Print this page
6141 use kmem_zalloc instead of kmem_alloc + bzero/memset
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/rpc/sec_gss/svc_rpcsec_gss.c
+++ new/usr/src/uts/common/rpc/sec_gss/svc_rpcsec_gss.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 * Copyright 2012 Milan Jurik. All rights reserved.
24 24 */
25 25
26 26 /*
27 27 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
28 28 *
29 29 * $Id: svc_auth_gssapi.c,v 1.19 1994/10/27 12:38:51 jik Exp $
30 30 */
31 31
32 32 /*
33 33 * Server side handling of RPCSEC_GSS flavor.
34 34 */
35 35
36 36 #include <sys/systm.h>
37 37 #include <sys/kstat.h>
38 38 #include <sys/cmn_err.h>
39 39 #include <sys/debug.h>
40 40 #include <sys/types.h>
41 41 #include <sys/time.h>
42 42 #include <gssapi/gssapi.h>
43 43 #include <gssapi/gssapi_ext.h>
44 44 #include <rpc/rpc.h>
45 45 #include <rpc/rpcsec_defs.h>
46 46 #include <sys/sunddi.h>
47 47 #include <sys/atomic.h>
48 48
49 49 extern bool_t __rpc_gss_make_principal(rpc_gss_principal_t *, gss_buffer_t);
50 50
51 51 #ifdef DEBUG
52 52 extern void prom_printf(const char *, ...);
53 53 #endif
54 54
55 55 #ifdef _KERNEL
56 56 #define memcmp(a, b, l) bcmp((a), (b), (l))
57 57 #endif
58 58
59 59
60 60 /*
61 61 * Sequence window definitions.
62 62 */
63 63 #define SEQ_ARR_SIZE 4
64 64 #define SEQ_WIN (SEQ_ARR_SIZE*32)
65 65 #define SEQ_HI_BIT 0x80000000
66 66 #define SEQ_LO_BIT 1
67 67 #define DIV_BY_32 5
68 68 #define SEQ_MASK 0x1f
69 69 #define SEQ_MAX ((unsigned int)0x80000000)
70 70
71 71
72 72 /* cache retransmit data */
73 73 typedef struct _retrans_entry {
74 74 uint32_t xid;
75 75 rpc_gss_init_res result;
76 76 } retrans_entry;
77 77
78 78 /*
79 79 * Server side RPCSEC_GSS context information.
80 80 */
81 81 typedef struct _svc_rpc_gss_data {
82 82 struct _svc_rpc_gss_data *next, *prev;
83 83 struct _svc_rpc_gss_data *lru_next, *lru_prev;
84 84 bool_t established;
85 85 gss_ctx_id_t context;
86 86 gss_buffer_desc client_name;
87 87 time_t expiration;
88 88 uint_t seq_num;
89 89 uint_t seq_bits[SEQ_ARR_SIZE];
90 90 uint_t key;
91 91 OM_uint32 qop;
92 92 bool_t done_docallback;
93 93 bool_t locked;
94 94 rpc_gss_rawcred_t raw_cred;
95 95 rpc_gss_ucred_t u_cred;
96 96 time_t u_cred_set;
97 97 void *cookie;
98 98 gss_cred_id_t deleg;
99 99 kmutex_t clm;
100 100 int ref_cnt;
101 101 time_t last_ref_time;
102 102 bool_t stale;
103 103 retrans_entry *retrans_data;
104 104 } svc_rpc_gss_data;
105 105
106 106 /*
107 107 * Data structures used for LRU based context management.
108 108 */
109 109
110 110
111 111 #define HASH(key) ((key) % svc_rpc_gss_hashmod)
112 112 /* Size of hash table for svc_rpc_gss_data structures */
113 113 #define GSS_DATA_HASH_SIZE 1024
114 114
115 115 /*
116 116 * The following two defines specify a time delta that is used in
117 117 * sweep_clients. When the last_ref_time of a context is older than
118 118 * than the current time minus the delta, i.e, the context has not
119 119 * been referenced in the last delta seconds, we will return the
120 120 * context back to the cache if the ref_cnt is zero. The first delta
121 121 * value will be used when sweep_clients is called from
122 122 * svc_data_reclaim, the kmem_cache reclaim call back. We will reclaim
123 123 * all entries except those that are currently "active". By active we
124 124 * mean those that have been referenced in the last ACTIVE_DELTA
125 125 * seconds. If sweep_client is not being called from reclaim, then we
126 126 * will reclaim all entries that are "inactive". By inactive we mean
127 127 * those entries that have not been accessed in INACTIVE_DELTA
128 128 * seconds. Note we always assume that ACTIVE_DELTA is less than
129 129 * INACTIVE_DELTA, so that reaping entries from a reclaim operation
130 130 * will necessarily imply reaping all "inactive" entries and then
131 131 * some.
132 132 */
133 133
134 134 /*
135 135 * If low on memory reap cache entries that have not been active for
136 136 * ACTIVE_DELTA seconds and have a ref_cnt equal to zero.
137 137 */
138 138 #define ACTIVE_DELTA 30*60 /* 30 minutes */
139 139
140 140 /*
141 141 * If in sweeping contexts we find contexts with a ref_cnt equal to zero
142 142 * and the context has not been referenced in INACTIVE_DELTA seconds, return
143 143 * the entry to the cache.
144 144 */
145 145 #define INACTIVE_DELTA 8*60*60 /* 8 hours */
146 146
147 147 int svc_rpc_gss_hashmod = GSS_DATA_HASH_SIZE;
148 148 static svc_rpc_gss_data **clients;
149 149 static svc_rpc_gss_data *lru_first, *lru_last;
150 150 static time_t sweep_interval = 60*60;
151 151 static time_t last_swept = 0;
152 152 static int num_gss_contexts = 0;
153 153 static time_t svc_rpcgss_gid_timeout = 60*60*12;
154 154 static kmem_cache_t *svc_data_handle;
155 155 static time_t svc_rpc_gss_active_delta = ACTIVE_DELTA;
156 156 static time_t svc_rpc_gss_inactive_delta = INACTIVE_DELTA;
157 157
158 158 /*
159 159 * lock used with context/lru variables
160 160 */
161 161 static kmutex_t ctx_mutex;
162 162
163 163 /*
164 164 * Data structure to contain cache statistics
165 165 */
166 166
167 167 static struct {
168 168 int64_t total_entries_allocated;
169 169 int64_t no_reclaims;
170 170 int64_t no_returned_by_reclaim;
171 171 } svc_rpc_gss_cache_stats;
172 172
173 173
174 174 /*
175 175 * lock used with server credential variables list
176 176 *
177 177 * server cred list locking guidelines:
178 178 * - Writer's lock holder has exclusive access to the list
179 179 */
180 180 static krwlock_t cred_lock;
181 181
182 182 /*
183 183 * server callback list
184 184 */
185 185 typedef struct rpc_gss_cblist_s {
186 186 struct rpc_gss_cblist_s *next;
187 187 rpc_gss_callback_t cb;
188 188 } rpc_gss_cblist_t;
189 189
190 190 static rpc_gss_cblist_t *rpc_gss_cblist = NULL;
191 191
192 192 /*
193 193 * lock used with callback variables
194 194 */
195 195 static kmutex_t cb_mutex;
196 196
197 197 /*
198 198 * forward declarations
199 199 */
200 200 static bool_t svc_rpc_gss_wrap();
201 201 static bool_t svc_rpc_gss_unwrap();
202 202 static svc_rpc_gss_data *create_client();
203 203 static svc_rpc_gss_data *get_client();
204 204 static svc_rpc_gss_data *find_client();
205 205 static void destroy_client();
206 206 static void sweep_clients(bool_t);
207 207 static void insert_client();
208 208 static bool_t check_verf(struct rpc_msg *, gss_ctx_id_t,
209 209 int *, uid_t);
210 210 static bool_t set_response_verf();
211 211 static void retrans_add(svc_rpc_gss_data *, uint32_t,
212 212 rpc_gss_init_res *);
213 213 static void retrans_del(svc_rpc_gss_data *);
214 214 static bool_t transfer_sec_context(svc_rpc_gss_data *);
215 215 static void common_client_data_free(svc_rpc_gss_data *);
216 216
217 217 /*
218 218 * server side wrap/unwrap routines
219 219 */
220 220 struct svc_auth_ops svc_rpc_gss_ops = {
221 221 svc_rpc_gss_wrap,
222 222 svc_rpc_gss_unwrap,
223 223 };
224 224
225 225 /* taskq(9F) */
226 226 typedef struct svcrpcsec_gss_taskq_arg {
227 227 SVCXPRT *rq_xprt;
228 228 rpc_gss_init_arg *rpc_call_arg;
229 229 struct rpc_msg *msg;
230 230 svc_rpc_gss_data *client_data;
231 231 uint_t cr_version;
232 232 rpc_gss_service_t cr_service;
233 233 } svcrpcsec_gss_taskq_arg_t;
234 234
235 235 /* gssd is single threaded, so 1 thread for the taskq is probably good/ok */
236 236 int rpcsec_gss_init_taskq_nthreads = 1;
237 237 static ddi_taskq_t *svcrpcsec_gss_init_taskq = NULL;
238 238
239 239 extern struct rpc_msg *rpc_msg_dup(struct rpc_msg *);
240 240 extern void rpc_msg_free(struct rpc_msg **, int);
241 241
242 242 /*
243 243 * from svc_clts.c:
244 244 * Transport private data.
245 245 * Kept in xprt->xp_p2buf.
246 246 */
247 247 struct udp_data {
248 248 mblk_t *ud_resp; /* buffer for response */
249 249 mblk_t *ud_inmp; /* mblk chain of request */
250 250 };
251 251
252 252 /*ARGSUSED*/
253 253 static int
254 254 svc_gss_data_create(void *buf, void *pdata, int kmflag)
255 255 {
256 256 svc_rpc_gss_data *client_data = (svc_rpc_gss_data *)buf;
257 257
258 258 mutex_init(&client_data->clm, NULL, MUTEX_DEFAULT, NULL);
259 259
260 260 return (0);
261 261 }
262 262
263 263 /*ARGSUSED*/
264 264 static void
265 265 svc_gss_data_destroy(void *buf, void *pdata)
266 266 {
267 267 svc_rpc_gss_data *client_data = (svc_rpc_gss_data *)buf;
268 268
269 269 mutex_destroy(&client_data->clm);
270 270 }
271 271
272 272
273 273 /*ARGSUSED*/
274 274 static void
275 275 svc_gss_data_reclaim(void *pdata)
276 276 {
277 277 mutex_enter(&ctx_mutex);
278 278
279 279 svc_rpc_gss_cache_stats.no_reclaims++;
280 280 sweep_clients(TRUE);
281 281
282 282 mutex_exit(&ctx_mutex);
283 283 }
284 284
285 285 /*
286 286 * Init stuff on the server side.
