1/*
2 *  linux/net/sunrpc/gss_mech_switch.c
3 *
4 *  Copyright (c) 2001 The Regents of the University of Michigan.
5 *  All rights reserved.
6 *
7 *  J. Bruce Fields   <bfields@umich.edu>
8 *
9 *  Redistribution and use in source and binary forms, with or without
10 *  modification, are permitted provided that the following conditions
11 *  are met:
12 *
13 *  1. Redistributions of source code must retain the above copyright
14 *     notice, this list of conditions and the following disclaimer.
15 *  2. Redistributions in binary form must reproduce the above copyright
16 *     notice, this list of conditions and the following disclaimer in the
17 *     documentation and/or other materials provided with the distribution.
18 *  3. Neither the name of the University nor the names of its
19 *     contributors may be used to endorse or promote products derived
20 *     from this software without specific prior written permission.
21 *
22 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
23 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25 *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
29 *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 */
35
36#include <linux/types.h>
37#include <linux/slab.h>
38#include <linux/module.h>
39#include <linux/oid_registry.h>
40#include <linux/sunrpc/msg_prot.h>
41#include <linux/sunrpc/gss_asn1.h>
42#include <linux/sunrpc/auth_gss.h>
43#include <linux/sunrpc/svcauth_gss.h>
44#include <linux/sunrpc/gss_err.h>
45#include <linux/sunrpc/sched.h>
46#include <linux/sunrpc/gss_api.h>
47#include <linux/sunrpc/clnt.h>
48
49#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
50# define RPCDBG_FACILITY        RPCDBG_AUTH
51#endif
52
53static LIST_HEAD(registered_mechs);
54static DEFINE_SPINLOCK(registered_mechs_lock);
55
56static void
57gss_mech_free(struct gss_api_mech *gm)
58{
59	struct pf_desc *pf;
60	int i;
61
62	for (i = 0; i < gm->gm_pf_num; i++) {
63		pf = &gm->gm_pfs[i];
64		kfree(pf->auth_domain_name);
65		pf->auth_domain_name = NULL;
66	}
67}
68
69static inline char *
70make_auth_domain_name(char *name)
71{
72	static char	*prefix = "gss/";
73	char		*new;
74
75	new = kmalloc(strlen(name) + strlen(prefix) + 1, GFP_KERNEL);
76	if (new) {
77		strcpy(new, prefix);
78		strcat(new, name);
79	}
80	return new;
81}
82
83static int
84gss_mech_svc_setup(struct gss_api_mech *gm)
85{
86	struct pf_desc *pf;
87	int i, status;
88
89	for (i = 0; i < gm->gm_pf_num; i++) {
90		pf = &gm->gm_pfs[i];
91		pf->auth_domain_name = make_auth_domain_name(pf->name);
92		status = -ENOMEM;
93		if (pf->auth_domain_name == NULL)
94			goto out;
95		status = svcauth_gss_register_pseudoflavor(pf->pseudoflavor,
96							pf->auth_domain_name);
97		if (status)
98			goto out;
99	}
100	return 0;
101out:
102	gss_mech_free(gm);
103	return status;
104}
105
106/**
107 * gss_mech_register - register a GSS mechanism
108 * @gm: GSS mechanism handle
109 *
110 * Returns zero if successful, or a negative errno.
111 */
112int gss_mech_register(struct gss_api_mech *gm)
113{
114	int status;
115
116	status = gss_mech_svc_setup(gm);
117	if (status)
118		return status;
119	spin_lock(&registered_mechs_lock);
120	list_add(&gm->gm_list, &registered_mechs);
121	spin_unlock(&registered_mechs_lock);
122	dprintk("RPC:       registered gss mechanism %s\n", gm->gm_name);
123	return 0;
124}
125EXPORT_SYMBOL_GPL(gss_mech_register);
126
127/**
128 * gss_mech_unregister - release a GSS mechanism
129 * @gm: GSS mechanism handle
130 *
131 */
132void gss_mech_unregister(struct gss_api_mech *gm)
133{
134	spin_lock(&registered_mechs_lock);
135	list_del(&gm->gm_list);
136	spin_unlock(&registered_mechs_lock);
137	dprintk("RPC:       unregistered gss mechanism %s\n", gm->gm_name);
138	gss_mech_free(gm);
139}
140EXPORT_SYMBOL_GPL(gss_mech_unregister);
141
142struct gss_api_mech *gss_mech_get(struct gss_api_mech *gm)
143{
144	__module_get(gm->gm_owner);
145	return gm;
146}
147EXPORT_SYMBOL(gss_mech_get);
148
149static struct gss_api_mech *
150_gss_mech_get_by_name(const char *name)
151{
152	struct gss_api_mech	*pos, *gm = NULL;
153
154	spin_lock(&registered_mechs_lock);
155	list_for_each_entry(pos, &registered_mechs, gm_list) {
156		if (0 == strcmp(name, pos->gm_name)) {
157			if (try_module_get(pos->gm_owner))
158				gm = pos;
159			break;
160		}
161	}
162	spin_unlock(&registered_mechs_lock);
163	return gm;
164
165}
166
167struct gss_api_mech * gss_mech_get_by_name(const char *name)
168{
169	struct gss_api_mech *gm = NULL;
170
171	gm = _gss_mech_get_by_name(name);
172	if (!gm) {
173		request_module("rpc-auth-gss-%s", name);
174		gm = _gss_mech_get_by_name(name);
175	}
176	return gm;
177}
178
179struct gss_api_mech *gss_mech_get_by_OID(struct rpcsec_gss_oid *obj)
180{
181	struct gss_api_mech	*pos, *gm = NULL;
182	char buf[32];
183
184	if (sprint_oid(obj->data, obj->len, buf, sizeof(buf)) < 0)
185		return NULL;
186	dprintk("RPC:       %s(%s)\n", __func__, buf);
187	request_module("rpc-auth-gss-%s", buf);
188
189	spin_lock(&registered_mechs_lock);
190	list_for_each_entry(pos, &registered_mechs, gm_list) {
191		if (obj->len == pos->gm_oid.len) {
192			if (0 == memcmp(obj->data, pos->gm_oid.data, obj->len)) {
193				if (try_module_get(pos->gm_owner))
194					gm = pos;
195				break;
196			}
197		}
198	}
199	spin_unlock(&registered_mechs_lock);
200	return gm;
201}
202
203static inline int
204mech_supports_pseudoflavor(struct gss_api_mech *gm, u32 pseudoflavor)
205{
206	int i;
207
208	for (i = 0; i < gm->gm_pf_num; i++) {
209		if (gm->gm_pfs[i].pseudoflavor == pseudoflavor)
210			return 1;
211	}
212	return 0;
213}
214
215static struct gss_api_mech *_gss_mech_get_by_pseudoflavor(u32 pseudoflavor)
216{
217	struct gss_api_mech *gm = NULL, *pos;
218
219	spin_lock(&registered_mechs_lock);
220	list_for_each_entry(pos, &registered_mechs, gm_list) {
221		if (!mech_supports_pseudoflavor(pos, pseudoflavor))
222			continue;
223		if (try_module_get(pos->gm_owner))
224			gm = pos;
225		break;
226	}
227	spin_unlock(&registered_mechs_lock);
228	return gm;
229}
230
231struct gss_api_mech *
232gss_mech_get_by_pseudoflavor(u32 pseudoflavor)
233{
234	struct gss_api_mech *gm;
235
236	gm = _gss_mech_get_by_pseudoflavor(pseudoflavor);
237
238	if (!gm) {
239		request_module("rpc-auth-gss-%u", pseudoflavor);
240		gm = _gss_mech_get_by_pseudoflavor(pseudoflavor);
241	}
242	return gm;
243}
244
245/**
246 * gss_mech_list_pseudoflavors - Discover registered GSS pseudoflavors
247 * @array: array to fill in
248 * @size: size of "array"
249 *
250 * Returns the number of array items filled in, or a negative errno.
251 *
252 * The returned array is not sorted by any policy.  Callers should not
253 * rely on the order of the items in the returned array.
254 */
255int gss_mech_list_pseudoflavors(rpc_authflavor_t *array_ptr, int size)
256{
257	struct gss_api_mech *pos = NULL;
258	int j, i = 0;
259
260	spin_lock(&registered_mechs_lock);
261	list_for_each_entry(pos, &registered_mechs, gm_list) {
262		for (j = 0; j < pos->gm_pf_num; j++) {
263			if (i >= size) {
264				spin_unlock(&registered_mechs_lock);
265				return -ENOMEM;
266			}
267			array_ptr[i++] = pos->gm_pfs[j].pseudoflavor;
268		}
269	}
270	spin_unlock(&registered_mechs_lock);
271	return i;
272}
273
274/**
275 * gss_svc_to_pseudoflavor - map a GSS service number to a pseudoflavor
276 * @gm: GSS mechanism handle
277 * @qop: GSS quality-of-protection value
278 * @service: GSS service value
279 *
280 * Returns a matching security flavor, or RPC_AUTH_MAXFLAVOR if none is found.
281 */
282rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 qop,
283					 u32 service)
284{
285	int i;
286
287	for (i = 0; i < gm->gm_pf_num; i++) {
288		if (gm->gm_pfs[i].qop == qop &&
289		    gm->gm_pfs[i].service == service) {
290			return gm->gm_pfs[i].pseudoflavor;
291		}
292	}
293	return RPC_AUTH_MAXFLAVOR;
294}
295
296/**
297 * gss_mech_info2flavor - look up a pseudoflavor given a GSS tuple
298 * @info: a GSS mech OID, quality of protection, and service value
299 *
300 * Returns a matching pseudoflavor, or RPC_AUTH_MAXFLAVOR if the tuple is
301 * not supported.
302 */
303rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *info)
304{
305	rpc_authflavor_t pseudoflavor;
306	struct gss_api_mech *gm;
307
308	gm = gss_mech_get_by_OID(&info->oid);
309	if (gm == NULL)
310		return RPC_AUTH_MAXFLAVOR;
311
312	pseudoflavor = gss_svc_to_pseudoflavor(gm, info->qop, info->service);
313
314	gss_mech_put(gm);
315	return pseudoflavor;
316}
317
318/**
319 * gss_mech_flavor2info - look up a GSS tuple for a given pseudoflavor
320 * @pseudoflavor: GSS pseudoflavor to match
321 * @info: rpcsec_gss_info structure to fill in
322 *
323 * Returns zero and fills in "info" if pseudoflavor matches a
324 * supported mechanism.  Otherwise a negative errno is returned.
325 */
326int gss_mech_flavor2info(rpc_authflavor_t pseudoflavor,
327			 struct rpcsec_gss_info *info)
328{
329	struct gss_api_mech *gm;
330	int i;
331
332	gm = gss_mech_get_by_pseudoflavor(pseudoflavor);
333	if (gm == NULL)
334		return -ENOENT;
335
336	for (i = 0; i < gm->gm_pf_num; i++) {
337		if (gm->gm_pfs[i].pseudoflavor == pseudoflavor) {
338			memcpy(info->oid.data, gm->gm_oid.data, gm->gm_oid.len);
339			info->oid.len = gm->gm_oid.len;
340			info->qop = gm->gm_pfs[i].qop;
341			info->service = gm->gm_pfs[i].service;
342			gss_mech_put(gm);
343			return 0;
344		}
345	}
346
347	gss_mech_put(gm);
348	return -ENOENT;
349}
350
351u32
352gss_pseudoflavor_to_service(struct gss_api_mech *gm, u32 pseudoflavor)
353{
354	int i;
355
356	for (i = 0; i < gm->gm_pf_num; i++) {
357		if (gm->gm_pfs[i].pseudoflavor == pseudoflavor)
358			return gm->gm_pfs[i].service;
359	}
360	return 0;
361}
362EXPORT_SYMBOL(gss_pseudoflavor_to_service);
363
364char *
365gss_service_to_auth_domain_name(struct gss_api_mech *gm, u32 service)
366{
367	int i;
368
369	for (i = 0; i < gm->gm_pf_num; i++) {
370		if (gm->gm_pfs[i].service == service)
371			return gm->gm_pfs[i].auth_domain_name;
372	}
373	return NULL;
374}
375
376void
377gss_mech_put(struct gss_api_mech * gm)
378{
379	if (gm)
380		module_put(gm->gm_owner);
381}
382EXPORT_SYMBOL(gss_mech_put);
383
384/* The mech could probably be determined from the token instead, but it's just
385 * as easy for now to pass it in. */
386int
387gss_import_sec_context(const void *input_token, size_t bufsize,
388		       struct gss_api_mech	*mech,
389		       struct gss_ctx		**ctx_id,
390		       time_t			*endtime,
391		       gfp_t gfp_mask)
392{
393	if (!(*ctx_id = kzalloc(sizeof(**ctx_id), gfp_mask)))
394		return -ENOMEM;
395	(*ctx_id)->mech_type = gss_mech_get(mech);
396
397	return mech->gm_ops->gss_import_sec_context(input_token, bufsize,
398						*ctx_id, endtime, gfp_mask);
399}
400
401/* gss_get_mic: compute a mic over message and return mic_token. */
402
403u32
404gss_get_mic(struct gss_ctx	*context_handle,
405	    struct xdr_buf	*message,
406	    struct xdr_netobj	*mic_token)
407{
408	 return context_handle->mech_type->gm_ops
409		->gss_get_mic(context_handle,
410			      message,
411			      mic_token);
412}
413
414/* gss_verify_mic: check whether the provided mic_token verifies message. */
415
416u32
417gss_verify_mic(struct gss_ctx		*context_handle,
418	       struct xdr_buf		*message,
419	       struct xdr_netobj	*mic_token)
420{
421	return context_handle->mech_type->gm_ops
422		->gss_verify_mic(context_handle,
423				 message,
424				 mic_token);
425}
426
427/*
428 * This function is called from both the client and server code.
429 * Each makes guarantees about how much "slack" space is available
430 * for the underlying function in "buf"'s head and tail while
431 * performing the wrap.
432 *
433 * The client and server code allocate RPC_MAX_AUTH_SIZE extra
434 * space in both the head and tail which is available for use by
435 * the wrap function.
436 *
437 * Underlying functions should verify they do not use more than
438 * RPC_MAX_AUTH_SIZE of extra space in either the head or tail
439 * when performing the wrap.
440 */
441u32
442gss_wrap(struct gss_ctx	*ctx_id,
443	 int		offset,
444	 struct xdr_buf	*buf,
445	 struct page	**inpages)
446{
447	return ctx_id->mech_type->gm_ops
448		->gss_wrap(ctx_id, offset, buf, inpages);
449}
450
451u32
452gss_unwrap(struct gss_ctx	*ctx_id,
453	   int			offset,
454	   struct xdr_buf	*buf)
455{
456	return ctx_id->mech_type->gm_ops
457		->gss_unwrap(ctx_id, offset, buf);
458}
459
460
461/* gss_delete_sec_context: free all resources associated with context_handle.
462 * Note this differs from the RFC 2744-specified prototype in that we don't
463 * bother returning an output token, since it would never be used anyway. */
464
465u32
466gss_delete_sec_context(struct gss_ctx	**context_handle)
467{
468	dprintk("RPC:       gss_delete_sec_context deleting %p\n",
469			*context_handle);
470
471	if (!*context_handle)
472		return GSS_S_NO_CONTEXT;
473	if ((*context_handle)->internal_ctx_id)
474		(*context_handle)->mech_type->gm_ops
475			->gss_delete_sec_context((*context_handle)
476							->internal_ctx_id);
477	gss_mech_put((*context_handle)->mech_type);
478	kfree(*context_handle);
479	*context_handle=NULL;
480	return GSS_S_COMPLETE;
481}
482