lib/librpcsec_gss/svc_rpcsec_gss.c

94380Sdfr/*-
94380Sdfr * Copyright (c) 2008 Doug Rabson
94380Sdfr * All rights reserved.
94380Sdfr *
94380Sdfr * Redistribution and use in source and binary forms, with or without
94380Sdfr * modification, are permitted provided that the following conditions
94380Sdfr * are met:
119332Speter * 1. Redistributions of source code must retain the above copyright
119332Speter *    notice, this list of conditions and the following disclaimer.
94380Sdfr * 2. Redistributions in binary form must reproduce the above copyright
94380Sdfr *    notice, this list of conditions and the following disclaimer in the
94380Sdfr *    documentation and/or other materials provided with the distribution.
177613Sjhb *
227776Slstewart * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
164199Sru * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
113989Sjhb * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
255658Sjilles * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
113989Sjhb * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
161330Sjhb * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
161330Sjhb * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
94380Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
94380Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
94380Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
94380Sdfr * SUCH DAMAGE.
94380Sdfr *
94380Sdfr *	$FreeBSD$
94380Sdfr */
94380Sdfr/*
94380Sdfr  svc_rpcsec_gss.c
94380Sdfr
94380Sdfr  Copyright (c) 2000 The Regents of the University of Michigan.
94380Sdfr  All rights reserved.
94380Sdfr
94380Sdfr  Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
94380Sdfr  All rights reserved, all wrongs reversed.
232449Sjmallett
205014Snwhitehorn  Redistribution and use in source and binary forms, with or without
205014Snwhitehorn  modification, are permitted provided that the following conditions
119332Speter  are met:
94380Sdfr
94380Sdfr  1. Redistributions of source code must retain the above copyright
94380Sdfr     notice, this list of conditions and the following disclaimer.
100385Speter  2. Redistributions in binary form must reproduce the above copyright
94380Sdfr     notice, this list of conditions and the following disclaimer in the
151360Sps     documentation and/or other materials provided with the distribution.
151360Sps  3. Neither the name of the University nor the names of its
151360Sps     contributors may be used to endorse or promote products derived
151360Sps     from this software without specific prior written permission.
151360Sps
151360Sps  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
151360Sps  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
151360Sps  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
151360Sps  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
151360Sps  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
151360Sps  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
151360Sps  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
236027Sed  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
236027Sed  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
151360Sps  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
236027Sed  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
236027Sed
151360Sps  $Id: svc_auth_gss.c,v 1.27 2002/01/15 15:43:00 andros Exp $
151721Speter */
151583Sps
151583Sps#include <stdio.h>
119332Speter#include <stdlib.h>
100385Speter#include <string.h>
100385Speter#include <pwd.h>
94380Sdfr#include <grp.h>
183271Sobrien#include <errno.h>
183271Sobrien#include <unistd.h>
183271Sobrien#include <sys/queue.h>
183271Sobrien#include <rpc/rpc.h>
183271Sobrien#include <rpc/rpcsec_gss.h>
119332Speter#include "rpcsec_gss_int.h"
94380Sdfr
236027Sedstatic bool_t	svc_rpc_gss_initialised = FALSE;
236027Sed
94380Sdfrstatic bool_t   svc_rpc_gss_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
226349Smarcelstatic bool_t   svc_rpc_gss_unwrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
226349Smarcelstatic enum auth_stat svc_rpc_gss(struct svc_req *, struct rpc_msg *);
226349Smarcel
226349Smarcelstatic struct svc_auth_ops svc_auth_gss_ops = {
226349Smarcel	svc_rpc_gss_wrap,
119332Speter	svc_rpc_gss_unwrap,
94380Sdfr};
100385Speter
100385Speterstruct svc_rpc_gss_callback {
94380Sdfr	SLIST_ENTRY(svc_rpc_gss_callback) cb_link;
125171Speter	rpc_gss_callback_t	cb_callback;
125171Speter};
125171Speterstatic SLIST_HEAD(svc_rpc_gss_callback_list, svc_rpc_gss_callback)
125171Speter	svc_rpc_gss_callbacks = SLIST_HEAD_INITIALIZER(svc_rpc_gss_callbacks);
271011Skib
271011Skibstruct svc_rpc_gss_svc_name {
271011Skib	SLIST_ENTRY(svc_rpc_gss_svc_name) sn_link;
271011Skib	char			*sn_principal;
271011Skib	gss_OID			sn_mech;
119332Speter	u_int			sn_req_time;
94380Sdfr	gss_cred_id_t		sn_cred;
94380Sdfr	u_int			sn_program;
94380Sdfr	u_int			sn_version;
94380Sdfr};
100385Speterstatic SLIST_HEAD(svc_rpc_gss_svc_name_list, svc_rpc_gss_svc_name)
94380Sdfr	svc_rpc_gss_svc_names = SLIST_HEAD_INITIALIZER(svc_rpc_gss_svc_names);
119332Speter
100385Speterenum svc_rpc_gss_client_state {
94380Sdfr	CLIENT_NEW,				/* still authenticating */
94380Sdfr	CLIENT_ESTABLISHED,			/* context established */
119332Speter	CLIENT_STALE				/* garbage to collect */
94380Sdfr};
100385Speter
94380Sdfr#define SVC_RPC_GSS_SEQWINDOW	128
119332Speter
94380Sdfrstruct svc_rpc_gss_client {
100385Speter	TAILQ_ENTRY(svc_rpc_gss_client) cl_link;
94380Sdfr	TAILQ_ENTRY(svc_rpc_gss_client) cl_alllink;
94380Sdfr	uint32_t		cl_id;
119332Speter	time_t			cl_expiration;	/* when to gc */
94380Sdfr	enum svc_rpc_gss_client_state cl_state;	/* client state */
100385Speter	bool_t			cl_locked;	/* fixed service+qop */
94380Sdfr	gss_ctx_id_t		cl_ctx;		/* context id */
94380Sdfr	gss_cred_id_t		cl_creds;	/* delegated creds */
119332Speter	gss_name_t		cl_cname;	/* client name */
100385Speter	struct svc_rpc_gss_svc_name *cl_sname;	/* server name used */
94380Sdfr	rpc_gss_rawcred_t	cl_rawcred;	/* raw credentials */
94380Sdfr	rpc_gss_ucred_t		cl_ucred;	/* unix-style credentials */