287 287 */
288 288 void
289 289 svc_gss_init()
290 290 {
291 291 mutex_init(&cb_mutex, NULL, MUTEX_DEFAULT, NULL);
292 292 mutex_init(&ctx_mutex, NULL, MUTEX_DEFAULT, NULL);
293 293 rw_init(&cred_lock, NULL, RW_DEFAULT, NULL);
294 294 clients = (svc_rpc_gss_data **)
295 295 kmem_zalloc(svc_rpc_gss_hashmod * sizeof (svc_rpc_gss_data *),
296 296 KM_SLEEP);
297 297 svc_data_handle = kmem_cache_create("rpc_gss_data_cache",
298 298 sizeof (svc_rpc_gss_data), 0,
299 299 svc_gss_data_create,
300 300 svc_gss_data_destroy,
301 301 svc_gss_data_reclaim,
302 302 NULL, NULL, 0);
303 303
304 304 if (svcrpcsec_gss_init_taskq == NULL) {
305 305 svcrpcsec_gss_init_taskq = ddi_taskq_create(NULL,
306 306 "rpcsec_gss_init_taskq", rpcsec_gss_init_taskq_nthreads,
307 307 TASKQ_DEFAULTPRI, 0);
308 308 if (svcrpcsec_gss_init_taskq == NULL)
309 309 cmn_err(CE_NOTE,
310 310 "svc_gss_init: ddi_taskq_create failed");
311 311 }
312 312 }
313 313
314 314 /*
315 315 * Destroy structures allocated in svc_gss_init().
316 316 * This routine is called by _init() if mod_install() failed.
317 317 */
318 318 void
319 319 svc_gss_fini()
320 320 {
321 321 mutex_destroy(&cb_mutex);
322 322 mutex_destroy(&ctx_mutex);
323 323 rw_destroy(&cred_lock);
324 324 kmem_free(clients, svc_rpc_gss_hashmod * sizeof (svc_rpc_gss_data *));
325 325 kmem_cache_destroy(svc_data_handle);
326 326 }
327 327
328 328 /*
329 329 * Cleanup routine for destroying context, called after service
330 330 * procedure is executed. Actually we just decrement the reference count
331 331 * associated with this context. If the reference count is zero and the
332 332 * context is marked as stale, we would then destroy the context. Additionally,
333 333 * we check if its been longer than sweep_interval since the last sweep_clients
334 334 * was run, and if so run sweep_clients to free all stale contexts with zero
335 335 * reference counts or contexts that are old. (Haven't been access in
336 336 * svc_rpc_inactive_delta seconds).
337 337 */
338 338 void
339 339 rpc_gss_cleanup(SVCXPRT *clone_xprt)
340 340 {
341 341 svc_rpc_gss_data *cl;
342 342 SVCAUTH *svcauth;
343 343
344 344 /*
345 345 * First check if current context needs to be cleaned up.
346 346 * There might be other threads stale this client data
347 347 * in between.
348 348 */
349 349 svcauth = &clone_xprt->xp_auth;
350 350 mutex_enter(&ctx_mutex);
351 351 if ((cl = (svc_rpc_gss_data *)svcauth->svc_ah_private) != NULL) {
352 352 mutex_enter(&cl->clm);
353 353 ASSERT(cl->ref_cnt > 0);
354 354 if (--cl->ref_cnt == 0 && cl->stale) {
355 355 mutex_exit(&cl->clm);
356 356 destroy_client(cl);
357 357 svcauth->svc_ah_private = NULL;
358 358 } else
359 359 mutex_exit(&cl->clm);
360 360 }
361 361
362 362 /*
363 363 * Check for other expired contexts.
364 364 */
365 365 if ((gethrestime_sec() - last_swept) > sweep_interval)
366 366 sweep_clients(FALSE);
367 367
368 368 mutex_exit(&ctx_mutex);
369 369 }
370 370
371 371 /*
372 372 * Shift the array arr of length arrlen right by nbits bits.
373 373 */
374 374 static void
375 375 shift_bits(arr, arrlen, nbits)
376 376 uint_t *arr;
377 377 int arrlen;
378 378 int nbits;
379 379 {
380 380 int i, j;
381 381 uint_t lo, hi;
382 382
383 383 /*
384 384 * If the number of bits to be shifted exceeds SEQ_WIN, just
385 385 * zero out the array.
386 386 */
387 387 if (nbits < SEQ_WIN) {
388 388 for (i = 0; i < nbits; i++) {
389 389 hi = 0;
390 390 for (j = 0; j < arrlen; j++) {
391 391 lo = arr[j] & SEQ_LO_BIT;
392 392 arr[j] >>= 1;
393 393 if (hi)
394 394 arr[j] |= SEQ_HI_BIT;
395 395 hi = lo;
396 396 }
397 397 }
398 398 } else {
399 399 for (j = 0; j < arrlen; j++)
400 400 arr[j] = 0;
401 401 }
402 402 }
403 403
404 404 /*
405 405 * Check that the received sequence number seq_num is valid.
406 406 */
407 407 static bool_t
408 408 check_seq(cl, seq_num, kill_context)
409 409 svc_rpc_gss_data *cl;
410 410 uint_t seq_num;
411 411 bool_t *kill_context;
412 412 {
413 413 int i, j;
414 414 uint_t bit;
415 415
416 416 /*
417 417 * If it exceeds the maximum, kill context.
418 418 */
419 419 if (seq_num >= SEQ_MAX) {
420 420 *kill_context = TRUE;
421 421 RPCGSS_LOG0(4, "check_seq: seq_num not valid\n");
422 422 return (FALSE);
423 423 }
424 424
425 425 /*
426 426 * If greater than the last seen sequence number, just shift
427 427 * the sequence window so that it starts at the new sequence
428 428 * number and extends downwards by SEQ_WIN.
429 429 */
430 430 if (seq_num > cl->seq_num) {
431 431 (void) shift_bits(cl->seq_bits, SEQ_ARR_SIZE,
432 432 (int)(seq_num - cl->seq_num));
433 433 cl->seq_bits[0] |= SEQ_HI_BIT;
434 434 cl->seq_num = seq_num;
435 435 return (TRUE);
436 436 }
437 437
438 438 /*
439 439 * If it is outside the sequence window, return failure.
440 440 */
441 441 i = cl->seq_num - seq_num;
442 442 if (i >= SEQ_WIN) {
443 443 RPCGSS_LOG0(4, "check_seq: seq_num is outside the window\n");
444 444 return (FALSE);
445 445 }
446 446
447 447 /*
448 448 * If within sequence window, set the bit corresponding to it
449 449 * if not already seen; if already seen, return failure.
450 450 */
451 451 j = SEQ_MASK - (i & SEQ_MASK);
452 452 bit = j > 0 ? (1 << j) : 1;
453 453 i >>= DIV_BY_32;
454 454 if (cl->seq_bits[i] & bit) {
455 455 RPCGSS_LOG0(4, "check_seq: sequence number already seen\n");
456 456 return (FALSE);
457 457 }
458 458 cl->seq_bits[i] |= bit;
459 459 return (TRUE);
460 460 }
461 461
462 462 /*
463 463 * Set server callback.
464 464 */
465 465 bool_t
466 466 rpc_gss_set_callback(cb)
467 467 rpc_gss_callback_t *cb;
468 468 {
469 469 rpc_gss_cblist_t *cbl, *tmp;
470 470
471 471 if (cb->callback == NULL) {
472 472 RPCGSS_LOG0(1, "rpc_gss_set_callback: no callback to set\n");
473 473 return (FALSE);
474 474 }
475 475
476 476 /* check if there is already an entry in the rpc_gss_cblist. */
477 477 mutex_enter(&cb_mutex);
478 478 if (rpc_gss_cblist) {
479 479 for (tmp = rpc_gss_cblist; tmp != NULL; tmp = tmp->next) {
480 480 if ((tmp->cb.callback == cb->callback) &&
481 481 (tmp->cb.version == cb->version) &&
482 482 (tmp->cb.program == cb->program)) {
483 483 mutex_exit(&cb_mutex);
484 484 return (TRUE);
485 485 }
486 486 }
487 487 }
488 488
489 489 /* Not in rpc_gss_cblist. Create a new entry. */
490 490 if ((cbl = (rpc_gss_cblist_t *)kmem_alloc(sizeof (*cbl), KM_SLEEP))
491 491 == NULL) {
492 492 mutex_exit(&cb_mutex);
493 493 return (FALSE);
494 494 }
495 495 cbl->cb = *cb;
496 496 cbl->next = rpc_gss_cblist;
497 497 rpc_gss_cblist = cbl;
498 498 mutex_exit(&cb_mutex);
499 499 return (TRUE);
500 500 }
501 501
502 502 /*
503 503 * Locate callback (if specified) and call server. Release any
504 504 * delegated credentials unless passed to server and the server
505 505 * accepts the context. If a callback is not specified, accept
506 506 * the incoming context.
