1 /* 2 * GSS Proxy upcall module 3 * 4 * Copyright (C) 2012 Simo Sorce <simo@redhat.com> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 */ 20 21 #include <linux/sunrpc/svcauth.h> 22 #include "gss_rpc_xdr.h" 23 24 static int gssx_enc_bool(struct xdr_stream *xdr, int v) 25 { 26 __be32 *p; 27 28 p = xdr_reserve_space(xdr, 4); 29 if (unlikely(p == NULL)) 30 return -ENOSPC; 31 *p = v ? xdr_one : xdr_zero; 32 return 0; 33 } 34 35 static int gssx_dec_bool(struct xdr_stream *xdr, u32 *v) 36 { 37 __be32 *p; 38 39 p = xdr_inline_decode(xdr, 4); 40 if (unlikely(p == NULL)) 41 return -ENOSPC; 42 *v = be32_to_cpu(*p); 43 return 0; 44 } 45 46 static int gssx_enc_buffer(struct xdr_stream *xdr, 47 const gssx_buffer *buf) 48 { 49 __be32 *p; 50 51 p = xdr_reserve_space(xdr, sizeof(u32) + buf->len); 52 if (!p) 53 return -ENOSPC; 54 xdr_encode_opaque(p, buf->data, buf->len); 55 return 0; 56 } 57 58 static int gssx_enc_in_token(struct xdr_stream *xdr, 59 const struct gssp_in_token *in) 60 { 61 __be32 *p; 62 63 p = xdr_reserve_space(xdr, 4); 64 if (!p) 65 return -ENOSPC; 66 *p = cpu_to_be32(in->page_len); 67 68 /* all we need to do is to write pages */ 69 xdr_write_pages(xdr, in->pages, in->page_base, in->page_len); 70 71 return 0; 72 } 73 74 75 static int gssx_dec_buffer(struct xdr_stream *xdr, 76 gssx_buffer *buf) 77 { 78 u32 length; 79 __be32 *p; 80 81 p = xdr_inline_decode(xdr, 4); 82 if (unlikely(p == NULL)) 83 return -ENOSPC; 84 85 length = be32_to_cpup(p); 86 p = xdr_inline_decode(xdr, length); 87 if (unlikely(p == NULL)) 88 return -ENOSPC; 89 90 if (buf->len == 0) { 91 /* we intentionally are not interested in this buffer */ 92 return 0; 93 } 94 if (length > buf->len) 95 return -ENOSPC; 96 97 if (!buf->data) { 98 buf->data = kmemdup(p, length, GFP_KERNEL); 99 if (!buf->data) 100 return -ENOMEM; 101 } else { 102 memcpy(buf->data, p, length); 103 } 104 buf->len = length; 105 return 0; 106 } 107 108 static int gssx_enc_option(struct xdr_stream *xdr, 109 struct gssx_option *opt) 110 { 111 int err; 112 113 err = gssx_enc_buffer(xdr, &opt->option); 114 if (err) 115 return err; 116 err = gssx_enc_buffer(xdr, &opt->value); 117 return err; 118 } 119 120 static int gssx_dec_option(struct xdr_stream *xdr, 121 struct gssx_option *opt) 122 { 123 int err; 124 125 err = gssx_dec_buffer(xdr, &opt->option); 126 if (err) 127 return err; 128 err = gssx_dec_buffer(xdr, &opt->value); 129 return err; 130 } 131 132 static int dummy_enc_opt_array(struct xdr_stream *xdr, 133 const struct gssx_option_array *oa) 134 { 135 __be32 *p; 136 137 if (oa->count != 0) 138 return -EINVAL; 139 140 p = xdr_reserve_space(xdr, 4); 141 if (!p) 142 return -ENOSPC; 143 *p = 0; 144 145 return 0; 146 } 147 148 static int dummy_dec_opt_array(struct xdr_stream *xdr, 149 struct gssx_option_array *oa) 150 { 151 struct gssx_option dummy; 152 u32 count, i; 153 __be32 *p; 154 155 p = xdr_inline_decode(xdr, 4); 156 if (unlikely(p == NULL)) 157 return -ENOSPC; 158 count = be32_to_cpup(p++); 159 memset(&dummy, 0, sizeof(dummy)); 160 for (i = 0; i < count; i++) { 161 gssx_dec_option(xdr, &dummy); 162 } 163 164 oa->count = 0; 165 oa->data = NULL; 166 return 0; 167 } 168 169 static int get_host_u32(struct