From: Andy Adamson <[email protected]>
Version 6:
- Implemented GSSv3 security for NFSv4.2 Inter Server to Server copy on
top of this code. copy_to_auth, copy_from_auth, and copy_confirm_auth
payloads should not impose changes to this GSSv3 label code.
Requires on Client:
-------------------
gssd patches: "Version 4 GSSD changes for RPCSEC_GSS version 3"
0001-GSSD-Add-RPCSEC_GSS-version-to-downcall.patch
0002-GSSD-add-option-to-not-put-gss-version-in-downcall.patch
libtirpc patches "Version 4 Libtirpc changes for RPCSEC_GSS version 3"
0001-Use-RPCSEC_GSS-version-3.patch
0002-RPCSEC_GSSv3-new-reply-verifier.patch
GSSv3 Implementation Features:
------------------------------
- Negotiate GSS version - starts with GSSv3 then falls back to GSSv1 if
GSSv3 is not supported by gssd or by the NFS server.
- New GSSv3 reply verifier over the RPC header and credential, just like the call verifier caveat the "REPLY" direction. This new reply verifier is stronger than the GSSv1 reply verifier which is only over the GSS sequence number.
- RPCSEC_GSS_CREATE operation generic code is separated from the payload code.
- The first time each client SeLinux thread label is used, an RPCSEC_GSS_CREATE call with a rgss3_label assertion payload is sent, and a GSS3 Child context is associated with the thread label. Each use of the client thread label triggers the use of the associated GSS3 child context handle for the NFS request
- Supports one label assertion payload per RPCSEC_GSS_CREATE
- Kerberos pseudoflavor support (krb5i, krb5p) for RPCSEC_GSS_CREATE calls.
- RPCSEC_GSS_CREATE is only used on krb5i or krb5p parent contexts.
- Client only uses GSSv3 labeling if GSSv3 is in use, selinux is enabled,
and the credential used has the RPC_SEC_GSS_KRB5I or RPC_SEC_GSS_KRB5P
auth flavor.
Issues:
-------
- Perhaps add an administrative configuration on the client (a mount option?)
to indicate Full Mode MAC is desired and that NFSv4.2 Labeled NFS (LNFS)
is to be used. The current code checks the rpc_auth au_flavor in the
GSS layer. This can result in labels being sent only on the
RPC_SEC_GSS_KRB5I state management NFS requests (EXCHANGE_ID,
CREATE_SESSION, etc) on KRB5, AUTH_SYS, and AUTH_NONE mounts where
the non state management NFS requests will not use GSSv3 label contexts.
An administrative configuration can clear up this confusion.
- When GSSv3 labeling is configured, should NFS requests fail if a GSSv3 label
fails to be created? Should we count on the server failing an NFS request
without an associated GSS3 label context handle? The current code ignores
an RPCSEC_GSS_CREATE failure.
Functional Description
----------------------
Parent GSS context: the normal GSS context
- "Normal" GSSv3 context is the same as a "normal" GSSv1 context except
for the new GSS Version and new reply verifier. For GSSv3 this "normal"
context is called the parent context.
Child GSS3 context: Is returned by a successful RPCSEC_GSS_CREATE operation
- Child context is associated with the parent context on both the client
and the server.
Client:
If SeLinux is enabled, GSSv3 is in use, and this is a sec=krb5i or
sec=krb5p mount option, assume LNFS and GSSv3 full mode MAC security
(caveat the first Issue above).
Server:
If SeLinux is enabled, the NFSEXP_SECURITY_LABEL is set on the export,
(export option "security_label") and GSSv3 is in use, then both LNFS
and GSSv3 labels are in use e.g. full mode MAC security.
When full mode MAC is used:
- Each new GSS3 context (parent) kicks off an RPCSEC_GSS_CREATE with the
client thread's SeLinux label as a payload.
- Upon success, the RPCSEC_GSS_CREATE call creates a GSSv3 child context
handle that asserts the thread label, and uses the parent context for
encrytion services.
- CLIENT: Child context and assertion is stored in an assertion list
off the struct gss_cl_ctx.
- SERVER: Child context has it's own rsc cache entry, and the child
handle is stored in a list of children handles off the parent rsc entry.
- CLIENT and SERVER: child contexts are destroyed when parent context is
destroyed.
- CLIENT: child context associated with the client NFS request thread
is used for the NFS request.
- SERVER: Using the child context handle looks up the child rsc entry.
Using the parent context handle stored in the child rsc entry looks up
the parent rsc entry to use for MIC creation/verification, integrity
(krb5i) and/or privacy (krb5p).
- SERVER: the label asserted by the NFS request child handle is imposed
upon the NFSD thread servicing the request just like the UID/GIDs in
the rpc credential.
Each time a call is made, the client makes a check in gss_match to see if
the curren thread's SeLinux label has an associated GSS3 child context handle
to use. If not, an RPCSEC_GSS_CREATE call is kicked off to establish the
child context prior to the NFS request being sent. The NFS request then
uses the child context that asserts the client NFS request thread label
when sending the NFS request to the server.
Useful SeLinux commands
------------------------
- getenforce will let you know if Selinux is enforced
- ls -Z shows label and fetches it via LNFS GETATTR
- ls -scontext shows just the label
105,1
Andy Adamson (12):
SELINUX export security_current_sid_to_context
SUNRPC GSSv3: base definitions
SUNRPC AUTH_GSS get RPCSEC_GSS version from gssd downcall
SUNRPC AUTH_GSS gss3 reply verifier
SUNRPC AUTH_GSS RPCSEC_GSS_CREATE with label payload
SUNRPC AUTH_GSS store and use gss3 label assertion
SUNRPC-AUTH_GSS gss3_free_assertions
SUNRPC SVCAUTH_GSS allow RPCSEC_GSS version 1 or 3
SUNRPC SVCAUTH_GSS gss3 reply verifier
SUNRPC SVCAUTH_GSS gss3 create label
SUNRPC SVCAUTH_GSS set gss3 label on nfsd thread
SUNRPC SVCAUTH_gss store gss3 child handles in parent rsc
fs/nfsd/auth.c | 11 +-
include/linux/selinux.h | 7 +
include/linux/sunrpc/auth_gss.h | 72 ++++-
include/linux/sunrpc/gss_api.h | 9 +
include/linux/sunrpc/svcauth.h | 1 +
include/linux/sunrpc/svcauth_gss.h | 1 +
net/sunrpc/auth_gss/auth_gss.c | 606 ++++++++++++++++++++++++++++++++++++-
net/sunrpc/auth_gss/svcauth_gss.c | 605 ++++++++++++++++++++++++++++++++++--
security/selinux/hooks.c | 10 +
9 files changed, 1281 insertions(+), 41 deletions(-)
--
1.8.3.1
From: Andy Adamson <[email protected]>
Due to the addition of RPC_GSS3_VERSION. Assign RPC_GSS_VERSION (version 1)
if GSS version is not part of the gssd downcall.
Signed-off-by: Andy Adamson <[email protected]>
---
include/linux/sunrpc/auth_gss.h | 1 +
net/sunrpc/auth_gss/auth_gss.c | 27 ++++++++++++++++++++-------
2 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/include/linux/sunrpc/auth_gss.h b/include/linux/sunrpc/auth_gss.h
index cf5e694..dbcdcc2 100644
--- a/include/linux/sunrpc/auth_gss.h
+++ b/include/linux/sunrpc/auth_gss.h
@@ -70,6 +70,7 @@ struct rpc_gss_init_res {
struct gss_cl_ctx {
atomic_t count;
+ u32 gc_v;
enum rpc_gss_proc gc_proc;
u32 gc_seq;
spinlock_t gc_seq_lock;
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 4f16953..3c7fa5d 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -209,10 +209,11 @@ struct gss_auth {
static const void *
gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct gss_api_mech *gm)
{
- const void *q;
+ const void *q, *save;
unsigned int seclen;
unsigned int timeout;
unsigned long now = jiffies;
+ unsigned int gss_v;
u32 window_size;
int ret;
@@ -274,10 +275,22 @@ struct gss_auth {
p = simple_get_netobj(q, end, &ctx->gc_acceptor);
if (IS_ERR(p))
goto err;
+
+ /** Pull in RPCSEC_GSS version if there is one.
+ * Assign RPC_GSS_VERSION (version 1) as the default.
+ */
+ save = p;
+ p = simple_get_bytes(p, end, &gss_v, sizeof(gss_v));
+ if (IS_ERR(p)) {
+ ctx->gc_v = RPC_GSS_VERSION;
+ p = save;
+ } else {
+ ctx->gc_v = gss_v;
+ }
done:
- dprintk("RPC: %s Success. gc_expiry %lu now %lu timeout %u acceptor %.*s\n",
+ dprintk("RPC: %s Success. gc_expiry %lu now %lu timeout %u acceptor %.*s gss version %d\n",
__func__, ctx->gc_expiry, now, timeout, ctx->gc_acceptor.len,
- ctx->gc_acceptor.data);
+ ctx->gc_acceptor.data, ctx->gc_v);
return p;
err:
dprintk("RPC: %s returns error %ld\n", __func__, -PTR_ERR(p));
@@ -1511,10 +1524,10 @@ static void gss_pipe_free(struct gss_pipe *p)
req->rq_seqno = ctx->gc_seq++;
spin_unlock(&ctx->gc_seq_lock);
- *p++ = htonl((u32) RPC_GSS_VERSION);
- *p++ = htonl((u32) ctx->gc_proc);
- *p++ = htonl((u32) req->rq_seqno);
- *p++ = htonl((u32) gss_cred->gc_service);
+ *p++ = htonl((u32)ctx->gc_v);
+ *p++ = htonl((u32)ctx->gc_proc);
+ *p++ = htonl((u32)req->rq_seqno);
+ *p++ = htonl((u32)gss_cred->gc_service);
p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
*cred_len = htonl((p - (cred_len + 1)) << 2);
--
1.8.3.1
From: Andy Adamson <[email protected]>
Declaration of GSS3 structures.
Determination of Full Mac labeling enabled. GSSv3 in use, SeLinux enabled,
and krb5i or krb5p in use.
Creation and xdr encoding an decoding of a gss3_label payload.
Generic gss3_proc_create that sends an RPC_GSS_PROC_CREATE operation with
any gss3 assertion payload.
Upon success, store the RPC_GSS_PROC_CREATE reply GSS3 assertions
in the parent gss_cl_ctx.