507 507 */
508 508 static bool_t
509 509 do_callback(req, client_data)
510 510 struct svc_req *req;
511 511 svc_rpc_gss_data *client_data;
512 512 {
513 513 rpc_gss_cblist_t *cbl;
514 514 bool_t ret = TRUE, found = FALSE;
515 515 rpc_gss_lock_t lock;
516 516 OM_uint32 minor;
517 517 mutex_enter(&cb_mutex);
518 518 for (cbl = rpc_gss_cblist; cbl != NULL; cbl = cbl->next) {
519 519 if (req->rq_prog != cbl->cb.program ||
520 520 req->rq_vers != cbl->cb.version)
521 521 continue;
522 522 found = TRUE;
523 523 lock.locked = FALSE;
524 524 lock.raw_cred = &client_data->raw_cred;
525 525 ret = (*cbl->cb.callback)(req, client_data->deleg,
526 526 client_data->context, &lock, &client_data->cookie);
527 527 req->rq_xprt->xp_cookie = client_data->cookie;
528 528
529 529 if (ret) {
530 530 client_data->locked = lock.locked;
531 531 client_data->deleg = GSS_C_NO_CREDENTIAL;
532 532 }
533 533 break;
534 534 }
535 535 if (!found) {
536 536 if (client_data->deleg != GSS_C_NO_CREDENTIAL) {
537 537 (void) kgss_release_cred(&minor, &client_data->deleg,
538 538 crgetuid(CRED()));
539 539 client_data->deleg = GSS_C_NO_CREDENTIAL;
540 540 }
541 541 }
542 542 mutex_exit(&cb_mutex);
543 543 return (ret);
544 544 }
545 545
546 546 /*
547 547 * Get caller credentials.
548 548 */
549 549 bool_t
550 550 rpc_gss_getcred(req, rcred, ucred, cookie)
551 551 struct svc_req *req;
552 552 rpc_gss_rawcred_t **rcred;
553 553 rpc_gss_ucred_t **ucred;
554 554 void **cookie;
555 555 {
556 556 SVCAUTH *svcauth;
557 557 svc_rpc_gss_data *client_data;
558 558 int gssstat, gidlen;
559 559
560 560 svcauth = &req->rq_xprt->xp_auth;
561 561 client_data = (svc_rpc_gss_data *)svcauth->svc_ah_private;
562 562
563 563 mutex_enter(&client_data->clm);
564 564
565 565 if (rcred != NULL) {
566 566 svcauth->raw_cred = client_data->raw_cred;
567 567 *rcred = &svcauth->raw_cred;
568 568 }
569 569 if (ucred != NULL) {
570 570 *ucred = &client_data->u_cred;
571 571
572 572 if (client_data->u_cred_set == 0 ||
573 573 client_data->u_cred_set < gethrestime_sec()) {
574 574 if (client_data->u_cred_set == 0) {
575 575 if ((gssstat = kgsscred_expname_to_unix_cred(
576 576 &client_data->client_name,
577 577 &client_data->u_cred.uid,
578 578 &client_data->u_cred.gid,
579 579 &client_data->u_cred.gidlist,
580 580 &gidlen, crgetuid(CRED()))) != GSS_S_COMPLETE) {
581 581 RPCGSS_LOG(1, "rpc_gss_getcred: "
582 582 "kgsscred_expname_to_unix_cred failed %x\n",
583 583 gssstat);
584 584 *ucred = NULL;
585 585 } else {
586 586 client_data->u_cred.gidlen = (short)gidlen;
587 587 client_data->u_cred_set =
588 588 gethrestime_sec() + svc_rpcgss_gid_timeout;
589 589 }
590 590 } else if (client_data->u_cred_set < gethrestime_sec()) {
591 591 if ((gssstat = kgss_get_group_info(
592 592 client_data->u_cred.uid,
593 593 &client_data->u_cred.gid,
594 594 &client_data->u_cred.gidlist,
595 595 &gidlen, crgetuid(CRED()))) != GSS_S_COMPLETE) {
596 596 RPCGSS_LOG(1, "rpc_gss_getcred: "
597 597 "kgss_get_group_info failed %x\n",
598 598 gssstat);
599 599 *ucred = NULL;
600 600 } else {
601 601 client_data->u_cred.gidlen = (short)gidlen;
602 602 client_data->u_cred_set =
603 603 gethrestime_sec() + svc_rpcgss_gid_timeout;
604 604 }
605 605 }
606 606 }
607 607 }
608 608
609 609 if (cookie != NULL)
610 610 *cookie = client_data->cookie;
611 611 req->rq_xprt->xp_cookie = client_data->cookie;
612 612
613 613 mutex_exit(&client_data->clm);
614 614
615 615 return (TRUE);
616 616 }
617 617
618 618 /*
619 619 * Transfer the context data from the user land to the kernel.
620 620 */
621 621 bool_t transfer_sec_context(svc_rpc_gss_data *client_data) {
622 622
623 623 gss_buffer_desc process_token;
624 624 OM_uint32 gssstat, minor;
625 625
626 626 /*
627 627 * Call kgss_export_sec_context
628 628 * if an error is returned log a message
629 629 * go to error handling
630 630 * Otherwise call kgss_import_sec_context to
631 631 * convert the token into a context
632 632 */
633 633 gssstat = kgss_export_sec_context(&minor, client_data->context,
634 634 &process_token);
635 635 /*
636 636 * if export_sec_context returns an error we delete the
637 637 * context just to be safe.
638 638 */
639 639 if (gssstat == GSS_S_NAME_NOT_MN) {
640 640 RPCGSS_LOG0(4, "svc_rpcsec_gss: export sec context "
641 641 "Kernel mod unavailable\n");
642 642
643 643 } else if (gssstat != GSS_S_COMPLETE) {
644 644 RPCGSS_LOG(1, "svc_rpcsec_gss: export sec context failed "
645 645 " gssstat = 0x%x\n", gssstat);
646 646 (void) gss_release_buffer(&minor, &process_token);
647 647 (void) kgss_delete_sec_context(&minor, &client_data->context,
648 648 NULL);
649 649 return (FALSE);
650 650
651 651 } else if (process_token.length == 0) {
652 652 RPCGSS_LOG0(1, "svc_rpcsec_gss:zero length token in response "
653 653 "for export_sec_context, but "
654 654 "gsstat == GSS_S_COMPLETE\n");
655 655 (void) kgss_delete_sec_context(&minor, &client_data->context,
656 656 NULL);
657 657 return (FALSE);
658 658
659 659 } else {
660 660 gssstat = kgss_import_sec_context(&minor, &process_token,
661 661 client_data->context);
662 662 if (gssstat != GSS_S_COMPLETE) {
663 663 RPCGSS_LOG(1, "svc_rpcsec_gss: import sec context "
664 664 " failed gssstat = 0x%x\n", gssstat);
665 665 (void) kgss_delete_sec_context(&minor,
666 666 &client_data->context, NULL);
667 667 (void) gss_release_buffer(&minor, &process_token);
668 668 return (FALSE);
669 669 }
670 670
671 671 RPCGSS_LOG0(4, "gss_import_sec_context successful\n");
672 672 (void) gss_release_buffer(&minor, &process_token);
673 673 }
674 674
675 675 return (TRUE);
676 676 }
677 677
678 678 /*
679 679 * do_gss_accept is called from a taskq and does all the work for a
680 680 * RPCSEC_GSS_INIT call (mostly calling kgss_accept_sec_context()).
681 681 */
682 682 static enum auth_stat
683 683 do_gss_accept(
684 684 SVCXPRT *xprt,
685 685 rpc_gss_init_arg *call_arg,
686 686 struct rpc_msg *msg,
687 687 svc_rpc_gss_data *client_data,
688 688 uint_t cr_version,
689 689 rpc_gss_service_t cr_service)
690 690 {
691 691 rpc_gss_init_res call_res;
692 692 gss_buffer_desc output_token;
693 693 OM_uint32 gssstat, minor, minor_stat, time_rec;
694 694 int ret_flags, ret;
695 695 gss_OID mech_type = GSS_C_NULL_OID;
696 696 int free_mech_type = 1;
697 697 struct svc_req r, *rqst;
698 698
699 699 rqst = &r;
700 700 rqst->rq_xprt = xprt;
701 701
702 702 /*
703 703 * Initialize output_token.
704 704 */
705 705 output_token.length = 0;
706 706 output_token.value = NULL;
707 707
708 708 bzero((char *)&call_res, sizeof (call_res));
709 709
710 710 mutex_enter(&client_data->clm);
711 711 if (client_data->stale) {
712 712 ret = RPCSEC_GSS_NOCRED;
713 713 RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
714 714 goto error2;
715 715 }
716 716
717 717 /*
718 718 * Any response we send will use ctx_handle, so set it now;
719 719 * also set seq_window since this won't change.
720 720 */
721 721 call_res.ctx_handle.length = sizeof (client_data->key);
722 722 call_res.ctx_handle.value = (char *)&client_data->key;
723 723 call_res.seq_window = SEQ_WIN;
724 724
725 725 gssstat = GSS_S_FAILURE;
726 726 minor = 0;
727 727 minor_stat = 0;
728 728 rw_enter(&cred_lock, RW_READER);
729 729
730 730 if (client_data->client_name.length) {
731 731 (void) gss_release_buffer(&minor,
732 732 &client_data->client_name);
733 733 }
734 734 gssstat = kgss_accept_sec_context(&minor_stat,
735 735 &client_data->context,
736 736 GSS_C_NO_CREDENTIAL,
737 737 call_arg,
738 738 GSS_C_NO_CHANNEL_BINDINGS,
739 739 &client_data->client_name,
740 740 &mech_type,
741 741 &output_token,
742 742 &ret_flags,
743 743 &time_rec,
744 744 NULL, /* don't need a delegated cred back */
745 745 crgetuid(CRED()));
746 746
747 747 RPCGSS_LOG(4, "gssstat 0x%x \n", gssstat);
748 748
749 749 if (gssstat == GSS_S_COMPLETE) {
750 750 /*
751 751 * Set the raw and unix credentials at this
752 752 * point. This saves a lot of computation
753 753 * later when credentials are retrieved.
754 754 */
755 755 client_data->raw_cred.version = cr_version;
756 756 client_data->raw_cred.service = cr_service;
757 757
758 758 if (client_data->raw_cred.mechanism) {
759 759 kgss_free_oid(client_data->raw_cred.mechanism);
760 760 client_data->raw_cred.mechanism = NULL;
761 761 }
762 762 client_data->raw_cred.mechanism = (rpc_gss_OID) mech_type;
763 763 /*
764 764 * client_data is now responsible for freeing
765 765 * the data of 'mech_type'.
766 766 */
767 767 free_mech_type = 0;
768 768
769 769 if (client_data->raw_cred.client_principal) {
770 770 kmem_free((caddr_t)client_data->\
771 771 raw_cred.client_principal,
772 772 client_data->raw_cred.\
773 773 client_principal->len + sizeof (int));
774 774 client_data->raw_cred.client_principal = NULL;
775 775 }
776 776
777 777 /*
778 778 * The client_name returned from
779 779 * kgss_accept_sec_context() is in an
780 780 * exported flat format.