xdr_stream *xdr, u32 *res) 170 { 171 __be32 *p; 172 173 p = xdr_inline_decode(xdr, 4); 174 if (!p) 175 return -EINVAL; 176 /* Contents of linux creds are all host-endian: */ 177 memcpy(res, p, sizeof(u32)); 178 return 0; 179 } 180 181 static int gssx_dec_linux_creds(struct xdr_stream *xdr, 182 struct svc_cred *creds) 183 { 184 u32 length; 185 __be32 *p; 186 u32 tmp; 187 u32 N; 188 int i, err; 189 190 p = xdr_inline_decode(xdr, 4); 191 if (unlikely(p == NULL)) 192 return -ENOSPC; 193 194 length = be32_to_cpup(p); 195 196 if (length > (3 + NGROUPS_MAX) * sizeof(u32)) 197 return -ENOSPC; 198 199 /* uid */ 200 err = get_host_u32(xdr, &tmp); 201 if (err) 202 return err; 203 creds->cr_uid = make_kuid(&init_user_ns, tmp); 204 205 /* gid */ 206 err = get_host_u32(xdr, &tmp); 207 if (err) 208 return err; 209 creds->cr_gid = make_kgid(&init_user_ns, tmp); 210 211 /* number of additional gid's */ 212 err = get_host_u32(xdr, &tmp); 213 if (err) 214 return err; 215 N = tmp; 216 if ((3 + N) * sizeof(u32) != length) 217 return -EINVAL; 218 creds->cr_group_info = groups_alloc(N); 219 if (creds->cr_group_info == NULL) 220 return -ENOMEM; 221 222 /* gid's */ 223 for (i = 0; i < N; i++) { 224 kgid_t kgid; 225 err = get_host_u32(xdr, &tmp); 226 if (err) 227 goto out_free_groups; 228 err = -EINVAL; 229 kgid = make_kgid(&init_user_ns, tmp); 230 if (!gid_valid(kgid)) 231 goto out_free_groups; 232 creds->cr_group_info->gid[i] = kgid; 233 } 234 groups_sort(creds->cr_group_info); 235 236 return 0; 237 out_free_groups: 238 groups_free(creds->cr_group_info); 239 return err; 240 } 241 242 static int gssx_dec_option_array(struct xdr_stream *xdr, 243 struct gssx_option_array *oa) 244 { 245 struct svc_cred *creds; 246 u32 count, i; 247 __be32 *p; 248 int err; 249 250 p = xdr_inline_decode(xdr, 4); 251 if (unlikely(p == NULL)) 252 return -ENOSPC; 253 count = be32_to_cpup(p++); 254 if (!count) 255 return 0; 256 257 /* we recognize only 1 currently: CREDS_VALUE */ 258 oa->count = 1; 259 260 oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL); 261 if (!oa->data) 262 return -ENOMEM; 263 264 creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL); 265 if (!creds) { 266 kfree(oa->data); 267 return -ENOMEM; 268 } 269 270 oa->data[0].option.data = CREDS_VALUE; 271 oa->data[0].option.len = sizeof(CREDS_VALUE); 272 oa->data[0].value.data = (void *)creds; 273 oa->data[0].value.len = 0; 274 275 for (i = 0; i < count; i++) { 276 gssx_buffer dummy = { 0, NULL }; 277 u32 length; 278 279 /* option buffer */ 280 p = xdr_inline_decode(xdr, 4); 281 if (unlikely(p == NULL)) 282 return -ENOSPC; 283 284 length = be32_to_cpup(p); 285 p = xdr_inline_decode(xdr, length); 286 if (unlikely(p == NULL)) 287 return -ENOSPC; 288 289 if (length == sizeof(CREDS_VALUE) && 290 memcmp(p, CREDS_VALUE, sizeof(CREDS_VALUE)) == 0) { 291 /* We have creds here. parse them */ 292 err = gssx_dec_linux_creds(xdr, creds); 293 if (err) 294 return err; 295 oa->data[0].value.len = 1; /* presence */ 296 } else { 297 /* consume uninteresting buffer */ 298 err = gssx_dec_buffer(xdr, &dummy); 299 if (err) 300 return err; 301 } 302 } 303 return 0; 304 } 305 306 static int gssx_dec_status(struct xdr_stream *xdr, 307 struct