Lines Matching refs:cp
288 struct nfs_gss_clnt_ctx *cp;
293 TAILQ_FOREACH(cp, &nmp->nm_gsscl, gss_clnt_entries) {
294 if (cp->gss_clnt_uid == uid) {
295 if (cp->gss_clnt_flags & GSS_CTX_INVAL)
297 nfs_gss_clnt_ctx_ref(req, cp);
311 TAILQ_FOREACH(cp, &nmp->nm_gsscl, gss_clnt_entries) {
312 if (!(cp->gss_clnt_flags & GSS_CTX_INVAL)) {
313 nfs_gss_clnt_ctx_ref(req, cp);
342 MALLOC(cp, struct nfs_gss_clnt_ctx *, sizeof(*cp), M_TEMP, M_WAITOK|M_ZERO);
343 if (cp == NULL) {
348 cp->gss_clnt_uid = uid;
349 cp->gss_clnt_mtx = lck_mtx_alloc_init(nfs_gss_clnt_grp, LCK_ATTR_NULL);
350 cp->gss_clnt_thread = current_thread();
351 nfs_gss_clnt_ctx_ref(req, cp);
352 TAILQ_INSERT_TAIL(&nmp->nm_gsscl, cp, gss_clnt_entries);
355 error = nfs_gss_clnt_ctx_init_retry(req, cp); // Initialize new context
389 struct nfs_gss_clnt_ctx *cp;
393 MALLOC(cp, struct nfs_gss_clnt_ctx *, sizeof(*cp), M_TEMP, M_WAITOK|M_ZERO);
394 if (cp == NULL)
397 cp->gss_clnt_service = RPCSEC_GSS_SVC_SYS;
398 cp->gss_clnt_uid = uid;
399 cp->gss_clnt_mtx = lck_mtx_alloc_init(nfs_gss_clnt_grp, LCK_ATTR_NULL);
401 cp->gss_clnt_ctime = now.tv_sec; // time stamp
402 nfs_gss_clnt_ctx_ref(req, cp);
403 TAILQ_INSERT_TAIL(&nmp->nm_gsscl, cp, gss_clnt_entries);
417 struct nfs_gss_clnt_ctx *cp;
446 cp = req->r_gss_ctx;
453 if (cp->gss_clnt_service == RPCSEC_GSS_SVC_SYS) {
460 lck_mtx_lock(cp->gss_clnt_mtx);
462 if (now.tv_sec > cp->gss_clnt_ctime + GSS_CLNT_SYS_VALID) {
463 cp->gss_clnt_flags |= GSS_CTX_INVAL;
464 lck_mtx_unlock(cp->gss_clnt_mtx);
468 lck_mtx_unlock(cp->gss_clnt_mtx);
478 lck_mtx_lock(cp->gss_clnt_mtx);
479 if (cp->gss_clnt_thread && cp->gss_clnt_thread != current_thread()) {
480 cp->gss_clnt_flags |= GSS_NEEDCTX;
481 msleep(cp, cp->gss_clnt_mtx, slpflag | PDROP, "ctxwait", NULL);
488 lck_mtx_unlock(cp->gss_clnt_mtx);
490 ki = &cp->gss_clnt_kinfo;
491 if (cp->gss_clnt_flags & GSS_CTX_COMPLETE) {
499 lck_mtx_lock(cp->gss_clnt_mtx);
500 while (win_getbit(cp->gss_clnt_seqbits,
501 ((cp->gss_clnt_seqnum - cp->gss_clnt_seqwin) + 1) % cp->gss_clnt_seqwin)) {
502 cp->gss_clnt_flags |= GSS_NEEDSEQ;
503 msleep(cp, cp->gss_clnt_mtx, slpflag | PDROP, "seqwin", NULL);
508 lck_mtx_lock(cp->gss_clnt_mtx);
509 if (cp->gss_clnt_flags & GSS_CTX_INVAL) {
511 lck_mtx_unlock(cp->gss_clnt_mtx);
516 seqnum = ++cp->gss_clnt_seqnum;
517 win_setbit(cp->gss_clnt_seqbits, seqnum % cp->gss_clnt_seqwin);
518 lck_mtx_unlock(cp->gss_clnt_mtx);
529 nfsm_chain_add_32(error, nmc, 5 * NFSX_UNSIGNED + cp->gss_clnt_handle_len);