781 781 */
782 782 if (! __rpc_gss_make_principal(
783 783 &client_data->raw_cred.client_principal,
784 784 &client_data->client_name)) {
785 785 RPCGSS_LOG0(1, "_svcrpcsec_gss: "
786 786 "make principal failed\n");
787 787 gssstat = GSS_S_FAILURE;
788 788 (void) gss_release_buffer(&minor_stat, &output_token);
789 789 }
790 790 }
791 791
792 792 rw_exit(&cred_lock);
793 793
794 794 call_res.gss_major = gssstat;
795 795 call_res.gss_minor = minor_stat;
796 796
797 797 if (gssstat != GSS_S_COMPLETE &&
798 798 gssstat != GSS_S_CONTINUE_NEEDED) {
799 799 call_res.ctx_handle.length = 0;
800 800 call_res.ctx_handle.value = NULL;
801 801 call_res.seq_window = 0;
802 802 rpc_gss_display_status(gssstat, minor_stat, mech_type,
803 803 crgetuid(CRED()),
804 804 "_svc_rpcsec_gss gss_accept_sec_context");
805 805 (void) svc_sendreply(rqst->rq_xprt,
806 806 __xdr_rpc_gss_init_res, (caddr_t)&call_res);
807 807 client_data->stale = TRUE;
808 808 ret = AUTH_OK;
809 809 goto error2;
810 810 }
811 811
812 812 /*
813 813 * If appropriate, set established to TRUE *after* sending
814 814 * response (otherwise, the client will receive the final
815 815 * token encrypted)
816 816 */
817 817 if (gssstat == GSS_S_COMPLETE) {
818 818 /*
819 819 * Context is established. Set expiration time
820 820 * for the context.
821 821 */
822 822 client_data->seq_num = 1;
823 823 if ((time_rec == GSS_C_INDEFINITE) || (time_rec == 0)) {
824 824 client_data->expiration = GSS_C_INDEFINITE;
825 825 } else {
826 826 client_data->expiration =
827 827 time_rec + gethrestime_sec();
828 828 }
829 829
830 830 if (!transfer_sec_context(client_data)) {
831 831 ret = RPCSEC_GSS_FAILED;
832 832 client_data->stale = TRUE;
833 833 RPCGSS_LOG0(1,
834 834 "_svc_rpcsec_gss: transfer sec context failed\n");
835 835 goto error2;
836 836 }
837 837
838 838 client_data->established = TRUE;
839 839 }
840 840
841 841 /*
842 842 * This step succeeded. Send a response, along with
843 843 * a token if there's one. Don't dispatch.
844 844 */
845 845
846 846 if (output_token.length != 0)
847 847 GSS_COPY_BUFFER(call_res.token, output_token);
848 848
849 849 /*
850 850 * If GSS_S_COMPLETE: set response verifier to
851 851 * checksum of SEQ_WIN
852 852 */
853 853 if (gssstat == GSS_S_COMPLETE) {
854 854 if (!set_response_verf(rqst, msg, client_data,
855 855 (uint_t)SEQ_WIN)) {
856 856 ret = RPCSEC_GSS_FAILED;
857 857 client_data->stale = TRUE;
858 858 RPCGSS_LOG0(1,
859 859 "_svc_rpcsec_gss:set response verifier failed\n");
860 860 goto error2;
861 861 }
862 862 }
863 863
864 864 if (!svc_sendreply(rqst->rq_xprt, __xdr_rpc_gss_init_res,
865 865 (caddr_t)&call_res)) {
866 866 ret = RPCSEC_GSS_FAILED;
867 867 client_data->stale = TRUE;
868 868 RPCGSS_LOG0(1, "_svc_rpcsec_gss:send reply failed\n");
869 869 goto error2;
870 870 }
871 871
872 872 /*
873 873 * Cache last response in case it is lost and the client
874 874 * retries on an established context.
875 875 */
876 876 (void) retrans_add(client_data, msg->rm_xid, &call_res);
877 877 ASSERT(client_data->ref_cnt > 0);
878 878 client_data->ref_cnt--;
879 879 mutex_exit(&client_data->clm);
880 880
881 881 (void) gss_release_buffer(&minor_stat, &output_token);
882 882
883 883 return (AUTH_OK);
884 884
885 885 error2:
886 886 ASSERT(client_data->ref_cnt > 0);
887 887 client_data->ref_cnt--;
888 888 mutex_exit(&client_data->clm);
889 889 (void) gss_release_buffer(&minor_stat, &output_token);
890 890 if (free_mech_type && mech_type)
891 891 kgss_free_oid(mech_type);
892 892
893 893 return (ret);
894 894 }
895 895
896 896 static void
897 897 svcrpcsec_gss_taskq_func(void *svcrpcsecgss_taskq_arg)
898 898 {
899 899 enum auth_stat retval;
900 900 svcrpcsec_gss_taskq_arg_t *arg = svcrpcsecgss_taskq_arg;
901 901
902 902 retval = do_gss_accept(arg->rq_xprt, arg->rpc_call_arg, arg->msg,
903 903 arg->client_data, arg->cr_version, arg->cr_service);
904 904 if (retval != AUTH_OK) {
905 905 cmn_err(CE_NOTE,
906 906 "svcrpcsec_gss_taskq_func: do_gss_accept fail 0x%x",
907 907 retval);
908 908 }
909 909 rpc_msg_free(&arg->msg, MAX_AUTH_BYTES);
910 910 svc_clone_unlink(arg->rq_xprt);
911 911 svc_clone_free(arg->rq_xprt);
912 912 xdr_free(__xdr_rpc_gss_init_arg, (caddr_t)arg->rpc_call_arg);
913 913 kmem_free(arg->rpc_call_arg, sizeof (*arg->rpc_call_arg));
914 914
915 915 kmem_free(arg, sizeof (*arg));
916 916 }
917 917
918 918 static enum auth_stat
919 919 rpcsec_gss_init(
920 920 struct svc_req *rqst,
921 921 struct rpc_msg *msg,
922 922 rpc_gss_creds creds,
923 923 bool_t *no_dispatch,
924 924 svc_rpc_gss_data *c_d) /* client data, can be NULL */
925 925 {
926 926 svc_rpc_gss_data *client_data;
927 927 int ret;
928 928 svcrpcsec_gss_taskq_arg_t *arg;
929 929
930 930 if (creds.ctx_handle.length != 0) {
931 931 RPCGSS_LOG0(1, "_svcrpcsec_gss: ctx_handle not null\n");
932 932 ret = AUTH_BADCRED;
933 933 return (ret);
934 934 }
935 935
936 936 client_data = c_d ? c_d : create_client();
937 937 if (client_data == NULL) {
938 938 RPCGSS_LOG0(1,
939 939 "_svcrpcsec_gss: can't create a new cache entry\n");
940 940 ret = AUTH_FAILED;
941 941 return (ret);
942 942 }
943 943
944 944 mutex_enter(&client_data->clm);
945 945 if (client_data->stale) {
946 946 ret = RPCSEC_GSS_NOCRED;
947 947 RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
948 948 goto error2;
949 949 }
↓ open down ↓ |
949 lines elided |
↑ open up ↑ |
950 950
951 951 /*
952 952 * kgss_accept_sec_context()/gssd(1M) can be overly time
953 953 * consuming so let's queue it and return asap.
954 954 *
955 955 * taskq func must free arg.
956 956 */
957 957 arg = kmem_alloc(sizeof (*arg), KM_SLEEP);
958 958
959 959 /* taskq func must free rpc_call_arg & deserialized arguments */
960 - arg->rpc_call_arg = kmem_alloc(sizeof (*arg->rpc_call_arg), KM_SLEEP);
960 + arg->rpc_call_arg = kmem_zalloc(sizeof (*arg->rpc_call_arg), KM_SLEEP);
961 961
962 962 /* deserialize arguments */
963 - bzero(arg->rpc_call_arg, sizeof (*arg->rpc_call_arg));
964 963 if (!SVC_GETARGS(rqst->rq_xprt, __xdr_rpc_gss_init_arg,
965 964 (caddr_t)arg->rpc_call_arg)) {
966 965 ret = RPCSEC_GSS_FAILED;
967 966 client_data->stale = TRUE;
968 967 goto error2;
969 968 }
970 969
971 970 /* get a xprt clone for taskq thread, taskq func must free it */
972 971 arg->rq_xprt = svc_clone_init();
973 972 svc_clone_link(rqst->rq_xprt->xp_master, arg->rq_xprt, rqst->rq_xprt);
974 973 arg->rq_xprt->xp_xid = rqst->rq_xprt->xp_xid;
975 974
976 975
977 976 /* set the appropriate wrap/unwrap routine for RPCSEC_GSS */
978 977 arg->rq_xprt->xp_auth.svc_ah_ops = svc_rpc_gss_ops;
979 978 arg->rq_xprt->xp_auth.svc_ah_private = (caddr_t)client_data;
980 979
981 980 /* get a dup of rpc msg for taskq thread */
982 981 arg->msg = rpc_msg_dup(msg); /* taskq func must free msg dup */
983 982
984 983 arg->client_data = client_data;
985 984 arg->cr_version = creds.version;
986 985 arg->cr_service = creds.service;
987 986
988 987 /* We no longer need the xp_xdrin, destroy it all here. */
989 988 XDR_DESTROY(&(rqst->rq_xprt->xp_xdrin));
990 989
991 990 /* should be ok to hold clm lock as taskq will have new thread(s) */
992 991 ret = ddi_taskq_dispatch(svcrpcsec_gss_init_taskq,
993 992 svcrpcsec_gss_taskq_func, arg, DDI_SLEEP);
994 993 if (ret == DDI_FAILURE) {
995 994 cmn_err(CE_NOTE, "rpcsec_gss_init: taskq dispatch fail");
996 995 ret = RPCSEC_GSS_FAILED;
997 996 rpc_msg_free(&arg->msg, MAX_AUTH_BYTES);
998 997 svc_clone_unlink(arg->rq_xprt);
999 998 svc_clone_free(arg->rq_xprt);
1000 999 kmem_free(arg, sizeof (*arg));
1001 1000 goto error2;
1002 1001 }
1003 1002
1004 1003 mutex_exit(&client_data->clm);
1005 1004 *no_dispatch = TRUE;
1006 1005 return (AUTH_OK);
1007 1006
1008 1007 error2:
1009 1008 ASSERT(client_data->ref_cnt > 0);
1010 1009 client_data->ref_cnt--;
1011 1010 mutex_exit(&client_data->clm);
1012 1011 cmn_err(CE_NOTE, "rpcsec_gss_init: error 0x%x", ret);
1013 1012 return (ret);
1014 1013 }
1015 1014
1016 1015 static enum auth_stat
1017 1016 rpcsec_gss_continue_init(
1018 1017 struct svc_req *rqst,
1019 1018 struct rpc_msg *msg,
1020 1019 rpc_gss_creds creds,
1021 1020 bool_t *no_dispatch)
1022 1021 {
1023 1022 int ret;
1024 1023 svc_rpc_gss_data *client_data;
1025 1024 svc_rpc_gss_parms_t *gss_parms;
1026 1025 rpc_gss_init_res *retrans_result;
1027 1026
1028 1027 if (creds.ctx_handle.length == 0) {
1029 1028 RPCGSS_LOG0(1, "_svcrpcsec_gss: no ctx_handle\n");
1030 1029 ret = AUTH_BADCRED;
1031 1030 return (ret);
1032 1031 }
1033 1032 if ((client_data = get_client(&creds.ctx_handle)) == NULL) {
1034 1033 ret = RPCSEC_GSS_NOCRED;
1035 1034 RPCGSS_LOG0(1, "_svcrpcsec_gss: no security context\n");
1036 1035 return (ret);
1037 1036 }
1038 1037
1039 1038 mutex_enter(&client_data->clm);
1040 1039 if (client_data->stale) {
1041 1040 ret = RPCSEC_GSS_NOCRED;
1042 1041 RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
1043 1042 goto error2;
1044 1043 }
1045 1044
1046 1045 /*
1047 1046 * If context not established, go thru INIT code but with
1048 1047 * this client handle.