gssx_status *status) 308 { 309 __be32 *p; 310 int err; 311 312 /* status->major_status */ 313 p = xdr_inline_decode(xdr, 8); 314 if (unlikely(p == NULL)) 315 return -ENOSPC; 316 p = xdr_decode_hyper(p, &status->major_status); 317 318 /* status->mech */ 319 err = gssx_dec_buffer(xdr, &status->mech); 320 if (err) 321 return err; 322 323 /* status->minor_status */ 324 p = xdr_inline_decode(xdr, 8); 325 if (unlikely(p == NULL)) 326 return -ENOSPC; 327 p = xdr_decode_hyper(p, &status->minor_status); 328 329 /* status->major_status_string */ 330 err = gssx_dec_buffer(xdr, &status->major_status_string); 331 if (err) 332 return err; 333 334 /* status->minor_status_string */ 335 err = gssx_dec_buffer(xdr, &status->minor_status_string); 336 if (err) 337 return err; 338 339 /* status->server_ctx */ 340 err = gssx_dec_buffer(xdr, &status->server_ctx); 341 if (err) 342 return err; 343 344 /* we assume we have no options for now, so simply consume them */ 345 /* status->options */ 346 err = dummy_dec_opt_array(xdr, &status->options); 347 348 return err; 349 } 350 351 static int gssx_enc_call_ctx(struct xdr_stream *xdr, 352 const struct gssx_call_ctx *ctx) 353 { 354 struct gssx_option opt; 355 __be32 *p; 356 int err; 357 358 /* ctx->locale */ 359 err = gssx_enc_buffer(xdr, &ctx->locale); 360 if (err) 361 return err; 362 363 /* ctx->server_ctx */ 364 err = gssx_enc_buffer(xdr, &ctx->server_ctx); 365 if (err) 366 return err; 367 368 /* we always want to ask for lucid contexts */ 369 /* ctx->options */ 370 p = xdr_reserve_space(xdr, 4); 371 *p = cpu_to_be32(2); 372 373 /* we want a lucid_v1 context */ 374 opt.option.data = LUCID_OPTION; 375 opt.option.len = sizeof(LUCID_OPTION); 376 opt.value.data = LUCID_VALUE; 377 opt.value.len = sizeof(LUCID_VALUE); 378 err = gssx_enc_option(xdr, &opt); 379 380 /* ..and user creds */ 381 opt.option.data = CREDS_OPTION; 382 opt.option.len = sizeof(CREDS_OPTION); 383 opt.value.data = CREDS_VALUE; 384 opt.value.len = sizeof(CREDS_VALUE); 385 err = gssx_enc_option(xdr, &opt); 386 387 return err; 388 } 389 390 static int gssx_dec_name_attr(struct xdr_stream *xdr, 391 struct gssx_name_attr *attr) 392 { 393 int err; 394 395 /* attr->attr */ 396 err = gssx_dec_buffer(xdr, &attr->attr); 397 if (err) 398 return err; 399 400 /* attr->value */ 401 err = gssx_dec_buffer(xdr, &attr->value); 402 if (err) 403 return err; 404 405 /* attr->extensions */ 406 err = dummy_dec_opt_array(xdr, &attr->extensions); 407 408 return err; 409 } 410 411 static int dummy_enc_nameattr_array(struct xdr_stream *xdr, 412 struct gssx_name_attr_array *naa) 413 { 414 __be32 *p; 415 416 if (naa->count != 0) 417 return -EINVAL; 418 419 p = xdr_reserve_space(xdr, 4); 420 if (!p) 421 return -ENOSPC; 422 *p = 0; 423 424 return 0; 425 } 426 427 static int dummy_dec_nameattr_array(struct xdr_stream *xdr, 428 struct gssx_name_attr_array *naa) 429 { 430 struct gssx_name_attr dummy = { .attr = {.len = 0} }; 431 u32 count, i; 432 __be32 *p; 433 434 p = xdr_inline_decode(xdr, 4); 435 if (unlikely(p == NULL)) 436 return -ENOSPC; 437 count = be32_to_cpup(p++); 438 for (i = 0; i < count; i++) { 439 gssx_dec_name_attr(xdr, &dummy); 440 } 441 442 naa->count = 0; 443 naa->data = NULL; 