gssd: on krb5 upcall, have gssd send a more granular error code
[nfs-utils.git] / utils / gssd / gssd_proc.c
1 /*
2   gssd_proc.c
3
4   Copyright (c) 2000-2004 The Regents of the University of Michigan.
5   All rights reserved.
6
7   Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
8   Copyright (c) 2001 Andy Adamson <andros@UMICH.EDU>.
9   Copyright (c) 2002 Marius Aamodt Eriksen <marius@UMICH.EDU>.
10   Copyright (c) 2002 Bruce Fields <bfields@UMICH.EDU>
11   Copyright (c) 2004 Kevin Coffman <kwc@umich.edu>
12   All rights reserved, all wrongs reversed.
13
14   Redistribution and use in source and binary forms, with or without
15   modification, are permitted provided that the following conditions
16   are met:
17
18   1. Redistributions of source code must retain the above copyright
19      notice, this list of conditions and the following disclaimer.
20   2. Redistributions in binary form must reproduce the above copyright
21      notice, this list of conditions and the following disclaimer in the
22      documentation and/or other materials provided with the distribution.
23   3. Neither the name of the University nor the names of its
24      contributors may be used to endorse or promote products derived
25      from this software without specific prior written permission.
26
27   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
28   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
29   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
30   DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
31   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
34   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
36   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
37   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38
39 */
40
41 #ifdef HAVE_CONFIG_H
42 #include <config.h>
43 #endif  /* HAVE_CONFIG_H */
44
45 #ifndef _GNU_SOURCE
46 #define _GNU_SOURCE
47 #endif
48
49 #include <sys/param.h>
50 #include <rpc/rpc.h>
51 #include <sys/stat.h>
52 #include <sys/socket.h>
53 #include <arpa/inet.h>
54 #include <sys/fsuid.h>
55
56 #include <stdio.h>
57 #include <stdlib.h>
58 #include <pwd.h>
59 #include <grp.h>
60 #include <string.h>
61 #include <dirent.h>
62 #include <poll.h>
63 #include <fcntl.h>
64 #include <signal.h>
65 #include <unistd.h>
66 #include <errno.h>
67 #include <gssapi/gssapi.h>
68 #include <netdb.h>
69
70 #include "gssd.h"
71 #include "err_util.h"
72 #include "gss_util.h"
73 #include "krb5_util.h"
74 #include "context.h"
75 #include "nfsrpc.h"
76 #include "nfslib.h"
77
78 /*
79  * pollarray:
80  *      array of struct pollfd suitable to pass to poll. initialized to
81  *      zero - a zero struct is ignored by poll() because the events mask is 0.
82  *
83  * clnt_list:
84  *      linked list of struct clnt_info which associates a clntXXX directory
85  *      with an index into pollarray[], and other basic data about that client.
86  *
87  * Directory structure: created by the kernel
88  *      {rpc_pipefs}/{dir}/clntXX         : one per rpc_clnt struct in the kernel
89  *      {rpc_pipefs}/{dir}/clntXX/krb5    : read uid for which kernel wants
90  *                                          a context, write the resulting context
91  *      {rpc_pipefs}/{dir}/clntXX/info    : stores info such as server name
92  *      {rpc_pipefs}/{dir}/clntXX/gssd    : pipe for all gss mechanisms using
93  *                                          a text-based string of parameters
94  *
95  * Algorithm:
96  *      Poll all {rpc_pipefs}/{dir}/clntXX/YYYY files.  When data is ready,
97  *      read and process; performs rpcsec_gss context initialization protocol to
98  *      get a cred for that user.  Writes result to corresponding krb5 file
99  *      in a form the kernel code will understand.
100  *      In addition, we make sure we are notified whenever anything is
101  *      created or destroyed in {rpc_pipefs} or in any of the clntXX directories,
102  *      and rescan the whole {rpc_pipefs} when this happens.
103  */
104
105 struct pollfd * pollarray;
106
107 int pollsize;  /* the size of pollaray (in pollfd's) */
108
109 /*
110  * convert a presentation address string to a sockaddr_storage struct. Returns
111  * true on success or false on failure.
112  *
113  * Note that we do not populate the sin6_scope_id field here for IPv6 addrs.
114  * gssd nececessarily relies on hostname resolution and DNS AAAA records
115  * do not generally contain scope-id's. This means that GSSAPI auth really
116  * can't work with IPv6 link-local addresses.
117  *
118  * We *could* consider changing this if we did something like adopt the
119  * Microsoft "standard" of using the ipv6-literal.net domainname, but it's
120  * not really feasible at present.
121  */
122 static int
123 addrstr_to_sockaddr(struct sockaddr *sa, const char *node, const char *port)
124 {
125         int rc;
126         struct addrinfo *res;
127         struct addrinfo hints = { .ai_flags = AI_NUMERICHOST | AI_NUMERICSERV };
128
129 #ifndef IPV6_SUPPORTED
130         hints.ai_family = AF_INET;
131 #endif /* IPV6_SUPPORTED */
132
133         rc = getaddrinfo(node, port, &hints, &res);
134         if (rc) {
135                 printerr(0, "ERROR: unable to convert %s|%s to sockaddr: %s\n",
136                          node, port, rc == EAI_SYSTEM ? strerror(errno) :
137                                                 gai_strerror(rc));
138                 return 0;
139         }
140
141 #ifdef IPV6_SUPPORTED
142         /*
143          * getnameinfo ignores the scopeid. If the address turns out to have
144          * a non-zero scopeid, we can't use it -- the resolved host might be
145          * completely different from the one intended.
146          */
147         if (res->ai_addr->sa_family == AF_INET6) {
148                 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)res->ai_addr;
149                 if (sin6->sin6_scope_id) {
150                         printerr(0, "ERROR: address %s has non-zero "
151                                     "sin6_scope_id!\n", node);
152                         freeaddrinfo(res);
153                         return 0;
154                 }
155         }
156 #endif /* IPV6_SUPPORTED */
157
158         memcpy(sa, res->ai_addr, res->ai_addrlen);
159         freeaddrinfo(res);
160         return 1;
161 }
162
163 /*
164  * convert a sockaddr to a hostname
165  */
166 static char *
167 sockaddr_to_hostname(const struct sockaddr *sa, const char *addr)
168 {
169         socklen_t               addrlen;
170         int                     err;
171         char                    *hostname;
172         char                    hbuf[NI_MAXHOST];
173
174         switch (sa->sa_family) {
175         case AF_INET:
176                 addrlen = sizeof(struct sockaddr_in);
177                 break;
178 #ifdef IPV6_SUPPORTED
179         case AF_INET6:
180                 addrlen = sizeof(struct sockaddr_in6);
181                 break;
182 #endif /* IPV6_SUPPORTED */
183         default:
184                 printerr(0, "ERROR: unrecognized addr family %d\n",
185                          sa->sa_family);
186                 return NULL;
187         }
188
189         err = getnameinfo(sa, addrlen, hbuf, sizeof(hbuf), NULL, 0,
190                           NI_NAMEREQD);
191         if (err) {
192                 printerr(0, "ERROR: unable to resolve %s to hostname: %s\n",
193                          addr, err == EAI_SYSTEM ? strerror(err) :
194                                                    gai_strerror(err));
195                 return NULL;
196         }
197
198         hostname = strdup(hbuf);
199
200         return hostname;
201 }
202
203 /* XXX buffer problems: */
204 static int
205 read_service_info(char *info_file_name, char **servicename, char **servername,
206                   int *prog, int *vers, char **protocol,
207                   struct sockaddr *addr) {
208 #define INFOBUFLEN 256
209         char            buf[INFOBUFLEN + 1];
210         static char     dummy[128];
211         int             nbytes;
212         static char     service[128];
213         static char     address[128];
214         char            program[16];
215         char            version[16];
216         char            protoname[16];
217         char            port[128];
218         char            *p;
219         int             fd = -1;
220         int             numfields;
221
222         *servicename = *servername = *protocol = NULL;
223
224         if ((fd = open(info_file_name, O_RDONLY)) == -1) {
225                 printerr(0, "ERROR: can't open %s: %s\n", info_file_name,
226                          strerror(errno));
227                 goto fail;
228         }
229         if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1)
230                 goto fail;
231         close(fd);
232         buf[nbytes] = '\0';
233
234         numfields = sscanf(buf,"RPC server: %127s\n"
235                    "service: %127s %15s version %15s\n"
236                    "address: %127s\n"
237                    "protocol: %15s\n",
238                    dummy,
239                    service, program, version,
240                    address,
241                    protoname);
242
243         if (numfields == 5) {
244                 strcpy(protoname, "tcp");
245         } else if (numfields != 6) {
246                 goto fail;
247         }
248
249         port[0] = '\0';
250         if ((p = strstr(buf, "port")) != NULL)
251                 sscanf(p, "port: %127s\n", port);
252
253         /* check service, program, and version */
254         if (memcmp(service, "nfs", 3) != 0)
255                 return -1;
256         *prog = atoi(program + 1); /* skip open paren */
257         *vers = atoi(version);
258
259         if (strlen(service) == 3 ) {
260                 if ((*prog != 100003) || ((*vers != 2) && (*vers != 3) &&
261                     (*vers != 4)))
262                         goto fail;
263         } else if (memcmp(service, "nfs4_cb", 7) == 0) {
264                 if (*vers != 1)
265                         goto fail;
266         }
267
268         if (!addrstr_to_sockaddr(addr, address, port))
269                 goto fail;
270
271         *servername = sockaddr_to_hostname(addr, address);
272         if (*servername == NULL)
273                 goto fail;
274
275         nbytes = snprintf(buf, INFOBUFLEN, "%s@%s", service, *servername);
276         if (nbytes > INFOBUFLEN)
277                 goto fail;
278
279         if (!(*servicename = calloc(strlen(buf) + 1, 1)))
280                 goto fail;
281         memcpy(*servicename, buf, strlen(buf));
282
283         if (!(*protocol = strdup(protoname)))
284                 goto fail;
285         return 0;
286 fail:
287         printerr(0, "ERROR: failed to read service info\n");
288         if (fd != -1) close(fd);
289         free(*servername);
290         free(*servicename);
291         free(*protocol);
292         *servicename = *servername = *protocol = NULL;
293         return -1;
294 }
295
296 static void
297 destroy_client(struct clnt_info *clp)
298 {
299         if (clp->krb5_poll_index != -1)
300                 memset(&pollarray[clp->krb5_poll_index], 0,
301                                         sizeof(struct pollfd));
302         if (clp->spkm3_poll_index != -1)
303                 memset(&pollarray[clp->spkm3_poll_index], 0,
304                                         sizeof(struct pollfd));
305         if (clp->gssd_poll_index != -1)
306                 memset(&pollarray[clp->gssd_poll_index], 0,
307                                         sizeof(struct pollfd));
308         if (clp->dir_fd != -1) close(clp->dir_fd);
309         if (clp->krb5_fd != -1) close(clp->krb5_fd);
310         if (clp->spkm3_fd != -1) close(clp->spkm3_fd);
311         if (clp->gssd_fd != -1) close(clp->gssd_fd);
312         free(clp->dirname);
313         free(clp->servicename);
314         free(clp->servername);
315         free(clp->protocol);
316         free(clp);
317 }
318
319 static struct clnt_info *
320 insert_new_clnt(void)
321 {
322         struct clnt_info        *clp = NULL;
323
324         if (!(clp = (struct clnt_info *)calloc(1,sizeof(struct clnt_info)))) {
325                 printerr(0, "ERROR: can't malloc clnt_info: %s\n",
326                          strerror(errno));
327                 goto out;
328         }
329         clp->krb5_poll_index = -1;
330         clp->spkm3_poll_index = -1;
331         clp->gssd_poll_index = -1;
332         clp->krb5_fd = -1;
333         clp->spkm3_fd = -1;
334         clp->gssd_fd = -1;
335         clp->dir_fd = -1;
336
337         TAILQ_INSERT_HEAD(&clnt_list, clp, list);
338 out:
339         return clp;
340 }
341
342 static int
343 process_clnt_dir_files(struct clnt_info * clp)
344 {
345         char    name[PATH_MAX];
346         char    gname[PATH_MAX];
347         char    info_file_name[PATH_MAX];
348
349         if (clp->gssd_fd == -1) {
350                 snprintf(gname, sizeof(gname), "%s/gssd", clp->dirname);
351                 clp->gssd_fd = open(gname, O_RDWR);
352         }
353         if (clp->gssd_fd == -1) {
354                 if (clp->krb5_fd == -1) {
355                         snprintf(name, sizeof(name), "%s/krb5", clp->dirname);
356                         clp->krb5_fd = open(name, O_RDWR);
357                 }
358                 if (clp->spkm3_fd == -1) {
359                         snprintf(name, sizeof(name), "%s/spkm3", clp->dirname);
360                         clp->spkm3_fd = open(name, O_RDWR);
361                 }
362
363                 /* If we opened a gss-specific pipe, let's try opening
364                  * the new upcall pipe again. If we succeed, close
365                  * gss-specific pipe(s).
366                  */
367                 if (clp->krb5_fd != -1 || clp->spkm3_fd != -1) {
368                         clp->gssd_fd = open(gname, O_RDWR);
369                         if (clp->gssd_fd != -1) {
370                                 if (clp->krb5_fd != -1)
371                                         close(clp->krb5_fd);
372                                 clp->krb5_fd = -1;
373                                 if (clp->spkm3_fd != -1)
374                                         close(clp->spkm3_fd);
375                                 clp->spkm3_fd = -1;
376                         }
377                 }
378         }
379
380         if ((clp->krb5_fd == -1) && (clp->spkm3_fd == -1) &&
381                         (clp->gssd_fd == -1))
382                 return -1;
383         snprintf(info_file_name, sizeof(info_file_name), "%s/info",
384                         clp->dirname);
385         if ((clp->servicename == NULL) &&
386              read_service_info(info_file_name, &clp->servicename,
387                                 &clp->servername, &clp->prog, &clp->vers,
388                                 &clp->protocol, (struct sockaddr *) &clp->addr))
389                 return -1;
390         return 0;
391 }
392
393 static int
394 get_poll_index(int *ind)
395 {
396         int i;
397
398         *ind = -1;
399         for (i=0; i<FD_ALLOC_BLOCK; i++) {
400                 if (pollarray[i].events == 0) {
401                         *ind = i;
402                         break;
403                 }
404         }
405         if (*ind == -1) {
406                 printerr(0, "ERROR: No pollarray slots open\n");
407                 return -1;
408         }
409         return 0;
410 }
411
412
413 static int
414 insert_clnt_poll(struct clnt_info *clp)
415 {
416         if ((clp->gssd_fd != -1) && (clp->gssd_poll_index == -1)) {
417                 if (get_poll_index(&clp->gssd_poll_index)) {
418                         printerr(0, "ERROR: Too many gssd clients\n");
419                         return -1;
420                 }
421                 pollarray[clp->gssd_poll_index].fd = clp->gssd_fd;
422                 pollarray[clp->gssd_poll_index].events |= POLLIN;
423         }
424
425         if ((clp->krb5_fd != -1) && (clp->krb5_poll_index == -1)) {
426                 if (get_poll_index(&clp->krb5_poll_index)) {
427                         printerr(0, "ERROR: Too many krb5 clients\n");
428                         return -1;
429                 }
430                 pollarray[clp->krb5_poll_index].fd = clp->krb5_fd;
431                 pollarray[clp->krb5_poll_index].events |= POLLIN;
432         }
433
434         if ((clp->spkm3_fd != -1) && (clp->spkm3_poll_index == -1)) {
435                 if (get_poll_index(&clp->spkm3_poll_index)) {
436                         printerr(0, "ERROR: Too many spkm3 clients\n");
437                         return -1;
438                 }
439                 pollarray[clp->spkm3_poll_index].fd = clp->spkm3_fd;
440                 pollarray[clp->spkm3_poll_index].events |= POLLIN;
441         }
442
443         return 0;
444 }
445
446 static void
447 process_clnt_dir(char *dir, char *pdir)
448 {
449         struct clnt_info *      clp;
450
451         if (!(clp = insert_new_clnt()))
452                 goto fail_destroy_client;
453
454         /* An extra for the '/', and an extra for the null */
455         if (!(clp->dirname = calloc(strlen(dir) + strlen(pdir) + 2, 1))) {
456                 goto fail_destroy_client;
457         }
458         sprintf(clp->dirname, "%s/%s", pdir, dir);
459         if ((clp->dir_fd = open(clp->dirname, O_RDONLY)) == -1) {
460                 printerr(0, "ERROR: can't open %s: %s\n",
461                          clp->dirname, strerror(errno));
462                 goto fail_destroy_client;
463         }
464         fcntl(clp->dir_fd, F_SETSIG, DNOTIFY_SIGNAL);
465         fcntl(clp->dir_fd, F_NOTIFY, DN_CREATE | DN_DELETE | DN_MULTISHOT);
466
467         if (process_clnt_dir_files(clp))
468                 goto fail_keep_client;
469
470         if (insert_clnt_poll(clp))
471                 goto fail_destroy_client;
472
473         return;
474
475 fail_destroy_client:
476         if (clp) {
477                 TAILQ_REMOVE(&clnt_list, clp, list);
478                 destroy_client(clp);
479         }
480 fail_keep_client:
481         /* We couldn't find some subdirectories, but we keep the client
482          * around in case we get a notification on the directory when the
483          * subdirectories are created. */
484         return;
485 }
486
487 void
488 init_client_list(void)
489 {
490         TAILQ_INIT(&clnt_list);
491         /* Eventually plan to grow/shrink poll array: */
492         pollsize = FD_ALLOC_BLOCK;
493         pollarray = calloc(pollsize, sizeof(struct pollfd));
494 }
495
496 /*
497  * This is run after a DNOTIFY signal, and should clear up any
498  * directories that are no longer around, and re-scan any existing
499  * directories, since the DNOTIFY could have been in there.
500  */
501 static void
502 update_old_clients(struct dirent **namelist, int size, char *pdir)
503 {
504         struct clnt_info *clp;
505         void *saveprev;
506         int i, stillhere;
507         char fname[PATH_MAX];
508
509         for (clp = clnt_list.tqh_first; clp != NULL; clp = clp->list.tqe_next) {
510                 /* only compare entries in the global list that are from the
511                  * same pipefs parent directory as "pdir"
512                  */
513                 if (strncmp(clp->dirname, pdir, strlen(pdir)) != 0) continue;
514
515                 stillhere = 0;
516                 for (i=0; i < size; i++) {
517                         snprintf(fname, sizeof(fname), "%s/%s",
518                                  pdir, namelist[i]->d_name);
519                         if (strcmp(clp->dirname, fname) == 0) {
520                                 stillhere = 1;
521                                 break;
522                         }
523                 }
524                 if (!stillhere) {
525                         printerr(2, "destroying client %s\n", clp->dirname);
526                         saveprev = clp->list.tqe_prev;
527                         TAILQ_REMOVE(&clnt_list, clp, list);
528                         destroy_client(clp);
529                         clp = saveprev;
530                 }
531         }
532         for (clp = clnt_list.tqh_first; clp != NULL; clp = clp->list.tqe_next) {
533                 if (!process_clnt_dir_files(clp))
534                         insert_clnt_poll(clp);
535         }
536 }
537
538 /* Search for a client by directory name, return 1 if found, 0 otherwise */
539 static int
540 find_client(char *dirname, char *pdir)
541 {
542         struct clnt_info        *clp;
543         char fname[PATH_MAX];
544
545         for (clp = clnt_list.tqh_first; clp != NULL; clp = clp->list.tqe_next) {
546                 snprintf(fname, sizeof(fname), "%s/%s", pdir, dirname);
547                 if (strcmp(clp->dirname, fname) == 0)
548                         return 1;
549         }
550         return 0;
551 }
552
553 static int
554 process_pipedir(char *pipe_name)
555 {
556         struct dirent **namelist;
557         int i, j;
558
559         if (chdir(pipe_name) < 0) {
560                 printerr(0, "ERROR: can't chdir to %s: %s\n",
561                          pipe_name, strerror(errno));
562                 return -1;
563         }
564
565         j = scandir(pipe_name, &namelist, NULL, alphasort);
566         if (j < 0) {
567                 printerr(0, "ERROR: can't scandir %s: %s\n",
568                          pipe_name, strerror(errno));
569                 return -1;
570         }
571
572         update_old_clients(namelist, j, pipe_name);
573         for (i=0; i < j; i++) {
574                 if (i < FD_ALLOC_BLOCK
575                                 && !strncmp(namelist[i]->d_name, "clnt", 4)
576                                 && !find_client(namelist[i]->d_name, pipe_name))
577                         process_clnt_dir(namelist[i]->d_name, pipe_name);
578                 free(namelist[i]);
579         }
580
581         free(namelist);
582
583         return 0;
584 }
585
586 /* Used to read (and re-read) list of clients, set up poll array. */
587 int
588 update_client_list(void)
589 {
590         int retval = -1;
591         struct topdirs_info *tdi;
592
593         TAILQ_FOREACH(tdi, &topdirs_list, list) {
594                 retval = process_pipedir(tdi->dirname);
595                 if (retval)
596                         printerr(1, "WARNING: error processing %s\n",
597                                  tdi->dirname);
598
599         }
600         return retval;
601 }
602
603 static int
604 do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
605             gss_buffer_desc *context_token)
606 {
607         char    *buf = NULL, *p = NULL, *end = NULL;
608         unsigned int timeout = context_timeout;
609         unsigned int buf_size = 0;
610
611         printerr(1, "doing downcall\n");
612         buf_size = sizeof(uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) +
613                 sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length +
614                 sizeof(context_token->length) + context_token->length;
615         p = buf = malloc(buf_size);
616         end = buf + buf_size;
617
618         if (WRITE_BYTES(&p, end, uid)) goto out_err;
619         if (WRITE_BYTES(&p, end, timeout)) goto out_err;
620         if (WRITE_BYTES(&p, end, pd->pd_seq_win)) goto out_err;
621         if (write_buffer(&p, end, &pd->pd_ctx_hndl)) goto out_err;
622         if (write_buffer(&p, end, context_token)) goto out_err;
623
624         if (write(k5_fd, buf, p - buf) < p - buf) goto out_err;
625         if (buf) free(buf);
626         return 0;
627 out_err:
628         if (buf) free(buf);
629         printerr(1, "Failed to write downcall!\n");
630         return -1;
631 }
632
633 static int
634 do_error_downcall(int k5_fd, uid_t uid, int err)
635 {
636         char    buf[1024];
637         char    *p = buf, *end = buf + 1024;
638         unsigned int timeout = 0;
639         int     zero = 0;
640
641         printerr(1, "doing error downcall\n");
642
643         if (WRITE_BYTES(&p, end, uid)) goto out_err;
644         if (WRITE_BYTES(&p, end, timeout)) goto out_err;
645         /* use seq_win = 0 to indicate an error: */
646         if (WRITE_BYTES(&p, end, zero)) goto out_err;
647         if (WRITE_BYTES(&p, end, err)) goto out_err;
648
649         if (write(k5_fd, buf, p - buf) < p - buf) goto out_err;
650         return 0;
651 out_err:
652         printerr(1, "Failed to write error downcall!\n");
653         return -1;
654 }
655
656 /*
657  * If the port isn't already set, do an rpcbind query to the remote server
658  * using the program and version and get the port. 
659  *
660  * Newer kernels send the value of the port= mount option in the "info"
661  * file for the upcall or '0' for NFSv2/3. For NFSv4 it sends the value
662  * of the port= option or '2049'. The port field in a new sockaddr should
663  * reflect the value that was sent by the kernel.
664  */
665 static int
666 populate_port(struct sockaddr *sa, const socklen_t salen,
667               const rpcprog_t program, const rpcvers_t version,
668               const unsigned short protocol)
669 {
670         struct sockaddr_in      *s4 = (struct sockaddr_in *) sa;
671 #ifdef IPV6_SUPPORTED
672         struct sockaddr_in6     *s6 = (struct sockaddr_in6 *) sa;
673 #endif /* IPV6_SUPPORTED */
674         unsigned short          port;
675
676         /*
677          * Newer kernels send the port in the upcall. If we already have
678          * the port, there's no need to look it up.
679          */
680         switch (sa->sa_family) {
681         case AF_INET:
682                 if (s4->sin_port != 0) {
683                         printerr(2, "DEBUG: port already set to %d\n",
684                                  ntohs(s4->sin_port));
685                         return 1;
686                 }
687                 break;
688 #ifdef IPV6_SUPPORTED
689         case AF_INET6:
690                 if (s6->sin6_port != 0) {
691                         printerr(2, "DEBUG: port already set to %d\n",
692                                  ntohs(s6->sin6_port));
693                         return 1;
694                 }
695                 break;
696 #endif /* IPV6_SUPPORTED */
697         default:
698                 printerr(0, "ERROR: unsupported address family %d\n",
699                             sa->sa_family);
700                 return 0;
701         }
702
703         /*
704          * Newer kernels that send the port in the upcall set the value to
705          * 2049 for NFSv4 mounts when one isn't specified. The check below is
706          * only for kernels that don't send the port in the upcall. For those
707          * we either have to do an rpcbind query or set it to the standard
708          * port. Doing a query could be problematic (firewalls, etc), so take
709          * the latter approach.
710          */
711         if (program == 100003 && version == 4) {
712                 port = 2049;
713                 goto set_port;
714         }
715
716         port = nfs_getport(sa, salen, program, version, protocol);
717         if (!port) {
718                 printerr(0, "ERROR: unable to obtain port for prog %ld "
719                             "vers %ld\n", program, version);
720                 return 0;
721         }
722
723 set_port:
724         printerr(2, "DEBUG: setting port to %hu for prog %lu vers %lu\n", port,
725                  program, version);
726
727         switch (sa->sa_family) {
728         case AF_INET:
729                 s4->sin_port = htons(port);
730                 break;
731 #ifdef IPV6_SUPPORTED
732         case AF_INET6:
733                 s6->sin6_port = htons(port);
734                 break;
735 #endif /* IPV6_SUPPORTED */
736         }
737
738         return 1;
739 }
740
741 /*
742  * Create an RPC connection and establish an authenticated
743  * gss context with a server.
744  */
745 int create_auth_rpc_client(struct clnt_info *clp,
746                            CLIENT **clnt_return,
747                            AUTH **auth_return,
748                            uid_t uid,
749                            int authtype)
750 {
751         CLIENT                  *rpc_clnt = NULL;
752         struct rpc_gss_sec      sec;
753         AUTH                    *auth = NULL;
754         uid_t                   save_uid = -1;
755         int                     retval = -1;
756         OM_uint32               min_stat;
757         char                    rpc_errmsg[1024];
758         int                     protocol;
759         struct timeval          timeout = {5, 0};
760         struct sockaddr         *addr = (struct sockaddr *) &clp->addr;
761         socklen_t               salen;
762
763         /* Create the context as the user (not as root) */
764         save_uid = geteuid();
765         if (setfsuid(uid) != 0) {
766                 printerr(0, "WARNING: Failed to setfsuid for "
767                             "user with uid %d\n", uid);
768                 goto out_fail;
769         }
770         printerr(2, "creating context using fsuid %d (save_uid %d)\n",
771                         uid, save_uid);
772
773         sec.qop = GSS_C_QOP_DEFAULT;
774         sec.svc = RPCSEC_GSS_SVC_NONE;
775         sec.cred = GSS_C_NO_CREDENTIAL;
776         sec.req_flags = 0;
777         if (authtype == AUTHTYPE_KRB5) {
778                 sec.mech = (gss_OID)&krb5oid;
779                 sec.req_flags = GSS_C_MUTUAL_FLAG;
780         }
781         else if (authtype == AUTHTYPE_SPKM3) {
782                 sec.mech = (gss_OID)&spkm3oid;
783                 /* XXX sec.req_flags = GSS_C_ANON_FLAG;
784                  * Need a way to switch....
785                  */
786                 sec.req_flags = GSS_C_MUTUAL_FLAG;
787         }
788         else {
789                 printerr(0, "ERROR: Invalid authentication type (%d) "
790                         "in create_auth_rpc_client\n", authtype);
791                 goto out_fail;
792         }
793
794
795         if (authtype == AUTHTYPE_KRB5) {
796 #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
797                 /*
798                  * Do this before creating rpc connection since we won't need
799                  * rpc connection if it fails!
800                  */
801                 if (limit_krb5_enctypes(&sec, uid)) {
802                         printerr(1, "WARNING: Failed while limiting krb5 "
803                                     "encryption types for user with uid %d\n",
804                                  uid);
805                         goto out_fail;
806                 }
807 #endif
808         }
809
810         /* create an rpc connection to the nfs server */
811
812         printerr(2, "creating %s client for server %s\n", clp->protocol,
813                         clp->servername);
814
815         if ((strcmp(clp->protocol, "tcp")) == 0) {
816                 protocol = IPPROTO_TCP;
817         } else if ((strcmp(clp->protocol, "udp")) == 0) {
818                 protocol = IPPROTO_UDP;
819         } else {
820                 printerr(0, "WARNING: unrecognized protocol, '%s', requested "
821                          "for connection to server %s for user with uid %d\n",
822                          clp->protocol, clp->servername, uid);
823                 goto out_fail;
824         }
825
826         switch (addr->sa_family) {
827         case AF_INET:
828                 salen = sizeof(struct sockaddr_in);
829                 break;
830 #ifdef IPV6_SUPPORTED
831         case AF_INET6:
832                 salen = sizeof(struct sockaddr_in6);
833                 break;
834 #endif /* IPV6_SUPPORTED */
835         default:
836                 printerr(1, "ERROR: Unknown address family %d\n",
837                          addr->sa_family);
838                 goto out_fail;
839         }
840
841         if (!populate_port(addr, salen, clp->prog, clp->vers, protocol))
842                 goto out_fail;
843
844         rpc_clnt = nfs_get_rpcclient(addr, salen, protocol, clp->prog,
845                                      clp->vers, &timeout);
846         if (!rpc_clnt) {
847                 snprintf(rpc_errmsg, sizeof(rpc_errmsg),
848                          "WARNING: can't create %s rpc_clnt to server %s for "
849                          "user with uid %d",
850                          protocol == IPPROTO_TCP ? "tcp" : "udp",
851                          clp->servername, uid);
852                 printerr(0, "%s\n",
853                          clnt_spcreateerror(rpc_errmsg));
854                 goto out_fail;
855         }
856
857         printerr(2, "creating context with server %s\n", clp->servicename);
858         auth = authgss_create_default(rpc_clnt, clp->servicename, &sec);
859         if (!auth) {
860                 /* Our caller should print appropriate message */
861                 printerr(2, "WARNING: Failed to create %s context for "
862                             "user with uid %d for server %s\n",
863                         (authtype == AUTHTYPE_KRB5 ? "krb5":"spkm3"),
864                          uid, clp->servername);
865                 goto out_fail;
866         }
867
868         /* Success !!! */
869         rpc_clnt->cl_auth = auth;
870         *clnt_return = rpc_clnt;
871         *auth_return = auth;
872         retval = 0;
873
874   out:
875         if (sec.cred != GSS_C_NO_CREDENTIAL)
876                 gss_release_cred(&min_stat, &sec.cred);
877         /* Restore euid to original value */
878         if ((save_uid != -1) && (setfsuid(save_uid) != uid)) {
879                 printerr(0, "WARNING: Failed to restore fsuid"
880                             " to uid %d from %d\n", save_uid, uid);
881         }
882         return retval;
883
884   out_fail:
885         /* Only destroy here if failure.  Otherwise, caller is responsible */
886         if (rpc_clnt) clnt_destroy(rpc_clnt);
887
888         goto out;
889 }
890
891 /*
892  * this code uses the userland rpcsec gss library to create a krb5
893  * context on behalf of the kernel
894  */
895 static void
896 process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
897                     char *service)
898 {
899         CLIENT                  *rpc_clnt = NULL;
900         AUTH                    *auth = NULL;
901         struct authgss_private_data pd;
902         gss_buffer_desc         token;
903         char                    **credlist = NULL;
904         char                    **ccname;
905         char                    **dirname;
906         int                     create_resp = -1;
907         int                     err, downcall_err = -EACCES;
908
909         printerr(1, "handling krb5 upcall (%s)\n", clp->dirname);
910
911         if (tgtname) {
912                 if (clp->servicename) {
913                         free(clp->servicename);
914                         clp->servicename = strdup(tgtname);
915                 }
916         }
917         token.length = 0;
918         token.value = NULL;
919         memset(&pd, 0, sizeof(struct authgss_private_data));
920
921         /*
922          * If "service" is specified, then the kernel is indicating that
923          * we must use machine credentials for this request.  (Regardless
924          * of the uid value or the setting of root_uses_machine_creds.)
925          * If the service value is "*", then any service name can be used.
926          * Otherwise, it specifies the service name that should be used.
927          * (For now, the values of service will only be "*" or "nfs".)
928          *
929          * Restricting gssd to use "nfs" service name is needed for when
930          * the NFS server is doing a callback to the NFS client.  In this
931          * case, the NFS server has to authenticate itself as "nfs" --
932          * even if there are other service keys such as "host" or "root"
933          * in the keytab.
934          *
935          * Another case when the kernel may specify the service attribute
936          * is when gssd is being asked to create the context for a
937          * SETCLIENT_ID operation.  In this case, machine credentials
938          * must be used for the authentication.  However, the service name
939          * used for this case is not important.
940          *
941          */
942         printerr(2, "%s: service is '%s'\n", __func__,
943                  service ? service : "<null>");
944         if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0 &&
945                                 service == NULL)) {
946                 /* Tell krb5 gss which credentials cache to use */
947                 for (dirname = ccachesearch; *dirname != NULL; dirname++) {
948                         err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
949                         if (err == -EKEYEXPIRED)
950                                 downcall_err = -EKEYEXPIRED;
951                         else if (!err)
952                                 create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
953                                                              AUTHTYPE_KRB5);
954                         if (create_resp == 0)
955                                 break;
956                 }
957         }
958         if (create_resp != 0) {
959                 if (uid == 0 && (root_uses_machine_creds == 1 ||
960                                 service != NULL)) {
961                         int nocache = 0;
962                         int success = 0;
963                         do {
964                                 gssd_refresh_krb5_machine_credential(clp->servername,
965                                                                      NULL, service);
966                                 /*
967                                  * Get a list of credential cache names and try each
968                                  * of them until one works or we've tried them all
969                                  */
970                                 if (gssd_get_krb5_machine_cred_list(&credlist)) {
971                                         printerr(0, "ERROR: No credentials found "
972                                                  "for connection to server %s\n",
973                                                  clp->servername);
974                                                 goto out_return_error;
975                                 }
976                                 for (ccname = credlist; ccname && *ccname; ccname++) {
977                                         gssd_setup_krb5_machine_gss_ccache(*ccname);
978                                         if ((create_auth_rpc_client(clp, &rpc_clnt,
979                                                                     &auth, uid,
980                                                                     AUTHTYPE_KRB5)) == 0) {
981                                                 /* Success! */
982                                                 success++;
983                                                 break;
984                                         } 
985                                         printerr(2, "WARNING: Failed to create machine krb5 context "
986                                                  "with credentials cache %s for server %s\n",
987                                                  *ccname, clp->servername);
988                                 }
989                                 gssd_free_krb5_machine_cred_list(credlist);                     
990                                 if (!success) {
991                                         if(nocache == 0) {
992                                                 nocache++;
993                                                 printerr(2, "WARNING: Machine cache is prematurely expired or corrupted "
994                                                             "trying to recreate cache for server %s\n", clp->servername);
995                                         } else {
996                                                 printerr(1, "WARNING: Failed to create machine krb5 context "
997                                                  "with any credentials cache for server %s\n",
998                                                  clp->servername);
999                                                 goto out_return_error;
1000                                         }
1001                                 }
1002                         } while(!success);
1003                 } else {
1004                         printerr(1, "WARNING: Failed to create krb5 context "
1005                                  "for user with uid %d for server %s\n",
1006                                  uid, clp->servername);
1007                         goto out_return_error;
1008                 }
1009         }
1010
1011         if (!authgss_get_private_data(auth, &pd)) {
1012                 printerr(1, "WARNING: Failed to obtain authentication "
1013                             "data for user with uid %d for server %s\n",
1014                          uid, clp->servername);
1015                 goto out_return_error;
1016         }
1017
1018         if (serialize_context_for_kernel(pd.pd_ctx, &token, &krb5oid, NULL)) {
1019                 printerr(0, "WARNING: Failed to serialize krb5 context for "
1020                             "user with uid %d for server %s\n",
1021                          uid, clp->servername);
1022                 goto out_return_error;
1023         }
1024
1025         do_downcall(fd, uid, &pd, &token);
1026
1027 out:
1028         if (token.value)
1029                 free(token.value);
1030 #ifndef HAVE_LIBTIRPC
1031         if (pd.pd_ctx_hndl.length != 0)
1032                 authgss_free_private_data(&pd);
1033 #endif
1034         if (auth)
1035                 AUTH_DESTROY(auth);
1036         if (rpc_clnt)
1037                 clnt_destroy(rpc_clnt);
1038         return;
1039
1040 out_return_error:
1041         do_error_downcall(fd, uid, downcall_err);
1042         goto out;
1043 }
1044
1045 /*
1046  * this code uses the userland rpcsec gss library to create an spkm3
1047  * context on behalf of the kernel
1048  */
1049 static void
1050 process_spkm3_upcall(struct clnt_info *clp, uid_t uid, int fd)
1051 {
1052         CLIENT                  *rpc_clnt = NULL;
1053         AUTH                    *auth = NULL;
1054         struct authgss_private_data pd;
1055         gss_buffer_desc         token;
1056
1057         printerr(2, "handling spkm3 upcall (%s)\n", clp->dirname);
1058
1059         token.length = 0;
1060         token.value = NULL;
1061
1062         if (create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, AUTHTYPE_SPKM3)) {
1063                 printerr(0, "WARNING: Failed to create spkm3 context for "
1064                             "user with uid %d\n", uid);
1065                 goto out_return_error;
1066         }
1067
1068         if (!authgss_get_private_data(auth, &pd)) {
1069                 printerr(0, "WARNING: Failed to obtain authentication "
1070                             "data for user with uid %d for server %s\n",
1071                          uid, clp->servername);
1072                 goto out_return_error;
1073         }
1074
1075         if (serialize_context_for_kernel(pd.pd_ctx, &token, &spkm3oid, NULL)) {
1076                 printerr(0, "WARNING: Failed to serialize spkm3 context for "
1077                             "user with uid %d for server\n",
1078                          uid, clp->servername);
1079                 goto out_return_error;
1080         }
1081
1082         do_downcall(fd, uid, &pd, &token);
1083
1084 out:
1085         if (token.value)
1086                 free(token.value);
1087         if (auth)
1088                 AUTH_DESTROY(auth);
1089         if (rpc_clnt)
1090                 clnt_destroy(rpc_clnt);
1091         return;
1092
1093 out_return_error:
1094         do_error_downcall(fd, uid, -1);
1095         goto out;
1096 }
1097
1098 void
1099 handle_krb5_upcall(struct clnt_info *clp)
1100 {
1101         uid_t                   uid;
1102
1103         if (read(clp->krb5_fd, &uid, sizeof(uid)) < sizeof(uid)) {
1104                 printerr(0, "WARNING: failed reading uid from krb5 "
1105                             "upcall pipe: %s\n", strerror(errno));
1106                 return;
1107         }
1108
1109         return process_krb5_upcall(clp, uid, clp->krb5_fd, NULL, NULL);
1110 }
1111
1112 void
1113 handle_spkm3_upcall(struct clnt_info *clp)
1114 {
1115         uid_t                   uid;
1116
1117         if (read(clp->spkm3_fd, &uid, sizeof(uid)) < sizeof(uid)) {
1118                 printerr(0, "WARNING: failed reading uid from spkm3 "
1119                          "upcall pipe: %s\n", strerror(errno));
1120                 return;
1121         }
1122
1123         return process_spkm3_upcall(clp, uid, clp->spkm3_fd);
1124 }
1125
1126 void
1127 handle_gssd_upcall(struct clnt_info *clp)
1128 {
1129         uid_t                   uid;
1130         char                    *lbuf = NULL;
1131         int                     lbuflen = 0;
1132         char                    *p;
1133         char                    *mech = NULL;
1134         char                    *target = NULL;
1135         char                    *service = NULL;
1136
1137         printerr(1, "handling gssd upcall (%s)\n", clp->dirname);
1138
1139         if (readline(clp->gssd_fd, &lbuf, &lbuflen) != 1) {
1140                 printerr(0, "WARNING: handle_gssd_upcall: "
1141                             "failed reading request\n");
1142                 return;
1143         }
1144         printerr(2, "%s: '%s'\n", __func__, lbuf);
1145
1146         /* find the mechanism name */
1147         if ((p = strstr(lbuf, "mech=")) != NULL) {
1148                 mech = malloc(lbuflen);
1149                 if (!mech)
1150                         goto out;
1151                 if (sscanf(p, "mech=%s", mech) != 1) {
1152                         printerr(0, "WARNING: handle_gssd_upcall: "
1153                                     "failed to parse gss mechanism name "
1154                                     "in upcall string '%s'\n", lbuf);
1155                         goto out;
1156                 }
1157         } else {
1158                 printerr(0, "WARNING: handle_gssd_upcall: "
1159                             "failed to find gss mechanism name "
1160                             "in upcall string '%s'\n", lbuf);
1161                 goto out;
1162         }
1163
1164         /* read uid */
1165         if ((p = strstr(lbuf, "uid=")) != NULL) {
1166                 if (sscanf(p, "uid=%d", &uid) != 1) {
1167                         printerr(0, "WARNING: handle_gssd_upcall: "
1168                                     "failed to parse uid "
1169                                     "in upcall string '%s'\n", lbuf);
1170                         goto out;
1171                 }
1172         } else {
1173                 printerr(0, "WARNING: handle_gssd_upcall: "
1174                             "failed to find uid "
1175                             "in upcall string '%s'\n", lbuf);
1176                 goto out;
1177         }
1178
1179         /* read target name */
1180         if ((p = strstr(lbuf, "target=")) != NULL) {
1181                 target = malloc(lbuflen);
1182                 if (!target)
1183                         goto out;
1184                 if (sscanf(p, "target=%s", target) != 1) {
1185                         printerr(0, "WARNING: handle_gssd_upcall: "
1186                                     "failed to parse target name "
1187                                     "in upcall string '%s'\n", lbuf);
1188                         goto out;
1189                 }
1190         }
1191
1192         /*
1193          * read the service name
1194          *
1195          * The presence of attribute "service=" indicates that machine
1196          * credentials should be used for this request.  If the value
1197          * is "*", then any machine credentials available can be used.
1198          * If the value is anything else, then machine credentials for
1199          * the specified service name (always "nfs" for now) should be
1200          * used.
1201          */
1202         if ((p = strstr(lbuf, "service=")) != NULL) {
1203                 service = malloc(lbuflen);
1204                 if (!service)
1205                         goto out;
1206                 if (sscanf(p, "service=%s", service) != 1) {
1207                         printerr(0, "WARNING: handle_gssd_upcall: "
1208                                     "failed to parse service type "
1209                                     "in upcall string '%s'\n", lbuf);
1210                         goto out;
1211                 }
1212         }
1213
1214         if (strcmp(mech, "krb5") == 0)
1215                 process_krb5_upcall(clp, uid, clp->gssd_fd, target, service);
1216         else if (strcmp(mech, "spkm3") == 0)
1217                 process_spkm3_upcall(clp, uid, clp->gssd_fd);
1218         else
1219                 printerr(0, "WARNING: handle_gssd_upcall: "
1220                             "received unknown gss mech '%s'\n", mech);
1221
1222 out:
1223         free(lbuf);
1224         free(mech);
1225         free(target);
1226         free(service);
1227         return; 
1228 }
1229