static OM_uint32
init_auth
(OM_uint32 * minor_status,
gsskrb5_cred initiator_cred_handle,
gsskrb5_ctx ctx,
krb5_const_principal name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
const gss_buffer_t input_token,
gss_OID * actual_mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec
)
{
OM_uint32 ret = GSS_S_FAILURE;
krb5_error_code kret;
krb5_flags ap_options;
krb5_creds *cred = NULL;
krb5_data outbuf;
krb5_ccache ccache = NULL;
uint32_t flags;
krb5_data authenticator;
Checksum cksum;
krb5_enctype enctype;
krb5_data fwd_data;
OM_uint32 lifetime_rec;
krb5_data_zero(&outbuf);
krb5_data_zero(&fwd_data);
*minor_status = 0;
if (actual_mech_type)
*actual_mech_type = GSS_KRB5_MECHANISM;
if (initiator_cred_handle == NULL) {
kret = krb5_cc_default (_gsskrb5_context, &ccache);
if (kret) {
_gsskrb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
} else
ccache = initiator_cred_handle->ccache;
kret = krb5_cc_get_principal (_gsskrb5_context, ccache, &ctx->source);
if (kret) {
_gsskrb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
kret = krb5_copy_principal (_gsskrb5_context, name, &ctx->target);
if (kret) {
_gsskrb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
ret = _gss_DES3_get_mic_compat(minor_status, ctx);
if (ret)
goto failure;
ret = gsskrb5_get_creds(minor_status,
ccache,
ctx,
ctx->target,
time_req,
time_rec,
&cred);
if (ret)
goto failure;
ctx->lifetime = cred->times.endtime;
ret = _gsskrb5_lifetime_left(minor_status,
ctx->lifetime,
&lifetime_rec);
if (ret) {
goto failure;
}
if (lifetime_rec == 0) {
*minor_status = 0;
ret = GSS_S_CONTEXT_EXPIRED;
goto failure;
}
krb5_auth_con_setkey(_gsskrb5_context,
ctx->auth_context,
&cred->session);
kret = krb5_auth_con_generatelocalsubkey(_gsskrb5_context,
ctx->auth_context,
&cred->session);
if(kret) {
_gsskrb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
/*
* If the credential doesn't have ok-as-delegate, check what local
* policy say about ok-as-delegate, default is FALSE that makes
* code ignore the KDC setting and follow what the application
* requested. If its TRUE, strip of the GSS_C_DELEG_FLAG if the
* KDC doesn't set ok-as-delegate.
*/
if (!cred->flags.b.ok_as_delegate) {
krb5_boolean delegate;
krb5_appdefault_boolean(_gsskrb5_context,
"gssapi", name->realm,
"ok-as-delegate", FALSE, &delegate);
if (delegate)
req_flags &= ~GSS_C_DELEG_FLAG;
}
flags = 0;
ap_options = 0;
if (req_flags & GSS_C_DELEG_FLAG)
do_delegation (ctx->auth_context,
ccache, cred, name, &fwd_data, &flags);
if (req_flags & GSS_C_MUTUAL_FLAG) {
flags |= GSS_C_MUTUAL_FLAG;
ap_options |= AP_OPTS_MUTUAL_REQUIRED;
}
if (req_flags & GSS_C_REPLAY_FLAG)
flags |= GSS_C_REPLAY_FLAG;
if (req_flags & GSS_C_SEQUENCE_FLAG)
flags |= GSS_C_SEQUENCE_FLAG;
if (req_flags & GSS_C_ANON_FLAG)
; /* XXX */
if (req_flags & GSS_C_DCE_STYLE) {
/* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
flags |= GSS_C_DCE_STYLE | GSS_C_MUTUAL_FLAG;
ap_options |= AP_OPTS_MUTUAL_REQUIRED;
}
if (req_flags & GSS_C_IDENTIFY_FLAG)
flags |= GSS_C_IDENTIFY_FLAG;
if (req_flags & GSS_C_EXTENDED_ERROR_FLAG)
flags |= GSS_C_EXTENDED_ERROR_FLAG;
flags |= GSS_C_CONF_FLAG;
flags |= GSS_C_INTEG_FLAG;
flags |= GSS_C_TRANS_FLAG;
if (ret_flags)
*ret_flags = flags;
ctx->flags = flags;
ctx->more_flags |= LOCAL;
ret = _gsskrb5_create_8003_checksum (minor_status,
input_chan_bindings,
flags,
&fwd_data,
&cksum);
krb5_data_free (&fwd_data);
if (ret)
goto failure;
enctype = ctx->auth_context->keyblock->keytype;
kret = krb5_build_authenticator (_gsskrb5_context,
ctx->auth_context,
enctype,
cred,
&cksum,
NULL,
&authenticator,
KRB5_KU_AP_REQ_AUTH);
if (kret) {
_gsskrb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
kret = krb5_build_ap_req (_gsskrb5_context,
enctype,
cred,
ap_options,
authenticator,
&outbuf);
if (kret) {
_gsskrb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
(u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
if (ret)
goto failure;
krb5_data_free (&outbuf);
krb5_free_creds(_gsskrb5_context, cred);
free_Checksum(&cksum);
if (initiator_cred_handle == NULL)
krb5_cc_close(_gsskrb5_context, ccache);
if (flags & GSS_C_MUTUAL_FLAG) {
ctx->state = INITIATOR_WAIT_FOR_MUTAL;
return GSS_S_CONTINUE_NEEDED;
}
return gsskrb5_initiator_ready(minor_status, ctx);
failure:
if(cred)
krb5_free_creds(_gsskrb5_context, cred);
if (ccache && initiator_cred_handle == NULL)
krb5_cc_close(_gsskrb5_context, ccache);
return ret;
}
static void open4_ex(OPEN4args *arg,
compound_data_t *data,
OPEN4res *res_OPEN4,
nfs_client_id_t *clientid,
state_owner_t *owner,
state_t **file_state,
bool *new_state)
{
/* Parent directory in which to open the file. */
struct fsal_obj_handle *parent = NULL;
/* The entry we associated with the desired file before open. */
struct fsal_obj_handle *file_obj = NULL;
/* Indicator that file_obj came from lookup. */
bool looked_up_file_obj = false;
/* The in_obj to pass to fsal_open2. */
struct fsal_obj_handle *in_obj = NULL;
/* The entry open associated with the file. */
struct fsal_obj_handle *out_obj = NULL;
fsal_openflags_t openflags = 0;
fsal_openflags_t old_openflags = 0;
enum fsal_create_mode createmode = FSAL_NO_CREATE;
/* The filename to create */
char *filename = NULL;
/* The supplied calim type */
open_claim_type4 claim = arg->claim.claim;
fsal_verifier_t verifier;
struct attrlist sattr;
/* Status for fsal calls */
fsal_status_t status = {0, 0};
/* The open state for the file */
bool state_lock_held = false;
/* Make sure the attributes are initialized */
memset(&sattr, 0, sizeof(sattr));
/* Make sure... */
*file_state = NULL;
*new_state = false;
/* Pre-process the claim type */
switch (claim) {
case CLAIM_NULL:
/* Check parent */
parent = data->current_obj;
in_obj = parent;
/* Parent must be a directory */
if (parent->type != DIRECTORY) {
if (parent->type == SYMBOLIC_LINK) {
res_OPEN4->status = NFS4ERR_SYMLINK;
goto out;
} else {
res_OPEN4->status = NFS4ERR_NOTDIR;
goto out;
}
}
/* Validate and convert the utf8 filename */
res_OPEN4->status =
nfs4_utf8string2dynamic(&arg->claim.open_claim4_u.file,
UTF8_SCAN_ALL, &filename);
if (res_OPEN4->status != NFS4_OK)
goto out;
/* Set the createmode if appropriate) */
if (arg->openhow.opentype == OPEN4_CREATE) {
open4_ex_create_args(arg, data, res_OPEN4, verifier,
&createmode, &sattr);
if (res_OPEN4->status != NFS4_OK)
goto out;
}
status = fsal_lookup(parent, filename, &file_obj, NULL);
if (!FSAL_IS_ERROR(status)) {
/* Check create situations. */
if (arg->openhow.opentype == OPEN4_CREATE) {
if (createmode >= FSAL_EXCLUSIVE) {
/* Could be a replay, need to continue.
*/
LogFullDebug(COMPONENT_STATE,
"EXCLUSIVE open with existing file %s",
filename);
} else if (createmode == FSAL_GUARDED) {
/* This will be a failure no matter'
* what.
*/
looked_up_file_obj = true;
res_OPEN4->status = NFS4ERR_EXIST;
goto out;
} else {
/* FSAL_UNCHECKED, may be a truncate
* and we need to pass in the case
* of fsal_reopen2 case.
*/
if (FSAL_TEST_MASK(sattr.valid_mask,
ATTR_SIZE) &&
sattr.filesize == 0) {
LogFullDebug(COMPONENT_STATE,
"Truncate");
openflags |= FSAL_O_TRUNC;
}
}
}
/* We found the file by lookup, discard the filename
* and remember that we found the entry by lookup.
*/
looked_up_file_obj = true;
gsh_free(filename);
filename = NULL;
} else if (status.major != ERR_FSAL_NOENT ||
arg->openhow.opentype != OPEN4_CREATE) {
/* A real error occurred */
res_OPEN4->status = nfs4_Errno_status(status);
goto out;
}
break;
/* Both of these just use the current filehandle. */
case CLAIM_PREVIOUS:
owner->so_owner.so_nfs4_owner.so_confirmed = true;
if (!nfs4_check_deleg_reclaim(clientid, &data->currentFH)) {
/* It must have been revoked. Can't reclaim.*/
LogInfo(COMPONENT_NFS_V4, "Can't reclaim delegation");
res_OPEN4->status = NFS4ERR_RECLAIM_BAD;
goto out;
}
openflags |= FSAL_O_RECLAIM;
file_obj = data->current_obj;
break;
case CLAIM_FH:
file_obj = data->current_obj;
break;
case CLAIM_DELEGATE_PREV:
/* FIXME: Remove this when we have full support
* for CLAIM_DELEGATE_PREV and delegpurge operations
*/
res_OPEN4->status = NFS4ERR_NOTSUPP;
goto out;
case CLAIM_DELEGATE_CUR:
res_OPEN4->status = open4_claim_deleg(arg, data);
if (res_OPEN4->status != NFS4_OK)
goto out;
openflags |= FSAL_O_RECLAIM;
file_obj = data->current_obj;
break;
default:
LogFatal(COMPONENT_STATE,
"Programming error. Invalid claim after check.");
}
if ((arg->share_access & OPEN4_SHARE_ACCESS_READ) != 0)
openflags |= FSAL_O_READ;
if ((arg->share_access & OPEN4_SHARE_ACCESS_WRITE) != 0)
openflags |= FSAL_O_WRITE;
if ((arg->share_deny & OPEN4_SHARE_DENY_READ) != 0)
openflags |= FSAL_O_DENY_READ;
if ((arg->share_deny & OPEN4_SHARE_DENY_WRITE) != 0)
openflags |= FSAL_O_DENY_WRITE_MAND;
/* Check if file_obj a REGULAR_FILE */
if (file_obj != NULL && file_obj->type != REGULAR_FILE) {
LogDebug(COMPONENT_NFS_V4,
"Wrong file type expected REGULAR_FILE actual %s",
object_file_type_to_str(file_obj->type));
if (file_obj->type == DIRECTORY) {
res_OPEN4->status = NFS4ERR_ISDIR;
} else {
/* All special nodes must return NFS4ERR_SYMLINK for
* proper client behavior per this linux-nfs post:
* http://marc.info/?l=linux-nfs&m=131342421825436&w=2
*/
res_OPEN4->status = NFS4ERR_SYMLINK;
}
goto out;
}
if (file_obj != NULL) {
/* Go ahead and take the state lock now. */
PTHREAD_RWLOCK_wrlock(&file_obj->state_hdl->state_lock);
state_lock_held = true;
in_obj = file_obj;
/* Check if any existing delegations conflict with this open.
* Delegation recalls will be scheduled if there is a conflict.
*/
if (state_deleg_conflict(file_obj,
(arg->share_access &
OPEN4_SHARE_ACCESS_WRITE) != 0)) {
res_OPEN4->status = NFS4ERR_DELAY;
goto out;
}
/* Check if there is already a state for this entry and owner.
*/
*file_state = nfs4_State_Get_Obj(file_obj, owner);
if (isFullDebug(COMPONENT_STATE) && *file_state != NULL) {
char str[LOG_BUFF_LEN] = "\0";
struct display_buffer dspbuf = {sizeof(str), str, str};
display_stateid(&dspbuf, *file_state);
LogFullDebug(COMPONENT_STATE,
"Found existing state %s",
str);
}
/* Check if open from another export */
if (*file_state != NULL &&
!state_same_export(*file_state, op_ctx->ctx_export)) {
LogEvent(COMPONENT_STATE,
"Lock Owner Export Conflict, Lock held for export %"
PRIu16" request for export %"PRIu16,
state_export_id(*file_state),
op_ctx->ctx_export->export_id);
res_OPEN4->status = NFS4ERR_INVAL;
goto out;
}
}
/* If that did not succeed, allocate a state from the FSAL. */
if (*file_state == NULL) {
*file_state = op_ctx->fsal_export->exp_ops.alloc_state(
op_ctx->fsal_export,
STATE_TYPE_SHARE,
NULL);
/* Remember we allocated a new state */
*new_state = true;
/* We are ready to perform the open (with possible create).
* in_obj has been set to the file itself or the parent.
* filename is NULL if in_obj is the file itself.
*
* Permission check has been done on directory if appropriate,
* otherwise fsal_open2 will do a directory permission
* check.
*
* fsal_open2 handles the permission check on the file
* itself and also handles all the share reservation stuff.
*
* fsal_open2 returns with a ref on out_obj, which should be
* passed to the state.
*/
LogFullDebug(COMPONENT_STATE,
"Calling open2 for %s", filename);
status = fsal_open2(in_obj,
*file_state,
openflags,
createmode,
filename,
&sattr,
verifier,
&out_obj,
NULL);
if (FSAL_IS_ERROR(status)) {
res_OPEN4->status = nfs4_Errno_status(status);
goto out;
}
} else if (createmode >= FSAL_EXCLUSIVE) {
/* We have an EXCLUSIVE create with an existing
* state. We still need to verify it, but no need
* to call reopen2.
*/
LogFullDebug(COMPONENT_STATE, "Calling verify2 ");
status = fsal_verify2(file_obj, verifier);
if (FSAL_IS_ERROR(status)) {
res_OPEN4->status = nfs4_Errno_status(status);
goto out;
}
/* We need an extra reference below. */
file_obj->obj_ops->get_ref(file_obj);
} else {
old_openflags =
file_obj->obj_ops->status2(file_obj, *file_state);
/* Open upgrade */
LogFullDebug(COMPONENT_STATE, "Calling reopen2");
status = fsal_reopen2(file_obj, *file_state,
openflags | old_openflags,
false);
if (FSAL_IS_ERROR(status)) {
res_OPEN4->status = nfs4_Errno_status(status);
goto out;
}
/* We need an extra reference below. */
file_obj->obj_ops->get_ref(file_obj);
}
if (file_obj == NULL) {
/* We have a new cache inode entry, take the state lock. */
file_obj = out_obj;
PTHREAD_RWLOCK_wrlock(&file_obj->state_hdl->state_lock);
state_lock_held = true;
}
/* Now the state_lock is held for sure and we have an extra LRU
* reference to file_obj, which is the opened file.
*/
if (*new_state) {
/* The state data to be added */
union state_data candidate_data;
/* Tracking data for the open state */
struct state_refer refer, *p_refer = NULL;
state_status_t state_status;
candidate_data.share.share_access =
arg->share_access & OPEN4_SHARE_ACCESS_BOTH;
candidate_data.share.share_deny = arg->share_deny;
candidate_data.share.share_access_prev =
(1 << candidate_data.share.share_access);
candidate_data.share.share_deny_prev =
(1 << candidate_data.share.share_deny);
LogFullDebug(COMPONENT_STATE,
"Creating new state access=%x deny=%x access_prev=%x deny_prev=%x",
candidate_data.share.share_access,
candidate_data.share.share_deny,
candidate_data.share.share_access_prev,
candidate_data.share.share_deny_prev);
/* Record the sequence info */
if (data->minorversion > 0) {
memcpy(refer.session,
data->session->session_id,
sizeof(sessionid4));
refer.sequence = data->sequence;
refer.slot = data->slot;
p_refer = &refer;
}
/* We need to register this state now. */
state_status = state_add_impl(file_obj,
STATE_TYPE_SHARE,
&candidate_data,
owner,
file_state,
p_refer);
if (state_status != STATE_SUCCESS) {
/* state_add_impl failure closed and freed state.
* file_state will also be NULL at this point. Also
* release the ref on file_obj, since the state add
* failed.
*/
file_obj->obj_ops->put_ref(file_obj);
res_OPEN4->status = nfs4_Errno_state(state_status);
*new_state = false;
goto out;
}
glist_init(&(*file_state)->state_data.share.share_lockstates);
}
res_OPEN4->status = open4_create_fh(data, file_obj, true);
if (res_OPEN4->status != NFS4_OK) {
if (*new_state) {
/* state_del_locked will close the file. */
state_del_locked(*file_state);
*file_state = NULL;
*new_state = false;
} else {
/*Do an open downgrade to the old open flags */
status = file_obj->obj_ops->reopen2(file_obj,
*file_state,
old_openflags);
if (FSAL_IS_ERROR(status)) {
LogCrit(COMPONENT_NFS_V4,
"Failed to allocate handle, reopen2 failed with %s",
fsal_err_txt(status));
}
/* Need to release the state_lock before the put_ref
* call.
*/
PTHREAD_RWLOCK_unlock(&file_obj->state_hdl->state_lock);
state_lock_held = false;
/* Release the extra LRU reference on file_obj. */
file_obj->obj_ops->put_ref(file_obj);
goto out;
}
}
/* Since open4_create_fh succeeded the LRU reference to file_obj was
* consumed by data->current_obj.
*/
if (!(*new_state)) {
LogFullDebug(COMPONENT_STATE,
"Open upgrade old access=%x deny=%x access_prev=%x deny_prev=%x",
(*file_state)->state_data.share.share_access,
(*file_state)->state_data.share.share_deny,
(*file_state)->state_data.share.share_access_prev,
(*file_state)->state_data.share.share_deny_prev);
LogFullDebug(COMPONENT_STATE,
"Open upgrade to access=%x deny=%x",
arg->share_access,
arg->share_deny);
/* Update share_access and share_deny */
(*file_state)->state_data.share.share_access |=
arg->share_access & OPEN4_SHARE_ACCESS_BOTH;
(*file_state)->state_data.share.share_deny |=
arg->share_deny;
/* Update share_access_prev and share_deny_prev */
(*file_state)->state_data.share.share_access_prev |=
(1 << (arg->share_access & OPEN4_SHARE_ACCESS_BOTH));
(*file_state)->state_data.share.share_deny_prev |=
(1 << arg->share_deny);
LogFullDebug(COMPONENT_STATE,
"Open upgrade new access=%x deny=%x access_prev=%x deny_prev=%x",
(*file_state)->state_data.share.share_access,
(*file_state)->state_data.share.share_deny,
(*file_state)->state_data.share.share_access_prev,
(*file_state)->state_data.share.share_deny_prev);
}
do_delegation(arg, res_OPEN4, data, owner, *file_state, clientid);
out:
/* Release the attributes (may release an inherited ACL) */
fsal_release_attrs(&sattr);
if (state_lock_held)
PTHREAD_RWLOCK_unlock(&file_obj->state_hdl->state_lock);
if (filename)
gsh_free(filename);
if (res_OPEN4->status != NFS4_OK) {
/* Cleanup state on error */
if (*new_state)
(*file_state)
->state_exp->exp_ops.free_state(
(*file_state)->state_exp, *file_state);
else if (*file_state != NULL)
dec_state_t_ref(*file_state);
*file_state = NULL;
}
if (looked_up_file_obj) {
/* We got file_obj via lookup, we need to unref it. */
file_obj->obj_ops->put_ref(file_obj);
}
}