1049 1048 */
1050 1049 if (!client_data->established) {
1051 1050 mutex_exit(&client_data->clm);
1052 1051 return (rpcsec_gss_init(rqst, msg, creds, no_dispatch,
1053 1052 client_data));
1054 1053 }
1055 1054
1056 1055 /*
1057 1056 * Set the appropriate wrap/unwrap routine for RPCSEC_GSS.
1058 1057 */
1059 1058 rqst->rq_xprt->xp_auth.svc_ah_ops = svc_rpc_gss_ops;
1060 1059 rqst->rq_xprt->xp_auth.svc_ah_private = (caddr_t)client_data;
1061 1060
1062 1061 /*
1063 1062 * Keep copy of parameters we'll need for response, for the
1064 1063 * sake of reentrancy (we don't want to look in the context
1065 1064 * data because when we are sending a response, another
1066 1065 * request may have come in).
1067 1066 */
1068 1067 gss_parms = &rqst->rq_xprt->xp_auth.svc_gss_parms;
1069 1068 gss_parms->established = client_data->established;
1070 1069 gss_parms->service = creds.service;
1071 1070 gss_parms->qop_rcvd = (uint_t)client_data->qop;
1072 1071 gss_parms->context = (void *)client_data->context;
1073 1072 gss_parms->seq_num = creds.seq_num;
1074 1073
1075 1074 /*
1076 1075 * This is an established context. Continue to
1077 1076 * satisfy retried continue init requests out of
1078 1077 * the retransmit cache. Throw away any that don't
1079 1078 * have a matching xid or the cach is empty.
1080 1079 * Delete the retransmit cache once the client sends
1081 1080 * a data request.
1082 1081 */
1083 1082 if (client_data->retrans_data &&
1084 1083 (client_data->retrans_data->xid == msg->rm_xid)) {
1085 1084 retrans_result = &client_data->retrans_data->result;
1086 1085 if (set_response_verf(rqst, msg, client_data,
1087 1086 (uint_t)retrans_result->seq_window)) {
1088 1087 gss_parms->established = FALSE;
1089 1088 (void) svc_sendreply(rqst->rq_xprt,
1090 1089 __xdr_rpc_gss_init_res, (caddr_t)retrans_result);
1091 1090 *no_dispatch = TRUE;
1092 1091 ASSERT(client_data->ref_cnt > 0);
1093 1092 client_data->ref_cnt--;
1094 1093 }
1095 1094 }
1096 1095 mutex_exit(&client_data->clm);
1097 1096
1098 1097 return (AUTH_OK);
1099 1098
1100 1099 error2:
1101 1100 ASSERT(client_data->ref_cnt > 0);
1102 1101 client_data->ref_cnt--;
1103 1102 mutex_exit(&client_data->clm);
1104 1103 return (ret);
1105 1104 }
1106 1105
1107 1106 static enum auth_stat
1108 1107 rpcsec_gss_data(
1109 1108 struct svc_req *rqst,
1110 1109 struct rpc_msg *msg,
1111 1110 rpc_gss_creds creds,
1112 1111 bool_t *no_dispatch)
1113 1112 {
1114 1113 int ret;
1115 1114 svc_rpc_gss_parms_t *gss_parms;
1116 1115 svc_rpc_gss_data *client_data;
1117 1116
1118 1117 switch (creds.service) {
1119 1118 case rpc_gss_svc_none:
1120 1119 case rpc_gss_svc_integrity:
1121 1120 case rpc_gss_svc_privacy:
1122 1121 break;
1123 1122 default:
1124 1123 cmn_err(CE_NOTE, "__svcrpcsec_gss: unknown service type=0x%x",
1125 1124 creds.service);
1126 1125 RPCGSS_LOG(1, "_svcrpcsec_gss: unknown service type: 0x%x\n",
1127 1126 creds.service);
1128 1127 ret = AUTH_BADCRED;
1129 1128 return (ret);
1130 1129 }
1131 1130
1132 1131 if (creds.ctx_handle.length == 0) {
1133 1132 RPCGSS_LOG0(1, "_svcrpcsec_gss: no ctx_handle\n");
1134 1133 ret = AUTH_BADCRED;
1135 1134 return (ret);
1136 1135 }
1137 1136 if ((client_data = get_client(&creds.ctx_handle)) == NULL) {
1138 1137 ret = RPCSEC_GSS_NOCRED;
1139 1138 RPCGSS_LOG0(1, "_svcrpcsec_gss: no security context\n");
1140 1139 return (ret);
1141 1140 }
1142 1141
1143 1142
1144 1143 mutex_enter(&client_data->clm);
1145 1144 if (!client_data->established) {
1146 1145 ret = AUTH_FAILED;
1147 1146 goto error2;
1148 1147 }
1149 1148 if (client_data->stale) {
1150 1149 ret = RPCSEC_GSS_NOCRED;
1151 1150 RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
1152 1151 goto error2;
1153 1152 }
1154 1153
1155 1154 /*
1156 1155 * Once the context is established and there is no more
1157 1156 * retransmission of last continue init request, it is safe
1158 1157 * to delete the retransmit cache entry.
1159 1158 */
1160 1159 if (client_data->retrans_data)
1161 1160 retrans_del(client_data);
1162 1161
1163 1162 /*
1164 1163 * Set the appropriate wrap/unwrap routine for RPCSEC_GSS.
1165 1164 */
1166 1165 rqst->rq_xprt->xp_auth.svc_ah_ops = svc_rpc_gss_ops;
1167 1166 rqst->rq_xprt->xp_auth.svc_ah_private = (caddr_t)client_data;
1168 1167
1169 1168 /*
1170 1169 * Keep copy of parameters we'll need for response, for the
1171 1170 * sake of reentrancy (we don't want to look in the context
1172 1171 * data because when we are sending a response, another
1173 1172 * request may have come in).
1174 1173 */
1175 1174 gss_parms = &rqst->rq_xprt->xp_auth.svc_gss_parms;
1176 1175 gss_parms->established = client_data->established;
1177 1176 gss_parms->service = creds.service;
1178 1177 gss_parms->qop_rcvd = (uint_t)client_data->qop;
1179 1178 gss_parms->context = (void *)client_data->context;
1180 1179 gss_parms->seq_num = creds.seq_num;
1181 1180
1182 1181 /*
1183 1182 * Context is already established. Check verifier, and
1184 1183 * note parameters we will need for response in gss_parms.
1185 1184 */
1186 1185 if (!check_verf(msg, client_data->context,
1187 1186 (int *)&gss_parms->qop_rcvd, client_data->u_cred.uid)) {
1188 1187 ret = RPCSEC_GSS_NOCRED;
1189 1188 RPCGSS_LOG0(1, "_svcrpcsec_gss: check verf failed\n");
1190 1189 goto error2;
1191 1190 }
1192 1191
1193 1192 /*
1194 1193 * Check and invoke callback if necessary.
1195 1194 */
1196 1195 if (!client_data->done_docallback) {
1197 1196 client_data->done_docallback = TRUE;
1198 1197 client_data->qop = gss_parms->qop_rcvd;
1199 1198 client_data->raw_cred.qop = gss_parms->qop_rcvd;
1200 1199 client_data->raw_cred.service = creds.service;
1201 1200 if (!do_callback(rqst, client_data)) {
1202 1201 ret = AUTH_FAILED;
1203 1202 RPCGSS_LOG0(1, "_svc_rpcsec_gss:callback failed\n");
1204 1203 goto error2;
1205 1204 }
1206 1205 }
1207 1206
1208 1207 /*
1209 1208 * If the context was locked, make sure that the client
1210 1209 * has not changed QOP.
1211 1210 */
1212 1211 if (client_data->locked && gss_parms->qop_rcvd != client_data->qop) {
1213 1212 ret = AUTH_BADVERF;
1214 1213 RPCGSS_LOG0(1, "_svcrpcsec_gss: can not change qop\n");
1215 1214 goto error2;
1216 1215 }
1217 1216
1218 1217 /*
1219 1218 * Validate sequence number.