119332Speter	bool_t			cl_done_callback; /* TRUE after call */
94380Sdfr	void			*cl_cookie;	/* user cookie from callback */
100385Speter	gid_t			cl_gid_storage[NGRPS];
94380Sdfr	gss_OID			cl_mech;	/* mechanism */
119332Speter	gss_qop_t		cl_qop;		/* quality of protection */
100385Speter	u_int			cl_seq;		/* current sequence number */
100385Speter	u_int			cl_win;		/* sequence window size */
94380Sdfr	u_int			cl_seqlast;	/* sequence window origin */
190622Skib	uint32_t		cl_seqmask[SVC_RPC_GSS_SEQWINDOW/32]; /* bitmask of seqnums */
190622Skib	gss_buffer_desc		cl_verf;	/* buffer for verf checksum */
190622Skib};
190622SkibTAILQ_HEAD(svc_rpc_gss_client_list, svc_rpc_gss_client);
119332Speter
94380Sdfr#define CLIENT_HASH_SIZE	256
94380Sdfr#define CLIENT_MAX		128
94380Sdfrstatic struct svc_rpc_gss_client_list svc_rpc_gss_client_hash[CLIENT_HASH_SIZE];
94380Sdfrstatic struct svc_rpc_gss_client_list svc_rpc_gss_clients;
94380Sdfrstatic size_t svc_rpc_gss_client_count;
94380Sdfrstatic uint32_t svc_rpc_gss_next_clientid = 1;
119332Speter
94380Sdfr#ifdef __GNUC__
94380Sdfrstatic void svc_rpc_gss_init(void) __attribute__ ((constructor));
94380Sdfr#endif
94380Sdfr
94380Sdfrstatic void
94380Sdfrsvc_rpc_gss_init(void)
94380Sdfr{
119332Speter	int i;
157286Sps
157286Sps	if (!svc_rpc_gss_initialised) {
157286Sps		for (i = 0; i < CLIENT_HASH_SIZE; i++)
157286Sps			TAILQ_INIT(&svc_rpc_gss_client_hash[i]);
94380Sdfr		TAILQ_INIT(&svc_rpc_gss_clients);
119332Speter		svc_auth_reg(RPCSEC_GSS, svc_rpc_gss);
94380Sdfr		svc_rpc_gss_initialised = TRUE;
100385Speter	}
94380Sdfr}
119332Speter
94380Sdfrbool_t
100385Speterrpc_gss_set_callback(rpc_gss_callback_t *cb)
94380Sdfr{
119332Speter	struct svc_rpc_gss_callback *scb;
94380Sdfr
100385Speter	scb = mem_alloc(sizeof(struct svc_rpc_gss_callback));
94380Sdfr	if (!scb) {
184184Sjhb		_rpc_gss_set_error(RPC_GSS_ER_SYSTEMERROR, ENOMEM);
184184Sjhb		return (FALSE);
184184Sjhb	}
184184Sjhb	scb->cb_callback = *cb;
184184Sjhb	SLIST_INSERT_HEAD(&svc_rpc_gss_callbacks, scb, cb_link);
184184Sjhb
119332Speter	return (TRUE);
94380Sdfr}
94380Sdfr
94380Sdfrbool_t
236027Sedrpc_gss_set_svc_name(const char *principal, const char *mechanism,
94380Sdfr    u_int req_time, u_int program, u_int version)
236027Sed{
94380Sdfr	OM_uint32		maj_stat, min_stat;
154596Sambrisko	struct svc_rpc_gss_svc_name *sname;
154596Sambrisko	gss_buffer_desc		namebuf;
154596Sambrisko	gss_name_t		name;
154596Sambrisko	gss_OID			mech_oid;
165406Sjkim	gss_OID_set_desc	oid_set;
165406Sjkim	gss_cred_id_t		cred;
165406Sjkim
165406Sjkim	svc_rpc_gss_init();
165406Sjkim
165406Sjkim	if (!rpc_gss_mech_to_oid(mechanism, &mech_oid))
165406Sjkim		return (FALSE);
165406Sjkim	oid_set.count = 1;
165406Sjkim	oid_set.elements = mech_oid;
165406Sjkim
165406Sjkim	namebuf.value = (void *)(intptr_t) principal;
165406Sjkim	namebuf.length = strlen(principal);
165406Sjkim
151358Sps	maj_stat = gss_import_name(&min_stat, &namebuf,
151358Sps				   GSS_C_NT_HOSTBASED_SERVICE, &name);
151358Sps	if (maj_stat != GSS_S_COMPLETE)
151358Sps		return (FALSE);
151358Sps
151358Sps	maj_stat = gss_acquire_cred(&min_stat, name,
151358Sps	    req_time, &oid_set, GSS_C_ACCEPT, &cred, NULL, NULL);
151358Sps	if (maj_stat != GSS_S_COMPLETE)
151358Sps		return (FALSE);
151358Sps
151358Sps	gss_release_name(&min_stat, &name);
151358Sps
253531Skib	sname = malloc(sizeof(struct svc_rpc_gss_svc_name));
253531Skib	if (!sname)
253531Skib		return (FALSE);
253531Skib	sname->sn_principal = strdup(principal);
253531Skib	sname->sn_mech = mech_oid;
253531Skib	sname->sn_req_time = req_time;
253531Skib	sname->sn_cred = cred;
253531Skib	sname->sn_program = program;
253531Skib	sname->sn_version = version;
253531Skib	SLIST_INSERT_HEAD(&svc_rpc_gss_svc_names, sname, sn_link);
253531Skib
253531Skib	return (TRUE);
253531Skib}
253531Skib
253531Skibbool_t
140481Spsrpc_gss_get_principal_name(rpc_gss_principal_t *principal,
151356Sps    const char *mech, const char *name, const char *node, const char *domain)
151356Sps{
140481Sps	OM_uint32		maj_stat, min_stat;
253495Skib	gss_OID			mech_oid;
253495Skib	size_t			namelen;
253495Skib	gss_buffer_desc		buf;
253495Skib	gss_name_t		gss_name, gss_mech_name;
253495Skib	rpc_gss_principal_t	result;
253495Skib
185879Sjhb	svc_rpc_gss_init();
185879Sjhb
185879Sjhb	if (!rpc_gss_mech_to_oid(mech, &mech_oid))
185879Sjhb		return (FALSE);
185879Sjhb
185879Sjhb	/*
185879Sjhb	 * Construct a gss_buffer containing the full name formatted
185879Sjhb	 * as "name/node@domain" where node and domain are optional.
185879Sjhb	 */
185879Sjhb	namelen = strlen(name);
253531Skib	if (node) {
185879Sjhb		namelen += strlen(node) + 1;
154587Sambrisko	}
154587Sambrisko	if (domain) {
154587Sambrisko		namelen += strlen(domain) + 1;
154587Sambrisko	}
147814Sjhb
147814Sjhb	buf.value = mem_alloc(namelen);
147814Sjhb	buf.length = namelen;
147814Sjhb	strcpy((char *) buf.value, name);
236027Sed	if (node) {
236027Sed		strcat((char *) buf.value, "/");
147814Sjhb		strcat((char *) buf.value, node);
147814Sjhb	}
147814Sjhb	if (domain) {
147814Sjhb		strcat((char *) buf.value, "@");
147814Sjhb		strcat((char *) buf.value, domain);
236027Sed	}
236027Sed
147814Sjhb	/*
140482Sps	 * Convert that to a gss_name_t and then convert that to a
140482Sps	 * mechanism name in the selected mechanism.
140482Sps	 */
140482Sps	maj_stat = gss_import_name(&min_stat, &buf,
220159Skib	    GSS_C_NT_USER_NAME, &gss_name);
220159Skib	mem_free(buf.value, buf.length);
220159Skib	if (maj_stat != GSS_S_COMPLETE) {
220159Skib		log_status("gss_import_name", mech_oid, maj_stat, min_stat);
185879Sjhb		return (FALSE);
185879Sjhb	}
185879Sjhb	maj_stat = gss_canonicalize_name(&min_stat, gss_name, mech_oid,
185879Sjhb	    &gss_mech_name);
185879Sjhb	if (maj_stat != GSS_S_COMPLETE) {
185879Sjhb		log_status("gss_canonicalize_name", mech_oid, maj_stat,
185879Sjhb		    min_stat);
185879Sjhb		gss_release_name(&min_stat, &gss_name);
185879Sjhb		return (FALSE);
185879Sjhb	}
185879Sjhb	gss_release_name(&min_stat, &gss_name);
185879Sjhb
185879Sjhb	/*
185879Sjhb	 * Export the mechanism name and use that to construct the
185879Sjhb	 * rpc_gss_principal_t result.