444 return 0; 445 } 446 447 static struct xdr_netobj zero_netobj = {}; 448 449 static struct gssx_name_attr_array zero_name_attr_array = {}; 450 451 static struct gssx_option_array zero_option_array = {}; 452 453 static int gssx_enc_name(struct xdr_stream *xdr, 454 struct gssx_name *name) 455 { 456 int err; 457 458 /* name->display_name */ 459 err = gssx_enc_buffer(xdr, &name->display_name); 460 if (err) 461 return err; 462 463 /* name->name_type */ 464 err = gssx_enc_buffer(xdr, &zero_netobj); 465 if (err) 466 return err; 467 468 /* name->exported_name */ 469 err = gssx_enc_buffer(xdr, &zero_netobj); 470 if (err) 471 return err; 472 473 /* name->exported_composite_name */ 474 err = gssx_enc_buffer(xdr, &zero_netobj); 475 if (err) 476 return err; 477 478 /* leave name_attributes empty for now, will add once we have any 479 * to pass up at all */ 480 /* name->name_attributes */ 481 err = dummy_enc_nameattr_array(xdr, &zero_name_attr_array); 482 if (err) 483 return err; 484 485 /* leave options empty for now, will add once we have any options 486 * to pass up at all */ 487 /* name->extensions */ 488 err = dummy_enc_opt_array(xdr, &zero_option_array); 489 490 return err; 491 } 492 493 494 static int gssx_dec_name(struct xdr_stream *xdr, 495 struct gssx_name *name) 496 { 497 struct xdr_netobj dummy_netobj = { .len = 0 }; 498 struct gssx_name_attr_array dummy_name_attr_array = { .count = 0 }; 499 struct gssx_option_array dummy_option_array = { .count = 0 }; 500 int err; 501 502 /* name->display_name */ 503 err = gssx_dec_buffer(xdr, &name->display_name); 504 if (err) 505 return err; 506 507 /* name->name_type */ 508 err = gssx_dec_buffer(xdr, &dummy_netobj); 509 if (err) 510 return err; 511 512 /* name->exported_name */ 513 err = gssx_dec_buffer(xdr, &dummy_netobj); 514 if (err) 515 return err; 516 517 /* name->exported_composite_name */ 518 err = gssx_dec_buffer(xdr, &dummy_netobj); 519 if (err) 520 return err; 521 522 /* we assume we have no attributes for now, so simply consume them */ 523 /* name->name_attributes */ 524 err = dummy_dec_nameattr_array(xdr, &dummy_name_attr_array); 525 if (err) 526 return err; 527 528 /* we assume we have no options for now, so simply consume them */ 529 /* name->extensions */ 530 err = dummy_dec_opt_array(xdr, &dummy_option_array); 531 532 return err; 533 } 534 535 static int dummy_enc_credel_array(struct xdr_stream *xdr, 536 struct gssx_cred_element_array *cea) 537 { 538 __be32 *p; 539 540 if (cea->count != 0) 541 return -EINVAL; 542 543 p = xdr_reserve_space(xdr, 4); 544 if (!p) 545 return -ENOSPC; 546 *p = 0; 547 548 return 0; 549 } 550 551 static int gssx_enc_cred(struct xdr_stream *xdr, 552 struct gssx_cred *cred) 553 { 554 int err; 555 556 /* cred->desired_name */ 557 err = gssx_enc_name(xdr, &cred->desired_name); 558 if (err) 559 return err; 560 561 /* cred->elements */ 562 err = dummy_enc_credel_array(xdr, &cred->elements); 563 if (err) 564 return err; 565 566 /* cred->cred_handle_reference */ 567 err = gssx_enc_buffer(xdr, &cred->cred_handle_reference); 568 if (err) 569 return err; 570 571 /* cred->needs_release */ 572 err = gssx_enc_bool(xdr, cred->needs_release); 573 574 return err; 575 } 576 577 static