1220 1219 */
1221 1220 if (!check_seq(client_data, creds.seq_num, &client_data->stale)) {
1222 1221 if (client_data->stale) {
1223 1222 ret = RPCSEC_GSS_FAILED;
1224 1223 RPCGSS_LOG0(1,
1225 1224 "_svc_rpcsec_gss:check seq failed\n");
1226 1225 } else {
1227 1226 RPCGSS_LOG0(4, "_svc_rpcsec_gss:check seq "
1228 1227 "failed on good context. Ignoring "
1229 1228 "request\n");
1230 1229 /*
1231 1230 * Operational error, drop packet silently.
1232 1231 * The client will recover after timing out,
1233 1232 * assuming this is a client error and not
1234 1233 * a relpay attack. Don't dispatch.
1235 1234 */
1236 1235 ret = AUTH_OK;
1237 1236 *no_dispatch = TRUE;
1238 1237 }
1239 1238 goto error2;
1240 1239 }
1241 1240
1242 1241 /*
1243 1242 * set response verifier
1244 1243 */
1245 1244 if (!set_response_verf(rqst, msg, client_data, creds.seq_num)) {
1246 1245 ret = RPCSEC_GSS_FAILED;
1247 1246 client_data->stale = TRUE;
1248 1247 RPCGSS_LOG0(1,
1249 1248 "_svc_rpcsec_gss:set response verifier failed\n");
1250 1249 goto error2;
1251 1250 }
1252 1251
1253 1252 /*
1254 1253 * If context is locked, make sure that the client
1255 1254 * has not changed the security service.
1256 1255 */
1257 1256 if (client_data->locked &&
1258 1257 client_data->raw_cred.service != creds.service) {
1259 1258 RPCGSS_LOG0(1, "_svc_rpcsec_gss: "
1260 1259 "security service changed.\n");
1261 1260 ret = AUTH_FAILED;
1262 1261 goto error2;
1263 1262 }
1264 1263
1265 1264 /*
1266 1265 * Set client credentials to raw credential
1267 1266 * structure in context. This is okay, since
1268 1267 * this will not change during the lifetime of
1269 1268 * the context (so it's MT safe).
1270 1269 */
1271 1270 rqst->rq_clntcred = (char *)&client_data->raw_cred;
1272 1271
1273 1272 mutex_exit(&client_data->clm);
1274 1273 return (AUTH_OK);
1275 1274
1276 1275 error2:
1277 1276 ASSERT(client_data->ref_cnt > 0);
1278 1277 client_data->ref_cnt--;
1279 1278 mutex_exit(&client_data->clm);
1280 1279 return (ret);
1281 1280 }
1282 1281
1283 1282 /*
1284 1283 * Note we don't have a client yet to use this routine and test it.
1285 1284 */
1286 1285 static enum auth_stat
1287 1286 rpcsec_gss_destroy(
1288 1287 struct svc_req *rqst,
1289 1288 rpc_gss_creds creds,
1290 1289 bool_t *no_dispatch)
1291 1290 {
1292 1291 svc_rpc_gss_data *client_data;
1293 1292 int ret;
1294 1293
1295 1294 if (creds.ctx_handle.length == 0) {
1296 1295 RPCGSS_LOG0(1, "_svcrpcsec_gss: no ctx_handle\n");
1297 1296 ret = AUTH_BADCRED;
1298 1297 return (ret);
1299 1298 }
1300 1299 if ((client_data = get_client(&creds.ctx_handle)) == NULL) {
1301 1300 ret = RPCSEC_GSS_NOCRED;
1302 1301 RPCGSS_LOG0(1, "_svcrpcsec_gss: no security context\n");
1303 1302 return (ret);
1304 1303 }
1305 1304
1306 1305 mutex_enter(&client_data->clm);
1307 1306 if (!client_data->established) {
1308 1307 ret = AUTH_FAILED;
1309 1308 goto error2;
1310 1309 }
1311 1310 if (client_data->stale) {
1312 1311 ret = RPCSEC_GSS_NOCRED;
1313 1312 RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
1314 1313 goto error2;
1315 1314 }
1316 1315
1317 1316 (void) svc_sendreply(rqst->rq_xprt, xdr_void, NULL);
1318 1317 *no_dispatch = TRUE;
1319 1318 ASSERT(client_data->ref_cnt > 0);
1320 1319 client_data->ref_cnt--;
1321 1320 client_data->stale = TRUE;
1322 1321 mutex_exit(&client_data->clm);
1323 1322 return (AUTH_OK);
1324 1323
1325 1324 error2:
1326 1325 ASSERT(client_data->ref_cnt > 0);
1327 1326 client_data->ref_cnt--;
1328 1327 client_data->stale = TRUE;
1329 1328 mutex_exit(&client_data->clm);
1330 1329 return (ret);
1331 1330 }
1332 1331
1333 1332 /*
1334 1333 * Server side authentication for RPCSEC_GSS.
1335 1334 */
1336 1335 enum auth_stat
1337 1336 __svcrpcsec_gss(
1338 1337 struct svc_req *rqst,
1339 1338 struct rpc_msg *msg,
1340 1339 bool_t *no_dispatch)
1341 1340 {
1342 1341 XDR xdrs;
1343 1342 rpc_gss_creds creds;
1344 1343 struct opaque_auth *cred;
1345 1344 int ret;
1346 1345
1347 1346 *no_dispatch = FALSE;
1348 1347
1349 1348 /*
1350 1349 * Initialize response verifier to NULL verifier. If
1351 1350 * necessary, this will be changed later.
1352 1351 */
1353 1352 rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NONE;
1354 1353 rqst->rq_xprt->xp_verf.oa_base = NULL;
1355 1354 rqst->rq_xprt->xp_verf.oa_length = 0;
1356 1355
1357 1356 /*
1358 1357 * Pull out and check credential and verifier.
1359 1358 */
1360 1359 cred = &msg->rm_call.cb_cred;
1361 1360
1362 1361 if (cred->oa_length == 0) {
1363 1362 RPCGSS_LOG0(1, "_svcrpcsec_gss: zero length cred\n");
1364 1363 return (AUTH_BADCRED);
1365 1364 }
1366 1365
1367 1366 xdrmem_create(&xdrs, cred->oa_base, cred->oa_length, XDR_DECODE);
1368 1367 bzero((char *)&creds, sizeof (creds));
1369 1368 if (!__xdr_rpc_gss_creds(&xdrs, &creds)) {
1370 1369 XDR_DESTROY(&xdrs);
1371 1370 RPCGSS_LOG0(1, "_svcrpcsec_gss: can't decode creds\n");
1372 1371 ret = AUTH_BADCRED;
1373 1372 return (AUTH_BADCRED);
1374 1373 }
1375 1374 XDR_DESTROY(&xdrs);
1376 1375
1377 1376 switch (creds.gss_proc) {
1378 1377 case RPCSEC_GSS_INIT:
1379 1378 ret = rpcsec_gss_init(rqst, msg, creds, no_dispatch, NULL);
1380 1379 break;
1381 1380 case RPCSEC_GSS_CONTINUE_INIT:
1382 1381 ret = rpcsec_gss_continue_init(rqst, msg, creds, no_dispatch);
1383 1382 break;
1384 1383 case RPCSEC_GSS_DATA:
1385 1384 ret = rpcsec_gss_data(rqst, msg, creds, no_dispatch);
1386 1385 break;
1387 1386 case RPCSEC_GSS_DESTROY:
1388 1387 ret = rpcsec_gss_destroy(rqst, creds, no_dispatch);
1389 1388 break;
1390 1389 default:
1391 1390 cmn_err(CE_NOTE, "__svcrpcsec_gss: bad proc=%d",
1392 1391 creds.gss_proc);
1393 1392 ret = AUTH_BADCRED;
1394 1393 }
1395 1394
1396 1395 if (creds.ctx_handle.length != 0)
1397 1396 xdr_free(__xdr_rpc_gss_creds, (caddr_t)&creds);
1398 1397 return (ret);
1399 1398 }
1400 1399
1401 1400 /*
1402 1401 * Check verifier. The verifier is the checksum of the RPC header
1403 1402 * upto and including the credentials field.
1404 1403 */
1405 1404
1406 1405 /* ARGSUSED */
1407 1406 static bool_t
1408 1407 check_verf(struct rpc_msg *msg, gss_ctx_id_t context, int *qop_state, uid_t uid)
1409 1408 {
1410 1409 int *buf, *tmp;
1411 1410 char hdr[128];
1412 1411 struct opaque_auth *oa;
1413 1412 int len;
1414 1413 gss_buffer_desc msg_buf;
1415 1414 gss_buffer_desc tok_buf;
1416 1415 OM_uint32 gssstat, minor_stat;
1417 1416
1418 1417 /*
1419 1418 * We have to reconstruct the RPC header from the previously
1420 1419 * parsed information, since we haven't kept the header intact.
1421 1420 */
1422 1421
1423 1422 oa = &msg->rm_call.cb_cred;
1424 1423 if (oa->oa_length > MAX_AUTH_BYTES)
1425 1424 return (FALSE);
1426 1425
1427 1426 /* 8 XDR units from the IXDR macro calls. */
1428 1427 if (sizeof (hdr) < (8 * BYTES_PER_XDR_UNIT +
1429 1428 RNDUP(oa->oa_length)))
1430 1429 return (FALSE);
1431 1430 buf = (int *)hdr;
1432 1431 IXDR_PUT_U_INT32(buf, msg->rm_xid);
1433 1432 IXDR_PUT_ENUM(buf, msg->rm_direction);
1434 1433 IXDR_PUT_U_INT32(buf, msg->rm_call.cb_rpcvers);
1435 1434 IXDR_PUT_U_INT32(buf, msg->rm_call.cb_prog);
1436 1435 IXDR_PUT_U_INT32(buf, msg->rm_call.cb_vers);
1437 1436 IXDR_PUT_U_INT32(buf, msg->rm_call.cb_proc);
1438 1437 IXDR_PUT_ENUM(buf, oa->oa_flavor);
1439 1438 IXDR_PUT_U_INT32(buf, oa->oa_length);
1440 1439 if (oa->oa_length) {
1441 1440 len = RNDUP(oa->oa_length);
1442 1441 tmp = buf;
1443 1442 buf += len / sizeof (int);
1444 1443 *(buf - 1) = 0;
1445 1444 (void) bcopy(oa->oa_base, (caddr_t)tmp, oa->oa_length);
1446 1445 }
1447 1446 len = ((char *)buf) - hdr;
1448 1447 msg_buf.length = len;
1449 1448 msg_buf.value = hdr;
1450 1449 oa = &msg->rm_call.cb_verf;
1451 1450 tok_buf.length = oa->oa_length;
1452 1451 tok_buf.value = oa->oa_base;
1453 1452
1454 1453 gssstat = kgss_verify(&minor_stat, context, &msg_buf, &tok_buf,
1455 1454 qop_state);
1456 1455 if (gssstat != GSS_S_COMPLETE) {
1457 1456 RPCGSS_LOG(1, "check_verf: kgss_verify status 0x%x\n", gssstat);
1458 1457
1459 1458 RPCGSS_LOG(4, "check_verf: msg_buf length %d\n", len);
1460 1459 RPCGSS_LOG(4, "check_verf: msg_buf value 0x%x\n", *(int *)hdr);
1461 1460 RPCGSS_LOG(4, "check_verf: tok_buf length %ld\n",
1462 1461 tok_buf.length);
1463 1462 RPCGSS_LOG(4, "check_verf: tok_buf value 0x%p\n",
1464 1463 (void *)oa->oa_base);
1465 1464 RPCGSS_LOG(4, "check_verf: context 0x%p\n", (void *)context);
1466 1465
1467 1466 return (FALSE);
1468 1467 }
1469 1468 return (TRUE);
1470 1469 }
1471 1470
1472 1471
1473 1472 /*
1474 1473 * Set response verifier. This is the checksum of the given number.