Signed-off-by: Andy Adamson <[email protected]>
---
include/linux/sunrpc/auth_gss.h | 59 ++++++
include/linux/sunrpc/gss_api.h | 7 +
net/sunrpc/auth_gss/auth_gss.c | 397 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 463 insertions(+)
diff --git a/include/linux/sunrpc/auth_gss.h b/include/linux/sunrpc/auth_gss.h
index dbcdcc2..16b4f20 100644
--- a/include/linux/sunrpc/auth_gss.h
+++ b/include/linux/sunrpc/auth_gss.h
@@ -62,6 +62,11 @@ struct rpc_gss_init_res {
struct xdr_netobj gr_token; /* token */
};
+struct gss3_assert_list {
+ struct list_head assert_list;
+ spinlock_t assert_lock;
+};
+
/* The gss_cl_ctx struct holds all the information the rpcsec_gss client
* code needs to know about a single security context. In particular,
* gc_gss_ctx is the context handle that is used to do gss-api calls, while
@@ -79,6 +84,7 @@ struct gss_cl_ctx {
struct xdr_netobj gc_acceptor;
u32 gc_win;
unsigned long gc_expiry;
+ struct gss3_assert_list gc_alist;
struct rcu_head gc_rcu;
};
@@ -92,6 +98,59 @@ struct gss_cred {
unsigned long gc_upcall_timestamp;
};
+/** GSS3 */
+enum gss3_type {
+ GSS3_LABEL = 0,
+ GSS3_PRIVS = 1,
+};
+
+struct gss3_chan_binding {
+ u32 cb_len;
+ void *cb_binding;
+};
+
+struct gss3_mp_auth {
+ u32 mp_handle_len;
+ void *mp_handle;
+ u32 *mp_mic_len;
+ void *mp_mic; /* header mic */
+};
+
+struct gss3_label {
+ u32 la_lfs;
+ u32 la_pi;
+ struct xdr_netobj la_label;
+};
+
+struct gss3_privs {
+ struct xdr_netobj pr_name;
+ struct xdr_netobj pr_data;
+};
+
+struct gss3_assertion_u {
+ u32 au_type;
+ union {
+ struct gss3_label au_label;
+ struct gss3_privs au_privs;
+ } u;
+};
+
+struct gss3_create_args {
+ struct gss3_mp_auth *ca_mp_auth;
+ struct gss3_chan_binding *ca_chan_bind;
+ u32 ca_num;
+ struct gss3_assertion_u *ca_assertions;
+};
+
+struct gss3_create_res {
+ u32 cr_hlen;
+ void *cr_handle;
+ struct gss3_mp_auth *cr_mp_auth;
+ struct gss3_chan_binding *cr_chan_bind;
+ u32 cr_num;
+ struct gss3_assertion_u *cr_assertions;
+};
+
#endif /* __KERNEL__ */
#endif /* _LINUX_SUNRPC_AUTH_GSS_H */
diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h
index 68ec78c..7e5da3a 100644
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -17,6 +17,13 @@
#include <linux/sunrpc/msg_prot.h>
#include <linux/uio.h>
+struct gss3_assert {
+ struct list_head gss3_list; /* per context list of assertions */
+ struct xdr_netobj gss3_handle; /* child handle */
+ u32 gss3_num; /* always one for now */
+ struct gss3_assertion_u *gss3_assertion;
+};
+
/* The mechanism-independent gss-api context: */
struct gss_ctx {
struct gss_api_mech *mech_type;
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 28c5491..46c0068 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -52,9 +52,12 @@
#include <linux/sunrpc/gss_api.h>
#include <linux/uaccess.h>
#include <linux/hashtable.h>
+#include <linux/security.h>
#include "../netns.h"
+static int gss3_create_label(struct rpc_cred *cred);
+
static const struct rpc_authops authgss_ops;
static const struct rpc_credops gss_credops;
@@ -128,6 +131,21 @@ struct gss_auth {
gss_free_ctx(ctx);
}
+/* gss3_label_enabled:
+ * Called to determine if Full Mode Mandatory Access Control (MAC)
+ * over a GSS connection is desired.
+ *
+ * Note:
+ * Currently Full Mode MAC is assuemed if SeLinux is enabled and
+ * RPCSEC_GSS version 3 with KRB5i or KRB5p is in use.
+ */
+static inline bool
+gss3_label_assertion_is_enabled(u32 rpcsec_version, rpc_authflavor_t fl)
+{
+ return (rpcsec_version == RPC_GSS3_VERSION && selinux_is_enabled() &&
+ ((fl == RPC_AUTH_GSS_KRB5I) || (fl == RPC_AUTH_GSS_KRB5P)));
+}
+
/* gss_cred_set_ctx:
* called by gss_upcall_callback and gss_create_upcall in order
* to set the gss context. The actual exchange of an old context
@@ -145,6 +163,9 @@ struct gss_auth {
set_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
smp_mb__before_atomic();
clear_bit(RPCAUTH_CRED_NEW, &cred->cr_flags);
+ if (gss3_label_assertion_is_enabled(ctx->gc_v,
+ cred->cr_auth->au_flavor))
+ gss3_create_label(cred);
}
static const void *
@@ -201,6 +222,8 @@ struct gss_auth {
ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */
spin_lock_init(&ctx->gc_seq_lock);
atomic_set(&ctx->count,1);
+ INIT_LIST_HEAD(&ctx->gc_alist.assert_list);
+ spin_lock_init(&ctx->gc_alist.assert_lock);
}
return ctx;
}
@@ -1596,6 +1619,380 @@ static int gss_cred_is_negative_entry(struct rpc_cred *cred)
return 0;
}
+/**
+ * The gss3_handle and gss3_assertions are allocated in gss3_dec_label
+ */
+static struct gss3_assert *
+gss3_alloc_init_assertion(struct gss3_create_res *cres)
+{
+ struct gss3_assert *ret;
+
+ ret = kzalloc(sizeof(*ret), GFP_NOFS);
+ if (!ret)
+ return ERR_PTR(-ENOMEM);
+
+ INIT_LIST_HEAD(&ret->gss3_list);
+ ret->gss3_handle.len = cres->cr_hlen;
+ ret->gss3_handle.data = cres->cr_handle;
+ ret->gss3_num = cres->cr_num;
+ ret->gss3_assertion = cres->cr_assertions;
+ return ret;
+}
+
+void
+gss3_insert_assertion(struct gss3_assert_list *alist, struct gss3_assert *g3a)
+{
+ spin_lock(&alist->assert_lock);
+ /* list_add_tail_rcu(new,head) inserts new before head */
+ list_add_tail_rcu(&g3a->gss3_list, &alist->assert_list);
+ spin_unlock(&alist->assert_lock);
+}
+
+static void gss3_free_label(struct gss3_label *gl)
+{
+ kfree(gl->la_label.data);
+}
+
+/**
+ * GSS3_createargs_maxsz and GSS3_createres_maxsz
+ * include no rgss3_assertion_u payload.
+ */
+#define GSS3_createargs_maxsz (1 /* empty ca_mp_auth */ + \
+ 1 /* empty ca_chan_bind */ + \
+ 1 /* ca_num */ + \
+ 1 /* au_type */)
+#define GSS3_createres_maxsz (1 /* cr_hlen */ + \
+ XDR_QUADLEN(XDR_MAX_NETOBJ) /* cr_handle*/ + \
+ GSS3_createargs_maxsz)
+#define GSS3_labelargs_maxsz (1 /* la_lfs */ + \
+ 1 /* la_pi */ + \
+ 1 /* la_label.len */ + \
+ XDR_QUADLEN(XDR_MAX_NETOBJ) /* la_label */)
+#define GSS3_labelres_maxsz GSS3_labelargs_maxsz
+
+static void
+gss3_enc_label(struct rpc_rqst *req, struct xdr_stream *xdr,
+ const struct gss3_create_args *g3ca)
+{
+ struct gss3_label *gl;
+ int len;
+ __be32 *p;
+
+ gl = &g3ca->ca_assertions[0].u.au_label;
+
+ dprintk("RPC: %5u encoding GSSv3 label %s:%d\n", req->rq_task->tk_pid,
+ (char *)gl->la_label.data, gl->la_label.len);
+
+ len = 4 + 4 + (XDR_QUADLEN(gl->la_label.len) << 2) + 4;
+ p = xdr_reserve_space(xdr, len);
+ *p++ = cpu_to_be32(0); /* la_lfs */
+ *p++ = cpu_to_be32(0); /* la_pi */
+ p = xdr_encode_netobj(p, &gl->la_label);
+}
+
+static int
+gss3_dec_label(struct rpc_rqst *req, struct xdr_stream *xdr,
+ struct gss3_create_res *g3cr)
+{
+ struct gss3_label *gl;
+ struct gss3_assertion_u *g3a;
+ __be32 *p;
+
+ /* Used to store assertion in parent gss_cl_ctx */
+ g3a = kzalloc(sizeof(*g3a), GFP_KERNEL);
+ if (!g3a)
+ goto out_err;
+
+ g3a->au_type = GSS3_LABEL;
+ gl = &g3a->u.au_label;
+
+ p = xdr_inline_decode(xdr, 12);
+ if (unlikely(!p))
+ goto out_overflow;
+
+ gl->la_lfs = be32_to_cpup(p++);
+ gl->la_pi = be32_to_cpup(p++);
+ gl->la_label.len = be32_to_cpup(p++);
+
+ p = xdr_inline_decode(xdr, gl->la_label.len);
+ if (unlikely(!p))
+ goto out_overflow;
+
+ gl->la_label.data = kmemdup(p, gl->la_label.len, GFP_KERNEL);
+ if (!gl->la_label.data)
+ goto out_free_assert;
+
+ g3cr->cr_assertions = g3a;
+
+ return 0;
+
+out_free_assert:
+ kfree(g3a);
+out_err:
+ return -EIO;
+out_overflow:
+ pr_warn("RPC %s End of receive buffer. Remaining len: %tu words.\n",
+ __func__, xdr->end - xdr->p);
+ goto out_free_assert;
+}
+
+static void
+gss3_enc_create(struct rpc_rqst *req, struct xdr_stream *xdr,
+ const struct gss3_create_args *g3ca)
+{
+ __be32 *p;
+
+ p = xdr_reserve_space(xdr, GSS3_createargs_maxsz << 2);
+ *p++ = cpu_to_be32(0); /* NULL ca_mp_auth */
+ *p++ = cpu_to_be32(0); /* NULL ca_chan_bind */
+ *p++ = cpu_to_be32(g3ca->ca_num);
+ *p++ = cpu_to_be32(g3ca->ca_assertions->au_type);
+
+ switch (g3ca->ca_assertions->au_type) {
+ case GSS3_LABEL:
+ gss3_enc_label(req, xdr, g3ca);
+ break;
+ case GSS3_PRIVS:
+ default:
+ /* drop through to return */
+ pr_warn("RPC Unsupported gss3 create assertion %d\n",
+ g3ca->ca_assertions->au_type);
+ }
+}
+
+static int
+gss3_dec_create(struct rpc_rqst *req, struct xdr_stream *xdr,
+ struct gss3_create_res *g3cr)
+{
+ u32 dummy, type;
+ __be32 *p;
+
+ p = xdr_inline_decode(xdr, 4);
+ if (unlikely(!p))
+ goto out_overflow;
+ g3cr->cr_hlen = be32_to_cpup(p++);
+
+ p = xdr_inline_decode(xdr, g3cr->cr_hlen + 16);
+ if (unlikely(!p))
+ goto out_overflow;
+
+ g3cr->cr_handle = kmemdup(p, g3cr->cr_hlen, GFP_KERNEL);
+ if (!g3cr->cr_handle)
+ goto out_err;
+
+ p += XDR_QUADLEN(g3cr->cr_hlen);
+
+ /* cr_mp_auth: not supported */
+ dummy = be32_to_cpup(p++);
+ if (dummy != 0) {
+ pr_warn("RPC gss3 create cr_mp_auth not supported\n");
+ goto out_free_handle;
+ }
+
+ /* cr_chan_bind: not supported */
+ dummy = be32_to_cpup(p++);
+ if (dummy != 0) {
+ pr_warn("RPC gss3 create cr_chan_bind not supported\n");
+ goto out_free_handle;
+ }
+
+ /* Support one assertion */
+ g3cr->cr_num = be32_to_cpup(p++);
+ if (g3cr->cr_num != 1) {
+ pr_warn("RPC gss3 multiple assertions %d unspported\n",
+ g3cr->cr_num);
+ goto out_free_handle;
+ }
+
+ /* au_type */
+ type = be32_to_cpup(p++);
+ switch (type) {
+ case GSS3_LABEL:
+ if (gss3_dec_label(req, xdr, g3cr) != 0)
+ goto out_free_handle;
+ break;
+ case GSS3_PRIVS:
+ default:
+ pr_warn("RPC Unsupported gss3 create assertion %d\n", type);
+ goto out_free_handle;
+ }
+ return 0;
+
+out_free_handle:
+ kfree(g3cr->cr_handle);
+out_err:
+ return -EIO;
+out_overflow:
+ pr_warn("RPC %s End of receive buffer. Remaining len: %tu words.\n",
+ __func__, xdr->end - xdr->p);
+ goto out_err;
+}
+
+#define RPC_PROC_NULL 0
+
+#define GSS3_create_args_max (GSS3_createargs_maxsz + GSS3_labelargs_maxsz)
+#define GSS3_create_res_max (GSS3_createres_maxsz + GSS3_labelres_maxsz)
+
+struct rpc_procinfo gss3_ops[] = {
+ [RPC_GSS_PROC_CREATE] = {
+ .p_proc = RPC_PROC_NULL,
+ .p_encode = (kxdreproc_t)gss3_enc_create,
+ .p_decode = (kxdrdproc_t)gss3_dec_create,
+ .p_arglen = GSS3_create_args_max,
+ .p_replen = GSS3_create_res_max,
+ .p_statidx = RPC_GSS_PROC_CREATE,
+ .p_timer = 0,
+ .p_name = "GSS_PROC_CREATE",
+ },
+};
+
+/**
+ * Default callback for async GSS RPC calls
+ * NOTE: same as rpc_default_ops()
+ */
+static void
+gss_rpc_default_callback(struct rpc_task *task, void *data)
+{
+}
+
+static const struct rpc_call_ops gss_rpc_default_ops = {
+ .rpc_call_done = gss_rpc_default_callback,
+};
+
+/**
+ * RPC_GSS_PROC_CREATE operation
+ * Return the resultant child context handle or an error.
+ *
+ * @cred: the credential holding the parent gss3 context
+ * @asserts: assertions for RPC_GSS_PROC_CREATE args, allocated
+ * and freed by caller on success or failure of
+ * gss3_proc_create.
+ * @numasserts: currently only one assert supported.
+ *
+ * Notes:
+ * 1) Spec says we MUST use integrity or privacy security service.
+ * First pass; use rpc_gss_svc_none.
+ * 2) Upon success, the returned list of assertions established on the
+ * server is saved in the parent context assertion list
+ */
+static struct xdr_netobj *
+gss3_proc_create(struct rpc_cred *cred, struct gss3_assertion_u *asserts,
+ int numasserts)
+{
+ struct gss_auth *gss_auth = container_of(cred->cr_auth, struct gss_auth,
+ rpc_auth);
+ struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
+ struct rpc_task *task;
+ struct gss3_create_res cres = {
+ .cr_mp_auth = 0,
+ };
+ struct rpc_message msg = {
+ .rpc_proc = &gss3_ops[RPC_GSS_PROC_CREATE],
+ .rpc_resp = &cres,
+ .rpc_cred = cred,
+ };
+ struct rpc_task_setup task_setup_data = {
+ .rpc_client = gss_auth->client,
+ .rpc_message = &msg,
+ .callback_ops = &gss_rpc_default_ops,
+ .flags = 0,
+ };
+ struct gss3_create_args *cargs = NULL;
+ struct gss3_assert *g3a = NULL;
+ struct xdr_netobj *ret = ERR_PTR(-EINVAL);
+
+ if (!ctx || !asserts)
+ goto out;
+ /**
+ * Take a reference to ensure the cred sticks around as we create
+ * a child context
+ */
+ get_rpccred(cred);
+
+ ret = ERR_PTR(-ENOMEM);
+ cargs = kzalloc(sizeof(*cargs), GFP_NOFS);
+ if (!cargs)
+ goto out_err;
+
+ /* args asserts allocated and freed by caller */
+ cargs->ca_assertions = asserts;
+
+ cargs->ca_num = numasserts;
+ ctx->gc_proc = RPC_GSS_PROC_CREATE;
+ cred->cr_ops = &gss_credops;
+
+ msg.rpc_argp = cargs;
+
+ /* Want a sync rpc call */
+ task = rpc_run_task(&task_setup_data);
+ if (IS_ERR(task)) {
+ ret = ERR_CAST(task);
+ goto out_free_assert;
+ }
+ if (task->tk_status != 0) {
+ ret = ERR_PTR(task->tk_status);
+ goto out_free_assert;
+ }
+ rpc_put_task(task);
+
+ g3a = gss3_alloc_init_assertion(&cres);
+ if (IS_ERR(g3a)) {
+ ret = ERR_CAST(g3a);
+ goto out_free_assert;
+ }
+ gss3_insert_assertion(&ctx->gc_alist, g3a);
+
+ ret = &g3a->gss3_handle;
+
+out_free_assert:
+ kfree(cargs);
+out_err:
+ ctx->gc_proc = RPC_GSS_PROC_DATA;
+ gss_put_ctx(ctx);
+ put_rpccred(cred);
+out:
+ return ret;
+}
+
+/**
+ * GSS3 Label Assertion
+ *
+ * Support one label assertion
+ *
+ * Asserts are freed regardless of success or failure
+ * as the asserts accepted and returned by the server are saved.
+ */
+static int
+gss3_create_label(struct rpc_cred *cred)
+{
+ struct gss3_assertion_u *asserts;
+ struct gss3_label *gl;
+ struct xdr_netobj *chandle;
+ int ret;
+
+ asserts = kzalloc(sizeof(*asserts), GFP_NOFS);
+ if (!asserts)
+ return -ENOMEM;
+
+ /* NOTE: not setting la_lfs, la_pi */
+ asserts->au_type = GSS3_LABEL;
+ gl = &asserts->u.au_label;
+
+ ret = security_current_sid_to_context((char **)&gl->la_label.data,
+ &gl->la_label.len);
+ if (ret)
+ goto out_free_asserts;
+
+ chandle = gss3_proc_create(cred, asserts, 1);
+ if (IS_ERR(chandle))
+ ret = PTR_ERR(chandle);
+
+out_free_asserts:
+ gss3_free_label(gl);
+ kfree(asserts);
+ return ret;
+}
+
/*
* Refresh credentials. XXX - finish
*/
--
1.8.3.1
From: Andy Adamson <[email protected]>
After assigning a new gss context to a credential,
call gss3_create_label which will kick off an RPCSED_GSS_CREATE for the
thread's label if selinux is enabled.
In gss_match(), check if the current threads SeLinux label (sid) has
a matching label assertion. If not, kick off an RPCSEC_GSS_CREATE for
the thread's label.
Choose to use a child or parent context handle in gss_marshal and in
gss3_reply_verifier.
Add the RPC_GSS_PROC_CREATE case for wrap and unwrap
Signed-off-by: Andy Adamson <[email protected]>
---
include/linux/sunrpc/svcauth_gss.h | 1 +
net/sunrpc/auth_gss/auth_gss.c | 74 +++++++++++++++++++++++++++++++++++---
net/sunrpc/auth_gss/svcauth_gss.c | 2 +-
3 files changed, 72 insertions(+), 5 deletions(-)
diff --git a/include/linux/sunrpc/svcauth_gss.h b/include/linux/sunrpc/svcauth_gss.h
index 726aff1..af45bff 100644
--- a/include/linux/sunrpc/svcauth_gss.h
+++ b/include/linux/sunrpc/svcauth_gss.h
@@ -22,6 +22,7 @@
void gss_svc_shutdown_net(struct net *net);
int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name);
u32 svcauth_gss_flavor(struct auth_domain *dom);
+int netobj_equal(struct xdr_netobj *a, struct xdr_netobj *b);
#endif /* __KERNEL__ */
#endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 46c0068..1014521 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -57,6 +57,9 @@
#include "../netns.h"
static int gss3_create_label(struct rpc_cred *cred);
+static struct gss3_assert *gss3_use_child_handle(struct rpc_cred *cred,
+ struct gss_cl_ctx *ctx);
+static struct gss3_assert *gss3_match_label(struct gss3_assert_list *in);
static const struct rpc_authops authgss_ops;
@@ -1480,6 +1483,9 @@ static void gss_pipe_free(struct gss_pipe *p)
{
struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base);
struct gss_cl_ctx *ctx;
+ struct gss3_assert *g3a;
+ rpc_authflavor_t flavor = rc->cr_auth->au_flavor;
+ bool use_labels = false;
int ret;
if (test_bit(RPCAUTH_CRED_NEW, &rc->cr_flags))
@@ -1491,6 +1497,7 @@ static void gss_pipe_free(struct gss_pipe *p)
rcu_read_unlock();
return 0;
}
+ use_labels = gss3_label_assertion_is_enabled(ctx->gc_v, flavor);
rcu_read_unlock();
if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
return 0;
@@ -1517,6 +1524,13 @@ static void gss_pipe_free(struct gss_pipe *p)
/* tell NFS layer that key will expire soon */
set_bit(RPC_CRED_KEY_EXPIRE_SOON, &acred->ac_flags);
}
+ if (ret && use_labels) {
+ ctx = gss_cred_get_ctx(rc);
+ g3a = gss3_match_label(&ctx->gc_alist);
+ if (!g3a)
+ gss3_create_label(rc);
+ gss_put_ctx(ctx);
+ }
return ret;
}
@@ -1537,6 +1551,7 @@ static void gss_pipe_free(struct gss_pipe *p)
struct xdr_netobj mic;
struct kvec iov;
struct xdr_buf verf_buf;
+ struct gss3_assert *g3a;
dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
@@ -1551,7 +1566,11 @@ static void gss_pipe_free(struct gss_pipe *p)
*p++ = htonl((u32)ctx->gc_proc);
*p++ = htonl((u32)req->rq_seqno);
*p++ = htonl((u32)gss_cred->gc_service);
- p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
+ g3a = gss3_use_child_handle(cred, ctx);
+ if (g3a)
+ p = xdr_encode_netobj(p, &g3a->gss3_handle);
+ else
+ p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
*cred_len = htonl((p - (cred_len + 1)) << 2);
/* We compute the checksum for the verifier over the xdr-encoded bytes
@@ -1653,6 +1672,46 @@ static void gss3_free_label(struct gss3_label *gl)
kfree(gl->la_label.data);
}
+static struct gss3_assert *
+gss3_match_label(struct gss3_assert_list *in)
+{
+ struct gss3_assert *found;
+ struct xdr_netobj label;
+ int ret;
+
+ /* grab the current threads subject label */
+ ret = security_current_sid_to_context((char **)&label.data, &label.len);
+ if (ret)
+ return NULL;
+ rcu_read_lock();
+ list_for_each_entry_rcu(found, &in->assert_list, gss3_list) {
+ struct gss3_label *gl;
+
+ if (found->gss3_assertion->au_type != GSS3_LABEL)
+ continue;
+ gl = &found->gss3_assertion->u.au_label;
+ if (netobj_equal(&gl->la_label, &label))
+ goto out;
+ }
+ found = NULL;
+out:
+ rcu_read_lock();
+ kfree(label.data);
+ return found;
+}
+
+static struct gss3_assert *
+gss3_use_child_handle(struct rpc_cred *cred, struct gss_cl_ctx *ctx)
+{
+ struct gss3_assert *g3a = NULL;
+ rpc_authflavor_t flavor = cred->cr_auth->au_flavor;
+
+ if (gss3_label_assertion_is_enabled(ctx->gc_v, flavor) &&
+ ctx->gc_proc == RPC_GSS_PROC_DATA)
+ g3a = gss3_match_label(&ctx->gc_alist);
+ return g3a;
+}
+
/**
* GSS3_createargs_maxsz and GSS3_createres_maxsz
* include no rgss3_assertion_u payload.
@@ -2036,6 +2095,7 @@ struct rpc_procinfo gss3_ops[] = {
{
struct gss_cred *g_cred = container_of(cred, struct gss_cred, gc_base);
void *gss3_buf = NULL;
+ struct gss3_assert *g3a;
__be32 *crlen, *ptr = NULL;
int len;
@@ -2062,7 +2122,11 @@ struct rpc_procinfo gss3_ops[] = {
*ptr++ = htonl(ctx->gc_proc);
*ptr++ = *seq;
*ptr++ = htonl(g_cred->gc_service);
- ptr = xdr_encode_netobj(ptr, &ctx->gc_wire_ctx);
+ g3a = gss3_use_child_handle(cred, ctx);
+ if (g3a)
+ ptr = xdr_encode_netobj(ptr, &g3a->gss3_handle);
+ else
+ ptr = xdr_encode_netobj(ptr, &ctx->gc_wire_ctx);
/* backfill cred length */
*crlen = htonl((ptr - (crlen + 1)) << 2);
@@ -2315,7 +2379,8 @@ static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
int status = -EIO;
dprintk("RPC: %5u %s\n", task->tk_pid, __func__);
- if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
+ if (!(ctx->gc_proc == RPC_GSS_PROC_DATA ||
+ ctx->gc_proc == RPC_GSS_PROC_CREATE)) {
/* The spec seems a little ambiguous here, but I think that not
* wrapping context destruction requests makes the most sense.
*/
@@ -2429,7 +2494,8 @@ static void gss_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp,
int savedlen = head->iov_len;
int status = -EIO;
- if (ctx->gc_proc != RPC_GSS_PROC_DATA)
+ if (!(ctx->gc_proc == RPC_GSS_PROC_DATA ||
+ ctx->gc_proc == RPC_GSS_PROC_CREATE))
goto out_decode;
switch (gss_cred->gc_service) {
case RPC_GSS_SVC_NONE:
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index a54a7a3..aa7cb3b 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -63,7 +63,7 @@
*
*/
-static int netobj_equal(struct xdr_netobj *a, struct xdr_netobj *b)
+int netobj_equal(struct xdr_netobj *a, struct xdr_netobj *b)
{
return a->len == b->len && 0 == memcmp(a->data, b->data, a->len);
}
--
1.8.3.1
From: Andy Adamson <[email protected]>
The new GSS Version 3 reply verifier is taken over the same data as
the call verifier, caveat REPLY direction
Verifier Data
xid tk_rqstp->rq_xid
direction REPLY (always a 1) RPC_REPLY
rpcvers RPC_VERSION
prog clnt->cl_prog
vers clnt->cl_vers
proc tk_msg.rpc_proc->p_proc
credential
flavor RPC_AUTH_GSS
length cred_len is in gss_marshal (new gv_crlen)
gss version ctx->gc_v
gss proc ctx->gv_proc
gss seq tk_rqstp->rq_seqno
gss svc gss_cred->gc_service
gss ctx len ctx->gc_wire_ctx
gss ctx data ctx->gc_wire_ctx
Signed-off-by: Andy Adamson <[email protected]>
---
net/sunrpc/auth_gss/auth_gss.c | 59 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 57 insertions(+), 2 deletions(-)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 3c7fa5d..28c5491 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -1629,6 +1629,53 @@ static int gss_cred_is_negative_entry(struct rpc_cred *cred)
return 0;
}
+/**
+ * gss3_reply_verifier: The new gssv3 verifier uses same data as call
+ * caveat REPLY direction - see rpc_encode_header
+ */
+static void *
+gss3_reply_verifier(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
+ struct rpc_task *task, __be32 *seq, struct kvec *iov)
+{
+ struct gss_cred *g_cred = container_of(cred, struct gss_cred, gc_base);
+ void *gss3_buf = NULL;
+ __be32 *crlen, *ptr = NULL;
+ int len;
+
+ /* freed in gss_validate */
+ len = (13 * 4) + ctx->gc_wire_ctx.len;
+ gss3_buf = kmalloc(len, GFP_NOFS);
+ if (!gss3_buf) {
+ gss3_buf = ERR_PTR(-EIO);
+ goto out;
+ }
+ ptr = (__be32 *)gss3_buf;
+
+ *ptr++ = htonl(task->tk_rqstp->rq_xid);
+ *ptr++ = htonl(RPC_REPLY);
+ *ptr++ = htonl(RPC_VERSION);
+ *ptr++ = htonl(task->tk_client->cl_prog);
+ *ptr++ = htonl(task->tk_client->cl_vers);
+ *ptr++ = htonl(task->tk_msg.rpc_proc->p_proc);
+ *ptr++ = htonl(RPC_AUTH_GSS);
+
+ /* credential */
+ crlen = ptr++;
+ *ptr++ = htonl(ctx->gc_v);
+ *ptr++ = htonl(ctx->gc_proc);
+ *ptr++ = *seq;
+ *ptr++ = htonl(g_cred->gc_service);
+ ptr = xdr_encode_netobj(ptr, &ctx->gc_wire_ctx);
+
+ /* backfill cred length */
+ *crlen = htonl((ptr - (crlen + 1)) << 2);
+
+ iov->iov_base = gss3_buf;
+ iov->iov_len = (ptr - (__be32 *)gss3_buf) << 2;
+out:
+ return gss3_buf;
+}
+
static __be32 *
gss_validate(struct rpc_task *task, __be32 *p)
{
@@ -1638,6 +1685,7 @@ static int gss_cred_is_negative_entry(struct rpc_cred *cred)
struct kvec iov;
struct xdr_buf verf_buf;
struct xdr_netobj mic;
+ void *g3_buf = NULL;
u32 flav,len;
u32 maj_stat;
__be32 *ret = ERR_PTR(-EIO);
@@ -1653,14 +1701,21 @@ static int gss_cred_is_negative_entry(struct rpc_cred *cred)
if (!seq)
goto out_bad;
*seq = htonl(task->tk_rqstp->rq_seqno);
- iov.iov_base = seq;
- iov.iov_len = 4;
+ if (ctx->gc_v == RPC_GSS_VERSION) {
+ iov.iov_base = seq;
+ iov.iov_len = 4;
+ } else if (ctx->gc_v == RPC_GSS3_VERSION) {
+ g3_buf = gss3_reply_verifier(cred, ctx, task, seq, &iov);
+ if (IS_ERR(g3_buf))
+ goto out_bad;
+ }
xdr_buf_from_iov(&iov, &verf_buf);
mic.data = (u8 *)p;
mic.len = len;
ret = ERR_PTR(-EACCES);
maj_stat = gss_verify_mic(ctx->gc_gss_ctx, &verf_buf, &mic);
+ kfree(g3_buf);
if (maj_stat == GSS_S_CONTEXT_EXPIRED)
clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags);
if (maj_stat) {
--
1.8.3.1
From: Andy Adamson <[email protected]>
Store the version used in the context INIT phase with the context.
Check the incoming rpcsec gss version against the stored context version.
Signed-off-by: Andy Adamson <[email protected]>
---
include/linux/sunrpc/gss_api.h | 1 +
net/sunrpc/auth_gss/svcauth_gss.c | 20 ++++++++++++++------
2 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h
index 4e02204..d4cff5a 100644
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -28,6 +28,7 @@ struct gss3_assert {
/* The mechanism-independent gss-api context: */
struct gss_ctx {
struct gss_api_mech *mech_type;
+ u32 gss_version;
void *internal_ctx_id;
};
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index aa7cb3b..f7aa8c4 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -976,8 +976,8 @@ struct gss_svc_data {
}
static inline int
-gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp,
- struct xdr_netobj *out_handle, int *major_status)
+gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp, u32 gssv,
+ struct xdr_netobj *out_handle, int *major_status)
{
struct rsc *rsci;
int rc;
@@ -989,6 +989,8 @@ struct gss_svc_data {
*major_status = GSS_S_NO_CONTEXT;
return gss_write_null_verf(rqstp);
}
+ /* set the RPCSEC_GSS version in the context */
+ rsci->mechctx->gss_version = gssv;
rc = gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN);
cache_put(&rsci->h, cd);
return rc;
@@ -1130,7 +1132,7 @@ static int svcauth_gss_legacy_init(struct svc_rqst *rqstp,
ret = SVC_CLOSE;
/* Got an answer to the upcall; use it: */
- if (gss_write_init_verf(sn->rsc_cache, rqstp,
+ if (gss_write_init_verf(sn->rsc_cache, rqstp, gc->gc_v,
&rsip->out_handle, &rsip->major_status))
goto out;
if (gss_write_resv(resv, PAGE_SIZE,
@@ -1259,7 +1261,7 @@ static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,
}
/* Got an answer to the upcall; use it: */
- if (gss_write_init_verf(sn->rsc_cache, rqstp,
+ if (gss_write_init_verf(sn->rsc_cache, rqstp, gc->gc_v,
&cli_handle, &ud.major_status))
goto out;
if (gss_write_resv(resv, PAGE_SIZE,
@@ -1435,14 +1437,15 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
rpcstart -= 7;
/* credential is:
- * version(==1), proc(0,1,2,3), seq, service (1,2,3), handle
+ * version(==1 or 3), proc(0,1,2,3), seq, service (1,2,3), handle
* at least 5 u32s, and is preceded by length, so that makes 6.
*/
if (argv->iov_len < 5 * 4)
goto auth_err;
crlen = svc_getnl(argv);
- if (svc_getnl(argv) != RPC_GSS_VERSION)
+ gc->gc_v = svc_getnl(argv);
+ if ((gc->gc_v != RPC_GSS_VERSION) && (gc->gc_v != RPC_GSS3_VERSION))
goto auth_err;
gc->gc_proc = svc_getnl(argv);
gc->gc_seq = svc_getnl(argv);
@@ -1470,6 +1473,11 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
rsci = gss_svc_searchbyctx(sn->rsc_cache, &gc->gc_ctx);
if (!rsci)
goto auth_err;
+ if (rsci->mechctx->gss_version != gc->gc_v) {
+ pr_warn("NFSD: RPCSEC_GSS version mismatch (%u:%u)\n",
+ rsci->mechctx->gss_version, gc->gc_v);
+ goto auth_err;
+ }
switch (gss_verify_header(rqstp, rsci, rpcstart, gc, authp)) {
case SVC_OK:
break;
--
1.8.3.1
From: Andy Adamson <[email protected]>
Note: may need to give nfsd selinux authority to change thread label.
Signed-off-by: Andy Adamson <[email protected]>
---
fs/nfsd/auth.c | 11 ++++++++++-
include/linux/sunrpc/svcauth.h | 1 +
net/sunrpc/auth_gss/svcauth_gss.c | 32 ++++++++++++++++++++++++++++++++
3 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 62469c6..0330fe9 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -1,6 +1,7 @@
/* Copyright (C) 1995, 1996 Olaf Kirch <[email protected]> */
#include <linux/sched.h>
+#include <linux/selinux.h>
#include "nfsd.h"
#include "auth.h"
@@ -22,7 +23,7 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
struct group_info *rqgi;
struct group_info *gi;
struct cred *new;
- int i;
+ int i, ret;
int flags = nfsexp_flags(rqstp, exp);
validate_process_creds();
@@ -77,6 +78,14 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
else
new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
new->cap_permitted);
+
+ if (selinux_is_enabled() && rqstp->rq_authop->set_label &&
+ (exp->ex_flags & NFSEXP_SECURITY_LABEL)) {
+ ret = rqstp->rq_authop->set_label(rqstp, new);
+ if (ret < 0)
+ /* Should nfsd fail this request? */
+ pr_warn("%s set_label FAILED ret %d\n", __func__, ret);
+ }
validate_process_creds();
put_cred(override_creds(new));
put_cred(new);
diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h
index d039320..eed6880 100644
--- a/include/linux/sunrpc/svcauth.h
+++ b/include/linux/sunrpc/svcauth.h
@@ -128,6 +128,7 @@ struct auth_ops {
int (*release)(struct svc_rqst *rq);
void (*domain_release)(struct auth_domain *);
int (*set_client)(struct svc_rqst *rq);
+ int (*set_label)(struct svc_rqst *rq, struct cred *new);
};
#define SVC_GARBAGE 1
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 1b6e47f..2a48aa0 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1072,6 +1072,37 @@ struct gss_svc_data {
return SVC_OK;
}
+/**
+ * the svcdata->rsci_ch pointer is the child context.
+ * assume one GSS3_LABEL per child context.
+ */
+static int
+svcauth_gss_set_label(struct svc_rqst *rqstp, struct cred *new)
+{
+ struct gss_svc_data *svcdata = rqstp->rq_auth_data;
+ struct rsc *rsci_ch = svcdata->rsci_ch;
+ struct gss3_svc_assert *g3a;
+ struct gss3_label *g3l;
+ int ret = -1;
+
+ if (!rsci_ch || !rsci_ch->assertions)
+ goto out;
+
+ g3a = rsci_ch->assertions;
+ if (g3a->sa_num != 1 || g3a->sa_assert.au_type != GSS3_LABEL)
+ goto out;
+
+ g3l = &g3a->sa_assert.u.au_label;
+ if (g3l->la_label.len == 0)
+ goto out;
+
+ /* Assume SeLinux - need to validate la_lfs and la_pi ? */
+ ret = set_security_override_from_ctx(new, (char *)g3l->la_label.data);
+
+out:
+ return ret;
+}
+
static inline int
gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp,
struct rpc_gss_wire_cred *gc,
@@ -2126,6 +2157,7 @@ static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
.release = svcauth_gss_release,
.domain_release = svcauth_gss_domain_release,
.set_client = svcauth_gss_set_client,
+ .set_label = svcauth_gss_set_label,
};
static int rsi_cache_create_net(struct net *net)
--
1.8.3.1
From: Andy Adamson <[email protected]>
Upon GSS context destruction, Free all associated GSS3 child assertions
Signed-off-by: Andy Adamson <[email protected]>
---
include/linux/sunrpc/gss_api.h | 1 +
net/sunrpc/auth_gss/auth_gss.c | 51 +++++++++++++++++++++++++++++++++++++++++-
2 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/include/linux/sunrpc/gss_api.h b/include/linux/sunrpc/gss_api.h
index 7e5da3a..4e02204 100644
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -19,6 +19,7 @@
struct gss3_assert {
struct list_head gss3_list; /* per context list of assertions */
+ struct rcu_head gss3_rcu;
struct xdr_netobj gss3_handle; /* child handle */
u32 gss3_num; /* always one for now */
struct gss3_assertion_u *gss3_assertion;
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 1014521..0df1938 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -60,6 +60,7 @@
static struct gss3_assert *gss3_use_child_handle(struct rpc_cred *cred,
struct gss_cl_ctx *ctx);
static struct gss3_assert *gss3_match_label(struct gss3_assert_list *in);
+static void gss3_free_assertions(struct gss3_assert_list *in);
static const struct rpc_authops authgss_ops;
@@ -130,8 +131,10 @@ struct gss_auth {
static inline void
gss_put_ctx(struct gss_cl_ctx *ctx)
{
- if (atomic_dec_and_test(&ctx->count))
+ if (atomic_dec_and_test(&ctx->count)) {
+ gss3_free_assertions(&ctx->gc_alist);
gss_free_ctx(ctx);
+ }
}
/* gss3_label_enabled:
@@ -1672,6 +1675,52 @@ static void gss3_free_label(struct gss3_label *gl)
kfree(gl->la_label.data);
}
+static void
+gss3_free_assertion(struct gss3_assert *freeme)
+{
+ /* allocated in gss3_dec_create */
+ kfree(freeme->gss3_handle.data);
+
+ /* gss3_num is always one for now */
+ switch (freeme->gss3_assertion->au_type) {
+ case GSS3_LABEL:
+ gss3_free_label(&freeme->gss3_assertion->u.au_label);
+ break;
+ case GSS3_PRIVS:
+ default:
+ pr_warn("RPC %s Can't free unsupported au_type %d\n",
+ __func__, freeme->gss3_assertion->au_type);
+ return;
+ }
+ kfree(freeme);
+}
+
+static void
+gss3_free_assert_callback(struct rcu_head *head)
+{
+ struct gss3_assert *g3a = container_of(head, struct gss3_assert,
+ gss3_rcu);
+ gss3_free_assertion(g3a);
+}
+
+static void
+gss3_free_assert(struct gss3_assert *ap)
+{
+ call_rcu(&ap->gss3_rcu, gss3_free_assert_callback);
+}
+
+static void gss3_free_assertions(struct gss3_assert_list *in)
+{
+ struct gss3_assert *found;
+
+ list_for_each_entry_rcu(found, &in->assert_list, gss3_list) {
+ spin_lock(&in->assert_lock);
+ list_del_rcu(&found->gss3_list);
+ spin_unlock(&in->assert_lock);
+ gss3_free_assert(found);
+ }
+}
+
static struct gss3_assert *
gss3_match_label(struct gss3_assert_list *in)
{
--
1.8.3.1
From: Andy Adamson <[email protected]>
Keep a parent list of associated child rsc cache entries used upon parent
destruction to lookup and reap child rsc cache entries
Signed-off-by: Andy Adamson <[email protected]>
---
net/sunrpc/auth_gss/svcauth_gss.c | 182 +++++++++++++++++++++++++++++++++++---
1 file changed, 172 insertions(+), 10 deletions(-)
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 2a48aa0..1d61345 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -348,7 +348,12 @@ struct gss_svc_seq_data {
* the parent.
* 2) assertions: set on a child rsc cache entry to hold the
* RPCSEC_GSS_CREATE data to assert.
- *
+ * 3) net: set on the parent rsc cache entry and is required for the
+ * lookup associated child rsc cache entries upon parent destruction.
+ * 4) ch_lock: used by the parent; protects the children list
+ * 5) children: used by the parent rsc cache entry to hold a list of
+ * associated child rsc cache entries and used upon parent destruction
+ * to lookup child rsc cache entries so as to destroy the children.
*/
struct rsc {
struct cache_head h;
@@ -358,11 +363,20 @@ struct rsc {
struct gss_svc_seq_data seqdata;
struct gss_ctx *mechctx;
struct gss3_svc_assert *assertions;
+ struct net *net;
+ spinlock_t ch_lock; /* for children */
+ struct list_head children;
+};
+
+struct rsc_child_entry {
+ struct list_head ce_list;
+ struct xdr_netobj ce_chandle;
};
static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct rsc *old);
static struct rsc *rsc_lookup(struct cache_detail *cd, struct rsc *item);
static void gss3_free_svc_assert(struct gss3_svc_assert *g3a);
+static void gss3_free_rsc_children(struct rsc *rsci);
static void rsc_free(struct rsc *rsci)
{
@@ -373,6 +387,8 @@ static void rsc_free(struct rsc *rsci)
free_svc_cred(&rsci->cred);
if (rsci->assertions)
gss3_free_svc_assert(rsci->assertions);
+ if (!list_empty(&rsci->children))
+ gss3_free_rsc_children(rsci);
}
static void rsc_put(struct kref *ref)
@@ -399,6 +415,14 @@ static void rsc_put(struct kref *ref)
}
static void
+init_rsc(struct rsc *rsci)
+{
+ memset(rsci, 0, sizeof(struct rsc));
+ spin_lock_init(&rsci->ch_lock);
+ INIT_LIST_HEAD(&rsci->children);
+}
+
+static void
rsc_init(struct cache_head *cnew, struct cache_head *ctmp)
{
struct rsc *new = container_of(cnew, struct rsc, h);
@@ -417,6 +441,9 @@ static void rsc_put(struct kref *ref)
new->mechctx = NULL;
init_svc_cred(&new->cred);
new->assertions = NULL;
+ new->net = NULL;
+ spin_lock_init(&new->ch_lock);
+ INIT_LIST_HEAD(&new->children);
}
static void
@@ -437,6 +464,16 @@ static void rsc_put(struct kref *ref)
new->assertions = tmp->assertions;
tmp->assertions = NULL;
init_svc_cred(&tmp->cred);
+ new->net = tmp->net;
+ tmp->net = NULL;
+ spin_lock_init(&new->ch_lock);
+ INIT_LIST_HEAD(&new->children);
+ spin_lock(&tmp->ch_lock);
+ if (!list_empty(&tmp->children)) {
+ list_move(&tmp->children, &new->children);
+ INIT_LIST_HEAD(&tmp->children);
+ }
+ spin_unlock(&tmp->ch_lock);
}
static struct cache_head *
@@ -461,7 +498,7 @@ static int rsc_parse(struct cache_detail *cd,
int status = -EINVAL;
struct gss_api_mech *gm = NULL;
- memset(&rsci, 0, sizeof(rsci));
+ init_rsc(&rsci);
/* context handle */
len = qword_get(&mesg, buf, mlen);
if (len < 0) goto out;
@@ -613,7 +650,7 @@ static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct r
struct rsc rsci;
struct rsc *found;
- memset(&rsci, 0, sizeof(rsci));
+ init_rsc(&rsci);
if (dup_to_netobj(&rsci.handle, handle->data, handle->len))
return NULL;
found = rsc_lookup(cd, &rsci);
@@ -1285,7 +1322,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
time_t expiry;
int status = -EINVAL;
- memset(&rsci, 0, sizeof(rsci));
+ init_rsc(&rsci);
/* context handle */
status = -ENOMEM;
/* the handle needs to be just a unique id,
@@ -1544,6 +1581,101 @@ static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
kfree(g3a);
}
+static void
+gss3_free_child(struct rsc_child_entry *cep, struct sunrpc_net *sn)
+{
+ struct rsc *child;
+
+ child = gss_svc_searchbyctx(sn->rsc_cache, &cep->ce_chandle);
+ if (!child) {
+ pr_warn("RPC %s child in children list not found\n",
+ __func__);
+ goto out_free;
+ }
+ /* balance gss_svc_searchbyctx cache_get */
+ cache_put(&child->h, sn->rsc_cache);
+ /* reap the child */
+ sunrpc_cache_unhash(sn->rsc_cache, &child->h);
+out_free:
+ kfree(cep);
+}
+
+static void gss3_free_rsc_children(struct rsc *parent_rsc)
+{
+ struct rsc_child_entry *cep, *tmp;
+ LIST_HEAD(free);
+ struct sunrpc_net *sn = net_generic(parent_rsc->net, sunrpc_net_id);
+
+ spin_lock(&parent_rsc->ch_lock);
+ list_for_each_entry_safe(cep, tmp, &parent_rsc->children, ce_list) {
+ list_move(&cep->ce_list, &free);
+ /* balance cache_get in gss3_add_child_rsc */
+ cache_put(&parent_rsc->h, sn->rsc_cache);
+ }
+ spin_unlock(&parent_rsc->ch_lock);
+
+ list_for_each_entry_safe(cep, tmp, &free, ce_list) {
+ list_del(&cep->ce_list);
+ gss3_free_child(cep, sn);
+ }
+}
+
+static void
+gss3_free_child_entry(struct rsc *p_rsci, struct xdr_netobj *chandle)
+{
+ struct sunrpc_net *sn = net_generic(p_rsci->net, sunrpc_net_id);
+ struct rsc_child_entry *cep, *tmp;
+
+ spin_lock(&p_rsci->ch_lock);
+ list_for_each_entry_safe(cep, tmp, &p_rsci->children, ce_list) {
+ if (netobj_equal(chandle, &cep->ce_chandle)) {
+ list_del(&cep->ce_list);
+ spin_unlock(&p_rsci->ch_lock);
+ /* balance cache_get in gss3_add_child_rsc */
+ cache_put(&p_rsci->h, sn->rsc_cache);
+ kfree(cep);
+ return;
+ }
+ }
+ spin_unlock(&p_rsci->ch_lock);
+}
+
+/**
+ * After a gss3 child rsc is created, add it's context handle to the
+ * children list of the parent rsc.
+ * Required: gss_svc_searchbyctx has already been called on parent_rsc.
+ */
+static int
+gss3_add_child_rsc(struct cache_detail *cd, struct rsc *parent_rsc,
+ struct xdr_netobj *chandle)
+{
+ struct rsc_child_entry *cep;
+ int status = -ENOMEM;
+
+ cep = kmalloc(sizeof(*cep), GFP_KERNEL);
+ if (!cep)
+ goto out;
+
+ /* child handle */
+ if (dup_netobj(&cep->ce_chandle, chandle))
+ goto out_free;
+
+ parent_rsc->net = cd->net;
+ INIT_LIST_HEAD(&cep->ce_list);
+ spin_lock(&parent_rsc->ch_lock);
+ list_add(&cep->ce_list, &parent_rsc->children);
+ spin_unlock(&parent_rsc->ch_lock);
+ /* balanced by cache_put in free children routines */
+ cache_get(&parent_rsc->h);
+
+ status = 0;
+out:
+ return status;
+out_free:
+ kfree(cep);
+ goto out;
+}
+
/**
* gss3_save_child_rsc()
* Create a child handle, set the parent handle, assertions, and add to
@@ -1565,8 +1697,7 @@ static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
long dummy;
long long ctxh;
- memset(&child, 0, sizeof(child));
-
+ init_rsc(&child);
/* context handle */
ctxh = atomic64_inc_return(&ctxhctr);
@@ -1673,8 +1804,10 @@ static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
struct sunrpc_net *sn)
{
struct kvec *resv = &rqstp->rq_res.head[0];
+ struct gss_svc_data *svcdata = rqstp->rq_auth_data;
struct gss3_svc_assert *g3a;
struct gss3_label *glp;
+ struct rsc *p_rsci = svcdata->rsci;
u64 c_handle;
struct xdr_netobj child_handle;
int enc_len, assert_len, ret = 0;
@@ -1689,6 +1822,22 @@ static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
child_handle.data = (u8 *)&c_handle;
child_handle.len = sizeof(c_handle);
+ ret = gss3_add_child_rsc(sn->rsc_cache, p_rsci, &child_handle);
+ if (ret < 0) {
+ struct rsc *child;
+
+ pr_warn("%s failed to add child rsc to parent\n", __func__);
+ /* delete child */
+ child = gss_svc_searchbyctx(sn->rsc_cache, &child_handle);
+ if (child) {
+ /* balance gss_svc_searchbyctx cache_get */
+ cache_put(&child->h, sn->rsc_cache);
+ /* reap the child */
+ sunrpc_cache_unhash(sn->rsc_cache, &child->h);
+ }
+ goto auth_err;
+ }
+
/* calculate the assert length. Support one assert per request */
switch (g3a->sa_assert.au_type) {
case GSS3_LABEL:
@@ -1762,8 +1911,7 @@ static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
dprintk("RPC: svcauth_gss: argv->iov_len = %zd\n",
argv->iov_len);
- *authp = rpc_autherr_badcred;
- if (!svcdata)
+ *authp = rpc_autherr_badcred; if (!svcdata)
svcdata = kmalloc(sizeof(*svcdata), GFP_KERNEL);
if (!svcdata)
goto auth_err;
@@ -1823,6 +1971,7 @@ static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
if (rsci->parent_handle.len != 0) { /* GSSv3 child handle */
rsci_ch = rsci;
+ /* take reference on child rsc entry */
rsci = gss_svc_searchbyctx(sn->rsc_cache,
&rsci_ch->parent_handle);
if (!rsci) {
@@ -1854,6 +2003,15 @@ static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
case RPC_GSS_PROC_DESTROY:
if (gss_write_verf(rqstp, rsci->mechctx, gc, gc->gc_seq))
goto auth_err;
+
+ /* Destroying child, remove from parent list */
+ if (rsci_ch)
+ gss3_free_child_entry(rsci, &rsci_ch->handle);
+
+ /* Destroying parent. Remove all children from list */
+ else if (!list_empty(&rsci->children))
+ gss3_free_rsc_children(rsci);
+
/* Delete the entry from the cache_list and call cache_put */
sunrpc_cache_unhash(sn->rsc_cache, &rsci->h);
if (resv->iov_len + 4 > PAGE_SIZE)
@@ -1934,10 +2092,14 @@ static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
drop:
ret = SVC_CLOSE;
out:
+ if (rsci_ch) {
+ if (rsci)
+ cache_put(&rsci_ch->h, sn->rsc_cache);
+ else
+ WARN_ON_ONCE(!rsci);
+ }
if (rsci)
cache_put(&rsci->h, sn->rsc_cache);
- if (rsci_ch)
- cache_put(&rsci_ch->h, sn->rsc_cache);
return ret;
}
--
1.8.3.1
From: Andy Adamson <[email protected]>
GSSv3 uses the same rsc fields as GSSv1 to hold GSS context information.
For GSSv3 these 'normal' rsc cache entries are termed parent rsc cache
entries.
A successful RPCSEC_GSS_CREATE call results in a child rsc cache entry,
which piggy-backs off a parent rsc cache entry, using the parent negotiated
crypto for MIC and PRIV calculations.
A child rsc cache entry does not use the cred, seqdata, nor mechctx fields.
New fields for RPCSEC_GSS_CREATE
1) parent_handle: set on a child rsc cache entry to enable the lookup of
the parent.
2) assertions: set on a child rsc cache entry to hold the
RPCSEC_GSS_CREATE data to assert.
Use a common "act upon the command' switch case for RPC_GSS_PROC_DATA and
RPC_GSS_PROC_CREATE to enable wrap and unwrap.
Signed-off-by: Andy Adamson <[email protected]>
---
include/linux/sunrpc/auth_gss.h | 5 +
net/sunrpc/auth_gss/svcauth_gss.c | 312 +++++++++++++++++++++++++++++++++++++-
2 files changed, 311 insertions(+), 6 deletions(-)
diff --git a/include/linux/sunrpc/auth_gss.h b/include/linux/sunrpc/auth_gss.h
index c333448..8ac79c7 100644
--- a/include/linux/sunrpc/auth_gss.h
+++ b/include/linux/sunrpc/auth_gss.h
@@ -136,6 +136,11 @@ struct gss3_assertion_u {
} u;
};
+struct gss3_svc_assert {
+ u32 sa_num;
+ struct gss3_assertion_u sa_assert;
+};
+
struct gss3_create_args {
struct gss3_mp_auth *ca_mp_auth;
struct gss3_chan_binding *ca_chan_bind;
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 22176e5..1b6e47f 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -55,6 +55,9 @@
# define RPCDBG_FACILITY RPCDBG_AUTH
#endif
+/* Global counter for context handles */
+static atomic64_t ctxhctr;
+
/* The rpcsec_init cache is used for mapping RPCSEC_GSS_{,CONT_}INIT requests
* into replies.
*
@@ -324,23 +327,52 @@ struct gss_svc_seq_data {
spinlock_t sd_lock;
};
+/**
+ * struct rsc:
+ *
+ * GSSv3 uses the same rsc fields as GSSv1 to hold GSS context information.
+ * For GSSv3 these 'normal' rsc cache entries are termed parent rsc cache
+ * entries.
+ *
+ * A successful RPCSEC_GSS_CREATE call results in a child rsc cache entry,
+ * which piggy-backs off a parent rsc cache entry, using the parent negotiated
+ * crypto for MIC and PRIV calculations.
+ *
+ * A child rsc cache entry does not use the cred, seqdata, nor mechctx fields.
+ *
+ * NOTE: always hold a reference (cache_get) to the parent rsc when using the
+ * child rsc cache entry.
+ *
+ * New fields for RPCSEC_GSS_CREATE
+ * 1) parent_handle: set on a child rsc cache entry to enable the lookup of
+ * the parent.
+ * 2) assertions: set on a child rsc cache entry to hold the
+ * RPCSEC_GSS_CREATE data to assert.
+ *
+ */
struct rsc {
struct cache_head h;
struct xdr_netobj handle;
+ struct xdr_netobj parent_handle;
struct svc_cred cred;
struct gss_svc_seq_data seqdata;
struct gss_ctx *mechctx;
+ struct gss3_svc_assert *assertions;
};
static struct rsc *rsc_update(struct cache_detail *cd, struct rsc *new, struct rsc *old);
static struct rsc *rsc_lookup(struct cache_detail *cd, struct rsc *item);
+static void gss3_free_svc_assert(struct gss3_svc_assert *g3a);
static void rsc_free(struct rsc *rsci)
{
kfree(rsci->handle.data);
+ kfree(rsci->parent_handle.data);
if (rsci->mechctx)
gss_delete_sec_context(&rsci->mechctx);
free_svc_cred(&rsci->cred);
+ if (rsci->assertions)
+ gss3_free_svc_assert(rsci->assertions);
}
static void rsc_put(struct kref *ref)
@@ -376,8 +408,15 @@ static void rsc_put(struct kref *ref)
tmp->handle.len = 0;
new->handle.data = tmp->handle.data;
tmp->handle.data = NULL;
+
+ new->parent_handle.len = tmp->handle.len;
+ tmp->parent_handle.len = 0;
+ new->parent_handle.data = tmp->handle.data;
+ tmp->parent_handle.data = NULL;
+
new->mechctx = NULL;
init_svc_cred(&new->cred);
+ new->assertions = NULL;
}
static void
@@ -388,9 +427,15 @@ static void rsc_put(struct kref *ref)
new->mechctx = tmp->mechctx;
tmp->mechctx = NULL;
+ new->parent_handle.len = tmp->parent_handle.len;
+ new->parent_handle.data = tmp->parent_handle.data;
+ tmp->parent_handle.len = 0;
+ tmp->parent_handle.data = NULL;
memset(&new->seqdata, 0, sizeof(new->seqdata));
spin_lock_init(&new->seqdata.sd_lock);
new->cred = tmp->cred;
+ new->assertions = tmp->assertions;
+ tmp->assertions = NULL;
init_svc_cred(&tmp->cred);
}
@@ -998,6 +1043,7 @@ struct gss_svc_data {
* for use in encryption/checksumming in svcauth_gss_release: */
__be32 *verf_start;
struct rsc *rsci;
+ struct rsc *rsci_ch; /* gss3 child handle */
};
static int
@@ -1203,7 +1249,6 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
uint64_t *handle)
{
struct rsc rsci, *rscp = NULL;
- static atomic64_t ctxhctr;
long long ctxh;
struct gss_api_mech *gm = NULL;
time_t expiry;
@@ -1447,13 +1492,228 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
#endif /* CONFIG_PROC_FS */
+/**
+ * for now, support a single au_label per RPCSEC_GSS_CREATE
+ * no checks here, as the checks are in gss3_save_child
+ */
+static void gss3_free_svc_assert(struct gss3_svc_assert *g3a)
+{
+ struct gss3_label *glp = &g3a->sa_assert.u.au_label;
+
+ switch (g3a->sa_assert.au_type) {
+ case GSS3_LABEL:
+ kfree(glp->la_label.data);
+ break;
+ case GSS3_PRIVS:
+ default:
+ pr_warn("RPC %s au_type %d not supported\n",
+ __func__, g3a->sa_assert.au_type);
+ }
+
+ kfree(g3a);
+}
+
+/**
+ * gss3_save_child_rsc()
+ * Create a child handle, set the parent handle, assertions, and add to
+ * the rsc cache.
+ *
+ * @handle - output child handle data
+ */
+static struct gss3_svc_assert *
+gss3_save_child_rsc(struct svc_rqst *rqstp, struct cache_detail *cd,
+ uint64_t *handle)
+{
+ struct kvec *argv = &rqstp->rq_arg.head[0];
+ struct gss_svc_data *svcdata = rqstp->rq_auth_data;
+ struct rsc *p_rsci = svcdata->rsci;
+ struct gss3_svc_assert *g3a, *ret = NULL;
+ struct gss3_label *glp;
+ struct rsc child, *rscp = NULL;
+ unsigned int len;
+ long dummy;
+ long long ctxh;
+
+ memset(&child, 0, sizeof(child));
+
+ /* context handle */
+ ctxh = atomic64_inc_return(&ctxhctr);
+
+ /* make a copy for the caller */
+ *handle = ctxh;
+
+ /* make a copy for the rsc cache */
+ if (dup_to_netobj(&child.handle, (char *)handle, sizeof(uint64_t)))
+ goto out;
+
+ rscp = rsc_lookup(cd, &child);
+ if (!rscp)
+ goto out;
+
+ if (dup_netobj(&child.parent_handle, &p_rsci->handle))
+ goto out;
+ child.h.expiry_time = p_rsci->h.expiry_time;
+
+ /* ca_mp_auth */
+ dummy = svc_getnl(argv);
+ if (dummy != 0)
+ goto out;
+
+ /* ca_chan_bind */
+ dummy = svc_getnl(argv);
+ if (dummy != 0)
+ goto out;
+
+ g3a = kmalloc(sizeof(*g3a), GFP_KERNEL);
+ if (!g3a)
+ goto out;
+
+ /* for now support one assertion per RPCSEC_GSS_CREATE */
+ g3a->sa_num = svc_getnl(argv);
+ if (g3a->sa_num != 1) {
+ pr_warn("RPC Number gss3 assertions %d not 1\n",
+ g3a->sa_num);
+ goto out_err;
+ }
+
+ g3a->sa_assert.au_type = svc_getnl(argv);
+ switch (g3a->sa_assert.au_type) {
+ case GSS3_LABEL:
+ glp = &g3a->sa_assert.u.au_label;
+
+ /* XXX need to verify? */
+ glp->la_lfs = svc_getnl(argv);
+ glp->la_pi = svc_getnl(argv);
+
+ /**
+ * don't use svc_safe_getnetobj as this object needs to live
+ * in the rsc cache past the nfsd thread request processing.
+ */
+ glp->la_label.len = svc_getnl(argv);
+ len = round_up_to_quad(glp->la_label.len);
+ if (argv->iov_len < len)
+ goto out_err;
+
+ if (dup_to_netobj(&glp->la_label, (char *)argv->iov_base,
+ glp->la_label.len))
+ goto out_err;
+ argv->iov_base += len;
+ argv->iov_len -= len;
+ break;
+ case GSS3_PRIVS:
+ default:
+ pr_warn("RPC %s au_type %d not supported\n",
+ __func__, g3a->sa_assert.au_type);
+ goto out;
+ }
+
+ child.assertions = g3a;
+ rscp = rsc_update(cd, &child, rscp);
+
+out:
+ rsc_free(&child);
+ if (rscp) {
+ ret = rscp->assertions;
+ cache_put(&rscp->h, cd);
+ }
+ return ret;
+out_err:
+ kfree(g3a);
+ goto out;
+}
+
+/**
+ * gss3_handle_create_req.
+ *
+ * Create a child rsc record
+ *
+ * Encode the RPCSEC_GSS_CREATE reply as follows:
+ * 4 RPC_SUCCESS
+ * 4 gss3_handle len
+ * 4 rcr_mp_auth
+ * 4 rcr_chan_bind_mic
+ * 4 gss3_num
+ * 4 au_type
+ *
+ * total encode length: 24 + gss_handlelen + au_type assert len
+ */
+static int
+gss3_handle_create_req(struct svc_rqst *rqstp, struct rpc_gss_wire_cred *gc,
+ struct sunrpc_net *sn)
+{
+ struct kvec *resv = &rqstp->rq_res.head[0];
+ struct gss3_svc_assert *g3a;
+ struct gss3_label *glp;
+ u64 c_handle;
+ struct xdr_netobj child_handle;
+ int enc_len, assert_len, ret = 0;
+
+ g3a = gss3_save_child_rsc(rqstp, sn->rsc_cache, &c_handle);
+ if (!g3a)
+ goto auth_err;
+
+ glp = &g3a->sa_assert.u.au_label;
+
+ /* set child handle for encoding */
+ child_handle.data = (u8 *)&c_handle;
+ child_handle.len = sizeof(c_handle);
+
+ /* calculate the assert length. Support one assert per request */
+ switch (g3a->sa_assert.au_type) {
+ case GSS3_LABEL:
+ /* 4 la_lfs, 4 la_pi, 4 la_label len */
+ assert_len = 12 + glp->la_label.len;
+ break;
+ case GSS3_PRIVS:
+ default:
+ pr_warn("RPC Unsupported GSS3 assertion %d\n",
+ g3a->sa_assert.au_type);
+ goto drop;
+ }
+ enc_len = 24 + child_handle.len + assert_len;
+ if (resv->iov_len + enc_len > PAGE_SIZE)
+ goto drop;
+
+ svc_putnl(resv, RPC_SUCCESS);
+
+ /* Encode the RPCSEC_GSS_CREATE payload */
+
+ if (svc_safe_putnetobj(resv, &child_handle))
+ goto auth_err;
+ svc_putnl(resv, 0); /* NULL rcr_mp_auth */
+ svc_putnl(resv, 0); /* NULL rcr_chan_bind_mic */
+ svc_putnl(resv, g3a->sa_num); /* the # of assertions (<>) */
+ svc_putnl(resv, g3a->sa_assert.au_type);
+
+ /* sa_num checked to be = 1 in gss3_save_child_rsc */
+ switch (g3a->sa_assert.au_type) {
+ case GSS3_LABEL:
+ svc_putnl(resv, glp->la_lfs);
+ svc_putnl(resv, glp->la_pi);
+ if (svc_safe_putnetobj(resv, &glp->la_label))
+ goto auth_err;
+ break;
+ /* already checked GSS3_PRIVS and default cases above */
+ }
+out:
+ return ret;
+auth_err:
+ ret = SVC_DENIED;
+ goto out;
+drop:
+ ret = SVC_DROP;
+ goto out;
+}
+
/*
* Accept an rpcsec packet.
* If context establishment, punt to user space
* If data exchange, verify/decrypt
* If context destruction, handle here
+ * If gssv3 RPCSEC_GSS_CREATE handle here
* In the context establishment and destruction case we encode
* response here and return SVC_COMPLETE.
+ * XXXX should punt to user space for RPCSEC_GSS_CREATE payloads.
*/
static int
svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
@@ -1462,7 +1722,7 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
struct kvec *resv = &rqstp->rq_res.head[0];
struct gss_svc_data *svcdata = rqstp->rq_auth_data;
struct rpc_gss_wire_cred *gc;
- struct rsc *rsci = NULL;
+ struct rsc *rsci = NULL, *rsci_ch = NULL;
__be32 *rpcstart;
__be32 *reject_stat = resv->iov_base + resv->iov_len;
int ret;
@@ -1479,6 +1739,7 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
rqstp->rq_auth_data = svcdata;
svcdata->verf_start = NULL;
svcdata->rsci = NULL;
+ svcdata->rsci_ch = NULL;
gc = &svcdata->clcred;
/* start of rpc packet is 7 u32's back from here:
@@ -1519,11 +1780,25 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
return svcauth_gss_legacy_init(rqstp, gc, authp);
case RPC_GSS_PROC_DATA:
case RPC_GSS_PROC_DESTROY:
+ case RPC_GSS_PROC_CREATE:
/* Look up the context, and check the verifier: */
*authp = rpcsec_gsserr_credproblem;
+
rsci = gss_svc_searchbyctx(sn->rsc_cache, &gc->gc_ctx);
- if (!rsci)
+ if (!rsci) {
+ pr_warn("RPC gc_ctx handle not found\n");
goto auth_err;
+ }
+ if (rsci->parent_handle.len != 0) { /* GSSv3 child handle */
+
+ rsci_ch = rsci;
+ rsci = gss_svc_searchbyctx(sn->rsc_cache,
+ &rsci_ch->parent_handle);
+ if (!rsci) {
+ pr_warn("RPC parent handle not found\n");
+ goto auth_err;
+ }
+ }
if (rsci->mechctx->gss_version != gc->gc_v) {
pr_warn("NFSD: RPCSEC_GSS version mismatch (%u:%u)\n",
rsci->mechctx->gss_version, gc->gc_v);
@@ -1555,6 +1830,7 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
svc_putnl(resv, RPC_SUCCESS);
goto complete;
case RPC_GSS_PROC_DATA:
+ case RPC_GSS_PROC_CREATE:
*authp = rpcsec_gsserr_ctxproblem;
svcdata->verf_start = resv->iov_base + resv->iov_len;
if (gss_write_verf(rqstp, rsci->mechctx, gc, gc->gc_seq))
@@ -1588,12 +1864,30 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
}
svcdata->rsci = rsci;
cache_get(&rsci->h);
+ if (rsci_ch) {
+ svcdata->rsci_ch = rsci_ch;
+ cache_get(&rsci_ch->h);
+ }
rqstp->rq_cred.cr_flavor = gss_svc_to_pseudoflavor(
rsci->mechctx->mech_type,
GSS_C_QOP_DEFAULT,
gc->gc_svc);
- ret = SVC_OK;
- goto out;
+ /* RPC_GSS_PROC_DATA */
+ if (gc->gc_proc == RPC_GSS_PROC_DATA) {
+ ret = SVC_OK;
+ goto out;
+ }
+
+ /* RPC_GSS_PROC_CREATE */
+ ret = gss3_handle_create_req(rqstp, gc, sn);
+ switch (ret) {
+ case 0:
+ goto out;
+ case SVC_DENIED:
+ goto auth_err;
+ case SVC_DROP:
+ goto drop;
+ }
}
garbage_args:
ret = SVC_GARBAGE;
@@ -1611,6 +1905,8 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
out:
if (rsci)
cache_put(&rsci->h, sn->rsc_cache);
+ if (rsci_ch)
+ cache_put(&rsci_ch->h, sn->rsc_cache);
return ret;
}
@@ -1762,7 +2058,8 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
int stat = -EINVAL;
struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id);
- if (gc->gc_proc != RPC_GSS_PROC_DATA)
+ if (!(gc->gc_proc == RPC_GSS_PROC_DATA ||
+ gc->gc_proc == RPC_GSS_PROC_CREATE))
goto out;
/* Release can be called twice, but we only wrap once. */
if (gsd->verf_start == NULL)
@@ -1804,7 +2101,10 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
rqstp->rq_cred.cr_group_info = NULL;
if (gsd->rsci)
cache_put(&gsd->rsci->h, sn->rsc_cache);
+ if (gsd->rsci_ch)
+ cache_put(&gsd->rsci_ch->h, sn->rsc_cache);
gsd->rsci = NULL;
+ gsd->rsci_ch = NULL;
return stat;
}
--
1.8.3.1
From: Andy Adamson <[email protected]>
Signed-off-by: Andy Adamson <[email protected]>
---
include/linux/sunrpc/auth_gss.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/linux/sunrpc/auth_gss.h b/include/linux/sunrpc/auth_gss.h
index 36eebc4..cf5e694 100644
--- a/include/linux/sunrpc/auth_gss.h
+++ b/include/linux/sunrpc/auth_gss.h
@@ -18,6 +18,7 @@
#include <linux/sunrpc/gss_api.h>
#define RPC_GSS_VERSION 1
+#define RPC_GSS3_VERSION 3
#define MAXSEQ 0x80000000 /* maximum legal sequence number, from rfc 2203 */
@@ -25,7 +26,10 @@ enum rpc_gss_proc {
RPC_GSS_PROC_DATA = 0,
RPC_GSS_PROC_INIT = 1,
RPC_GSS_PROC_CONTINUE_INIT = 2,
- RPC_GSS_PROC_DESTROY = 3
+ RPC_GSS_PROC_DESTROY = 3,
+ RPC_GSS_PROC_BIND_CHANNEL = 4, /* GSS2, not used */
+ RPC_GSS_PROC_CREATE = 5, /* GSS3 */
+ RPC_GSS_PROC_LIST = 6 /* GSS3 */
};
enum rpc_gss_svc {
--
1.8.3.1
From: Andy Adamson <[email protected]>
RPCSEC_GSS Version 3 label assertions require the client thread
sid in string context form, and so needs this interface
or one like it.
Signed-off-by: Andy Adamson <[email protected]>
---
include/linux/selinux.h | 7 +++++++
security/selinux/hooks.c | 10 ++++++++++
2 files changed, 17 insertions(+)
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 44f4596..e82a4ba 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -24,12 +24,19 @@
* selinux_is_enabled - is SELinux enabled?
*/
bool selinux_is_enabled(void);
+int security_current_sid_to_context(char **scontext, u32 *scontext_len);
#else
static inline bool selinux_is_enabled(void)
{
return false;
}
+
+static inline int
+security_current_sid_to_context(char **scontext, u32 *scontext_len)
+{
+ return -EINVAL;
+}
#endif /* CONFIG_SECURITY_SELINUX */
#endif /* _LINUX_SELINUX_H */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 819fd68..ba6974b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6516,3 +6516,13 @@ int selinux_disable(void)
return 0;
}
#endif
+
+int security_current_sid_to_context(char **scontext, u32 *scontext_len)
+{
+ const struct task_security_struct *ts = current_security();
+
+ if (!selinux_enabled)
+ return -EINVAL;
+ return security_sid_to_context(ts->sid, scontext, scontext_len);
+}
+EXPORT_SYMBOL_GPL(security_current_sid_to_context);
--
1.8.3.1
From: Andy Adamson <[email protected]>
The new GSS Version 3 reply verifier is taken over the same data as
the call verifier, caveat REPLY direction
verifier data
rpc_header (6 u32s)
XID (put32) rqstp->rq_xid
type REPLY (putnl) always a 1.
rpcvers u32
prog (getnl) rqstp->rq_prog
vers (getnl) rqstp->rq_vers
proc (getnl) rqstp->rq_proc
credential (7 u32s plus data)
flavor (getnl) (new rq_flav)
length (getnl) (new gc_crlen)
gss version gc_v u32 (svcauth_gss_accept)
gss proceedure u32 gc_proc
gss seq num u32 gc_seq
gss service u32 gc_svc
gss context length u32 gc_ctx->len
gss context gc_ctx->data
size is 13 + gc_ctx->len.
Signed-off-by: Andy Adamson <[email protected]>
---
include/linux/sunrpc/auth_gss.h | 1 +
net/sunrpc/auth_gss/svcauth_gss.c | 77 ++++++++++++++++++++++++++++++++-------
2 files changed, 65 insertions(+), 13 deletions(-)
diff --git a/include/linux/sunrpc/auth_gss.h b/include/linux/sunrpc/auth_gss.h
index 16b4f20..c333448 100644
--- a/include/linux/sunrpc/auth_gss.h
+++ b/include/linux/sunrpc/auth_gss.h
@@ -40,6 +40,7 @@ enum rpc_gss_svc {
/* on-the-wire gss cred: */
struct rpc_gss_wire_cred {
+ u32 gc_crlen;
u32 gc_v; /* version */
u32 gc_proc; /* control procedure */
u32 gc_seq; /* sequence number */
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index f7aa8c4..22176e5 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -715,8 +715,50 @@ static inline u32 round_up_to_quad(u32 i)
return 0;
}
+/**
+ * The new GSS Version 3 reply verifier is taken over the same data as
+ * the call verifier, caveat REPLY direction
+ */
+static void *
+gss3_svc_reply_verifier(struct svc_rqst *rqstp, struct rpc_gss_wire_cred *gc,
+ struct kvec *iov, u32 seq)
+{
+ void *gss3_buf = NULL;
+ __be32 *ptr = NULL;
+ int len;
+
+ /* freed in gss_write_verf */
+ len = (13 * 4) + gc->gc_ctx.len;
+ gss3_buf = kmalloc(len, GFP_KERNEL);
+ if (!gss3_buf)
+ return NULL;
+
+ iov->iov_len = 0;
+ iov->iov_base = gss3_buf;
+ /* 12 __be32's plus iov_len = 13 */
+ svc_putnl(iov, rqstp->rq_xid);
+ svc_putnl(iov, RPC_REPLY);
+ svc_putnl(iov, 2);
+ svc_putnl(iov, rqstp->rq_prog);
+ svc_putnl(iov, rqstp->rq_vers);
+ svc_putnl(iov, rqstp->rq_proc);
+ svc_putnl(iov, RPC_AUTH_GSS);
+ svc_putnl(iov, gc->gc_crlen);
+ svc_putnl(iov, gc->gc_v);
+ svc_putnl(iov, gc->gc_proc);
+ svc_putnl(iov, seq);
+ svc_putnl(iov, gc->gc_svc);
+ ptr = iov->iov_base + iov->iov_len;
+
+ ptr = xdr_encode_netobj(ptr, &gc->gc_ctx);
+ iov->iov_len += sizeof(__be32); /* for ctx length */
+ iov->iov_len += gc->gc_ctx.len;
+ return gss3_buf;
+}
+
static int
-gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq)
+gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id,
+ struct rpc_gss_wire_cred *gc, u32 seq)
{
__be32 *xdr_seq;
u32 maj_stat;
@@ -724,6 +766,7 @@ static inline u32 round_up_to_quad(u32 i)
struct xdr_netobj mic;
__be32 *p;
struct kvec iov;
+ void *g3_buf = NULL;
int err = -1;
svc_putnl(rqstp->rq_res.head, RPC_AUTH_GSS);
@@ -732,12 +775,20 @@ static inline u32 round_up_to_quad(u32 i)
return -1;
*xdr_seq = htonl(seq);
- iov.iov_base = xdr_seq;
- iov.iov_len = 4;
+ if (gc->gc_v == 1) {
+ iov.iov_base = xdr_seq;
+ iov.iov_len = 4;
+ }
+ if (gc->gc_v == 3) {
+ g3_buf = gss3_svc_reply_verifier(rqstp, gc, &iov, seq);
+ if (!g3_buf)
+ return -1;
+ }
xdr_buf_from_iov(&iov, &verf_data);
p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;
mic.data = (u8 *)(p + 1);
maj_stat = gss_get_mic(ctx_id, &verf_data, &mic);
+ kfree(g3_buf);
if (maj_stat != GSS_S_COMPLETE)
goto out;
*p++ = htonl(mic.len);
@@ -976,7 +1027,8 @@ struct gss_svc_data {
}
static inline int
-gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp, u32 gssv,
+gss_write_init_verf(struct cache_detail *cd, struct svc_rqst *rqstp,
+ struct rpc_gss_wire_cred *gc,
struct xdr_netobj *out_handle, int *major_status)
{
struct rsc *rsci;
@@ -990,8 +1042,8 @@ struct gss_svc_data {
return gss_write_null_verf(rqstp);
}
/* set the RPCSEC_GSS version in the context */
- rsci->mechctx->gss_version = gssv;
- rc = gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN);
+ rsci->mechctx->gss_version = gc->gc_v;
+ rc = gss_write_verf(rqstp, rsci->mechctx, gc, GSS_SEQ_WIN);
cache_put(&rsci->h, cd);
return rc;
}
@@ -1132,7 +1184,7 @@ static int svcauth_gss_legacy_init(struct svc_rqst *rqstp,
ret = SVC_CLOSE;
/* Got an answer to the upcall; use it: */
- if (gss_write_init_verf(sn->rsc_cache, rqstp, gc->gc_v,
+ if (gss_write_init_verf(sn->rsc_cache, rqstp, gc,
&rsip->out_handle, &rsip->major_status))
goto out;
if (gss_write_resv(resv, PAGE_SIZE,
@@ -1261,7 +1313,7 @@ static int svcauth_gss_proxy_init(struct svc_rqst *rqstp,
}
/* Got an answer to the upcall; use it: */
- if (gss_write_init_verf(sn->rsc_cache, rqstp, gc->gc_v,
+ if (gss_write_init_verf(sn->rsc_cache, rqstp, gc,
&cli_handle, &ud.major_status))
goto out;
if (gss_write_resv(resv, PAGE_SIZE,
@@ -1408,7 +1460,6 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
{
struct kvec *argv = &rqstp->rq_arg.head[0];
struct kvec *resv = &rqstp->rq_res.head[0];
- u32 crlen;
struct gss_svc_data *svcdata = rqstp->rq_auth_data;
struct rpc_gss_wire_cred *gc;
struct rsc *rsci = NULL;
@@ -1443,7 +1494,7 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
if (argv->iov_len < 5 * 4)
goto auth_err;
- crlen = svc_getnl(argv);
+ gc->gc_crlen = svc_getnl(argv);
gc->gc_v = svc_getnl(argv);
if ((gc->gc_v != RPC_GSS_VERSION) && (gc->gc_v != RPC_GSS3_VERSION))
goto auth_err;
@@ -1452,7 +1503,7 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
gc->gc_svc = svc_getnl(argv);
if (svc_safe_getnetobj(argv, &gc->gc_ctx))
goto auth_err;
- if (crlen != round_up_to_quad(gc->gc_ctx.len) + 5 * 4)
+ if (gc->gc_crlen != round_up_to_quad(gc->gc_ctx.len) + 5 * 4)
goto auth_err;
if ((gc->gc_proc != RPC_GSS_PROC_DATA) && (rqstp->rq_proc != 0))
@@ -1495,7 +1546,7 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
/* now act upon the command: */
switch (gc->gc_proc) {
case RPC_GSS_PROC_DESTROY:
- if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
+ if (gss_write_verf(rqstp, rsci->mechctx, gc, gc->gc_seq))
goto auth_err;
/* Delete the entry from the cache_list and call cache_put */
sunrpc_cache_unhash(sn->rsc_cache, &rsci->h);
@@ -1506,7 +1557,7 @@ static void destroy_use_gss_proxy_proc_entry(struct net *net) {}
case RPC_GSS_PROC_DATA:
*authp = rpcsec_gsserr_ctxproblem;
svcdata->verf_start = resv->iov_base + resv->iov_len;
- if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq))
+ if (gss_write_verf(rqstp, rsci->mechctx, gc, gc->gc_seq))
goto auth_err;
rqstp->rq_cred = rsci->cred;
get_group_info(rsci->cred.cr_group_info);
--
1.8.3.1