1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
24  * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
25  * Copyright 2012 Milan Jurik. All rights reserved.
26  * Copyright 2012 Marcel Telka <marcel@telka.sk>
27  * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
28  */
29 
30 /*
31  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
32  *
33  * $Id: svc_auth_gssapi.c,v 1.19 1994/10/27 12:38:51 jik Exp $
34  */
35 
36 /*
37  * Server side handling of RPCSEC_GSS flavor.
38  */
39 
40 #include <sys/systm.h>
41 #include <sys/kstat.h>
42 #include <sys/cmn_err.h>
43 #include <sys/debug.h>
44 #include <sys/types.h>
45 #include <sys/time.h>
46 #include <gssapi/gssapi.h>
47 #include <gssapi/gssapi_ext.h>
48 #include <rpc/rpc.h>
49 #include <rpc/rpcsec_defs.h>
50 #include <sys/sunddi.h>
51 #include <sys/atomic.h>
52 
53 extern bool_t __rpc_gss_make_principal(rpc_gss_principal_t *, gss_buffer_t);
54 
55 #ifdef	DEBUG
56 extern void prom_printf(const char *, ...);
57 #endif
58 
59 #ifdef  _KERNEL
60 #define	memcmp(a, b, l) bcmp((a), (b), (l))
61 #endif
62 
63 
64 /*
65  * Sequence window definitions.
66  */
67 #define	SEQ_ARR_SIZE	4
68 #define	SEQ_WIN		(SEQ_ARR_SIZE*32)
69 #define	SEQ_HI_BIT	0x80000000
70 #define	SEQ_LO_BIT	1
71 #define	DIV_BY_32	5
72 #define	SEQ_MASK	0x1f
73 #define	SEQ_MAX		((unsigned int)0x80000000)
74 
75 
76 /* cache retransmit data */
77 typedef struct _retrans_entry {
78 	uint32_t	xid;
79 	rpc_gss_init_res result;
80 } retrans_entry;
81 
82 /*
83  * Server side RPCSEC_GSS context information.
84  */
85 typedef struct _svc_rpc_gss_data {
86 	struct _svc_rpc_gss_data	*next, *prev;
87 	struct _svc_rpc_gss_data	*lru_next, *lru_prev;
88 	bool_t				established;
89 	gss_ctx_id_t			context;
90 	gss_buffer_desc			client_name;
91 	time_t				expiration;
92 	uint_t				seq_num;
93 	uint_t				seq_bits[SEQ_ARR_SIZE];
94 	uint_t				key;
95 	OM_uint32			qop;
96 	bool_t				done_docallback;
97 	bool_t				locked;
98 	rpc_gss_rawcred_t		raw_cred;
99 	rpc_gss_ucred_t			u_cred;
100 	time_t				u_cred_set;
101 	void				*cookie;
102 	gss_cred_id_t			deleg;
103 	kmutex_t			clm;
104 	int				ref_cnt;
105 	time_t				last_ref_time;
106 	bool_t				stale;
107 	retrans_entry			*retrans_data;
108 } svc_rpc_gss_data;
109 
110 /*
111  * Data structures used for LRU based context management.
112  */
113 
114 
115 #define	HASH(key) ((key) % svc_rpc_gss_hashmod)
116 /* Size of hash table for svc_rpc_gss_data structures */
117 #define	GSS_DATA_HASH_SIZE	1024
118 
119 /*
120  * The following two defines specify a time delta that is used in
121  * sweep_clients. When the last_ref_time of a context is older than
122  * than the current time minus the delta, i.e, the context has not
123  * been referenced in the last delta seconds, we will return the
124  * context back to the cache if the ref_cnt is zero. The first delta
125  * value will be used when sweep_clients is called from
126  * svc_data_reclaim, the kmem_cache reclaim call back. We will reclaim
127  * all entries except those that are currently "active". By active we
128  * mean those that have been referenced in the last ACTIVE_DELTA
129  * seconds. If sweep_client is not being called from reclaim, then we
130  * will reclaim all entries that are "inactive". By inactive we mean
131  * those entries that have not been accessed in INACTIVE_DELTA
132  * seconds.  Note we always assume that ACTIVE_DELTA is less than
133  * INACTIVE_DELTA, so that reaping entries from a reclaim operation
134  * will necessarily imply reaping all "inactive" entries and then
135  * some.
136  */
137 
138 /*
139  * If low on memory reap cache entries that have not been active for
140  * ACTIVE_DELTA seconds and have a ref_cnt equal to zero.
141  */
142 #define	ACTIVE_DELTA		30*60		/* 30 minutes */
143 
144 /*
145  * If in sweeping contexts we find contexts with a ref_cnt equal to zero
146  * and the context has not been referenced in INACTIVE_DELTA seconds, return
147  * the entry to the cache.
148  */
149 #define	INACTIVE_DELTA		8*60*60		/* 8 hours */
150 
151 int				svc_rpc_gss_hashmod = GSS_DATA_HASH_SIZE;
152 static svc_rpc_gss_data		**clients;
153 static svc_rpc_gss_data		*lru_first, *lru_last;
154 static time_t			sweep_interval = 60*60;
155 static time_t			last_swept = 0;
156 static int			num_gss_contexts = 0;
157 static time_t			svc_rpcgss_gid_timeout = 60*60*12;
158 static kmem_cache_t		*svc_data_handle;
159 static time_t			svc_rpc_gss_active_delta = ACTIVE_DELTA;
160 static time_t			svc_rpc_gss_inactive_delta = INACTIVE_DELTA;
161 
162 /*
163  * lock used with context/lru variables
164  */
165 static kmutex_t			ctx_mutex;
166 
167 /*
168  * Data structure to contain cache statistics
169  */
170 
171 static struct {
172 	int64_t total_entries_allocated;
173 	int64_t no_reclaims;
174 	int64_t no_returned_by_reclaim;
175 } svc_rpc_gss_cache_stats;
176 
177 
178 /*
179  * lock used with server credential variables list
180  *
181  * server cred list locking guidelines:
182  * - Writer's lock holder has exclusive access to the list
183  */
184 static krwlock_t		cred_lock;
185 
186 /*
187  * server callback list
188  */
189 typedef struct rpc_gss_cblist_s {
190 	struct rpc_gss_cblist_s		*next;
191 	rpc_gss_callback_t	cb;
192 } rpc_gss_cblist_t;
193 
194 static rpc_gss_cblist_t			*rpc_gss_cblist = NULL;
195 
196 /*
197  * lock used with callback variables
198  */
199 static kmutex_t			cb_mutex;
200 
201 /*
202  * forward declarations
203  */
204 static bool_t			svc_rpc_gss_wrap();
205 static bool_t			svc_rpc_gss_unwrap();
206 static svc_rpc_gss_data		*create_client();
207 static svc_rpc_gss_data		*get_client();
208 static svc_rpc_gss_data		*find_client();
209 static void			destroy_client();
210 static void			sweep_clients(bool_t);
211 static void			insert_client();
212 static bool_t			check_verf(struct rpc_msg *, gss_ctx_id_t,
213 					int *, uid_t);
214 static bool_t			set_response_verf();
215 static void			retrans_add(svc_rpc_gss_data *, uint32_t,
216 					rpc_gss_init_res *);
217 static void			retrans_del(svc_rpc_gss_data *);
218 static bool_t			transfer_sec_context(svc_rpc_gss_data *);
219 static void			common_client_data_free(svc_rpc_gss_data *);
220 
221 /*
222  * server side wrap/unwrap routines
223  */
224 struct svc_auth_ops svc_rpc_gss_ops = {
225 	svc_rpc_gss_wrap,
226 	svc_rpc_gss_unwrap,
227 };
228 
229 /* taskq(9F) */
230 typedef struct svcrpcsec_gss_taskq_arg {
231 	SVCXPRT			*rq_xprt;
232 	rpc_gss_init_arg	*rpc_call_arg;
233 	struct rpc_msg		*msg;
234 	svc_rpc_gss_data	*client_data;
235 	uint_t			cr_version;
236 	rpc_gss_service_t	cr_service;
237 } svcrpcsec_gss_taskq_arg_t;
238 
239 /* gssd is single threaded, so 1 thread for the taskq is probably good/ok */
240 int rpcsec_gss_init_taskq_nthreads = 1;
241 static ddi_taskq_t *svcrpcsec_gss_init_taskq = NULL;
242 
243 extern struct rpc_msg *rpc_msg_dup(struct rpc_msg *);
244 extern void rpc_msg_free(struct rpc_msg **, int);
245 
246 /*
247  * from svc_clts.c:
248  * Transport private data.
249  * Kept in xprt->xp_p2buf.
250  */
251 struct udp_data {
252 	mblk_t	*ud_resp;			/* buffer for response */
253 	mblk_t	*ud_inmp;			/* mblk chain of request */
254 };
255 
256 /*ARGSUSED*/
257 static int
svc_gss_data_create(void * buf,void * pdata,int kmflag)258 svc_gss_data_create(void *buf, void *pdata, int kmflag)
259 {
260 	svc_rpc_gss_data *client_data = (svc_rpc_gss_data *)buf;
261 
262 	mutex_init(&client_data->clm, NULL, MUTEX_DEFAULT, NULL);
263 
264 	return (0);
265 }
266 
267 /*ARGSUSED*/
268 static void
svc_gss_data_destroy(void * buf,void * pdata)269 svc_gss_data_destroy(void *buf, void *pdata)
270 {
271 	svc_rpc_gss_data *client_data = (svc_rpc_gss_data *)buf;
272 
273 	mutex_destroy(&client_data->clm);
274 }
275 
276 
277 /*ARGSUSED*/
278 static void
svc_gss_data_reclaim(void * pdata)279 svc_gss_data_reclaim(void *pdata)
280 {
281 	mutex_enter(&ctx_mutex);
282 
283 	svc_rpc_gss_cache_stats.no_reclaims++;
284 	sweep_clients(TRUE);
285 
286 	mutex_exit(&ctx_mutex);
287 }
288 
289 /*
290  *  Init stuff on the server side.