int gssx_enc_ctx(struct xdr_stream *xdr, 578 struct gssx_ctx *ctx) 579 { 580 __be32 *p; 581 int err; 582 583 /* ctx->exported_context_token */ 584 err = gssx_enc_buffer(xdr, &ctx->exported_context_token); 585 if (err) 586 return err; 587 588 /* ctx->state */ 589 err = gssx_enc_buffer(xdr, &ctx->state); 590 if (err) 591 return err; 592 593 /* ctx->need_release */ 594 err = gssx_enc_bool(xdr, ctx->need_release); 595 if (err) 596 return err; 597 598 /* ctx->mech */ 599 err = gssx_enc_buffer(xdr, &ctx->mech); 600 if (err) 601 return err; 602 603 /* ctx->src_name */ 604 err = gssx_enc_name(xdr, &ctx->src_name); 605 if (err) 606 return err; 607 608 /* ctx->targ_name */ 609 err = gssx_enc_name(xdr, &ctx->targ_name); 610 if (err) 611 return err; 612 613 /* ctx->lifetime */ 614 p = xdr_reserve_space(xdr, 8+8); 615 if (!p) 616 return -ENOSPC; 617 p = xdr_encode_hyper(p, ctx->lifetime); 618 619 /* ctx->ctx_flags */ 620 p = xdr_encode_hyper(p, ctx->ctx_flags); 621 622 /* ctx->locally_initiated */ 623 err = gssx_enc_bool(xdr, ctx->locally_initiated); 624 if (err) 625 return err; 626 627 /* ctx->open */ 628 err = gssx_enc_bool(xdr, ctx->open); 629 if (err) 630 return err; 631 632 /* leave options empty for now, will add once we have any options 633 * to pass up at all */ 634 /* ctx->options */ 635 err = dummy_enc_opt_array(xdr, &ctx->options); 636 637 return err; 638 } 639 640 static int gssx_dec_ctx(struct xdr_stream *xdr, 641 struct gssx_ctx *ctx) 642 { 643 __be32 *p; 644 int err; 645 646 /* ctx->exported_context_token */ 647 err = gssx_dec_buffer(xdr, &ctx->exported_context_token); 648 if (err) 649 return err; 650 651 /* ctx->state */ 652 err = gssx_dec_buffer(xdr, &ctx->state); 653 if (err) 654 return err; 655 656 /* ctx->need_release */ 657 err = gssx_dec_bool(xdr, &ctx->need_release); 658 if (err) 659 return err; 660 661 /* ctx->mech */ 662 err = gssx_dec_buffer(xdr, &ctx->mech); 663 if (err) 664 return err; 665 666 /* ctx->src_name */ 667 err = gssx_dec_name(xdr, &ctx->src_name); 668 if (err) 669 return err; 670 671 /* ctx->targ_name */ 672 err = gssx_dec_name(xdr, &ctx->targ_name); 673 if (err) 674 return err; 675 676 /* ctx->lifetime */ 677 p = xdr_inline_decode(xdr, 8+8); 678 if (unlikely(p == NULL)) 679 return -ENOSPC; 680 p = xdr_decode_hyper(p, &ctx->lifetime); 681 682 /* ctx->ctx_flags */ 683 p = xdr_decode_hyper(p, &ctx->ctx_flags); 684 685 /* ctx->locally_initiated */ 686 err = gssx_dec_bool(xdr, &ctx->locally_initiated); 687 if (err) 688 return err; 689 690 /* ctx->open */ 691 err = gssx_dec_bool(xdr, &ctx->open); 692 if (err) 693 return err; 694 695 /* we assume we have no options for now, so simply consume them */ 696 /* ctx->options */ 697 err = dummy_dec_opt_array(xdr, &ctx->options); 698 699 return err; 700 } 701 702 static int gssx_enc_cb(struct xdr_stream *xdr, struct gssx_cb *cb) 703 { 704 __be32 *p; 705 int err; 706 707 /* cb->initiator_addrtype */ 708 p = xdr_reserve_space(xdr, 8); 709 if (!p) 710 return -ENOSPC; 711 p = xdr_encode_hyper(p, cb->initiator_addrtype); 712 713 /* cb->initiator_address */ 714 err = gssx_enc_buffer(xdr, &cb->initiator_address); 715 if (err) 716 return err; 717 718 /* cb->acceptor_addrtype */ 719 p = xdr_reserve_space(xdr, 8); 720 if (!p) 721 return -ENOSPC; 722 p = xdr_encode_hyper(p, cb->acceptor_addrtype); 723 724 /* cb->acceptor_address */ 725 err = gssx_enc_buffer(xdr, &cb->acceptor_address); 726 if (err) 727 return err; 728 729 /* cb->application_data */ 730 err = gssx_enc_buffer(xdr, &cb->application_data); 731 732 return err; 733 } 734 735 void gssx_enc_accept_sec_context(struct rpc_rqst *req, 736 struct xdr_stream *xdr, 737 const void *data) 738 { 739 const struct gssx_arg_accept_sec_context *arg = data; 740 int err; 741 742 err = gssx_enc_call_ctx(xdr, &arg->call_ctx); 743 if (err) 744 goto done; 745 746 /* arg->context_handle */ 747 if (arg->context_handle) 748 err = gssx_enc_ctx(xdr, arg->context_handle); 749 else 750 err = gssx_enc_bool(xdr, 0); 751 if (err) 752 goto done; 753 754 /* arg->cred_handle */ 755 if (arg->cred_handle) 756 err = gssx_enc_cred(xdr, arg->cred_handle); 757 else 758 err = gssx_enc_bool(xdr, 0); 759 if (err) 760 goto done; 761 762 /* arg->input_token */ 763 err = gssx_enc_in_token(xdr, &arg->input_token); 764 if (err) 765 goto done; 766 767 /* arg->input_cb */ 768 if (arg->input_cb) 769 err = gssx_enc_cb(xdr, arg->input_cb); 770 else 771 err = gssx_enc_bool(xdr, 0); 772 if (err) 773 goto done; 774 775 err = gssx_enc_bool(xdr, arg->ret_deleg_cred); 776 if (err) 777 goto done; 778 779 /* leave options empty for now, will add once we have any options 780 * to pass up at all */ 781 /* arg->options */ 782 err = dummy_enc_opt_array(xdr, &arg->options); 783 784 xdr_inline_pages(&req->rq_rcv_buf, 785 PAGE_SIZE/2 /* pretty arbitrary */, 786 arg->pages, 0 /* page base */, arg->npages * PAGE_SIZE); 787 req->rq_rcv_buf.flags |= XDRBUF_SPARSE_PAGES; 788 done: 789 if (err) 790 dprintk("RPC: gssx_enc_accept_sec_context: %d\n", err); 791 } 792 793 int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, 794 struct xdr_stream *xdr, 795 void *data) 796 { 797 struct gssx_res_accept_sec_context *res = data; 798 u32 value_follows; 799 int err; 800 struct page *scratch; 801 802 scratch = alloc_page(GFP_KERNEL); 803 if (!scratch) 804 return -ENOMEM; 805 xdr_set_scratch_buffer(xdr, page_address(scratch), PAGE_SIZE); 806 807 /* res->status */ 808 err = gssx_dec_status(xdr, &res->status); 809 if (err) 810 goto out_free; 811 812 /* res->context_handle */ 813 err = gssx_dec_bool(xdr, &value_follows); 814 if (err) 815 goto out_free; 816 if (value_follows) { 817 err = gssx_dec_ctx(xdr, res->context_handle); 818 if (err) 819 goto out_free; 820 } else { 821 res->context_handle = NULL; 822 } 823 824 /* res->output_token */ 825 err = gssx_dec_bool(xdr, &value_follows); 826 if (err) 827 goto out_free; 828 if (value_follows) { 829 err = gssx_dec_buffer(xdr, res->output_token); 830 if (err) 831 goto out_free; 832 } else { 833 res->output_token = NULL; 834 } 835 836 /* res->delegated_cred_handle */ 837 err = gssx_dec_bool(xdr, &value_follows); 838 if (err) 839 goto out_free; 840 if (value_follows) { 841 /* we do not support upcall servers sending this data. */ 842 err = -EINVAL; 843 goto out_free; 844 } 845 846 /* res->options */ 847 err = gssx_dec_option_array(xdr, &res->options); 848 849 out_free: 850 __free_page(scratch); 851 return err; 852 } 853