1475 1474 * (e.g. sequence number or sequence window)
1476 1475 */
1477 1476 static bool_t
1478 1477 set_response_verf(rqst, msg, cl, num)
1479 1478 struct svc_req *rqst;
1480 1479 struct rpc_msg *msg;
1481 1480 svc_rpc_gss_data *cl;
1482 1481 uint_t num;
1483 1482 {
1484 1483 OM_uint32 minor;
1485 1484 gss_buffer_desc in_buf, out_buf;
1486 1485 uint_t num_net;
1487 1486
1488 1487 num_net = (uint_t)htonl(num);
1489 1488 in_buf.length = sizeof (num);
1490 1489 in_buf.value = (char *)&num_net;
1491 1490 /* XXX uid ? */
1492 1491
1493 1492 if ((kgss_sign(&minor, cl->context, cl->qop, &in_buf,
1494 1493 &out_buf)) != GSS_S_COMPLETE)
1495 1494 return (FALSE);
1496 1495
1497 1496 rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
1498 1497 rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
1499 1498 rqst->rq_xprt->xp_verf.oa_length = out_buf.length;
1500 1499 bcopy(out_buf.value, rqst->rq_xprt->xp_verf.oa_base, out_buf.length);
1501 1500 (void) gss_release_buffer(&minor, &out_buf);
1502 1501 return (TRUE);
1503 1502 }
1504 1503
1505 1504 /*
1506 1505 * Create client context.
1507 1506 */
1508 1507 static svc_rpc_gss_data *
1509 1508 create_client()
1510 1509 {
1511 1510 svc_rpc_gss_data *client_data;
1512 1511 static uint_t key = 1;
1513 1512
1514 1513 client_data = (svc_rpc_gss_data *) kmem_cache_alloc(svc_data_handle,
1515 1514 KM_SLEEP);
1516 1515 if (client_data == NULL)
1517 1516 return (NULL);
1518 1517
1519 1518 /*
1520 1519 * set up client data structure
1521 1520 */
1522 1521 client_data->next = NULL;
1523 1522 client_data->prev = NULL;
1524 1523 client_data->lru_next = NULL;
1525 1524 client_data->lru_prev = NULL;
1526 1525 client_data->client_name.length = 0;
1527 1526 client_data->client_name.value = NULL;
1528 1527 client_data->seq_num = 0;
1529 1528 bzero(client_data->seq_bits, sizeof (client_data->seq_bits));
1530 1529 client_data->key = 0;
1531 1530 client_data->cookie = NULL;
1532 1531 bzero(&client_data->u_cred, sizeof (client_data->u_cred));
1533 1532 client_data->established = FALSE;
1534 1533 client_data->locked = FALSE;
1535 1534 client_data->u_cred_set = 0;
1536 1535 client_data->context = GSS_C_NO_CONTEXT;
1537 1536 client_data->expiration = GSS_C_INDEFINITE;
1538 1537 client_data->deleg = GSS_C_NO_CREDENTIAL;
1539 1538 client_data->ref_cnt = 1;
1540 1539 client_data->last_ref_time = gethrestime_sec();
1541 1540 client_data->qop = GSS_C_QOP_DEFAULT;
1542 1541 client_data->done_docallback = FALSE;
1543 1542 client_data->stale = FALSE;
1544 1543 client_data->retrans_data = NULL;
1545 1544 bzero(&client_data->raw_cred, sizeof (client_data->raw_cred));
1546 1545
1547 1546 /*
1548 1547 * The client context handle is a 32-bit key (unsigned int).
1549 1548 * The key is incremented until there is no duplicate for it.
1550 1549 */
1551 1550
1552 1551 svc_rpc_gss_cache_stats.total_entries_allocated++;
1553 1552 mutex_enter(&ctx_mutex);
1554 1553 for (;;) {
1555 1554 client_data->key = key++;
1556 1555 if (find_client(client_data->key) == NULL) {
1557 1556 insert_client(client_data);
1558 1557 mutex_exit(&ctx_mutex);
1559 1558 return (client_data);
1560 1559 }
1561 1560 }
1562 1561 /*NOTREACHED*/
1563 1562 }
1564 1563
1565 1564 /*
1566 1565 * Insert client context into hash list and LRU list.
1567 1566 */
1568 1567 static void
1569 1568 insert_client(client_data)
1570 1569 svc_rpc_gss_data *client_data;
1571 1570 {
1572 1571 svc_rpc_gss_data *cl;
1573 1572 int index = HASH(client_data->key);
1574 1573
1575 1574 ASSERT(mutex_owned(&ctx_mutex));
1576 1575
1577 1576 client_data->prev = NULL;
1578 1577 cl = clients[index];
1579 1578 if ((client_data->next = cl) != NULL)
1580 1579 cl->prev = client_data;
1581 1580 clients[index] = client_data;
1582 1581
1583 1582 client_data->lru_prev = NULL;
1584 1583 if ((client_data->lru_next = lru_first) != NULL)
1585 1584 lru_first->lru_prev = client_data;
1586 1585 else
1587 1586 lru_last = client_data;
1588 1587 lru_first = client_data;
1589 1588
1590 1589 num_gss_contexts++;
1591 1590 }
1592 1591
1593 1592 /*
1594 1593 * Fetch a client, given the client context handle. Move it to the
1595 1594 * top of the LRU list since this is the most recently used context.
1596 1595 */
1597 1596 static svc_rpc_gss_data *
1598 1597 get_client(ctx_handle)
1599 1598 gss_buffer_t ctx_handle;
1600 1599 {
1601 1600 uint_t key = *(uint_t *)ctx_handle->value;
1602 1601 svc_rpc_gss_data *cl;
1603 1602
1604 1603 mutex_enter(&ctx_mutex);
1605 1604 if ((cl = find_client(key)) != NULL) {
1606 1605 mutex_enter(&cl->clm);
1607 1606 if (cl->stale) {
1608 1607 if (cl->ref_cnt == 0) {
1609 1608 mutex_exit(&cl->clm);
1610 1609 destroy_client(cl);
1611 1610 } else {
1612 1611 mutex_exit(&cl->clm);
1613 1612 }
1614 1613 mutex_exit(&ctx_mutex);
1615 1614 return (NULL);
1616 1615 }
1617 1616 cl->ref_cnt++;
1618 1617 cl->last_ref_time = gethrestime_sec();
1619 1618 mutex_exit(&cl->clm);
1620 1619 if (cl != lru_first) {
1621 1620 cl->lru_prev->lru_next = cl->lru_next;
1622 1621 if (cl->lru_next != NULL)
1623 1622 cl->lru_next->lru_prev = cl->lru_prev;
1624 1623 else
1625 1624 lru_last = cl->lru_prev;
1626 1625 cl->lru_prev = NULL;
1627 1626 cl->lru_next = lru_first;
1628 1627 lru_first->lru_prev = cl;
1629 1628 lru_first = cl;
1630 1629 }
1631 1630 }
1632 1631 mutex_exit(&ctx_mutex);
1633 1632 return (cl);
1634 1633 }
1635 1634
1636 1635 /*
1637 1636 * Given the client context handle, find the context corresponding to it.
1638 1637 * Don't change its LRU state since it may not be used.
1639 1638 */
1640 1639 static svc_rpc_gss_data *
1641 1640 find_client(key)
1642 1641 uint_t key;
1643 1642 {
1644 1643 int index = HASH(key);
1645 1644 svc_rpc_gss_data *cl = NULL;
1646 1645
1647 1646 ASSERT(mutex_owned(&ctx_mutex));
1648 1647
1649 1648 for (cl = clients[index]; cl != NULL; cl = cl->next) {
1650 1649 if (cl->key == key)
1651 1650 break;
1652 1651 }
1653 1652 return (cl);
1654 1653 }
1655 1654
1656 1655 /*
1657 1656 * Destroy a client context.
1658 1657 */
1659 1658 static void
1660 1659 destroy_client(client_data)
1661 1660 svc_rpc_gss_data *client_data;
1662 1661 {
1663 1662 OM_uint32 minor;
1664 1663 int index = HASH(client_data->key);
1665 1664
1666 1665 ASSERT(mutex_owned(&ctx_mutex));
1667 1666
1668 1667 /*
1669 1668 * remove from hash list
1670 1669 */
1671 1670 if (client_data->prev == NULL)
1672 1671 clients[index] = client_data->next;
1673 1672 else
1674 1673 client_data->prev->next = client_data->next;
1675 1674 if (client_data->next != NULL)
1676 1675 client_data->next->prev = client_data->prev;
1677 1676
1678 1677 /*
1679 1678 * remove from LRU list
1680 1679 */
1681 1680 if (client_data->lru_prev == NULL)
1682 1681 lru_first = client_data->lru_next;
1683 1682 else
1684 1683 client_data->lru_prev->lru_next = client_data->lru_next;
1685 1684 if (client_data->lru_next != NULL)
1686 1685 client_data->lru_next->lru_prev = client_data->lru_prev;
1687 1686 else
1688 1687 lru_last = client_data->lru_prev;
1689 1688
1690 1689 /*
1691 1690 * If there is a GSS context, clean up GSS state.