291  */
292 void
svc_gss_init()293 svc_gss_init()
294 {
295 	mutex_init(&cb_mutex, NULL, MUTEX_DEFAULT, NULL);
296 	mutex_init(&ctx_mutex, NULL, MUTEX_DEFAULT, NULL);
297 	rw_init(&cred_lock, NULL, RW_DEFAULT, NULL);
298 	clients = (svc_rpc_gss_data **)
299 	    kmem_zalloc(svc_rpc_gss_hashmod * sizeof (svc_rpc_gss_data *),
300 	    KM_SLEEP);
301 	svc_data_handle = kmem_cache_create("rpc_gss_data_cache",
302 	    sizeof (svc_rpc_gss_data), 0,
303 	    svc_gss_data_create,
304 	    svc_gss_data_destroy,
305 	    svc_gss_data_reclaim,
306 	    NULL, NULL, 0);
307 
308 	if (svcrpcsec_gss_init_taskq == NULL) {
309 		svcrpcsec_gss_init_taskq = ddi_taskq_create(NULL,
310 		    "rpcsec_gss_init_taskq", rpcsec_gss_init_taskq_nthreads,
311 		    TASKQ_DEFAULTPRI, 0);
312 		if (svcrpcsec_gss_init_taskq == NULL)
313 			cmn_err(CE_NOTE,
314 			    "svc_gss_init: ddi_taskq_create failed");
315 	}
316 }
317 
318 /*
319  * Destroy structures allocated in svc_gss_init().
320  * This routine is called by _init() if mod_install() failed.
321  */
322 void
svc_gss_fini()323 svc_gss_fini()
324 {
325 	mutex_destroy(&cb_mutex);
326 	mutex_destroy(&ctx_mutex);
327 	rw_destroy(&cred_lock);
328 	kmem_free(clients, svc_rpc_gss_hashmod * sizeof (svc_rpc_gss_data *));
329 	kmem_cache_destroy(svc_data_handle);
330 }
331 
332 /*
333  * Cleanup routine for destroying context, called after service
334  * procedure is executed. Actually we just decrement the reference count
335  * associated with this context. If the reference count is zero and the
336  * context is marked as stale, we would then destroy the context. Additionally,
337  * we check if its been longer than sweep_interval since the last sweep_clients
338  * was run, and if so run sweep_clients to free all stale contexts with zero
339  * reference counts or contexts that are old. (Haven't been access in
340  * svc_rpc_inactive_delta seconds).
341  */
342 void
rpc_gss_cleanup(SVCXPRT * clone_xprt)343 rpc_gss_cleanup(SVCXPRT *clone_xprt)
344 {
345 	svc_rpc_gss_data	*cl;
346 	SVCAUTH			*svcauth;
347 
348 	/*
349 	 * First check if current context needs to be cleaned up.
350 	 * There might be other threads stale this client data
351 	 * in between.
352 	 */
353 	svcauth = &clone_xprt->xp_auth;
354 	mutex_enter(&ctx_mutex);
355 	if ((cl = (svc_rpc_gss_data *)svcauth->svc_ah_private) != NULL) {
356 		mutex_enter(&cl->clm);
357 		ASSERT(cl->ref_cnt > 0);
358 		if (--cl->ref_cnt == 0 && cl->stale) {
359 			mutex_exit(&cl->clm);
360 			destroy_client(cl);
361 			svcauth->svc_ah_private = NULL;
362 		} else
363 			mutex_exit(&cl->clm);
364 	}
365 
366 	/*
367 	 * Check for other expired contexts.
368 	 */
369 	if ((gethrestime_sec() - last_swept) > sweep_interval)
370 		sweep_clients(FALSE);
371 
372 	mutex_exit(&ctx_mutex);
373 }
374 
375 /*
376  * Shift the array arr of length arrlen right by nbits bits.
377  */
378 static void
shift_bits(uint_t * arr,int arrlen,int nbits)379 shift_bits(uint_t *arr, int arrlen, int nbits)
380 {
381 	int	i, j;
382 	uint_t	lo, hi;
383 
384 	/*
385 	 * If the number of bits to be shifted exceeds SEQ_WIN, just
386 	 * zero out the array.
387 	 */
388 	if (nbits < SEQ_WIN) {
389 		for (i = 0; i < nbits; i++) {
390 			hi = 0;
391 			for (j = 0; j < arrlen; j++) {
392 				lo = arr[j] & SEQ_LO_BIT;
393 				arr[j] >>= 1;
394 				if (hi)
395 					arr[j] |= SEQ_HI_BIT;
396 				hi = lo;
397 			}
398 		}
399 	} else {
400 		for (j = 0; j < arrlen; j++)
401 			arr[j] = 0;
402 	}
403 }
404 
405 /*
406  * Check that the received sequence number seq_num is valid.
407  */
408 static bool_t
check_seq(svc_rpc_gss_data * cl,uint_t seq_num,bool_t * kill_context)409 check_seq(svc_rpc_gss_data *cl, uint_t seq_num, bool_t *kill_context)
410 {
411 	int			i, j;
412 	uint_t			bit;
413 
414 	/*
415 	 * If it exceeds the maximum, kill context.
416 	 */
417 	if (seq_num >= SEQ_MAX) {
418 		*kill_context = TRUE;
419 		RPCGSS_LOG0(4, "check_seq: seq_num not valid\n");
420 		return (FALSE);
421 	}
422 
423 	/*
424 	 * If greater than the last seen sequence number, just shift
425 	 * the sequence window so that it starts at the new sequence
426 	 * number and extends downwards by SEQ_WIN.
427 	 */
428 	if (seq_num > cl->seq_num) {
429 		(void) shift_bits(cl->seq_bits, SEQ_ARR_SIZE,
430 		    (int)(seq_num - cl->seq_num));
431 		cl->seq_bits[0] |= SEQ_HI_BIT;
432 		cl->seq_num = seq_num;
433 		return (TRUE);
434 	}
435 
436 	/*
437 	 * If it is outside the sequence window, return failure.
438 	 */
439 	i = cl->seq_num - seq_num;
440 	if (i >= SEQ_WIN) {
441 		RPCGSS_LOG0(4, "check_seq: seq_num is outside the window\n");
442 		return (FALSE);
443 	}
444 
445 	/*
446 	 * If within sequence window, set the bit corresponding to it
447 	 * if not already seen;  if already seen, return failure.
448 	 */
449 	j = SEQ_MASK - (i & SEQ_MASK);
450 	bit = j > 0 ? (1 << j) : 1;
451 	i >>= DIV_BY_32;
452 	if (cl->seq_bits[i] & bit) {
453 		RPCGSS_LOG0(4, "check_seq: sequence number already seen\n");
454 		return (FALSE);
455 	}
456 	cl->seq_bits[i] |= bit;
457 	return (TRUE);
458 }
459 
460 /*
461  * Set server callback.
462  */
463 bool_t
rpc_gss_set_callback(rpc_gss_callback_t * cb)464 rpc_gss_set_callback(rpc_gss_callback_t *cb)
465 {
466 	rpc_gss_cblist_t		*cbl, *tmp;
467 
468 	if (cb->callback == NULL) {
469 		RPCGSS_LOG0(1, "rpc_gss_set_callback: no callback to set\n");
470 		return (FALSE);
471 	}
472 
473 	/* check if there is already an entry in the rpc_gss_cblist. */
474 	mutex_enter(&cb_mutex);
475 	if (rpc_gss_cblist) {
476 		for (tmp = rpc_gss_cblist; tmp != NULL; tmp = tmp->next) {
477 			if ((tmp->cb.callback == cb->callback) &&
478 			    (tmp->cb.version == cb->version) &&
479 			    (tmp->cb.program == cb->program)) {
480 				mutex_exit(&cb_mutex);
481 				return (TRUE);
482 			}
483 		}
484 	}
485 
486 	/* Not in rpc_gss_cblist.  Create a new entry. */
487 	if ((cbl = (rpc_gss_cblist_t *)kmem_alloc(sizeof (*cbl), KM_SLEEP))
488 	    == NULL) {
489 		mutex_exit(&cb_mutex);
490 		return (FALSE);
491 	}
492 	cbl->cb = *cb;
493 	cbl->next = rpc_gss_cblist;
494 	rpc_gss_cblist = cbl;
495 	mutex_exit(&cb_mutex);
496 	return (TRUE);
497 }
498 
499 /*
500  * Locate callback (if specified) and call server.  Release any
501  * delegated credentials unless passed to server and the server
502  * accepts the context.  If a callback is not specified, accept
503  * the incoming context.
504  */
505 static bool_t
do_callback(struct svc_req * req,svc_rpc_gss_data * client_data)506 do_callback(struct svc_req *req, svc_rpc_gss_data *client_data)
507 {
508 	rpc_gss_cblist_t		*cbl;
509 	bool_t			ret = TRUE, found = FALSE;
510 	rpc_gss_lock_t		lock;
511 	OM_uint32		minor;
512 	mutex_enter(&cb_mutex);
513 	for (cbl = rpc_gss_cblist; cbl != NULL; cbl = cbl->next) {
514 		if (req->rq_prog != cbl->cb.program ||
515 		    req->rq_vers != cbl->cb.version)
516 			continue;
517 		found = TRUE;
518 		lock.locked = FALSE;
519 		lock.raw_cred = &client_data->raw_cred;
520 		ret = (*cbl->cb.callback)(req, client_data->deleg,
521 		    client_data->context, &lock, &client_data->cookie);
522 		req->rq_xprt->xp_cookie = client_data->cookie;
523 
524 		if (ret) {
525 			client_data->locked = lock.locked;
526 			client_data->deleg = GSS_C_NO_CREDENTIAL;
527 		}
528 		break;
529 	}
530 	if (!found) {
531 		if (client_data->deleg != GSS_C_NO_CREDENTIAL) {
532 			(void) kgss_release_cred(&minor, &client_data->deleg,
533 			    crgetuid(CRED()));
534 			client_data->deleg = GSS_C_NO_CREDENTIAL;
535 		}
536 	}
537 	mutex_exit(&cb_mutex);
538 	return (ret);
539 }
540 
541 /*
542  * Get caller credentials.
543  */
544 bool_t
rpc_gss_getcred(struct svc_req * req,rpc_gss_rawcred_t ** rcred,rpc_gss_ucred_t ** ucred,void ** cookie)545 rpc_gss_getcred(struct svc_req *req, rpc_gss_rawcred_t **rcred,
546     rpc_gss_ucred_t **ucred, void **cookie)
547 {
548 	SVCAUTH			*svcauth;
549 	svc_rpc_gss_data	*client_data;
550 	int			gssstat, gidlen;
551 
552 	svcauth = &req->rq_xprt->xp_auth;
553 	client_data = (svc_rpc_gss_data *)svcauth->svc_ah_private;
554 
555 	mutex_enter(&client_data->clm);
556 
557 	if (rcred != NULL) {
558 		svcauth->raw_cred = client_data->raw_cred;
559 		*rcred = &svcauth->raw_cred;
560 	}
561 	if (ucred != NULL) {
562 		*ucred = &client_data->u_cred;
563 
564 		if (client_data->u_cred_set == 0 ||
565 		    client_data->u_cred_set < gethrestime_sec()) {
566 			if (client_data->u_cred_set == 0) {
567 				if ((gssstat = kgsscred_expname_to_unix_cred(
568 				    &client_data->client_name,
569 				    &client_data->u_cred.uid,
570 				    &client_data->u_cred.gid,
571 				    &client_data->u_cred.gidlist,
572 				    &gidlen, crgetuid(CRED())))
573 				    != GSS_S_COMPLETE) {
574 					RPCGSS_LOG(1, "rpc_gss_getcred: "
575 					    "kgsscred_expname_to_unix_cred "
576 					    "failed %x\n", gssstat);
577 					*ucred = NULL;
578 				} else {
579 					client_data->u_cred.gidlen =
580 					    (short)gidlen;
581 					client_data->u_cred_set =
582 					    gethrestime_sec() +
583 					    svc_rpcgss_gid_timeout;
584 				}
585 			} else if (client_data->u_cred_set
586 			    < gethrestime_sec()) {
587 				if ((gssstat = kgss_get_group_info(
588 				    client_data->u_cred.uid,
589 				    &client_data->u_cred.gid,
590 				    &client_data->u_cred.gidlist,
591 				    &gidlen, crgetuid(CRED())))
592 				    != GSS_S_COMPLETE) {
593 					RPCGSS_LOG(1, "rpc_gss_getcred: "
594 					    "kgss_get_group_info failed %x\n",
595 					    gssstat);
596 					*ucred = NULL;
597 				} else {
598 					client_data->u_cred.gidlen =
599 					    (short)gidlen;
600 					client_data->u_cred_set =
601 					    gethrestime_sec() +
602 					    svc_rpcgss_gid_timeout;
603 				}
604 			}
605 		}
606 	}
607 
608 	if (cookie != NULL)
609 		*cookie = client_data->cookie;
610 	req->rq_xprt->xp_cookie = client_data->cookie;
611 
612 	mutex_exit(&client_data->clm);
613 
614 	return (TRUE);
615 }
616 
617 /*
618  * Transfer the context data from the user land to the kernel.
619  */
transfer_sec_context(svc_rpc_gss_data * client_data)620 bool_t transfer_sec_context(svc_rpc_gss_data *client_data) {
621 
622 	gss_buffer_desc process_token;
623 	OM_uint32 gssstat, minor;
624 
625 	/*
626 	 * Call kgss_export_sec_context
627 	 * if an error is returned log a message
628 	 * go to error handling
629 	 * Otherwise call kgss_import_sec_context to
630 	 * convert the token into a context
631 	 */
632 	gssstat  = kgss_export_sec_context(&minor, client_data->context,
633 				&process_token);
634 	/*
635 	 * if export_sec_context returns an error we delete the
636 	 * context just to be safe.
637 	 */
638 	if (gssstat == GSS_S_NAME_NOT_MN) {
639 		RPCGSS_LOG0(4, "svc_rpcsec_gss: export sec context "
640 				"Kernel mod unavailable\n");
641 
642 	} else if (gssstat != GSS_S_COMPLETE) {
643 		RPCGSS_LOG(1, "svc_rpcsec_gss: export sec context failed  "
644 				" gssstat = 0x%x\n", gssstat);
645 		(void) gss_release_buffer(&minor, &process_token);
646 		(void) kgss_delete_sec_context(&minor, &client_data->context,
647 				NULL);
648 		return (FALSE);
649 
650 	} else if (process_token.length == 0) {
651 		RPCGSS_LOG0(1, "svc_rpcsec_gss:zero length token in response "
652 				"for export_sec_context, but "
653 				"gsstat == GSS_S_COMPLETE\n");
654 		(void) kgss_delete_sec_context(&minor, &client_data->context,
655 				NULL);
656 		return (FALSE);
657 
658 	} else {
659 		gssstat = kgss_import_sec_context(&minor, &process_token,
660 					client_data->context);
661 		if (gssstat != GSS_S_COMPLETE) {
662 			RPCGSS_LOG(1, "svc_rpcsec_gss: import sec context "
663 				" failed gssstat = 0x%x\n", gssstat);
664 			(void) kgss_delete_sec_context(&minor,
665 				&client_data->context, NULL);
666 			(void) gss_release_buffer(&minor, &process_token);
667 			return (FALSE);
668 		}
669 
670 		RPCGSS_LOG0(4, "gss_import_sec_context successful\n");
671 		(void) gss_release_buffer(&minor, &process_token);
672 	}
673 
674 	return (TRUE);
675 }
676 
677 /*
678  * do_gss_accept is called from a taskq and does all the work for a
679  * RPCSEC_GSS_INIT call (mostly calling kgss_accept_sec_context()).
680  */
681 static enum auth_stat
do_gss_accept(SVCXPRT * xprt,rpc_gss_init_arg * call_arg,struct rpc_msg * msg,svc_rpc_gss_data * client_data,uint_t cr_version,rpc_gss_service_t cr_service)682 do_gss_accept(
683 	SVCXPRT *xprt,
684 	rpc_gss_init_arg *call_arg,
685 	struct rpc_msg *msg,
686 	svc_rpc_gss_data *client_data,
687 	uint_t cr_version,
688 	rpc_gss_service_t cr_service)
689 {
690 	rpc_gss_init_res	call_res;
691 	gss_buffer_desc		output_token;
692 	OM_uint32		gssstat, minor, minor_stat, time_rec;
693 	int			ret_flags, ret;
694 	gss_OID			mech_type = GSS_C_NULL_OID;
695 	int			free_mech_type = 1;
696 	struct svc_req		r, *rqst;
697 
698 	rqst = &r;
699 	rqst->rq_xprt = xprt;
700 
701 	/*
702 	 * Initialize output_token.
703 	 */
704 	output_token.length = 0;
705 	output_token.value = NULL;
706 
707 	bzero((char *)&call_res, sizeof (call_res));
708 
709 	mutex_enter(&client_data->clm);
710 	if (client_data->stale) {
711 		ret = RPCSEC_GSS_NOCRED;
712 		RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
713 		goto error2;
714 	}
715 
716 	/*
717 	 * Any response we send will use ctx_handle, so set it now;
718 	 * also set seq_window since this won't change.
719 	 */
720 	call_res.ctx_handle.length = sizeof (client_data->key);
721 	call_res.ctx_handle.value = (char *)&client_data->key;
722 	call_res.seq_window = SEQ_WIN;
723 
724 	gssstat = GSS_S_FAILURE;
725 	minor = 0;
726 	minor_stat = 0;
727 	rw_enter(&cred_lock, RW_READER);
728 
729 	if (client_data->client_name.length) {
730 		(void) gss_release_buffer(&minor,
731 		    &client_data->client_name);
732 	}
733 	gssstat = kgss_accept_sec_context(&minor_stat,
734 	    &client_data->context,
735 	    GSS_C_NO_CREDENTIAL,
736 	    call_arg,
737 	    GSS_C_NO_CHANNEL_BINDINGS,
738 	    &client_data->client_name,
739 	    &mech_type,
740 	    &output_token,
741 	    &ret_flags,
742 	    &time_rec,
743 	    NULL,		/* don't need a delegated cred back */
744 	    crgetuid(CRED()));
745 
746 	RPCGSS_LOG(4, "gssstat 0x%x \n", gssstat);
747 
748 	if (gssstat == GSS_S_COMPLETE) {
749 		/*
750 		 * Set the raw and unix credentials at this
751 		 * point.  This saves a lot of computation
752 		 * later when credentials are retrieved.
753 		 */
754 		client_data->raw_cred.version = cr_version;
755 		client_data->raw_cred.service = cr_service;
756 
757 		if (client_data->raw_cred.mechanism) {
758 			kgss_free_oid(client_data->raw_cred.mechanism);
759 			client_data->raw_cred.mechanism = NULL;
760 		}
761 		client_data->raw_cred.mechanism = (rpc_gss_OID) mech_type;
762 		/*
763 		 * client_data is now responsible for freeing
764 		 * the data of 'mech_type'.
765 		 */
766 		free_mech_type = 0;
767 
768 		if (client_data->raw_cred.client_principal) {
769 			kmem_free((caddr_t)client_data->\
770 			    raw_cred.client_principal,
771 			    client_data->raw_cred.\
772 			    client_principal->len + sizeof (int));
773 			client_data->raw_cred.client_principal = NULL;
774 		}
775 
776 		/*
777 		 *  The client_name returned from
778 		 *  kgss_accept_sec_context() is in an
779 		 *  exported flat format.
780 		 */
781 		if (! __rpc_gss_make_principal(
782 		    &client_data->raw_cred.client_principal,
783 		    &client_data->client_name)) {
784 			RPCGSS_LOG0(1, "_svcrpcsec_gss: "
785 			    "make principal failed\n");
786 			gssstat = GSS_S_FAILURE;
787 			(void) gss_release_buffer(&minor_stat, &output_token);
788 		}
789 	}
790 
791 	rw_exit(&cred_lock);
792 
793 	call_res.gss_major = gssstat;
794 	call_res.gss_minor = minor_stat;
795 
796 	if (gssstat != GSS_S_COMPLETE &&
797 	    gssstat != GSS_S_CONTINUE_NEEDED) {
798 		call_res.ctx_handle.length = 0;
799 		call_res.ctx_handle.value = NULL;
800 		call_res.seq_window = 0;
801 		rpc_gss_display_status(gssstat, minor_stat, mech_type,
802 		    crgetuid(CRED()),
803 		    "_svc_rpcsec_gss gss_accept_sec_context");
804 		(void) svc_sendreply(rqst->rq_xprt,
805 		    __xdr_rpc_gss_init_res, (caddr_t)&call_res);
806 		client_data->stale = TRUE;
807 		ret = AUTH_OK;
808 		goto error2;
809 	}
810 
811 	/*
812 	 * If appropriate, set established to TRUE *after* sending
813 	 * response (otherwise, the client will receive the final
814 	 * token encrypted)
815 	 */
816 	if (gssstat == GSS_S_COMPLETE) {
817 		/*
818 		 * Context is established.  Set expiration time
819 		 * for the context.
820 		 */
821 		client_data->seq_num = 1;
822 		if ((time_rec == GSS_C_INDEFINITE) || (time_rec == 0)) {
823 			client_data->expiration = GSS_C_INDEFINITE;
824 		} else {
825 			client_data->expiration =
826 			    time_rec + gethrestime_sec();
827 		}
828 
829 		if (!transfer_sec_context(client_data)) {
830 			ret = RPCSEC_GSS_FAILED;
831 			client_data->stale = TRUE;
832 			RPCGSS_LOG0(1,
833 			    "_svc_rpcsec_gss: transfer sec context failed\n");
834 			goto error2;
835 		}
836 
837 		client_data->established = TRUE;
838 	}
839 
840 	/*
841 	 * This step succeeded.  Send a response, along with
842 	 * a token if there's one.  Don't dispatch.
843 	 */
844 
845 	if (output_token.length != 0)
846 		GSS_COPY_BUFFER(call_res.token, output_token);
847 
848 	/*
849 	 * If GSS_S_COMPLETE: set response verifier to
850 	 * checksum of SEQ_WIN
851 	 */
852 	if (gssstat == GSS_S_COMPLETE) {
853 		if (!set_response_verf(rqst, msg, client_data,
854 		    (uint_t)SEQ_WIN)) {
855 			ret = RPCSEC_GSS_FAILED;
856 			client_data->stale = TRUE;
857 			RPCGSS_LOG0(1,
858 			    "_svc_rpcsec_gss:set response verifier failed\n");
859 			goto error2;
860 		}
861 	}
862 
863 	if (!svc_sendreply(rqst->rq_xprt, __xdr_rpc_gss_init_res,
864 	    (caddr_t)&call_res)) {
865 		ret = RPCSEC_GSS_FAILED;
866 		client_data->stale = TRUE;
867 		RPCGSS_LOG0(1, "_svc_rpcsec_gss:send reply failed\n");
868 		goto error2;
869 	}
870 
871 	/*
872 	 * Cache last response in case it is lost and the client
873 	 * retries on an established context.
874 	 */
875 	(void) retrans_add(client_data, msg->rm_xid, &call_res);
876 	ASSERT(client_data->ref_cnt > 0);
877 	client_data->ref_cnt--;
878 	mutex_exit(&client_data->clm);
879 
880 	(void) gss_release_buffer(&minor_stat, &output_token);
881 
882 	return (AUTH_OK);
883 
884 error2:
885 	ASSERT(client_data->ref_cnt > 0);
886 	client_data->ref_cnt--;
887 	mutex_exit(&client_data->clm);
888 	(void) gss_release_buffer(&minor_stat, &output_token);
889 	if (free_mech_type && mech_type)
890 		kgss_free_oid(mech_type);
891 
892 	return (ret);
893 }
894 
895 static void
svcrpcsec_gss_taskq_func(void * svcrpcsecgss_taskq_arg)896 svcrpcsec_gss_taskq_func(void *svcrpcsecgss_taskq_arg)
897 {
898 	enum auth_stat retval;
899 	svcrpcsec_gss_taskq_arg_t *arg = svcrpcsecgss_taskq_arg;
900 
901 	retval = do_gss_accept(arg->rq_xprt, arg->rpc_call_arg, arg->msg,
902 	    arg->client_data, arg->cr_version, arg->cr_service);
903 	if (retval != AUTH_OK) {
904 		cmn_err(CE_NOTE,
905 		    "svcrpcsec_gss_taskq_func:  do_gss_accept fail 0x%x",
906 		    retval);
907 	}
908 	rpc_msg_free(&arg->msg, MAX_AUTH_BYTES);
909 	SVC_RELE(arg->rq_xprt, NULL, FALSE);
910 	svc_clone_unlink(arg->rq_xprt);
911 	svc_clone_free(arg->rq_xprt);
912 	xdr_free(__xdr_rpc_gss_init_arg, (caddr_t)arg->rpc_call_arg);
913 	kmem_free(arg->rpc_call_arg, sizeof (*arg->rpc_call_arg));
914 
915 	kmem_free(arg, sizeof (*arg));
916 }
917 
918 static enum auth_stat
rpcsec_gss_init(struct svc_req * rqst,struct rpc_msg * msg,rpc_gss_creds creds,bool_t * no_dispatch,svc_rpc_gss_data * c_d)919 rpcsec_gss_init(
920 	struct svc_req		*rqst,
921 	struct rpc_msg		*msg,
922 	rpc_gss_creds		creds,
923 	bool_t			*no_dispatch,
924 	svc_rpc_gss_data	*c_d) /* client data, can be NULL */
925 {
926 	svc_rpc_gss_data	*client_data;
927 	int ret;
928 	svcrpcsec_gss_taskq_arg_t *arg;
929 
930 	if (creds.ctx_handle.length != 0) {
931 		RPCGSS_LOG0(1, "_svcrpcsec_gss: ctx_handle not null\n");
932 		ret = AUTH_BADCRED;
933 		return (ret);
934 	}
935 
936 	client_data = c_d ? c_d : create_client();
937 	if (client_data == NULL) {
938 		RPCGSS_LOG0(1,
939 		    "_svcrpcsec_gss: can't create a new cache entry\n");
940 		ret = AUTH_FAILED;
941 		return (ret);
942 	}
943 
944 	mutex_enter(&client_data->clm);
945 	if (client_data->stale) {
946 		ret = RPCSEC_GSS_NOCRED;
947 		RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
948 		goto error2;
949 	}
950 
951 	/*
952 	 * kgss_accept_sec_context()/gssd(1M) can be overly time
953 	 * consuming so let's queue it and return asap.
954 	 *
955 	 * taskq func must free arg.
956 	 */
957 	arg = kmem_alloc(sizeof (*arg), KM_SLEEP);
958 
959 	/* taskq func must free rpc_call_arg & deserialized arguments */
960 	arg->rpc_call_arg = kmem_zalloc(sizeof (*arg->rpc_call_arg), KM_SLEEP);
961 
962 	/* deserialize arguments */
963 	if (!SVC_GETARGS(rqst->rq_xprt, __xdr_rpc_gss_init_arg,
964 	    (caddr_t)arg->rpc_call_arg)) {
965 		ret = RPCSEC_GSS_FAILED;
966 		client_data->stale = TRUE;
967 		goto error2;
968 	}
969 
970 	/* get a xprt clone for taskq thread, taskq func must free it */
971 	arg->rq_xprt = svc_clone_init();
972 	svc_clone_link(rqst->rq_xprt->xp_master, arg->rq_xprt, rqst->rq_xprt);
973 	arg->rq_xprt->xp_xid = rqst->rq_xprt->xp_xid;
974 
975 	/*
976 	 * Increment the reference count on the rpcmod slot so that is not
977 	 * freed before the task has finished.
978 	 */
979 	SVC_HOLD(arg->rq_xprt);
980 
981 	/* set the appropriate wrap/unwrap routine for RPCSEC_GSS */
982 	arg->rq_xprt->xp_auth.svc_ah_ops = svc_rpc_gss_ops;
983 	arg->rq_xprt->xp_auth.svc_ah_private = (caddr_t)client_data;
984 
985 	/* get a dup of rpc msg for taskq thread */
986 	arg->msg = rpc_msg_dup(msg);  /* taskq func must free msg dup */
987 
988 	arg->client_data = client_data;
989 	arg->cr_version = creds.version;
990 	arg->cr_service = creds.service;
991 
992 	/* should be ok to hold clm lock as taskq will have new thread(s) */
993 	ret = ddi_taskq_dispatch(svcrpcsec_gss_init_taskq,
994 	    svcrpcsec_gss_taskq_func, arg, DDI_SLEEP);
995 	if (ret == DDI_FAILURE) {
996 		cmn_err(CE_NOTE, "rpcsec_gss_init: taskq dispatch fail");
997 		ret = RPCSEC_GSS_FAILED;
998 		rpc_msg_free(&arg->msg, MAX_AUTH_BYTES);
999 		SVC_RELE(arg->rq_xprt, NULL, FALSE);
1000 		svc_clone_unlink(arg->rq_xprt);
1001 		svc_clone_free(arg->rq_xprt);
1002 		kmem_free(arg, sizeof (*arg));
1003 		goto error2;
1004 	}
1005 
1006 	mutex_exit(&client_data->clm);
1007 	*no_dispatch = TRUE;
1008 	return (AUTH_OK);
1009 
1010 error2:
1011 	ASSERT(client_data->ref_cnt > 0);
1012 	client_data->ref_cnt--;
1013 	mutex_exit(&client_data->clm);
1014 	cmn_err(CE_NOTE, "rpcsec_gss_init: error 0x%x", ret);
1015 	return (ret);
1016 }
1017 
1018 static enum auth_stat
rpcsec_gss_continue_init(struct svc_req * rqst,struct rpc_msg * msg,rpc_gss_creds creds,bool_t * no_dispatch)1019 rpcsec_gss_continue_init(
1020 	struct svc_req		*rqst,
1021 	struct rpc_msg		*msg,
1022 	rpc_gss_creds		creds,
1023 	bool_t			*no_dispatch)
1024 {
1025 	int ret;
1026 	svc_rpc_gss_data	*client_data;
1027 	svc_rpc_gss_parms_t	*gss_parms;
1028 	rpc_gss_init_res	*retrans_result;
1029 
1030 	if (creds.ctx_handle.length == 0) {
1031 		RPCGSS_LOG0(1, "_svcrpcsec_gss: no ctx_handle\n");
1032 		ret = AUTH_BADCRED;
1033 		return (ret);
1034 	}
1035 	if ((client_data = get_client(&creds.ctx_handle)) == NULL) {
1036 		ret = RPCSEC_GSS_NOCRED;
1037 		RPCGSS_LOG0(1, "_svcrpcsec_gss: no security context\n");
1038 		return (ret);
1039 	}
1040 
1041 	mutex_enter(&client_data->clm);
1042 	if (client_data->stale) {
1043 		ret = RPCSEC_GSS_NOCRED;
1044 		RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
1045 		goto error2;
1046 	}
1047 
1048 	/*
1049 	 * If context not established, go thru INIT code but with
1050 	 * this client handle.
1051 	 */
1052 	if (!client_data->established) {
1053 		mutex_exit(&client_data->clm);
1054 		return (rpcsec_gss_init(rqst, msg, creds, no_dispatch,
1055 		    client_data));
1056 	}
1057 
1058 	/*
1059 	 * Set the appropriate wrap/unwrap routine for RPCSEC_GSS.
1060 	 */
1061 	rqst->rq_xprt->xp_auth.svc_ah_ops = svc_rpc_gss_ops;
1062 	rqst->rq_xprt->xp_auth.svc_ah_private = (caddr_t)client_data;
1063 
1064 	/*
1065 	 * Keep copy of parameters we'll need for response, for the
1066 	 * sake of reentrancy (we don't want to look in the context
1067 	 * data because when we are sending a response, another
1068 	 * request may have come in).
1069 	 */
1070 	gss_parms = &rqst->rq_xprt->xp_auth.svc_gss_parms;
1071 	gss_parms->established = client_data->established;
1072 	gss_parms->service = creds.service;
1073 	gss_parms->qop_rcvd = (uint_t)client_data->qop;
1074 	gss_parms->context = (void *)client_data->context;
1075 	gss_parms->seq_num = creds.seq_num;
1076 
1077 	/*
1078 	 * This is an established context. Continue to
1079 	 * satisfy retried continue init requests out of
1080 	 * the retransmit cache.  Throw away any that don't
1081 	 * have a matching xid or the cach is empty.
1082 	 * Delete the retransmit cache once the client sends
1083 	 * a data request.
1084 	 */
1085 	if (client_data->retrans_data &&
1086 	    (client_data->retrans_data->xid == msg->rm_xid)) {
1087 		retrans_result = &client_data->retrans_data->result;
1088 		if (set_response_verf(rqst, msg, client_data,
1089 		    (uint_t)retrans_result->seq_window)) {
1090 			gss_parms->established = FALSE;
1091 			(void) svc_sendreply(rqst->rq_xprt,
1092 			    __xdr_rpc_gss_init_res, (caddr_t)retrans_result);
1093 			*no_dispatch = TRUE;
1094 			ASSERT(client_data->ref_cnt > 0);
1095 			client_data->ref_cnt--;
1096 		}
1097 	}
1098 	mutex_exit(&client_data->clm);
1099 
1100 	return (AUTH_OK);
1101 
1102 error2:
1103 	ASSERT(client_data->ref_cnt > 0);
1104 	client_data->ref_cnt--;
1105 	mutex_exit(&client_data->clm);
1106 	return (ret);
1107 }
1108 
1109 static enum auth_stat
rpcsec_gss_data(struct svc_req * rqst,struct rpc_msg * msg,rpc_gss_creds creds,bool_t * no_dispatch)1110 rpcsec_gss_data(
1111 	struct svc_req		*rqst,
1112 	struct rpc_msg		*msg,
1113 	rpc_gss_creds		creds,
1114 	bool_t			*no_dispatch)
1115 {
1116 	int ret;
1117 	svc_rpc_gss_parms_t	*gss_parms;
1118 	svc_rpc_gss_data	*client_data;
1119 
1120 	switch (creds.service) {
1121 	case rpc_gss_svc_none:
1122 	case rpc_gss_svc_integrity:
1123 	case rpc_gss_svc_privacy:
1124 		break;
1125 	default:
1126 		cmn_err(CE_NOTE, "__svcrpcsec_gss: unknown service type=0x%x",
1127 		    creds.service);
1128 		RPCGSS_LOG(1, "_svcrpcsec_gss: unknown service type: 0x%x\n",
1129 		    creds.service);
1130 		ret = AUTH_BADCRED;
1131 		return (ret);
1132 	}
1133 
1134 	if (creds.ctx_handle.length == 0) {
1135 		RPCGSS_LOG0(1, "_svcrpcsec_gss: no ctx_handle\n");
1136 		ret = AUTH_BADCRED;
1137 		return (ret);
1138 	}
1139 	if ((client_data = get_client(&creds.ctx_handle)) == NULL) {
1140 		ret = RPCSEC_GSS_NOCRED;
1141 		RPCGSS_LOG0(1, "_svcrpcsec_gss: no security context\n");
1142 		return (ret);
1143 	}
1144 
1145 
1146 	mutex_enter(&client_data->clm);
1147 	if (!client_data->established) {
1148 		ret = AUTH_FAILED;
1149 		goto error2;
1150 	}
1151 	if (client_data->stale) {
1152 		ret = RPCSEC_GSS_NOCRED;
1153 		RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
1154 		goto error2;
1155 	}
1156 
1157 	/*
1158 	 * Once the context is established and there is no more
1159 	 * retransmission of last continue init request, it is safe
1160 	 * to delete the retransmit cache entry.
1161 	 */
1162 	if (client_data->retrans_data)
1163 		retrans_del(client_data);
1164 
1165 	/*
1166 	 * Set the appropriate wrap/unwrap routine for RPCSEC_GSS.
1167 	 */
1168 	rqst->rq_xprt->xp_auth.svc_ah_ops = svc_rpc_gss_ops;
1169 	rqst->rq_xprt->xp_auth.svc_ah_private = (caddr_t)client_data;
1170 
1171 	/*
1172 	 * Keep copy of parameters we'll need for response, for the
1173 	 * sake of reentrancy (we don't want to look in the context
1174 	 * data because when we are sending a response, another
1175 	 * request may have come in).
1176 	 */
1177 	gss_parms = &rqst->rq_xprt->xp_auth.svc_gss_parms;
1178 	gss_parms->established = client_data->established;
1179 	gss_parms->service = creds.service;
1180 	gss_parms->qop_rcvd = (uint_t)client_data->qop;
1181 	gss_parms->context = (void *)client_data->context;
1182 	gss_parms->seq_num = creds.seq_num;
1183 
1184 	/*
1185 	 * Context is already established.  Check verifier, and
1186 	 * note parameters we will need for response in gss_parms.
1187 	 */
1188 	if (!check_verf(msg, client_data->context,
1189 	    (int *)&gss_parms->qop_rcvd, client_data->u_cred.uid)) {
1190 		ret = RPCSEC_GSS_NOCRED;
1191 		RPCGSS_LOG0(1, "_svcrpcsec_gss: check verf failed\n");
1192 		goto error2;
1193 	}
1194 
1195 	/*
1196 	 *  Check and invoke callback if necessary.
1197 	 */
1198 	if (!client_data->done_docallback) {
1199 		client_data->done_docallback = TRUE;
1200 		client_data->qop = gss_parms->qop_rcvd;
1201 		client_data->raw_cred.qop = gss_parms->qop_rcvd;
1202 		client_data->raw_cred.service = creds.service;
1203 		if (!do_callback(rqst, client_data)) {
1204 			ret = AUTH_FAILED;
1205 			RPCGSS_LOG0(1, "_svc_rpcsec_gss:callback failed\n");
1206 			goto error2;
1207 		}
1208 	}
1209 
1210 	/*
1211 	 * If the context was locked, make sure that the client
1212 	 * has not changed QOP.
1213 	 */
1214 	if (client_data->locked && gss_parms->qop_rcvd != client_data->qop) {
1215 		ret = AUTH_BADVERF;
1216 		RPCGSS_LOG0(1, "_svcrpcsec_gss: can not change qop\n");
1217 		goto error2;
1218 	}
1219 
1220 	/*
1221 	 * Validate sequence number.
1222 	 */
1223 	if (!check_seq(client_data, creds.seq_num, &client_data->stale)) {
1224 		if (client_data->stale) {
1225 			ret = RPCSEC_GSS_FAILED;
1226 			RPCGSS_LOG0(1,
1227 			    "_svc_rpcsec_gss:check seq failed\n");
1228 		} else {
1229 			RPCGSS_LOG0(4, "_svc_rpcsec_gss:check seq "
1230 			    "failed on good context. Ignoring "
1231 			    "request\n");
1232 			/*
1233 			 * Operational error, drop packet silently.
1234 			 * The client will recover after timing out,
1235 			 * assuming this is a client error and not
1236 			 * a relpay attack.  Don't dispatch.
1237 			 */
1238 			ret = AUTH_OK;
1239 			*no_dispatch = TRUE;
1240 		}
1241 		goto error2;
1242 	}
1243 
1244 	/*
1245 	 * set response verifier
1246 	 */
1247 	if (!set_response_verf(rqst, msg, client_data, creds.seq_num)) {
1248 		ret = RPCSEC_GSS_FAILED;
1249 		client_data->stale = TRUE;
1250 		RPCGSS_LOG0(1,
1251 		    "_svc_rpcsec_gss:set response verifier failed\n");
1252 		goto error2;
1253 	}
1254 
1255 	/*
1256 	 * If context is locked, make sure that the client
1257 	 * has not changed the security service.
1258 	 */
1259 	if (client_data->locked &&
1260 	    client_data->raw_cred.service != creds.service) {
1261 		RPCGSS_LOG0(1, "_svc_rpcsec_gss: "
1262 		    "security service changed.\n");
1263 		ret = AUTH_FAILED;
1264 		goto error2;
1265 	}
1266 
1267 	/*
1268 	 * Set client credentials to raw credential
1269 	 * structure in context.  This is okay, since
1270 	 * this will not change during the lifetime of
1271 	 * the context (so it's MT safe).
1272 	 */
1273 	rqst->rq_clntcred = (char *)&client_data->raw_cred;
1274 
1275 	mutex_exit(&client_data->clm);
1276 	return (AUTH_OK);
1277 
1278 error2:
1279 	ASSERT(client_data->ref_cnt > 0);
1280 	client_data->ref_cnt--;
1281 	mutex_exit(&client_data->clm);
1282 	return (ret);
1283 }
1284 
1285 /*
1286  * Note we don't have a client yet to use this routine and test it.
1287  */
1288 static enum auth_stat
rpcsec_gss_destroy(struct svc_req * rqst,rpc_gss_creds creds,bool_t * no_dispatch)1289 rpcsec_gss_destroy(
1290 	struct svc_req		*rqst,
1291 	rpc_gss_creds		creds,
1292 	bool_t			*no_dispatch)
1293 {
1294 	svc_rpc_gss_data	*client_data;
1295 	int ret;
1296 
1297 	if (creds.ctx_handle.length == 0) {
1298 		RPCGSS_LOG0(1, "_svcrpcsec_gss: no ctx_handle\n");
1299 		ret = AUTH_BADCRED;
1300 		return (ret);
1301 	}
1302 	if ((client_data = get_client(&creds.ctx_handle)) == NULL) {
1303 		ret = RPCSEC_GSS_NOCRED;
1304 		RPCGSS_LOG0(1, "_svcrpcsec_gss: no security context\n");
1305 		return (ret);
1306 	}
1307 
1308 	mutex_enter(&client_data->clm);
1309 	if (!client_data->established) {
1310 		ret = AUTH_FAILED;
1311 		goto error2;
1312 	}
1313 	if (client_data->stale) {
1314 		ret = RPCSEC_GSS_NOCRED;
1315 		RPCGSS_LOG0(1, "_svcrpcsec_gss: client data stale\n");
1316 		goto error2;
1317 	}
1318 
1319 	(void) svc_sendreply(rqst->rq_xprt, xdr_void, NULL);
1320 	*no_dispatch = TRUE;
1321 	ASSERT(client_data->ref_cnt > 0);
1322 	client_data->ref_cnt--;
1323 	client_data->stale = TRUE;
1324 	mutex_exit(&client_data->clm);
1325 	return (AUTH_OK);
1326 
1327 error2:
1328 	ASSERT(client_data->ref_cnt > 0);
1329 	client_data->ref_cnt--;
1330 	client_data->stale = TRUE;
1331 	mutex_exit(&client_data->clm);
1332 	return (ret);
1333 }
1334 
1335 /*
1336  * Server side authentication for RPCSEC_GSS.
1337  */
1338 enum auth_stat
__svcrpcsec_gss(struct svc_req * rqst,struct rpc_msg * msg,bool_t * no_dispatch)1339 __svcrpcsec_gss(
1340 	struct svc_req		*rqst,
1341 	struct rpc_msg		*msg,
1342 	bool_t			*no_dispatch)
1343 {
1344 	XDR			xdrs;
1345 	rpc_gss_creds		creds;
1346 	struct opaque_auth	*cred;
1347 	int			ret;
1348 
1349 	*no_dispatch = FALSE;
1350 
1351 	/*
1352 	 * Initialize response verifier to NULL verifier.  If
1353 	 * necessary, this will be changed later.
1354 	 */
1355 	rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NONE;
1356 	rqst->rq_xprt->xp_verf.oa_base = NULL;
1357 	rqst->rq_xprt->xp_verf.oa_length = 0;
1358 
1359 	/*
1360 	 * Pull out and check credential and verifier.
1361 	 */
1362 	cred = &msg->rm_call.cb_cred;
1363 
1364 	if (cred->oa_length == 0) {
1365 		RPCGSS_LOG0(1, "_svcrpcsec_gss: zero length cred\n");
1366 		return (AUTH_BADCRED);
1367 	}
1368 
1369 	xdrmem_create(&xdrs, cred->oa_base, cred->oa_length, XDR_DECODE);
1370 	bzero((char *)&creds, sizeof (creds));
1371 	if (!__xdr_rpc_gss_creds(&xdrs, &creds)) {
1372 		XDR_DESTROY(&xdrs);
1373 		RPCGSS_LOG0(1, "_svcrpcsec_gss: can't decode creds\n");
1374 		ret = AUTH_BADCRED;
1375 		return (AUTH_BADCRED);
1376 	}
1377 	XDR_DESTROY(&xdrs);
1378 
1379 	switch (creds.gss_proc) {
1380 	case RPCSEC_GSS_INIT:
1381 		ret = rpcsec_gss_init(rqst, msg, creds, no_dispatch, NULL);
1382 		break;
1383 	case RPCSEC_GSS_CONTINUE_INIT:
1384 		ret = rpcsec_gss_continue_init(rqst, msg, creds, no_dispatch);
1385 		break;
1386 	case RPCSEC_GSS_DATA:
1387 		ret = rpcsec_gss_data(rqst, msg, creds, no_dispatch);
1388 		break;
1389 	case RPCSEC_GSS_DESTROY:
1390 		ret = rpcsec_gss_destroy(rqst, creds, no_dispatch);
1391 		break;
1392 	default:
1393 		cmn_err(CE_NOTE, "__svcrpcsec_gss: bad proc=%d",
1394 		    creds.gss_proc);
1395 		ret = AUTH_BADCRED;
1396 	}
1397 
1398 	if (creds.ctx_handle.length != 0)
1399 		xdr_free(__xdr_rpc_gss_creds, (caddr_t)&creds);
1400 	return (ret);
1401 }
1402 
1403 /*
1404  * Check verifier.  The verifier is the checksum of the RPC header
1405  * upto and including the credentials field.
1406  */
1407 
1408 /* ARGSUSED */
1409 static bool_t
check_verf(struct rpc_msg * msg,gss_ctx_id_t context,int * qop_state,uid_t uid)1410 check_verf(struct rpc_msg *msg, gss_ctx_id_t context, int *qop_state, uid_t uid)
1411 {
1412 	int			*buf, *tmp;
1413 	char			hdr[128];
1414 	struct opaque_auth	*oa;
1415 	int			len;
1416 	gss_buffer_desc		msg_buf;
1417 	gss_buffer_desc		tok_buf;
1418 	OM_uint32		gssstat, minor_stat;
1419 
1420 	/*
1421 	 * We have to reconstruct the RPC header from the previously
1422 	 * parsed information, since we haven't kept the header intact.
1423 	 */
1424 
1425 	oa = &msg->rm_call.cb_cred;
1426 	if (oa->oa_length > MAX_AUTH_BYTES)
1427 		return (FALSE);
1428 
1429 	/* 8 XDR units from the IXDR macro calls. */
1430 	if (sizeof (hdr) < (8 * BYTES_PER_XDR_UNIT +
1431 	    RNDUP(oa->oa_length)))
1432 		return (FALSE);
1433 	buf = (int *)hdr;
1434 	IXDR_PUT_U_INT32(buf, msg->rm_xid);
1435 	IXDR_PUT_ENUM(buf, msg->rm_direction);
1436 	IXDR_PUT_U_INT32(buf, msg->rm_call.cb_rpcvers);
1437 	IXDR_PUT_U_INT32(buf, msg->rm_call.cb_prog);
1438 	IXDR_PUT_U_INT32(buf, msg->rm_call.cb_vers);
1439 	IXDR_PUT_U_INT32(buf, msg->rm_call.cb_proc);
1440 	IXDR_PUT_ENUM(buf, oa->oa_flavor);
1441 	IXDR_PUT_U_INT32(buf, oa->oa_length);
1442 	if (oa->oa_length) {
1443 		len = RNDUP(oa->oa_length);
1444 		tmp = buf;
1445 		buf += len / sizeof (int);
1446 		*(buf - 1) = 0;
1447 		(void) bcopy(oa->oa_base, (caddr_t)tmp, oa->oa_length);
1448 	}
1449 	len = ((char *)buf) - hdr;
1450 	msg_buf.length = len;
1451 	msg_buf.value = hdr;
1452 	oa = &msg->rm_call.cb_verf;
1453 	tok_buf.length = oa->oa_length;
1454 	tok_buf.value = oa->oa_base;
1455 
1456 	gssstat = kgss_verify(&minor_stat, context, &msg_buf, &tok_buf,
1457 	    qop_state);
1458 	if (gssstat != GSS_S_COMPLETE) {
1459 		RPCGSS_LOG(1, "check_verf: kgss_verify status 0x%x\n", gssstat);
1460 
1461 		RPCGSS_LOG(4, "check_verf: msg_buf length %d\n", len);
1462 		RPCGSS_LOG(4, "check_verf: msg_buf value 0x%x\n", *(int *)hdr);
1463 		RPCGSS_LOG(4, "check_verf: tok_buf length %ld\n",
1464 		    tok_buf.length);
1465 		RPCGSS_LOG(4, "check_verf: tok_buf value 0x%p\n",
1466 		    (void *)oa->oa_base);
1467 		RPCGSS_LOG(4, "check_verf: context 0x%p\n", (void *)context);
1468 
1469 		return (FALSE);
1470 	}
1471 	return (TRUE);
1472 }
1473 
1474 
1475 /*
1476  * Set response verifier.  This is the checksum of the given number.
1477  * (e.g. sequence number or sequence window)
1478  */
1479 static bool_t
set_response_verf(struct svc_req * rqst,struct rpc_msg * msg,svc_rpc_gss_data * cl,uint_t num)1480 set_response_verf(struct svc_req *rqst, struct rpc_msg *msg,
1481     svc_rpc_gss_data *cl, uint_t num)
1482 {
1483 	OM_uint32		minor;
1484 	gss_buffer_desc		in_buf, out_buf;
1485 	uint_t			num_net;
1486 
1487 	num_net = (uint_t)htonl(num);
1488 	in_buf.length = sizeof (num);
1489 	in_buf.value = (char *)&num_net;
1490 /* XXX uid ? */
1491 
1492 	if ((kgss_sign(&minor, cl->context, cl->qop, &in_buf, &out_buf))
1493 	    != GSS_S_COMPLETE)
1494 		return (FALSE);
1495 
1496 	rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
1497 	rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
1498 	rqst->rq_xprt->xp_verf.oa_length = out_buf.length;
1499 	bcopy(out_buf.value, rqst->rq_xprt->xp_verf.oa_base, out_buf.length);
1500 	(void) gss_release_buffer(&minor, &out_buf);
1501 	return (TRUE);
1502 }
1503 
1504 /*
1505  * Create client context.
1506  */
1507 static svc_rpc_gss_data *
create_client()1508 create_client()
1509 {
1510 	svc_rpc_gss_data	*client_data;
1511 	static uint_t		key = 1;
1512 
1513 	client_data = (svc_rpc_gss_data *) kmem_cache_alloc(svc_data_handle,
1514 	    KM_SLEEP);
1515 	if (client_data == NULL)
1516 		return (NULL);
1517 
1518 	/*
1519 	 * set up client data structure
1520 	 */
1521 	client_data->next = NULL;
1522 	client_data->prev = NULL;
1523 	client_data->lru_next = NULL;
1524 	client_data->lru_prev = NULL;
1525 	client_data->client_name.length = 0;
1526 	client_data->client_name.value = NULL;
1527 	client_data->seq_num = 0;
1528 	bzero(client_data->seq_bits, sizeof (client_data->seq_bits));
1529 	client_data->key = 0;
1530 	client_data->cookie = NULL;
1531 	bzero(&client_data->u_cred, sizeof (client_data->u_cred));
1532 	client_data->established = FALSE;
1533 	client_data->locked = FALSE;
1534 	client_data->u_cred_set = 0;
1535 	client_data->context = GSS_C_NO_CONTEXT;
1536 	client_data->expiration = GSS_C_INDEFINITE;
1537 	client_data->deleg = GSS_C_NO_CREDENTIAL;
1538 	client_data->ref_cnt = 1;
1539 	client_data->last_ref_time = gethrestime_sec();
1540 	client_data->qop = GSS_C_QOP_DEFAULT;
1541 	client_data->done_docallback = FALSE;
1542 	client_data->stale = FALSE;
1543 	client_data->retrans_data = NULL;
1544 	bzero(&client_data->raw_cred, sizeof (client_data->raw_cred));
1545 
1546 	/*
1547 	 * The client context handle is a 32-bit key (unsigned int).
1548 	 * The key is incremented until there is no duplicate for it.
1549 	 */
1550 
1551 	svc_rpc_gss_cache_stats.total_entries_allocated++;
1552 	mutex_enter(&ctx_mutex);
1553 	for (;;) {
1554 		client_data->key = key++;
1555 		if (find_client(client_data->key) == NULL) {
1556 			insert_client(client_data);
1557 			mutex_exit(&ctx_mutex);
1558 			return (client_data);
1559 		}
1560 	}
1561 	/*NOTREACHED*/
1562 }
1563 
1564 /*
1565  * Insert client context into hash list and LRU list.
1566  */
1567 static void
insert_client(svc_rpc_gss_data * client_data)1568 insert_client(svc_rpc_gss_data *client_data)
1569 {
1570 	svc_rpc_gss_data	*cl;
1571 	int			index = HASH(client_data->key);
1572 
1573 	ASSERT(mutex_owned(&ctx_mutex));
1574 
1575 	client_data->prev = NULL;
1576 	cl = clients[index];
1577 	if ((client_data->next = cl) != NULL)
1578 		cl->prev = client_data;
1579 	clients[index] = client_data;
1580 
1581 	client_data->lru_prev = NULL;
1582 	if ((client_data->lru_next = lru_first) != NULL)
1583 		lru_first->lru_prev = client_data;
1584 	else
1585 		lru_last = client_data;
1586 	lru_first = client_data;
1587 
1588 	num_gss_contexts++;
1589 }
1590 
1591 /*
1592  * Fetch a client, given the client context handle.  Move it to the
1593  * top of the LRU list since this is the most recently used context.
1594  */
1595 static svc_rpc_gss_data *
get_client(gss_buffer_t ctx_handle)1596 get_client(gss_buffer_t ctx_handle)
1597 {
1598 	uint_t			key = *(uint_t *)ctx_handle->value;
1599 	svc_rpc_gss_data	*cl;
1600 
1601 	mutex_enter(&ctx_mutex);
1602 	if ((cl = find_client(key)) != NULL) {
1603 		mutex_enter(&cl->clm);
1604 		if (cl->stale) {
1605 			if (cl->ref_cnt == 0) {
1606 				mutex_exit(&cl->clm);
1607 				destroy_client(cl);
1608 			} else {
1609 				mutex_exit(&cl->clm);
1610 			}
1611 			mutex_exit(&ctx_mutex);
1612 			return (NULL);
1613 		}
1614 		cl->ref_cnt++;
1615 		cl->last_ref_time = gethrestime_sec();
1616 		mutex_exit(&cl->clm);
1617 		if (cl != lru_first) {
1618 			cl->lru_prev->lru_next = cl->lru_next;
1619 			if (cl->lru_next != NULL)
1620 				cl->lru_next->lru_prev = cl->lru_prev;
1621 			else
1622 				lru_last = cl->lru_prev;
1623 			cl->lru_prev = NULL;
1624 			cl->lru_next = lru_first;
1625 			lru_first->lru_prev = cl;
1626 			lru_first = cl;
1627 		}
1628 	}
1629 	mutex_exit(&ctx_mutex);
1630 	return (cl);
1631 }
1632 
1633 /*
1634  * Given the client context handle, find the context corresponding to it.
1635  * Don't change its LRU state since it may not be used.
1636  */
1637 static svc_rpc_gss_data *
find_client(uint_t key)1638 find_client(uint_t key)
1639 {
1640 	int			index = HASH(key);
1641 	svc_rpc_gss_data	*cl = NULL;
1642 
1643 	ASSERT(mutex_owned(&ctx_mutex));
1644 
1645 	for (cl = clients[index]; cl != NULL; cl = cl->next) {
1646 		if (cl->key == key)
1647 			break;
1648 	}
1649 	return (cl);
1650 }
1651 
1652 /*
1653  * Destroy a client context.
1654  */
1655 static void
destroy_client(svc_rpc_gss_data * client_data)1656 destroy_client(svc_rpc_gss_data *client_data)
1657 {
1658 	OM_uint32		minor;
1659 	int			index = HASH(client_data->key);
1660 
1661 	ASSERT(mutex_owned(&ctx_mutex));
1662 
1663 	/*
1664 	 * remove from hash list
1665 	 */
1666 	if (client_data->prev == NULL)
1667 		clients[index] = client_data->next;
1668 	else
1669 		client_data->prev->next = client_data->next;
1670 	if (client_data->next != NULL)
1671 		client_data->next->prev = client_data->prev;
1672 
1673 	/*
1674 	 * remove from LRU list
1675 	 */
1676 	if (client_data->lru_prev == NULL)
1677 		lru_first = client_data->lru_next;
1678 	else
1679 		client_data->lru_prev->lru_next = client_data->lru_next;
1680 	if (client_data->lru_next != NULL)
1681 		client_data->lru_next->lru_prev = client_data->lru_prev;
1682 	else
1683 		lru_last = client_data->lru_prev;
1684 
1685 	/*
1686 	 * If there is a GSS context, clean up GSS state.
1687 	 */
1688 	if (client_data->context != GSS_C_NO_CONTEXT) {
1689 		(void) kgss_delete_sec_context(&minor, &client_data->context,
1690 		    NULL);
1691 
1692 		common_client_data_free(client_data);
1693 
1694 		if (client_data->deleg != GSS_C_NO_CREDENTIAL) {
1695 			(void) kgss_release_cred(&minor, &client_data->deleg,
1696 			    crgetuid(CRED()));
1697 		}
1698 	}
1699 
1700 	if (client_data->u_cred.gidlist != NULL) {
1701 		kmem_free((char *)client_data->u_cred.gidlist,
1702 		    client_data->u_cred.gidlen * sizeof (gid_t));
1703 		client_data->u_cred.gidlist = NULL;
1704 	}
1705 	if (client_data->retrans_data != NULL)
1706 		retrans_del(client_data);
1707 
1708 	kmem_cache_free(svc_data_handle, client_data);
1709 	num_gss_contexts--;
1710 }
1711 
1712 /*
1713  * Check for expired and stale client contexts.
1714  */
1715 static void
sweep_clients(bool_t from_reclaim)1716 sweep_clients(bool_t from_reclaim)
1717 {
1718 	svc_rpc_gss_data	*cl, *next;
1719 	time_t			last_reference_needed;
1720 	time_t			now = gethrestime_sec();
1721 
1722 	ASSERT(mutex_owned(&ctx_mutex));
1723 
1724 	last_reference_needed = now - (from_reclaim ?
1725 	    svc_rpc_gss_active_delta : svc_rpc_gss_inactive_delta);
1726 
1727 	cl = lru_last;
1728 	while (cl) {
1729 		/*
1730 		 * We assume here that any manipulation of the LRU pointers
1731 		 * and hash bucket pointers are only done when holding the
1732 		 * ctx_mutex.
1733 		 */
1734 		next = cl->lru_prev;
1735 
1736 		mutex_enter(&cl->clm);
1737 
1738 		if ((cl->expiration != GSS_C_INDEFINITE &&
1739 		    cl->expiration <= now) || cl->stale ||
1740 		    cl->last_ref_time <= last_reference_needed) {
1741 
1742 			if ((cl->expiration != GSS_C_INDEFINITE &&
1743 			    cl->expiration <= now) || cl->stale ||
1744 			    (cl->last_ref_time <= last_reference_needed &&
1745 			    cl->ref_cnt == 0)) {
1746 
1747 				cl->stale = TRUE;
1748 
1749 				if (cl->ref_cnt == 0) {
1750 					mutex_exit(&cl->clm);
1751 					if (from_reclaim)
1752 						svc_rpc_gss_cache_stats.
1753 						    no_returned_by_reclaim++;
1754 					destroy_client(cl);
1755 				} else
1756 					mutex_exit(&cl->clm);
1757 			} else
1758 				mutex_exit(&cl->clm);
1759 		} else
1760 			mutex_exit(&cl->clm);
1761 
1762 		cl = next;
1763 	}
1764 
1765 	last_swept = gethrestime_sec();
1766 }
1767 
1768 /*
1769  * Encrypt the serialized arguments from xdr_func applied to xdr_ptr
1770  * and write the result to xdrs.
1771  */
1772 static bool_t
svc_rpc_gss_wrap(SVCAUTH * auth,XDR * out_xdrs,bool_t (* xdr_func)(),caddr_t xdr_ptr)1773 svc_rpc_gss_wrap(SVCAUTH *auth, XDR *out_xdrs, bool_t (*xdr_func)(),
1774     caddr_t xdr_ptr)
1775 {
1776 	svc_rpc_gss_parms_t	*gss_parms = SVCAUTH_GSSPARMS(auth);
1777 	bool_t ret;
1778 
1779 	/*
1780 	 * If context is not established, or if neither integrity nor
1781 	 * privacy service is used, don't wrap - just XDR encode.
1782 	 * Otherwise, wrap data using service and QOP parameters.
1783 	 */
1784 	if (!gss_parms->established || gss_parms->service == rpc_gss_svc_none)
1785 		return ((*xdr_func)(out_xdrs, xdr_ptr));
1786 
1787 	ret = __rpc_gss_wrap_data(gss_parms->service,
1788 	    (OM_uint32)gss_parms->qop_rcvd,
1789 	    (gss_ctx_id_t)gss_parms->context,
1790 	    gss_parms->seq_num,
1791 	    out_xdrs, xdr_func, xdr_ptr);
1792 	return (ret);
1793 }
1794 
1795 /*
1796  * Decrypt the serialized arguments and XDR decode them.
1797  */
1798 static bool_t
svc_rpc_gss_unwrap(SVCAUTH * auth,XDR * in_xdrs,bool_t (* xdr_func)(),caddr_t xdr_ptr)1799 svc_rpc_gss_unwrap(SVCAUTH *auth, XDR *in_xdrs, bool_t (*xdr_func)(),
1800     caddr_t xdr_ptr)
1801 {
1802 	svc_rpc_gss_parms_t	*gss_parms = SVCAUTH_GSSPARMS(auth);
1803 
1804 	/*
1805 	 * If context is not established, or if neither integrity nor
1806 	 * privacy service is used, don't unwrap - just XDR decode.
1807 	 * Otherwise, unwrap data.
1808 	 */
1809 	if (!gss_parms->established || gss_parms->service == rpc_gss_svc_none)
1810 		return ((*xdr_func)(in_xdrs, xdr_ptr));
1811 
1812 	return (__rpc_gss_unwrap_data(gss_parms->service,
1813 	    (gss_ctx_id_t)gss_parms->context,
1814 	    gss_parms->seq_num,
1815 	    gss_parms->qop_rcvd,
1816 	    in_xdrs, xdr_func, xdr_ptr));
1817 }
1818 
1819 
1820 /* ARGSUSED */
1821 int
rpc_gss_svc_max_data_length(struct svc_req * req,int max_tp_unit_len)1822 rpc_gss_svc_max_data_length(struct svc_req *req, int max_tp_unit_len)
1823 {
1824 	return (0);
1825 }
1826 
1827 /*
1828  * Add retransmit entry to the context cache entry for a new xid.
1829  * If there is already an entry, delete it before adding the new one.
1830  */
retrans_add(client,xid,result)1831 static void retrans_add(client, xid, result)
1832 	svc_rpc_gss_data *client;
1833 	uint32_t	xid;
1834 	rpc_gss_init_res *result;
1835 {
1836 	retrans_entry	*rdata;
1837 
1838 	if (client->retrans_data && client->retrans_data->xid == xid)
1839 		return;
1840 
1841 	rdata = kmem_zalloc(sizeof (*rdata), KM_SLEEP);
1842 
1843 	if (rdata == NULL)
1844 		return;
1845 
1846 	rdata->xid = xid;
1847 	rdata->result = *result;
1848 
1849 	if (result->token.length != 0) {
1850 		GSS_DUP_BUFFER(rdata->result.token, result->token);
1851 	}
1852 
1853 	if (client->retrans_data)
1854 		retrans_del(client);
1855 
1856 	client->retrans_data = rdata;
1857 }
1858 
1859 /*
1860  * Delete the retransmit data from the context cache entry.
1861  */
retrans_del(client)1862 static void retrans_del(client)
1863 	svc_rpc_gss_data *client;
1864 {
1865 	retrans_entry *rdata;
1866 	OM_uint32 minor_stat;
1867 
1868 	if (client->retrans_data == NULL)
1869 		return;
1870 
1871 	rdata = client->retrans_data;
1872 	if (rdata->result.token.length != 0) {
1873 	    (void) gss_release_buffer(&minor_stat, &rdata->result.token);
1874 	}
1875 
1876 	kmem_free((caddr_t)rdata, sizeof (*rdata));
1877 	client->retrans_data = NULL;
1878 }
1879 
1880 /*
1881  * This function frees the following fields of svc_rpc_gss_data:
1882  *	client_name, raw_cred.client_principal, raw_cred.mechanism.
1883  */
1884 static void
common_client_data_free(svc_rpc_gss_data * client_data)1885 common_client_data_free(svc_rpc_gss_data *client_data)
1886 {
1887 	if (client_data->client_name.length > 0) {
1888 		(void) gss_release_buffer(NULL, &client_data->client_name);
1889 	}
1890 
1891 	if (client_data->raw_cred.client_principal) {
1892 		kmem_free((caddr_t)client_data->raw_cred.client_principal,
1893 		    client_data->raw_cred.client_principal->len +
1894 		    sizeof (int));
1895 		client_data->raw_cred.client_principal = NULL;
1896 	}
1897 
1898 	/*
1899 	 * In the user GSS-API library, mechanism (mech_type returned
1900 	 * by gss_accept_sec_context) is static storage, however
1901 	 * since all the work is done for gss_accept_sec_context under
1902 	 * gssd, what is returned in the kernel, is a copy from the oid
1903 	 * obtained under from gssd, so need to free it when destroying
1904 	 * the client data.
1905 	 */
1906 
1907 	if (client_data->raw_cred.mechanism) {
1908 		kgss_free_oid(client_data->raw_cred.mechanism);
1909 		client_data->raw_cred.mechanism = NULL;
1910 	}
1911 }
1912