auth->kref, gss_free_callback);
 }
 
 /*
@@ -762,6 +816,8 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
         */
        cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
        cred->gc_service = gss_auth->service;
+       cred->gc_machine_cred = acred->machine_cred;
+       kref_get(&gss_auth->kref);
        return &cred->gc_base;
 
 out_err:
@@ -787,17 +843,16 @@ gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
 {
        struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
 
-       /*
-        * If the searchflags have set RPCAUTH_LOOKUP_NEW, then
-        * we don't really care if the credential has expired or not,
-        * since the caller should be prepared to reinitialise it.
-        */
-       if ((flags & RPCAUTH_LOOKUP_NEW) && test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
+       if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
                goto out;
        /* Don't match with creds that have expired. */
-       if (gss_cred->gc_ctx && time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
+       if (time_after(jiffies, gss_cred->gc_ctx->gc_expiry))
+               return 0;
+       if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
                return 0;
 out:
+       if (acred->machine_cred != gss_cred->gc_machine_cred)
+               return 0;
        return (rc->cr_uid == acred->uid);
 }
 
@@ -861,16 +916,55 @@ out_put_ctx:
        return NULL;
 }
 
+static int gss_renew_cred(struct rpc_task *task)
+{
+       struct rpc_cred *oldcred = task->tk_msg.rpc_cred;
+       struct gss_cred *gss_cred = container_of(oldcred,
+                                                struct gss_cred,
+                                                gc_base);
+       struct rpc_auth *auth = oldcred->cr_auth;
+       struct auth_cred acred = {
+               .uid = oldcred->cr_uid,
+               .machine_cred = gss_cred->gc_machine_cred,
+       };
+       struct rpc_cred *new;
+
+       new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
+       if (IS_ERR(new))
+               return PTR_ERR(new);
+       task->tk_msg.rpc_cred = new;
+       put_rpccred(oldcred);
+       return 0;
+}
+
 /*
 * Refresh credentials. XXX - finish
 */
 static int
 gss_refresh(struct rpc_task *task)
 {
+       struct rpc_cred *cred = task->tk_msg.rpc_cred;
+       int ret = 0;
+
+       if (!test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags) &&
+                       !test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags)) {
+               ret = gss_renew_cred(task);
+               if (ret < 0)
+                       goto out;
+               cred = task->tk_msg.rpc_cred;
+       }
 
-       if (!gss_cred_is_uptodate_ctx(task->tk_msg.rpc_cred))
-               return gss_refresh_upcall(task);
-       return 0;
+       if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
+               ret = gss_refresh_upcall(task);
+out:
+       return ret;
+}
+
+/* Dummy refresh routine: used only when destroying the context */
+static int
+gss_refresh_null(struct rpc_task *task)
+{
+       return -EACCES;
 }
 
 static __be32 *
@@ -902,8 +996,11 @@ gss_validate(struct rpc_task *task, __be32 *p)
        maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
        if (maj_stat == GSS_S_CONTEXT_EXPIRED)
                clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
-       if (maj_stat)
+       if (maj_stat) {
+               dprintk("RPC: %5u gss_validate: gss_verify_mic returned "
+                               "error 0x%08x\n", task->tk_pid, maj_stat);
                goto out_bad;
+       }
        /* We leave it to unwrap to calculate au_rslack. For now we just
         * calculate the length of the verifier: */
        cred->cr_auth->au_verfsize = XDR_QUADLEN(len) + 2;
@@ -935,7 +1032,7 @@ gss_wrap_req_integ(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
        offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
        *p++ = htonl(rqstp->rq_seqno);
 
-       status = encode(rqstp, p, obj);
+       status = rpc_call_xdrproc(encode, rqstp, p, obj);
        if (status)
                return status;
 
@@ -1029,7 +1126,7 @@ gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
        offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
        *p++ = htonl(rqstp->rq_seqno);
 
-       status = encode(rqstp, p, obj);
+       status = rpc_call_xdrproc(encode, rqstp, p, obj);
        if (status)
                return status;
 
@@ -1088,12 +1185,12 @@ gss_wrap_req(struct rpc_task *task,
                /* The spec seems a little ambiguous here, but I think that not
                 * wrapping context destruction requests makes the most sense.
                 */
-               status = encode(rqstp, p, obj);
+               status = rpc_call_xdrproc(encode, rqstp, p, obj);
                goto out;
        }
        switch (gss_cred->gc_service) {
                case RPC_GSS_SVC_NONE:
-                       status = encode(rqstp, p, obj);
+                       status = rpc_call_xdrproc(encode, rqstp, p, obj);
                        break;
                case RPC_GSS_SVC_INTEGRITY:
                        status = gss_wrap_req_integ(cred, ctx, encode,
@@ -1209,7 +1306,7 @@ gss_unwrap_resp(struct rpc_task *task,
        cred->cr_auth->au_rslack = cred->cr_auth->au_verfsize + (p - savedp)
                                                + (savedlen - head->iov_len);
 out_decode:
-       status = decode(rqstp, p, obj);
+       status = rpc_call_xdrproc(decode, rqstp, p, obj);
 out:
        gss_put_ctx(ctx);
        dprintk("RPC: %5u gss_unwrap_resp returning %d\n", task->tk_pid,
@@ -1220,9 +1317,7 @@ out:
 static const struct rpc_authops authgss_ops = {
        .owner          = THIS_MODULE,
        .au_flavor      = RPC_AUTH_GSS,
-#ifdef RPC_DEBUG
        .au_name        = "RPCSEC_GSS",
-#endif
        .create         = gss_create,
        .destroy        = gss_destroy,
        .lookup_cred    = gss_lookup_cred,
@@ -1233,6 +1328,7 @@ static const struct rpc_credops gss_credops = {
        .cr_name        = "AUTH_GSS",
        .crdestroy      = gss_destroy_cred,
        .cr_init        = gss_cred_init,
+       .crbind         = rpcauth_generic_bind_cred,
        .crmatch        = gss_match,
        .crmarshal      = gss_marshal,
        .crrefresh      = gss_refresh,
@@ -1241,6 +1337,18 @@ static const struct rpc_credops gss_credops = {
        .crunwrap_resp  = gss_unwrap_resp,
 };
 
+static const struct rpc_credops gss_nullops = {
+       .cr_name        = "AUTH_GSS",
+       .crdestroy      = gss_destroy_cred,
+       .crbind         = rpcauth_generic_bind_cred,
+       .crmatch        = gss_match,
+       .crmarshal      = gss_marshal,
+       .crrefresh      = gss_refresh_null,
+       .crvalidate     = gss_validate,
+       .crwrap_req     = gss_wrap_req,
+       .crunwrap_resp  = gss_unwrap_resp,
+};
+
 static struct rpc_pipe_ops gss_upcall_ops = {
        .upcall         = gss_pipe_upcall,
        .downcall       = gss_pipe_downcall,