185879Sjhb	 */
185879Sjhb	maj_stat = gss_export_name(&min_stat, gss_mech_name, &buf);
185879Sjhb	if (maj_stat != GSS_S_COMPLETE) {
185879Sjhb		log_status("gss_export_name", mech_oid, maj_stat, min_stat);
185879Sjhb		gss_release_name(&min_stat, &gss_mech_name);
185879Sjhb		return (FALSE);
185879Sjhb	}
185879Sjhb	gss_release_name(&min_stat, &gss_mech_name);
185879Sjhb
185879Sjhb	result = mem_alloc(sizeof(int) + buf.length);
185879Sjhb	if (!result) {
185879Sjhb		gss_release_buffer(&min_stat, &buf);
185436Sbz		return (FALSE);
185436Sbz	}
185436Sbz	result->len = buf.length;
163020Sdavidxu	memcpy(result->name, buf.value, buf.length);
163020Sdavidxu	gss_release_buffer(&min_stat, &buf);
163020Sdavidxu
163020Sdavidxu	*principal = result;
163020Sdavidxu	return (TRUE);
163020Sdavidxu}
163020Sdavidxu
163020Sdavidxubool_t
163020Sdavidxurpc_gss_getcred(struct svc_req *req, rpc_gss_rawcred_t **rcred,
185879Sjhb    rpc_gss_ucred_t **ucred, void **cookie)
185879Sjhb{
185879Sjhb	struct svc_rpc_gss_client *client;
185879Sjhb
119332Speter	if (req->rq_cred.oa_flavor != RPCSEC_GSS)
114988Speter		return (FALSE);
142874Sps
114988Speter	client = req->rq_clntcred;
142874Sps	if (rcred)
114988Speter		*rcred = &client->cl_rawcred;
142874Sps	if (ucred)
104739Speter		*ucred = &client->cl_ucred;
183189Sobrien	if (cookie)
183189Sobrien		*cookie = client->cl_cookie;
183189Sobrien	return (TRUE);
183189Sobrien}
183189Sobrien
119332Speterint
94380Sdfrrpc_gss_svc_max_data_length(struct svc_req *req, int max_tp_unit_len)
94380Sdfr{
236027Sed	struct svc_rpc_gss_client *client = req->rq_clntcred;
236027Sed	int			want_conf;
94380Sdfr	OM_uint32		max;
156115Sps	OM_uint32		maj_stat, min_stat;
94380Sdfr	int			result;
94380Sdfr
94380Sdfr	switch (client->cl_rawcred.service) {
205328Skib	case rpc_gss_svc_none:
205328Skib		return (max_tp_unit_len);
205328Skib		break;
205328Skib
205328Skib	case rpc_gss_svc_default:
205328Skib	case rpc_gss_svc_integrity:
205328Skib		want_conf = FALSE;
205328Skib		break;
205328Skib
205328Skib	case rpc_gss_svc_privacy:
205328Skib		want_conf = TRUE;
119332Speter		break;
114988Speter
114988Speter	default:
114988Speter		return (0);
114988Speter	}
119332Speter
119332Speter	maj_stat = gss_wrap_size_limit(&min_stat, client->cl_ctx, want_conf,
119194Speter	    client->cl_qop, max_tp_unit_len, &max);
150632Speter
150632Speter	if (maj_stat == GSS_S_COMPLETE) {
150632Speter		result = (int) max;
150632Speter		if (result < 0)
150632Speter			result = 0;
150632Speter		return (result);
150632Speter	} else {
150632Speter		log_status("gss_wrap_size_limit", client->cl_mech,
150632Speter		    maj_stat, min_stat);
150632Speter		return (0);
163047Sdavidxu	}
163047Sdavidxu}
163047Sdavidxu
163047Sdavidxustatic struct svc_rpc_gss_client *
163047Sdavidxusvc_rpc_gss_find_client(uint32_t clientid)
163047Sdavidxu{
205328Skib	struct svc_rpc_gss_client *client;
205328Skib	struct svc_rpc_gss_client_list *list;
205328Skib
205328Skib
162552Sdavidxu	log_debug("in svc_rpc_gss_find_client(%d)", clientid);
162552Sdavidxu
162552Sdavidxu	list = &svc_rpc_gss_client_hash[clientid % CLIENT_HASH_SIZE];
162537Sdavidxu	TAILQ_FOREACH(client, list, cl_link) {
162537Sdavidxu		if (client->cl_id == clientid) {
162537Sdavidxu			/*
163451Sdavidxu			 * Move this client to the front of the LRU
162537Sdavidxu			 * list.
162537Sdavidxu			 */
162537Sdavidxu			TAILQ_REMOVE(&svc_rpc_gss_clients, client, cl_alllink);
162552Sdavidxu			TAILQ_INSERT_HEAD(&svc_rpc_gss_clients, client,
162552Sdavidxu			    cl_alllink);
162552Sdavidxu			return client;
162552Sdavidxu		}
318323Sbrooks	}
318323Sbrooks
318323Sbrooks	return (NULL);
318323Sbrooks}
318323Sbrooks
205328Skibstatic struct svc_rpc_gss_client *
205328Skibsvc_rpc_gss_create_client(void)
205328Skib{
205328Skib	struct svc_rpc_gss_client *client;
205328Skib	struct svc_rpc_gss_client_list *list;
205328Skib
205328Skib	log_debug("in svc_rpc_gss_create_client()");
205328Skib
205328Skib	client = mem_alloc(sizeof(struct svc_rpc_gss_client));
205328Skib	memset(client, 0, sizeof(struct svc_rpc_gss_client));
205328Skib	client->cl_id = svc_rpc_gss_next_clientid++;
205328Skib	list = &svc_rpc_gss_client_hash[client->cl_id % CLIENT_HASH_SIZE];
205328Skib	TAILQ_INSERT_HEAD(list, client, cl_link);
205328Skib	TAILQ_INSERT_HEAD(&svc_rpc_gss_clients, client, cl_alllink);
205328Skib
205328Skib	/*
205328Skib	 * Start the client off with a short expiration time. We will
205328Skib	 * try to get a saner value from the client creds later.
205328Skib	 */
205328Skib	client->cl_state = CLIENT_NEW;
205328Skib	client->cl_locked = FALSE;
205328Skib	client->cl_expiration = time(0) + 5*60;
205328Skib	svc_rpc_gss_client_count++;
205328Skib
205328Skib	return (client);
253531Skib}
253531Skib
253531Skibstatic void
253531Skibsvc_rpc_gss_destroy_client(struct svc_rpc_gss_client *client)
185879Sjhb{
185879Sjhb	struct svc_rpc_gss_client_list *list;
185879Sjhb	OM_uint32 min_stat;
185879Sjhb
205014Snwhitehorn	log_debug("in svc_rpc_gss_destroy_client()");
171214Speter
171214Speter	if (client->cl_ctx)
171214Speter		gss_delete_sec_context(&min_stat,
171214Speter		    &client->cl_ctx, GSS_C_NO_BUFFER);
205014Snwhitehorn
236027Sed	if (client->cl_cname)
236027Sed		gss_release_name(&min_stat, &client->cl_cname);
171214Speter
171214Speter	if (client->cl_rawcred.client_principal)
171214Speter		mem_free(client->cl_rawcred.client_principal,
171214Speter		    sizeof(*client->cl_rawcred.client_principal)
171214Speter		    + client->cl_rawcred.client_principal->len);
205014Snwhitehorn
236027Sed	if (client->cl_verf.value)
236027Sed		gss_release_buffer(&min_stat, &client->cl_verf);
171214Speter
171214Speter	list = &svc_rpc_gss_client_hash[client->cl_id % CLIENT_HASH_SIZE];
171214Speter	TAILQ_REMOVE(list, client, cl_link);
171214Speter	TAILQ_REMOVE(&svc_rpc_gss_clients, client, cl_alllink);
171214Speter	svc_rpc_gss_client_count--;
171214Speter	mem_free(client, sizeof(*client));
171214Speter}
205014Snwhitehorn
236027Sedstatic void
236027Sedsvc_rpc_gss_timeout_clients(void)
171214Speter{
171214Speter	struct svc_rpc_gss_client *client;
171214Speter	struct svc_rpc_gss_client *nclient;
205014Snwhitehorn	time_t now = time(0);
236027Sed
236027Sed	log_debug("in svc_rpc_gss_timeout_clients()");
171214Speter	/*
171214Speter	 * First enforce the max client limit. We keep
171214Speter	 * svc_rpc_gss_clients in LRU order.
171214Speter	 */
205014Snwhitehorn	while (svc_rpc_gss_client_count > CLIENT_MAX)
236027Sed		svc_rpc_gss_destroy_client(TAILQ_LAST(&svc_rpc_gss_clients,
236027Sed			    svc_rpc_gss_client_list));
171214Speter	TAILQ_FOREACH_SAFE(client, &svc_rpc_gss_clients, cl_alllink, nclient) {
171214Speter		if (client->cl_state == CLIENT_STALE
171214Speter		    || now > client->cl_expiration) {
205014Snwhitehorn			log_debug("expiring client %p", client);
236027Sed			svc_rpc_gss_destroy_client(client);
236027Sed		}
171214Speter	}
205014Snwhitehorn}
205014Snwhitehorn
205014Snwhitehorn#ifdef DEBUG
205014Snwhitehorn/*
205014Snwhitehorn * OID<->string routines.  These are uuuuugly.
236027Sed */
236027Sedstatic OM_uint32
205014Snwhitehorngss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
205014Snwhitehorn{
205014Snwhitehorn	char		numstr[128];
205014Snwhitehorn	unsigned long	number;
205014Snwhitehorn	int		numshift;
236027Sed	size_t		string_length;
236027Sed	size_t		i;
205014Snwhitehorn	unsigned char	*cp;
205014Snwhitehorn	char		*bp;
205014Snwhitehorn
205014Snwhitehorn	/* Decoded according to krb5/gssapi_krb5.c */
205014Snwhitehorn
205014Snwhitehorn	/* First determine the size of the string */
205014Snwhitehorn	string_length = 0;
236027Sed	number = 0;
236027Sed	numshift = 0;
205014Snwhitehorn	cp = (unsigned char *) oid->elements;
205014Snwhitehorn	number = (unsigned long) cp[0];
205014Snwhitehorn	sprintf(numstr, "%ld ", number/40);
236027Sed	string_length += strlen(numstr);
236027Sed	sprintf(numstr, "%ld ", number%40);
205014Snwhitehorn	string_length += strlen(numstr);
205014Snwhitehorn	for (i=1; i<oid->length; i++) {
205014Snwhitehorn		if ( (size_t) (numshift+7) < (sizeof(unsigned long)*8)) {
205014Snwhitehorn			number = (number << 7) | (cp[i] & 0x7f);
236027Sed			numshift += 7;
236027Sed		}
205014Snwhitehorn		else {
205014Snwhitehorn			*minor_status = 0;
205014Snwhitehorn			return(GSS_S_FAILURE);
236027Sed		}
236027Sed		if ((cp[i] & 0x80) == 0) {
205014Snwhitehorn			sprintf(numstr, "%ld ", number);
205014Snwhitehorn			string_length += strlen(numstr);
205014Snwhitehorn			number = 0;
180434Sbrooks			numshift = 0;
180434Sbrooks		}
205014Snwhitehorn	}
236027Sed	/*
236027Sed	 * If we get here, we've calculated the length of "n n n ... n ".  Add 4
180434Sbrooks	 * here for "{ " and "}\0".
180434Sbrooks	 */
205014Snwhitehorn	string_length += 4;
205014Snwhitehorn	if ((bp = (char *) mem_alloc(string_length))) {
205014Snwhitehorn		strcpy(bp, "{ ");
236027Sed		number = (unsigned long) cp[0];
236027Sed		sprintf(numstr, "%ld ", number/40);
205014Snwhitehorn		strcat(bp, numstr);
205014Snwhitehorn		sprintf(numstr, "%ld ", number%40);
205014Snwhitehorn		strcat(bp, numstr);
180434Sbrooks		number = 0;
180434Sbrooks		cp = (unsigned char *) oid->elements;
180434Sbrooks		for (i=1; i<oid->length; i++) {
236027Sed			number = (number << 7) | (cp[i] & 0x7f);
236027Sed			if ((cp[i] & 0x80) == 0) {
180434Sbrooks				sprintf(numstr, "%ld ", number);
180434Sbrooks				strcat(bp, numstr);
180434Sbrooks				number = 0;
180434Sbrooks			}
180434Sbrooks		}
236027Sed		strcat(bp, "}");
236027Sed		oid_str->length = strlen(bp)+1;
180434Sbrooks		oid_str->value = (void *) bp;
180434Sbrooks		*minor_status = 0;
180434Sbrooks		return(GSS_S_COMPLETE);
180434Sbrooks	}
180434Sbrooks	*minor_status = 0;
180434Sbrooks	return(GSS_S_FAILURE);
236027Sed}
236027Sed#endif
180434Sbrooks
180434Sbrooksstatic void
180434Sbrookssvc_rpc_gss_build_ucred(struct svc_rpc_gss_client *client,
177790Skib    const gss_name_t name)
177790Skib{
236027Sed	OM_uint32		maj_stat, min_stat;
236027Sed	char			buf[128];
177790Skib	uid_t			uid;
177790Skib	struct passwd		pwd, *pw;
177790Skib	rpc_gss_ucred_t		*uc = &client->cl_ucred;
177790Skib
177790Skib	uc->uid = 65534;
177790Skib	uc->gid = 65534;
177790Skib	uc->gidlen = 0;
177790Skib	uc->gidlist = client->cl_gid_storage;
177790Skib
177790Skib	maj_stat = gss_pname_to_uid(&min_stat, name, client->cl_mech, &uid);
177790Skib	if (maj_stat != GSS_S_COMPLETE)
177790Skib		return;
191675Sjamie
191675Sjamie	getpwuid_r(uid, &pwd, buf, sizeof(buf), &pw);
191675Sjamie	if (pw) {
191675Sjamie		int len = NGRPS;
191675Sjamie		uc->uid = pw->pw_uid;
191675Sjamie		uc->gid = pw->pw_gid;
191675Sjamie		uc->gidlist = client->cl_gid_storage;
191675Sjamie		getgrouplist(pw->pw_name, pw->pw_gid, uc->gidlist, &len);
191675Sjamie		uc->gidlen = len;
191675Sjamie	}
194919Sjhb}
194919Sjhb
194919Sjhbstatic bool_t
194919Sjhbsvc_rpc_gss_accept_sec_context(struct svc_rpc_gss_client *client,
194919Sjhb			       struct svc_req *rqst,
194919Sjhb			       struct rpc_gss_init_res *gr,
194919Sjhb			       struct rpc_gss_cred *gc)
194919Sjhb{
194919Sjhb	gss_buffer_desc		recv_tok;
194919Sjhb	gss_OID			mech;
194919Sjhb	OM_uint32		maj_stat = 0, min_stat = 0, ret_flags;
194919Sjhb	OM_uint32		cred_lifetime;
194919Sjhb	struct svc_rpc_gss_svc_name *sname;
194919Sjhb
194919Sjhb	log_debug("in svc_rpc_gss_accept_context()");
194919Sjhb
255658Sjilles	/* Deserialize arguments. */
255658Sjilles	memset(&recv_tok, 0, sizeof(recv_tok));
255658Sjilles
198512Skib	if (!svc_getargs(rqst->rq_xprt,
198512Skib		(xdrproc_t) xdr_gss_buffer_desc,
198512Skib		(caddr_t) &recv_tok)) {
198512Skib		client->cl_state = CLIENT_STALE;
198512Skib		return (FALSE);
198512Skib	}
198512Skib
198512Skib	/*
250854Skib	 * First time round, try all the server names we have until
220792Smdf	 * one matches. Afterwards, stick with that one.
220792Smdf	 */
250854Skib	if (!client->cl_sname) {
226365Sjhb		SLIST_FOREACH(sname, &svc_rpc_gss_svc_names, sn_link) {
226365Sjhb			if (sname->sn_program == rqst->rq_prog
226365Sjhb			    && sname->sn_version == rqst->rq_vers) {
226365Sjhb				gr->gr_major = gss_accept_sec_context(
220792Smdf					&gr->gr_minor,
227071Sjhb					&client->cl_ctx,
227071Sjhb					sname->sn_cred,
250854Skib					&recv_tok,
227071Sjhb					GSS_C_NO_CHANNEL_BINDINGS,
227071Sjhb					&client->cl_cname,
227071Sjhb					&mech,
227071Sjhb					&gr->gr_token,
227071Sjhb					&ret_flags,
227071Sjhb					&cred_lifetime,
242959Skib					&client->cl_creds);
242959Skib				if (gr->gr_major == GSS_S_COMPLETE
250854Skib				    || gr->gr_major == GSS_S_CONTINUE_NEEDED) {
250854Skib					client->cl_sname = sname;
250854Skib					break;
242959Skib				}
242959Skib				client->cl_sname = sname;
242959Skib				break;
242959Skib			}
242959Skib		}
250854Skib		if (!sname) {
250854Skib			xdr_free((xdrproc_t) xdr_gss_buffer_desc,
250854Skib			    (char *) &recv_tok);
250854Skib			return (FALSE);
250854Skib		}
250854Skib	} else {
250854Skib		gr->gr_major = gss_accept_sec_context(
250854Skib			&gr->gr_minor,
250854Skib			&client->cl_ctx,
250854Skib			client->cl_sname->sn_cred,
250854Skib			&recv_tok,
250854Skib			GSS_C_NO_CHANNEL_BINDINGS,
250854Skib			&client->cl_cname,
250854Skib			&mech,
250854Skib			&gr->gr_token,
250854Skib			&ret_flags,
250854Skib			&cred_lifetime,
250854Skib			NULL);
250854Skib	}
250854Skib
250854Skib	xdr_free((xdrproc_t) xdr_gss_buffer_desc, (char *) &recv_tok);
250854Skib
250854Skib	/*
250854Skib	 * If we get an error from gss_accept_sec_context, send the
250854Skib	 * reply anyway so that the client gets a chance to see what
250854Skib	 * is wrong.
254482Spjd	 */
254482Spjd	if (gr->gr_major != GSS_S_COMPLETE &&
254482Spjd	    gr->gr_major != GSS_S_CONTINUE_NEEDED) {
254482Spjd		log_status("accept_sec_context", client->cl_mech,
254482Spjd		    gr->gr_major, gr->gr_minor);
254482Spjd		client->cl_state = CLIENT_STALE;
254482Spjd		return (TRUE);
254482Spjd	}
254482Spjd
254482Spjd	gr->gr_handle.value = &client->cl_id;
251527Sglebius	gr->gr_handle.length = sizeof(client->cl_id);
251527Sglebius	gr->gr_win = SVC_RPC_GSS_SEQWINDOW;
251527Sglebius
255709Sjhb	/* Save client info. */
255709Sjhb	client->cl_mech = mech;
255709Sjhb	client->cl_qop = GSS_C_QOP_DEFAULT;
255709Sjhb	client->cl_seq = gc->gc_seq;
255709Sjhb	client->cl_win = gr->gr_win;
255709Sjhb	client->cl_done_callback = FALSE;
255709Sjhb
255709Sjhb	if (gr->gr_major == GSS_S_COMPLETE) {
255709Sjhb		gss_buffer_desc	export_name;
255709Sjhb
255709Sjhb		/*
255709Sjhb		 * Change client expiration time to be near when the
255709Sjhb		 * client creds expire (or 24 hours if we can't figure
255709Sjhb		 * that out).
255709Sjhb		 */
255709Sjhb		if (cred_lifetime == GSS_C_INDEFINITE)
255709Sjhb			cred_lifetime = time(0) + 24*60*60;
255709Sjhb
275987Sdchagin		client->cl_expiration = time(0) + cred_lifetime;
275987Sdchagin
275987Sdchagin		/*
275987Sdchagin		 * Fill in cred details in the rawcred structure.
275987Sdchagin		 */
275987Sdchagin		client->cl_rawcred.version = RPCSEC_GSS_VERSION;
293475Sdchagin		rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism);
293475Sdchagin		maj_stat = gss_export_name(&min_stat, client->cl_cname,
293475Sdchagin		    &export_name);
293475Sdchagin		if (maj_stat != GSS_S_COMPLETE) {
293475Sdchagin			log_status("gss_export_name", client->cl_mech,
293475Sdchagin			    maj_stat, min_stat);
293475Sdchagin			return (FALSE);
293475Sdchagin		}
293475Sdchagin		client->cl_rawcred.client_principal =
293475Sdchagin			mem_alloc(sizeof(*client->cl_rawcred.client_principal)
232449Sjmallett			    + export_name.length);
205014Snwhitehorn		client->cl_rawcred.client_principal->len = export_name.length;
205014Snwhitehorn		memcpy(client->cl_rawcred.client_principal->name,
119332Speter		    export_name.value, export_name.length);
151360Sps		gss_release_buffer(&min_stat, &export_name);
151360Sps		client->cl_rawcred.svc_principal =
151360Sps			client->cl_sname->sn_principal;
119332Speter		client->cl_rawcred.service = gc->gc_svc;
183271Sobrien
119332Speter		/*
226349Smarcel		 * Use gss_pname_to_uid to map to unix creds. For
119332Speter		 * kerberos5, this uses krb5_aname_to_localname.
125171Speter		 */
271011Skib		svc_rpc_gss_build_ucred(client, client->cl_cname);
119332Speter		gss_release_name(&min_stat, &client->cl_cname);
119332Speter
119332Speter#ifdef DEBUG
119332Speter		{
119332Speter			gss_buffer_desc mechname;
119332Speter
119332Speter			gss_oid_to_str(&min_stat, mech, &mechname);
119332Speter
190622Skib			log_debug("accepted context for %s with "
119332Speter			    "<mech %.*s, qop %d, svc %d>",
119332Speter			    client->cl_rawcred.client_principal->name,
119332Speter			    mechname.length, (char *)mechname.value,
119332Speter			    client->cl_qop, client->rawcred.service);
119332Speter
119332Speter			gss_release_buffer(&min_stat, &mechname);
184184Sjhb		}
119332Speter#endif /* DEBUG */
154596Sambrisko	}
165406Sjkim	return (TRUE);
165406Sjkim}
151358Sps
151358Spsstatic bool_t
151358Spssvc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg,
253531Skib	gss_qop_t *qop)
253531Skib{
253531Skib	struct opaque_auth	*oa;
140481Sps	gss_buffer_desc		 rpcbuf, checksum;
253495Skib	OM_uint32		 maj_stat, min_stat;
185879Sjhb	gss_qop_t		 qop_state;
185879Sjhb	int32_t			 rpchdr[128 / sizeof(int32_t)];
185879Sjhb	int32_t			*buf;
154587Sambrisko
147814Sjhb	log_debug("in svc_rpc_gss_validate()");
147814Sjhb
140482Sps	memset(rpchdr, 0, sizeof(rpchdr));
220159Skib
185879Sjhb	/* Reconstruct RPC header for signing (from xdr_callmsg). */
185879Sjhb	buf = rpchdr;
185879Sjhb	IXDR_PUT_LONG(buf, msg->rm_xid);
185879Sjhb	IXDR_PUT_ENUM(buf, msg->rm_direction);
185879Sjhb	IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers);
185879Sjhb	IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
185879Sjhb	IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
185436Sbz	IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
163020Sdavidxu	oa = &msg->rm_call.cb_cred;
163020Sdavidxu	IXDR_PUT_ENUM(buf, oa->oa_flavor);
185879Sjhb	IXDR_PUT_LONG(buf, oa->oa_length);
119332Speter	if (oa->oa_length) {
183189Sobrien		memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
119332Speter		buf += RNDUP(oa->oa_length) / sizeof(int32_t);
205328Skib	}
205328Skib	rpcbuf.value = rpchdr;
119332Speter	rpcbuf.length = (u_char *)buf - (u_char *)rpchdr;
119332Speter
150632Speter	checksum.value = msg->rm_call.cb_verf.oa_base;
150632Speter	checksum.length = msg->rm_call.cb_verf.oa_length;
150632Speter
163047Sdavidxu	maj_stat = gss_verify_mic(&min_stat, client->cl_ctx, &rpcbuf, &checksum,
163047Sdavidxu				  &qop_state);
205328Skib
162552Sdavidxu	if (maj_stat != GSS_S_COMPLETE) {
162537Sdavidxu		log_status("gss_verify_mic", client->cl_mech,
162552Sdavidxu		    maj_stat, min_stat);
318323Sbrooks		client->cl_state = CLIENT_STALE;
205328Skib		return (FALSE);
205328Skib	}
205328Skib	*qop = qop_state;
205328Skib	return (TRUE);
253531Skib}
185879Sjhb
205014Snwhitehornstatic bool_t
171214Spetersvc_rpc_gss_nextverf(struct svc_rpc_gss_client *client,
171214Speter    struct svc_req *rqst, u_int seq)
171214Speter{
171214Speter	gss_buffer_desc		signbuf;
171214Speter	OM_uint32		maj_stat, min_stat;
171214Speter	uint32_t		nseq;
205014Snwhitehorn
205014Snwhitehorn	log_debug("in svc_rpc_gss_nextverf()");
205014Snwhitehorn
205014Snwhitehorn	nseq = htonl(seq);
205014Snwhitehorn	signbuf.value = &nseq;
205014Snwhitehorn	signbuf.length = sizeof(nseq);
205014Snwhitehorn
205014Snwhitehorn	if (client->cl_verf.value)
205014Snwhitehorn		gss_release_buffer(&min_stat, &client->cl_verf);
180434Sbrooks
205014Snwhitehorn	maj_stat = gss_get_mic(&min_stat, client->cl_ctx, client->cl_qop,
205014Snwhitehorn	    &signbuf, &client->cl_verf);
205014Snwhitehorn
180434Sbrooks	if (maj_stat != GSS_S_COMPLETE) {
180434Sbrooks		log_status("gss_get_mic", client->cl_mech, maj_stat, min_stat);
180434Sbrooks		client->cl_state = CLIENT_STALE;
177790Skib		return (FALSE);
177790Skib	}
177790Skib	rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
191675Sjamie	rqst->rq_xprt->xp_verf.oa_base = (caddr_t)client->cl_verf.value;
191675Sjamie	rqst->rq_xprt->xp_verf.oa_length = (u_int)client->cl_verf.length;
194919Sjhb
194919Sjhb	return (TRUE);
194919Sjhb}
255658Sjilles
198512Skibstatic bool_t
250854Skibsvc_rpc_gss_callback(struct svc_rpc_gss_client *client, struct svc_req *rqst)
220792Smdf{
227071Sjhb	struct svc_rpc_gss_callback *scb;
242959Skib	rpc_gss_lock_t	lock;
250854Skib	void		*cookie;
250854Skib	bool_t		cb_res;
250854Skib	bool_t		result;
250854Skib
250854Skib	/*
254482Spjd	 * See if we have a callback for this guy.
254482Spjd	 */
251527Sglebius	result = TRUE;
255709Sjhb	SLIST_FOREACH(scb, &svc_rpc_gss_callbacks, cb_link) {
255709Sjhb		if (scb->cb_callback.program == rqst->rq_prog
255709Sjhb		    && scb->cb_callback.version == rqst->rq_vers) {
255709Sjhb			/*
255709Sjhb			 * This one matches. Call the callback and see
275987Sdchagin			 * if it wants to veto or something.
293475Sdchagin			 */
293475Sdchagin			lock.locked = FALSE;
94380Sdfr			lock.raw_cred = &client->cl_rawcred;
94380Sdfr			cb_res = scb->cb_callback.callback(rqst,
94380Sdfr			    client->cl_creds,
232449Sjmallett			    client->cl_ctx,
205014Snwhitehorn			    &lock,
205014Snwhitehorn			    &cookie);
223167Skib
223167Skib			if (!cb_res) {
223167Skib				client->cl_state = CLIENT_STALE;
223167Skib				result = FALSE;
223167Skib				break;
220239Skib			}
220239Skib
220239Skib			/*
220239Skib			 * The callback accepted the connection - it
220239Skib			 * is responsible for freeing client->cl_creds
220239Skib			 * now.
220239Skib			 */
220239Skib			client->cl_creds = GSS_C_NO_CREDENTIAL;
151721Speter			client->cl_locked = lock.locked;
151721Speter			client->cl_cookie = cookie;
151721Speter			return (TRUE);
151721Speter		}
151721Speter	}
151721Speter
151721Speter	/*
151721Speter	 * Either no callback exists for this program/version or one
151721Speter	 * of the callbacks rejected the connection. We just need to
220239Skib	 * clean up the delegated client creds, if any.
220239Skib	 */
220239Skib	if (client->cl_creds) {
220239Skib		OM_uint32 min_ver;
220239Skib		gss_release_cred(&min_ver, &client->cl_creds);
220239Skib	}
220239Skib	return (result);
220239Skib}
220239Skib
220239Skibstatic bool_t
151721Spetersvc_rpc_gss_check_replay(struct svc_rpc_gss_client *client, uint32_t seq)
151721Speter{
151721Speter	u_int32_t offset;
151721Speter	int word, bit;
151721Speter
151721Speter	if (seq <= client->cl_seqlast) {
151721Speter		/*
151721Speter		 * The request sequence number is less than
151721Speter		 * the largest we have seen so far. If it is
151721Speter		 * outside the window or if we have seen a
151721Speter		 * request with this sequence before, silently
151721Speter		 * discard it.
151721Speter		 */
151721Speter		offset = client->cl_seqlast - seq;
151721Speter		if (offset >= SVC_RPC_GSS_SEQWINDOW)
151721Speter			return (FALSE);
151721Speter		word = offset / 32;
151721Speter		bit = offset % 32;
220239Skib		if (client->cl_seqmask[word] & (1 << bit))
220239Skib			return (FALSE);
220239Skib	}
220239Skib
220239Skib	return (TRUE);
220239Skib}
205014Snwhitehorn
205014Snwhitehornstatic void
205014Snwhitehornsvc_rpc_gss_update_seq(struct svc_rpc_gss_client *client, uint32_t seq)
205014Snwhitehorn{
205014Snwhitehorn	int offset, i, word, bit;
205014Snwhitehorn	uint32_t carry, newcarry;
250854Skib
250854Skib	if (seq > client->cl_seqlast) {
250854Skib		/*
255709Sjhb		 * This request has a sequence number greater
255709Sjhb		 * than any we have seen so far. Advance the
255709Sjhb		 * seq window and set bit zero of the window
223167Skib		 * (which corresponds to the new sequence
220239Skib		 * number)
220239Skib		 */
151721Speter		offset = seq - client->cl_seqlast;
151721Speter		while (offset > 32) {
151721Speter			for (i = (SVC_RPC_GSS_SEQWINDOW / 32) - 1;
220239Skib			     i > 0; i--) {
220239Skib				client->cl_seqmask[i] = client->cl_seqmask[i-1];
220239Skib			}
151721Speter			client->cl_seqmask[0] = 0;
151721Speter			offset -= 32;
151721Speter		}
151721Speter		carry = 0;
151721Speter		for (i = 0; i < SVC_RPC_GSS_SEQWINDOW / 32; i++) {
220239Skib			newcarry = client->cl_seqmask[i] >> (32 - offset);
94380Sdfr			client->cl_seqmask[i] =
94380Sdfr				(client->cl_seqmask[i] << offset) | carry;
94380Sdfr			carry = newcarry;
100385Speter		}
100385Speter		client->cl_seqmask[0] |= 1;
100385Speter		client->cl_seqlast = seq;
232449Sjmallett	} else {
205014Snwhitehorn		offset = client->cl_seqlast - seq;
205014Snwhitehorn		word = offset / 32;
128261Speter		bit = offset % 32;
128261Speter		client->cl_seqmask[word] |= (1 << bit);
128261Speter	}
128261Speter
128261Speter}
128261Speter
128261Speterenum auth_stat
128261Spetersvc_rpc_gss(struct svc_req *rqst, struct rpc_msg *msg)
128261Speter
128261Speter{
128261Speter	OM_uint32		 min_stat;
128261Speter	XDR	 		 xdrs;
128261Speter	struct svc_rpc_gss_client *client;
128261Speter	struct rpc_gss_cred	 gc;
128261Speter	struct rpc_gss_init_res	 gr;
128261Speter	gss_qop_t		 qop;
128261Speter	int			 call_stat;
119332Speter	enum auth_stat		 result;
104739Speter
104739Speter	log_debug("in svc_rpc_gss()");
236027Sed
236027Sed	/* Garbage collect old clients. */
104739Speter	svc_rpc_gss_timeout_clients();
156115Sps
104739Speter	/* Initialize reply. */
104739Speter	rqst->rq_xprt->xp_verf = _null_auth;
104739Speter
119332Speter	/* Deserialize client credentials. */
114988Speter	if (rqst->rq_cred.oa_length <= 0)
114988Speter		return (AUTH_BADCRED);
114988Speter
114988Speter	memset(&gc, 0, sizeof(gc));
119332Speter
126093Speter	xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
114988Speter	    rqst->rq_cred.oa_length, XDR_DECODE);
205014Snwhitehorn
205014Snwhitehorn	if (!xdr_rpc_gss_cred(&xdrs, &gc)) {
205014Snwhitehorn		XDR_DESTROY(&xdrs);
205014Snwhitehorn		return (AUTH_BADCRED);
205014Snwhitehorn	}
205014Snwhitehorn	XDR_DESTROY(&xdrs);
250854Skib
250854Skib	/* Check version. */
250854Skib	if (gc.gc_version != RPCSEC_GSS_VERSION) {
255709Sjhb		result = AUTH_BADCRED;
255709Sjhb		goto out;
255709Sjhb	}
128261Speter
128261Speter	/* Check the proc and find the client (or create it) */
128261Speter	if (gc.gc_proc == RPCSEC_GSS_INIT) {
128261Speter		if (gc.gc_handle.length != 0) {
119332Speter			result = AUTH_BADCRED;
119332Speter			goto out;
119332Speter		}
100385Speter		client = svc_rpc_gss_create_client();
100385Speter	} else {
100385Speter		if (gc.gc_handle.length != sizeof(uint32_t)) {
171214Speter			result = AUTH_BADCRED;
197637Srwatson			goto out;
171214Speter		}
232449Sjmallett		uint32_t *p = gc.gc_handle.value;
205014Snwhitehorn		client = svc_rpc_gss_find_client(*p);
205014Snwhitehorn		if (!client) {
171214Speter			/*
171214Speter			 * Can't find the client - we may have
171214Speter			 * destroyed it - tell the other side to
171214Speter			 * re-authenticate.
171214Speter			 */
236027Sed			result = RPCSEC_GSS_CREDPROBLEM;
236027Sed			goto out;
171214Speter		}
171214Speter	}
171214Speter	rqst->rq_clntcred = client;
171214Speter
171214Speter	/*
171214Speter	 * The service and sequence number must be ignored for
236027Sed	 * RPCSEC_GSS_INIT and RPCSEC_GSS_CONTINUE_INIT.
236027Sed	 */
171214Speter	if (gc.gc_proc != RPCSEC_GSS_INIT
171214Speter	    && gc.gc_proc != RPCSEC_GSS_CONTINUE_INIT) {
171214Speter		/*
171214Speter		 * Check for sequence number overflow.
171214Speter		 */
171214Speter		if (gc.gc_seq >= MAXSEQ) {
171214Speter			result = RPCSEC_GSS_CTXPROBLEM;
171214Speter			goto out;
236027Sed		}
236027Sed		client->cl_seq = gc.gc_seq;
171214Speter
171214Speter		/*
171214Speter		 * Check for valid service.
171214Speter		 */
236027Sed		if (gc.gc_svc != rpc_gss_svc_none &&
236027Sed		    gc.gc_svc != rpc_gss_svc_integrity &&
171214Speter		    gc.gc_svc != rpc_gss_svc_privacy) {
171214Speter			result = AUTH_BADCRED;
171214Speter			goto out;
171214Speter		}
171214Speter	}
236027Sed
236027Sed	/* Handle RPCSEC_GSS control procedure. */
171214Speter	switch (gc.gc_proc) {
171214Speter
171214Speter	case RPCSEC_GSS_INIT:
171214Speter	case RPCSEC_GSS_CONTINUE_INIT:
236027Sed		if (rqst->rq_proc != NULLPROC) {
236027Sed			result = AUTH_REJECTEDCRED;
171214Speter			break;
205014Snwhitehorn		}
205014Snwhitehorn
205014Snwhitehorn		memset(&gr, 0, sizeof(gr));
205014Snwhitehorn		if (!svc_rpc_gss_accept_sec_context(client, rqst, &gr, &gc)) {
205014Snwhitehorn			result = AUTH_REJECTEDCRED;
205014Snwhitehorn			break;
250854Skib		}
250854Skib
250854Skib		if (gr.gr_major == GSS_S_COMPLETE) {
255709Sjhb			if (!svc_rpc_gss_nextverf(client, rqst, gr.gr_win)) {
255709Sjhb				result = AUTH_REJECTEDCRED;
255709Sjhb				break;
171214Speter			}
171214Speter		} else {
171214Speter			rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
171214Speter			rqst->rq_xprt->xp_verf.oa_length = 0;
171214Speter		}
171214Speter
171214Speter		call_stat = svc_sendreply(rqst->rq_xprt,
197637Srwatson		    (xdrproc_t) xdr_rpc_gss_init_res,
171214Speter		    (caddr_t) &gr);
194919Sjhb
200619Simp		gss_release_buffer(&min_stat, &gr.gr_token);
194919Sjhb
232449Sjmallett		if (!call_stat) {
205014Snwhitehorn			result = AUTH_FAILED;
205014Snwhitehorn			break;
194919Sjhb		}
194919Sjhb
194919Sjhb		if (gr.gr_major == GSS_S_COMPLETE)
194919Sjhb			client->cl_state = CLIENT_ESTABLISHED;
194919Sjhb
194919Sjhb		result = RPCSEC_GSS_NODISPATCH;
194919Sjhb		break;
194919Sjhb
194919Sjhb	case RPCSEC_GSS_DATA:
194919Sjhb	case RPCSEC_GSS_DESTROY:
194919Sjhb		if (!svc_rpc_gss_check_replay(client, gc.gc_seq)) {
194919Sjhb			result = RPCSEC_GSS_NODISPATCH;
194919Sjhb			break;
194919Sjhb		}
194919Sjhb
194919Sjhb		if (!svc_rpc_gss_validate(client, msg, &qop)) {
205014Snwhitehorn			result = RPCSEC_GSS_CREDPROBLEM;
205014Snwhitehorn			break;
205014Snwhitehorn		}
205014Snwhitehorn
205014Snwhitehorn		if (!svc_rpc_gss_nextverf(client, rqst, gc.gc_seq)) {
205014Snwhitehorn			result = RPCSEC_GSS_CTXPROBLEM;
250854Skib			break;
250854Skib		}
250854Skib
255709Sjhb		svc_rpc_gss_update_seq(client, gc.gc_seq);
255709Sjhb
255709Sjhb		/*
194919Sjhb		 * Change the SVCAUTH ops on the transport to point at
194919Sjhb		 * our own code so that we can unwrap the arguments
194919Sjhb		 * and wrap the result. The caller will re-set this on
194919Sjhb		 * every request to point to a set of null wrap/unwrap
200619Simp		 * methods.
194919Sjhb		 */
161330Sjhb		SVC_AUTH(rqst->rq_xprt).svc_ah_ops = &svc_auth_gss_ops;
194647Sjhb		SVC_AUTH(rqst->rq_xprt).svc_ah_private = client;
223167Skib
161330Sjhb		if (gc.gc_proc == RPCSEC_GSS_DATA) {
161330Sjhb			/*
161330Sjhb			 * We might be ready to do a callback to the server to
220239Skib			 * see if it wants to accept/reject the connection.
220239Skib			 */
194647Sjhb			if (!client->cl_done_callback) {
194647Sjhb				client->cl_done_callback = TRUE;
194647Sjhb				client->cl_qop = qop;
162374Srwatson				client->cl_rawcred.qop = _rpc_gss_num_to_qop(
183271Sobrien					client->cl_rawcred.mechanism, qop);
161330Sjhb				if (!svc_rpc_gss_callback(client, rqst)) {
220239Skib					result = AUTH_REJECTEDCRED;
220239Skib					break;
226349Smarcel				}
161330Sjhb			}
161330Sjhb
271011Skib			/*
161330Sjhb			 * If the server has locked this client to a
220239Skib			 * particular service+qop pair, enforce that
194647Sjhb			 * restriction now.
194647Sjhb			 */
194647Sjhb			if (client->cl_locked) {
194647Sjhb				if (client->cl_rawcred.service != gc.gc_svc) {
194647Sjhb					result = AUTH_FAILED;
161330Sjhb					break;
161330Sjhb				} else if (client->cl_qop != qop) {
161330Sjhb					result = AUTH_BADVERF;
161330Sjhb					break;
161330Sjhb				}
161330Sjhb			}
161330Sjhb
220239Skib			/*
194647Sjhb			 * If the qop changed, look up the new qop
194647Sjhb			 * name for rawcred.
190622Skib			 */
161330Sjhb			if (client->cl_qop != qop) {
161330Sjhb				client->cl_qop = qop;
161330Sjhb				client->cl_rawcred.qop = _rpc_gss_num_to_qop(
194647Sjhb					client->cl_rawcred.mechanism, qop);
194647Sjhb			}
161330Sjhb
161330Sjhb			/*
161330Sjhb			 * Make sure we use the right service value
184184Sjhb			 * for unwrap/wrap.
194647Sjhb			 */
194647Sjhb			client->cl_rawcred.service = gc.gc_svc;
194647Sjhb
194647Sjhb			result = AUTH_OK;
161330Sjhb		} else {
161330Sjhb			if (rqst->rq_proc != NULLPROC) {
194919Sjhb				result = AUTH_REJECTEDCRED;
194919Sjhb				break;
165406Sjkim			}
165406Sjkim
194919Sjhb			call_stat = svc_sendreply(rqst->rq_xprt,
161330Sjhb			    (xdrproc_t) xdr_void, (caddr_t) NULL);
161330Sjhb
161330Sjhb			if (!call_stat) {
253531Skib				result = AUTH_FAILED;
253531Skib				break;
253531Skib			}
161330Sjhb
253495Skib			svc_rpc_gss_destroy_client(client);
185879Sjhb
185879Sjhb			result = RPCSEC_GSS_NODISPATCH;
185879Sjhb			break;
161330Sjhb		}
161330Sjhb		break;
161330Sjhb
194647Sjhb	default:
161330Sjhb		result = AUTH_BADCRED;
220159Skib		break;
185879Sjhb	}
185879Sjhbout:
185879Sjhb	xdr_free((xdrproc_t) xdr_rpc_gss_cred, (char *) &gc);
185879Sjhb	return (result);
185879Sjhb}
185879Sjhb
185879Sjhbbool_t
194647Sjhbsvc_rpc_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
185436Sbz{
194647Sjhb	struct svc_rpc_gss_client *client;
194647Sjhb
163020Sdavidxu	log_debug("in svc_rpc_gss_wrap()");
163020Sdavidxu
185879Sjhb	client = (struct svc_rpc_gss_client *) auth->svc_ah_private;
161330Sjhb	if (client->cl_state != CLIENT_ESTABLISHED
183189Sobrien	    || client->cl_rawcred.service == rpc_gss_svc_none) {
161960Srwatson		return xdr_func(xdrs, xdr_ptr);
205328Skib	}
205328Skib	return (xdr_rpc_gss_wrap_data(xdrs, xdr_func, xdr_ptr,
161330Sjhb		client->cl_ctx, client->cl_qop,
161330Sjhb		client->cl_rawcred.service, client->cl_seq));
161330Sjhb}
161330Sjhb
161330Sjhbbool_t
163047Sdavidxusvc_rpc_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
163047Sdavidxu{
205328Skib	struct svc_rpc_gss_client *client;
162552Sdavidxu
162537Sdavidxu	log_debug("in svc_rpc_gss_unwrap()");
162552Sdavidxu
318323Sbrooks	client = (struct svc_rpc_gss_client *) auth->svc_ah_private;
205328Skib	if (client->cl_state != CLIENT_ESTABLISHED
205328Skib	    || client->cl_rawcred.service == rpc_gss_svc_none) {
205328Skib		return xdr_func(xdrs, xdr_ptr);
205328Skib	}
253531Skib	return (xdr_rpc_gss_unwrap_data(xdrs, xdr_func, xdr_ptr,
185879Sjhb		client->cl_ctx, client->cl_qop,
171214Speter		client->cl_rawcred.service, client->cl_seq));
171214Speter}
171214Speter