1692 1691 */
1693 1692 if (client_data->context != GSS_C_NO_CONTEXT) {
1694 1693 (void) kgss_delete_sec_context(&minor, &client_data->context,
1695 1694 NULL);
1696 1695
1697 1696 common_client_data_free(client_data);
1698 1697
1699 1698 if (client_data->deleg != GSS_C_NO_CREDENTIAL) {
1700 1699 (void) kgss_release_cred(&minor, &client_data->deleg,
1701 1700 crgetuid(CRED()));
1702 1701 }
1703 1702 }
1704 1703
1705 1704 if (client_data->u_cred.gidlist != NULL) {
1706 1705 kmem_free((char *)client_data->u_cred.gidlist,
1707 1706 client_data->u_cred.gidlen * sizeof (gid_t));
1708 1707 client_data->u_cred.gidlist = NULL;
1709 1708 }
1710 1709 if (client_data->retrans_data != NULL)
1711 1710 retrans_del(client_data);
1712 1711
1713 1712 kmem_cache_free(svc_data_handle, client_data);
1714 1713 num_gss_contexts--;
1715 1714 }
1716 1715
1717 1716 /*
1718 1717 * Check for expired and stale client contexts.
1719 1718 */
1720 1719 static void
1721 1720 sweep_clients(bool_t from_reclaim)
1722 1721 {
1723 1722 svc_rpc_gss_data *cl, *next;
1724 1723 time_t last_reference_needed;
1725 1724 time_t now = gethrestime_sec();
1726 1725
1727 1726 ASSERT(mutex_owned(&ctx_mutex));
1728 1727
1729 1728 last_reference_needed = now - (from_reclaim ?
1730 1729 svc_rpc_gss_active_delta : svc_rpc_gss_inactive_delta);
1731 1730
1732 1731 cl = lru_last;
1733 1732 while (cl) {
1734 1733 /*
1735 1734 * We assume here that any manipulation of the LRU pointers
1736 1735 * and hash bucket pointers are only done when holding the
1737 1736 * ctx_mutex.
1738 1737 */
1739 1738 next = cl->lru_prev;
1740 1739
1741 1740 mutex_enter(&cl->clm);
1742 1741
1743 1742 if ((cl->expiration != GSS_C_INDEFINITE &&
1744 1743 cl->expiration <= now) || cl->stale ||
1745 1744 cl->last_ref_time <= last_reference_needed) {
1746 1745
1747 1746 if ((cl->expiration != GSS_C_INDEFINITE &&
1748 1747 cl->expiration <= now) || cl->stale ||
1749 1748 (cl->last_ref_time <= last_reference_needed &&
1750 1749 cl->ref_cnt == 0)) {
1751 1750
1752 1751 cl->stale = TRUE;
1753 1752
1754 1753 if (cl->ref_cnt == 0) {
1755 1754 mutex_exit(&cl->clm);
1756 1755 if (from_reclaim)
1757 1756 svc_rpc_gss_cache_stats.
1758 1757 no_returned_by_reclaim++;
1759 1758 destroy_client(cl);
1760 1759 } else
1761 1760 mutex_exit(&cl->clm);
1762 1761 } else
1763 1762 mutex_exit(&cl->clm);
1764 1763 } else
1765 1764 mutex_exit(&cl->clm);
1766 1765
1767 1766 cl = next;
1768 1767 }
1769 1768
1770 1769 last_swept = gethrestime_sec();
1771 1770 }
1772 1771
1773 1772 /*
1774 1773 * Encrypt the serialized arguments from xdr_func applied to xdr_ptr
1775 1774 * and write the result to xdrs.
1776 1775 */
1777 1776 static bool_t
1778 1777 svc_rpc_gss_wrap(auth, out_xdrs, xdr_func, xdr_ptr)
1779 1778 SVCAUTH *auth;
1780 1779 XDR *out_xdrs;
1781 1780 bool_t (*xdr_func)();
1782 1781 caddr_t xdr_ptr;
1783 1782 {
1784 1783 svc_rpc_gss_parms_t *gss_parms = SVCAUTH_GSSPARMS(auth);
1785 1784 bool_t ret;
1786 1785
1787 1786 /*
1788 1787 * If context is not established, or if neither integrity nor
1789 1788 * privacy service is used, don't wrap - just XDR encode.
1790 1789 * Otherwise, wrap data using service and QOP parameters.
1791 1790 */
1792 1791 if (!gss_parms->established ||
1793 1792 gss_parms->service == rpc_gss_svc_none)
1794 1793 return ((*xdr_func)(out_xdrs, xdr_ptr));
1795 1794
1796 1795 ret = __rpc_gss_wrap_data(gss_parms->service,
1797 1796 (OM_uint32)gss_parms->qop_rcvd,
1798 1797 (gss_ctx_id_t)gss_parms->context,
1799 1798 gss_parms->seq_num,
1800 1799 out_xdrs, xdr_func, xdr_ptr);
1801 1800 return (ret);
1802 1801 }
1803 1802
1804 1803 /*
1805 1804 * Decrypt the serialized arguments and XDR decode them.
1806 1805 */
1807 1806 static bool_t
1808 1807 svc_rpc_gss_unwrap(auth, in_xdrs, xdr_func, xdr_ptr)
1809 1808 SVCAUTH *auth;
1810 1809 XDR *in_xdrs;
1811 1810 bool_t (*xdr_func)();
1812 1811 caddr_t xdr_ptr;
1813 1812 {
1814 1813 svc_rpc_gss_parms_t *gss_parms = SVCAUTH_GSSPARMS(auth);
1815 1814
1816 1815 /*
1817 1816 * If context is not established, or if neither integrity nor
1818 1817 * privacy service is used, don't unwrap - just XDR decode.
1819 1818 * Otherwise, unwrap data.
1820 1819 */
1821 1820 if (!gss_parms->established ||
1822 1821 gss_parms->service == rpc_gss_svc_none)
1823 1822 return ((*xdr_func)(in_xdrs, xdr_ptr));
1824 1823
1825 1824 return (__rpc_gss_unwrap_data(gss_parms->service,
1826 1825 (gss_ctx_id_t)gss_parms->context,
1827 1826 gss_parms->seq_num,
1828 1827 gss_parms->qop_rcvd,
1829 1828 in_xdrs, xdr_func, xdr_ptr));
1830 1829 }
1831 1830
1832 1831
1833 1832 /* ARGSUSED */
1834 1833 int
1835 1834 rpc_gss_svc_max_data_length(struct svc_req *req, int max_tp_unit_len)
1836 1835 {
1837 1836 return (0);
1838 1837 }
1839 1838
1840 1839 /*
1841 1840 * Add retransmit entry to the context cache entry for a new xid.
1842 1841 * If there is already an entry, delete it before adding the new one.
1843 1842 */
1844 1843 static void retrans_add(client, xid, result)
1845 1844 svc_rpc_gss_data *client;
1846 1845 uint32_t xid;
1847 1846 rpc_gss_init_res *result;
1848 1847 {
1849 1848 retrans_entry *rdata;
1850 1849
1851 1850 if (client->retrans_data && client->retrans_data->xid == xid)
1852 1851 return;
1853 1852
1854 1853 rdata = kmem_zalloc(sizeof (*rdata), KM_SLEEP);
1855 1854
1856 1855 if (rdata == NULL)
1857 1856 return;
1858 1857
1859 1858 rdata->xid = xid;
1860 1859 rdata->result = *result;
1861 1860
1862 1861 if (result->token.length != 0) {
1863 1862 GSS_DUP_BUFFER(rdata->result.token, result->token);
1864 1863 }
1865 1864
1866 1865 if (client->retrans_data)
1867 1866 retrans_del(client);
1868 1867
1869 1868 client->retrans_data = rdata;
1870 1869 }
1871 1870
1872 1871 /*
1873 1872 * Delete the retransmit data from the context cache entry.
1874 1873 */
1875 1874 static void retrans_del(client)
1876 1875 svc_rpc_gss_data *client;
1877 1876 {
1878 1877 retrans_entry *rdata;
1879 1878 OM_uint32 minor_stat;
1880 1879
1881 1880 if (client->retrans_data == NULL)
1882 1881 return;
1883 1882
1884 1883 rdata = client->retrans_data;
1885 1884 if (rdata->result.token.length != 0) {
1886 1885 (void) gss_release_buffer(&minor_stat, &rdata->result.token);
1887 1886 }
1888 1887
1889 1888 kmem_free((caddr_t)rdata, sizeof (*rdata));
1890 1889 client->retrans_data = NULL;
1891 1890 }
1892 1891
1893 1892 /*
1894 1893 * This function frees the following fields of svc_rpc_gss_data:
1895 1894 * client_name, raw_cred.client_principal, raw_cred.mechanism.
1896 1895 */
1897 1896 static void
1898 1897 common_client_data_free(svc_rpc_gss_data *client_data)
1899 1898 {
1900 1899 if (client_data->client_name.length > 0) {
1901 1900 (void) gss_release_buffer(NULL, &client_data->client_name);
1902 1901 }
1903 1902
1904 1903 if (client_data->raw_cred.client_principal) {
1905 1904 kmem_free((caddr_t)client_data->raw_cred.client_principal,
1906 1905 client_data->raw_cred.client_principal->len +
1907 1906 sizeof (int));
1908 1907 client_data->raw_cred.client_principal = NULL;
1909 1908 }
1910 1909
1911 1910 /*
1912 1911 * In the user GSS-API library, mechanism (mech_type returned
1913 1912 * by gss_accept_sec_context) is static storage, however
1914 1913 * since all the work is done for gss_accept_sec_context under
1915 1914 * gssd, what is returned in the kernel, is a copy from the oid
1916 1915 * obtained under from gssd, so need to free it when destroying
1917 1916 * the client data.
1918 1917 */
1919 1918
1920 1919 if (client_data->raw_cred.mechanism) {
1921 1920 kgss_free_oid(client_data->raw_cred.mechanism);
1922 1921 client_data->raw_cred.mechanism = NULL;
1923 1922 }
1924 1923 }
↓ open down ↓ |
951 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX