1 /*
2  *  linux/net/sunrpc/gss_mech_switch.c
3  *
4  *  Copyright (c) 2001 The Regents of the University of Michigan.
5  *  All rights reserved.
6  *
7  *  J. Bruce Fields   <bfields@umich.edu>
8  *
9  *  Redistribution and use in source and binary forms, with or without
10  *  modification, are permitted provided that the following conditions
11  *  are met:
12  *
13  *  1. Redistributions of source code must retain the above copyright
14  *     notice, this list of conditions and the following disclaimer.
15  *  2. Redistributions in binary form must reproduce the above copyright
16  *     notice, this list of conditions and the following disclaimer in the
17  *     documentation and/or other materials provided with the distribution.
18  *  3. Neither the name of the University nor the names of its
19  *     contributors may be used to endorse or promote products derived
20  *     from this software without specific prior written permission.
21  *
22  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
23  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25  *  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  *  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
29  *  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33  *
34  */
35 
36 #include <linux/types.h>
37 #include <linux/slab.h>
38 #include <linux/module.h>
39 #include <linux/oid_registry.h>
40 #include <linux/sunrpc/msg_prot.h>
41 #include <linux/sunrpc/gss_asn1.h>
42 #include <linux/sunrpc/auth_gss.h>
43 #include <linux/sunrpc/svcauth_gss.h>
44 #include <linux/sunrpc/gss_err.h>
45 #include <linux/sunrpc/sched.h>
46 #include <linux/sunrpc/gss_api.h>
47 #include <linux/sunrpc/clnt.h>
48 
49 #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
50 # define RPCDBG_FACILITY        RPCDBG_AUTH
51 #endif
52 
53 static LIST_HEAD(registered_mechs);
54 static DEFINE_SPINLOCK(registered_mechs_lock);
55 
56 static void
57 gss_mech_free(struct gss_api_mech *gm)
58 {
59 	struct pf_desc *pf;
60 	int i;
61 
62 	for (i = 0; i < gm->gm_pf_num; i++) {
63 		pf = &gm->gm_pfs[i];
64 		kfree(pf->auth_domain_name);
65 		pf->auth_domain_name = NULL;
66 	}
67 }
68 
69 static inline char *
70 make_auth_domain_name(char *name)
71 {
72 	static char	*prefix = "gss/";
73 	char		*new;
74 
75 	new = kmalloc(strlen(name) + strlen(prefix) + 1, GFP_KERNEL);
76 	if (new) {
77 		strcpy(new, prefix);
78 		strcat(new, name);
79 	}
80 	return new;
81 }
82 
83 static int
84 gss_mech_svc_setup(struct gss_api_mech *gm)
85 {
86 	struct pf_desc *pf;
87 	int i, status;
88 
89 	for (i = 0; i < gm->gm_pf_num; i++) {
90 		pf = &gm->gm_pfs[i];
91 		pf->auth_domain_name = make_auth_domain_name(pf->name);
92 		status = -ENOMEM;
93 		if (pf->auth_domain_name == NULL)
94 			goto out;
95 		status = svcauth_gss_register_pseudoflavor(pf->pseudoflavor,
96 							pf->auth_domain_name);
97 		if (status)
98 			goto out;
99 	}
100 	return 0;
101 out:
102 	gss_mech_free(gm);
103 	return status;
104 }
105 
106 /**
107  * gss_mech_register - register a GSS mechanism
108  * @gm: GSS mechanism handle
109  *
110  * Returns zero if successful, or a negative errno.
111  */
112 int gss_mech_register(struct gss_api_mech *gm)
113 {
114 	int status;
115 
116 	status = gss_mech_svc_setup(gm);
117 	if (status)
118 		return status;
119 	spin_lock(&registered_mechs_lock);
120 	list_add_rcu(&gm->gm_list, &registered_mechs);
121 	spin_unlock(&registered_mechs_lock);
122 	dprintk("RPC:       registered gss mechanism %s\n", gm->gm_name);
123 	return 0;
124 }
125 EXPORT_SYMBOL_GPL(gss_mech_register);
126 
127 /**
128  * gss_mech_unregister - release a GSS mechanism
129  * @gm: GSS mechanism handle
130  *
131  */
132 void gss_mech_unregister(struct gss_api_mech *gm)
133 {
134 	spin_lock(&registered_mechs_lock);
135 	list_del_rcu(&gm->gm_list);
136 	spin_unlock(&registered_mechs_lock);
137 	dprintk("RPC:       unregistered gss mechanism %s\n", gm->gm_name);
138 	gss_mech_free(gm);
139 }
140 EXPORT_SYMBOL_GPL(gss_mech_unregister);
141 
142 struct gss_api_mech *gss_mech_get(struct gss_api_mech *gm)
143 {
144 	__module_get(gm->gm_owner);
145 	return gm;
146 }
147 EXPORT_SYMBOL(gss_mech_get);
148 
149 static struct gss_api_mech *
150 _gss_mech_get_by_name(const char *name)
151 {
152 	struct gss_api_mech	*pos, *gm = NULL;
153 
154 	rcu_read_lock();
155 	list_for_each_entry_rcu(pos, &registered_mechs, gm_list) {
156 		if (0 == strcmp(name, pos->gm_name)) {
157 			if (try_module_get(pos->gm_owner))
158 				gm = pos;
159 			break;
160 		}
161 	}
162 	rcu_read_unlock();
163 	return gm;
164 
165 }
166 
167 struct gss_api_mech * gss_mech_get_by_name(const char *name)
168 {
169 	struct gss_api_mech *gm = NULL;
170 
171 	gm = _gss_mech_get_by_name(name);
172 	if (!gm) {
173 		request_module("rpc-auth-gss-%s", name);
174 		gm = _gss_mech_get_by_name(name);
175 	}
176 	return gm;
177 }
178 
179 struct gss_api_mech *gss_mech_get_by_OID(struct rpcsec_gss_oid *obj)
180 {
181 	struct gss_api_mech	*pos, *gm = NULL;
182 	char buf[32];
183 
184 	if (sprint_oid(obj->data, obj->len, buf, sizeof(buf)) < 0)
185 		return NULL;
186 	dprintk("RPC:       %s(%s)\n", __func__, buf);
187 	request_module("rpc-auth-gss-%s", buf);
188 
189 	rcu_read_lock();
190 	list_for_each_entry_rcu(pos, &registered_mechs, gm_list) {
191 		if (obj->len == pos->gm_oid.len) {
192 			if (0 == memcmp(obj->data, pos->gm_oid.data, obj->len)) {
193 				if (try_module_get(pos->gm_owner))
194 					gm = pos;
195 				break;
196 			}
197 		}
198 	}
199 	rcu_read_unlock();
200 	return gm;
201 }
202 
203 static inline int
204 mech_supports_pseudoflavor(struct gss_api_mech *gm, u32 pseudoflavor)
205 {
206 	int i;
207 
208 	for (i = 0; i < gm->gm_pf_num; i++) {
209 		if (gm->gm_pfs[i].pseudoflavor == pseudoflavor)
210 			return 1;
211 	}
212 	return 0;
213 }
214 
215 static struct gss_api_mech *_gss_mech_get_by_pseudoflavor(u32 pseudoflavor)
216 {
217 	struct gss_api_mech *gm = NULL, *pos;
218 
219 	rcu_read_lock();
220 	list_for_each_entry_rcu(pos, &registered_mechs, gm_list) {
221 		if (!mech_supports_pseudoflavor(pos, pseudoflavor))
222 			continue;
223 		if (try_module_get(pos->gm_owner))
224 			gm = pos;
225 		break;
226 	}
227 	rcu_read_unlock();
228 	return gm;
229 }
230 
231 struct gss_api_mech *
232 gss_mech_get_by_pseudoflavor(u32 pseudoflavor)
233 {
234 	struct gss_api_mech *gm;
235 
236 	gm = _gss_mech_get_by_pseudoflavor(pseudoflavor);
237 
238 	if (!gm) {
239 		request_module("rpc-auth-gss-%u", pseudoflavor);
240 		gm = _gss_mech_get_by_pseudoflavor(pseudoflavor);
241 	}
242 	return gm;
243 }
244 
245 /**
246  * gss_mech_list_pseudoflavors - Discover registered GSS pseudoflavors
247  * @array_ptr: array to fill in
248  * @size: size of "array"
249  *
250  * Returns the number of array items filled in, or a negative errno.
251  *
252  * The returned array is not sorted by any policy.  Callers should not
253  * rely on the order of the items in the returned array.
254  */
255 int gss_mech_list_pseudoflavors(rpc_authflavor_t *array_ptr, int size)
256 {
257 	struct gss_api_mech *pos = NULL;
258 	int j, i = 0;
259 
260 	rcu_read_lock();
261 	list_for_each_entry_rcu(pos, &registered_mechs, gm_list) {
262 		for (j = 0; j < pos->gm_pf_num; j++) {
263 			if (i >= size) {
264 				spin_unlock(&registered_mechs_lock);
265 				return -ENOMEM;
266 			}
267 			array_ptr[i++] = pos->gm_pfs[j].pseudoflavor;
268 		}
269 	}
270 	rcu_read_unlock();
271 	return i;
272 }
273 
274 /**
275  * gss_svc_to_pseudoflavor - map a GSS service number to a pseudoflavor
276  * @gm: GSS mechanism handle
277  * @qop: GSS quality-of-protection value
278  * @service: GSS service value
279  *
280  * Returns a matching security flavor, or RPC_AUTH_MAXFLAVOR if none is found.
281  */
282 rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 qop,
283 					 u32 service)
284 {
285 	int i;
286 
287 	for (i = 0; i < gm->gm_pf_num; i++) {
288 		if (gm->gm_pfs[i].qop == qop &&
289 		    gm->gm_pfs[i].service == service) {
290 			return gm->gm_pfs[i].pseudoflavor;
291 		}
292 	}
293 	return RPC_AUTH_MAXFLAVOR;
294 }
295 
296 /**
297  * gss_mech_info2flavor - look up a pseudoflavor given a GSS tuple
298  * @info: a GSS mech OID, quality of protection, and service value
299  *
300  * Returns a matching pseudoflavor, or RPC_AUTH_MAXFLAVOR if the tuple is
301  * not supported.
302  */
303 rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *info)
304 {
305 	rpc_authflavor_t pseudoflavor;
306 	struct gss_api_mech *gm;
307 
308 	gm = gss_mech_get_by_OID(&info->oid);
309 	if (gm == NULL)
310 		return RPC_AUTH_MAXFLAVOR;
311 
312 	pseudoflavor = gss_svc_to_pseudoflavor(gm, info->qop, info->service);
313 
314 	gss_mech_put(gm);
315 	return pseudoflavor;
316 }
317 
318 /**
319  * gss_mech_flavor2info - look up a GSS tuple for a given pseudoflavor
320  * @pseudoflavor: GSS pseudoflavor to match
321  * @info: rpcsec_gss_info structure to fill in
322  *
323  * Returns zero and fills in "info" if pseudoflavor matches a
324  * supported mechanism.  Otherwise a negative errno is returned.
325  */
326 int gss_mech_flavor2info(rpc_authflavor_t pseudoflavor,
327 			 struct rpcsec_gss_info *info)
328 {
329 	struct gss_api_mech *gm;
330 	int i;
331 
332 	gm = gss_mech_get_by_pseudoflavor(pseudoflavor);
333 	if (gm == NULL)
334 		return -ENOENT;
335 
336 	for (i = 0; i < gm->gm_pf_num; i++) {
337 		if (gm->gm_pfs[i].pseudoflavor == pseudoflavor) {
338 			memcpy(info->oid.data, gm->gm_oid.data, gm->gm_oid.len);
339 			info->oid.len = gm->gm_oid.len;
340 			info->qop = gm->gm_pfs[i].qop;
341 			info->service = gm->gm_pfs[i].service;
342 			gss_mech_put(gm);
343 			return 0;
344 		}
345 	}
346 
347 	gss_mech_put(gm);
348 	return -ENOENT;
349 }
350 
351 u32
352 gss_pseudoflavor_to_service(struct gss_api_mech *gm, u32 pseudoflavor)
353 {
354 	int i;
355 
356 	for (i = 0; i < gm->gm_pf_num; i++) {
357 		if (gm->gm_pfs[i].pseudoflavor == pseudoflavor)
358 			return gm->gm_pfs[i].service;
359 	}
360 	return 0;
361 }
362 EXPORT_SYMBOL(gss_pseudoflavor_to_service);
363 
364 bool
365 gss_pseudoflavor_to_datatouch(struct gss_api_mech *gm, u32 pseudoflavor)
366 {
367 	int i;
368 
369 	for (i = 0; i < gm->gm_pf_num; i++) {
370 		if (gm->gm_pfs[i].pseudoflavor == pseudoflavor)
371 			return gm->gm_pfs[i].datatouch;
372 	}
373 	return false;
374 }
375 
376 char *
377 gss_service_to_auth_domain_name(struct gss_api_mech *gm, u32 service)
378 {
379 	int i;
380 
381 	for (i = 0; i < gm->gm_pf_num; i++) {
382 		if (gm->gm_pfs[i].service == service)
383 			return gm->gm_pfs[i].auth_domain_name;
384 	}
385 	return NULL;
386 }
387 
388 void
389 gss_mech_put(struct gss_api_mech * gm)
390 {
391 	if (gm)
392 		module_put(gm->gm_owner);
393 }
394 EXPORT_SYMBOL(gss_mech_put);
395 
396 /* The mech could probably be determined from the token instead, but it's just
397  * as easy for now to pass it in. */
398 int
399 gss_import_sec_context(const void *input_token, size_t bufsize,
400 		       struct gss_api_mech	*mech,
401 		       struct gss_ctx		**ctx_id,
402 		       time_t			*endtime,
403 		       gfp_t gfp_mask)
404 {
405 	if (!(*ctx_id = kzalloc(sizeof(**ctx_id), gfp_mask)))
406 		return -ENOMEM;
407 	(*ctx_id)->mech_type = gss_mech_get(mech);
408 
409 	return mech->gm_ops->gss_import_sec_context(input_token, bufsize,
410 						*ctx_id, endtime, gfp_mask);
411 }
412 
413 /* gss_get_mic: compute a mic over message and return mic_token. */
414 
415 u32
416 gss_get_mic(struct gss_ctx	*context_handle,
417 	    struct xdr_buf	*message,
418 	    struct xdr_netobj	*mic_token)
419 {
420 	 return context_handle->mech_type->gm_ops
421 		->gss_get_mic(context_handle,
422 			      message,
423 			      mic_token);
424 }
425 
426 /* gss_verify_mic: check whether the provided mic_token verifies message. */
427 
428 u32
429 gss_verify_mic(struct gss_ctx		*context_handle,
430 	       struct xdr_buf		*message,
431 	       struct xdr_netobj	*mic_token)
432 {
433 	return context_handle->mech_type->gm_ops
434 		->gss_verify_mic(context_handle,
435 				 message,
436 				 mic_token);
437 }
438 
439 /*
440  * This function is called from both the client and server code.
441  * Each makes guarantees about how much "slack" space is available
442  * for the underlying function in "buf"'s head and tail while
443  * performing the wrap.
444  *
445  * The client and server code allocate RPC_MAX_AUTH_SIZE extra
446  * space in both the head and tail which is available for use by
447  * the wrap function.
448  *
449  * Underlying functions should verify they do not use more than
450  * RPC_MAX_AUTH_SIZE of extra space in either the head or tail
451  * when performing the wrap.
452  */
453 u32
454 gss_wrap(struct gss_ctx	*ctx_id,
455 	 int		offset,
456 	 struct xdr_buf	*buf,
457 	 struct page	**inpages)
458 {
459 	return ctx_id->mech_type->gm_ops
460 		->gss_wrap(ctx_id, offset, buf, inpages);
461 }
462 
463 u32
464 gss_unwrap(struct gss_ctx	*ctx_id,
465 	   int			offset,
466 	   struct xdr_buf	*buf)
467 {
468 	return ctx_id->mech_type->gm_ops
469 		->gss_unwrap(ctx_id, offset, buf);
470 }
471 
472 
473 /* gss_delete_sec_context: free all resources associated with context_handle.
474  * Note this differs from the RFC 2744-specified prototype in that we don't
475  * bother returning an output token, since it would never be used anyway. */
476 
477 u32
478 gss_delete_sec_context(struct gss_ctx	**context_handle)
479 {
480 	dprintk("RPC:       gss_delete_sec_context deleting %p\n",
481 			*context_handle);
482 
483 	if (!*context_handle)
484 		return GSS_S_NO_CONTEXT;
485 	if ((*context_handle)->internal_ctx_id)
486 		(*context_handle)->mech_type->gm_ops
487 			->gss_delete_sec_context((*context_handle)
488 							->internal_ctx_id);
489 	gss_mech_put((*context_handle)->mech_type);
490 	kfree(*context_handle);
491 	*context_handle=NULL;
492 	return GSS_S_COMPLETE;
493 }
494