531 nfsm_chain_add_32(error, nmc, cp->gss_clnt_proc);
533 nfsm_chain_add_32(error, nmc, cp->gss_clnt_service);
534 nfsm_chain_add_32(error, nmc, cp->gss_clnt_handle_len);
535 if (cp->gss_clnt_handle_len > 0) {
536 if (cp->gss_clnt_handle == NULL)
538 nfsm_chain_add_opaque(error, nmc, cp->gss_clnt_handle, cp->gss_clnt_handle_len);
545 if (cp->gss_clnt_proc == RPCSEC_GSS_INIT ||
546 cp->gss_clnt_proc == RPCSEC_GSS_CONTINUE_INIT) {
575 switch (cp->gss_clnt_service) {
680 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
685 gss_key_info *ki = &cp->gss_clnt_kinfo;
690 if (cp == NULL)
702 if (cp->gss_clnt_flags & GSS_CTX_COMPLETE &&
703 cp->gss_clnt_service != RPCSEC_GSS_SVC_SYS)
721 if (!(cp->gss_clnt_flags & GSS_CTX_COMPLETE)) {
722 MALLOC(cp->gss_clnt_verf, u_char *, verflen, M_TEMP, M_WAITOK|M_ZERO);
723 if (cp->gss_clnt_verf == NULL)
725 nfsm_chain_get_opaque(error, nmc, verflen, cp->gss_clnt_verf);
768 switch (cp->gss_clnt_service) {
908 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
912 if (cp == NULL)
915 if ((cp->gss_clnt_flags & GSS_CTX_COMPLETE) == 0)
923 switch (cp->gss_clnt_service) {
951 nfs_gss_encrypt_chain(&cp->gss_clnt_kinfo, nmc,
975 nfs_gss_clnt_ctx_init(struct nfsreq *req, struct nfs_gss_clnt_ctx *cp)
983 gss_key_info *ki = &cp->gss_clnt_kinfo;
987 cp->gss_clnt_svcname = nfs_gss_clnt_svcname(nmp);
988 if (cp->gss_clnt_svcname == NULL) {
993 cp->gss_clnt_proc = RPCSEC_GSS_INIT;
995 cp->gss_clnt_service =
1000 cp->gss_clnt_gssd_flags = (nfs_single_des ? GSSD_NFS_1DES : 0);
1010 error = nfs_gss_clnt_gssd_upcall(req, cp);
1014 if (cp->gss_clnt_major == GSS_S_COMPLETE) {
1018 } else if (cp->gss_clnt_major != GSS_S_CONTINUE_NEEDED) {
1026 error = nfs_gss_clnt_ctx_callserver(req, cp);
1028 if (cp->gss_clnt_proc == RPCSEC_GSS_INIT &&
1029 (cp->gss_clnt_gssd_flags & (GSSD_RESTART | GSSD_NFS_1DES)) == 0) {
1030 cp->gss_clnt_gssd_flags = (GSSD_RESTART | GSSD_NFS_1DES);
1031 if (cp->gss_clnt_token)
1032 FREE(cp->gss_clnt_token, M_TEMP);
1033 cp->gss_clnt_token = NULL;
1034 cp->gss_clnt_tokenlen = 0;
1038 cp->gss_clnt_gssd_flags = 0;
1041 if (cp->gss_clnt_major == GSS_S_COMPLETE) {
1045 } else if (cp->gss_clnt_major != GSS_S_CONTINUE_NEEDED) {
1050 cp->gss_clnt_proc = RPCSEC_GSS_CONTINUE_INIT;
1056 lck_mtx_lock(cp->gss_clnt_mtx);
1057 cp->gss_clnt_flags |= GSS_CTX_COMPLETE;
1058 lck_mtx_unlock(cp->gss_clnt_mtx);
1059 cp->gss_clnt_proc = RPCSEC_GSS_DATA;
1061 cp->gss_clnt_ctime = now.tv_sec; // time stamp
1067 nfs_gss_cksum_rep(ki, cp->gss_clnt_seqwin, cksum1);
1073 error = nfs_gss_token_get(ki, ALG_MIC(ki), cp->gss_clnt_verf, 0,
1075 FREE(cp->gss_clnt_verf, M_TEMP);
1076 cp->gss_clnt_verf = NULL;
1089 cp->gss_clnt_seqnum = (random() & 0xffff) + cp->gss_clnt_seqwin;
1095 MALLOC(cp->gss_clnt_seqbits, uint32_t *,
1096 nfsm_rndup((cp->gss_clnt_seqwin + 7) / 8), M_TEMP, M_WAITOK|M_ZERO);
1097 if (cp->gss_clnt_seqbits == NULL)
1113 lck_mtx_lock(cp->gss_clnt_mtx);
1115 cp->gss_clnt_flags |= GSS_CTX_INVAL;
1120 cp->gss_clnt_thread = NULL;
1121 if (cp->gss_clnt_flags & GSS_NEEDCTX) {
1122 cp->gss_clnt_flags &= ~GSS_NEEDCTX;
1123 wakeup(cp);
1125 lck_mtx_unlock(cp->gss_clnt_mtx);
1139 nfs_gss_clnt_ctx_init_retry(struct nfsreq *req, struct nfs_gss_clnt_ctx *cp)
1156 while ((error = nfs_gss_clnt_ctx_init(req, cp)) == ENEEDAUTH) {
1185 lck_mtx_lock(cp->gss_clnt_mtx);
1186 cp->gss_clnt_flags |= GSS_CTX_INVAL;
1191 cp->gss_clnt_thread = NULL;
1192 if (cp->gss_clnt_flags & GSS_NEEDCTX) {
1193 cp->gss_clnt_flags &= ~GSS_NEEDCTX;
1194 wakeup(cp);
1196 lck_mtx_unlock(cp->gss_clnt_mtx);
1208 nfs_gss_clnt_ctx_callserver(struct nfsreq *req, struct nfs_gss_clnt_ctx *cp)
1218 sz = NFSX_UNSIGNED + nfsm_rndup(cp->gss_clnt_tokenlen);
1220 nfsm_chain_add_32(error, &nmreq, cp->gss_clnt_tokenlen);
1221 if (cp->gss_clnt_tokenlen > 0)
1222 nfsm_chain_add_opaque(error, &nmreq, cp->gss_clnt_token, cp->gss_clnt_tokenlen);
1229 (req->r_flags & R_OPTMASK), cp, &nmrep, &status);
1230 if (cp->gss_clnt_token != NULL) {
1231 FREE(cp->gss_clnt_token, M_TEMP);
1232 cp->gss_clnt_token = NULL;
1241 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_handle_len);
1242 if (cp->gss_clnt_handle != NULL) {
1243 FREE(cp->gss_clnt_handle, M_TEMP);
1244 cp->gss_clnt_handle = NULL;
1246 if (cp->gss_clnt_handle_len > 0) {
1247 MALLOC(cp->gss_clnt_handle, u_char *, cp->gss_clnt_handle_len, M_TEMP, M_WAITOK);
1248 if (cp->gss_clnt_handle == NULL) {
1252 nfsm_chain_get_opaque(error, &nmrep, cp->gss_clnt_handle_len, cp->gss_clnt_handle);
1254 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_major);
1255 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_minor);
1256 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_seqwin);
1257 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_tokenlen);
1260 if (cp->gss_clnt_tokenlen > 0) {
1261 MALLOC(cp->gss_clnt_token, u_char *, cp->gss_clnt_tokenlen, M_TEMP, M_WAITOK);
1262 if (cp->gss_clnt_token == NULL) {
1266 nfsm_chain_get_opaque(error, &nmrep, cp->gss_clnt_tokenlen, cp->gss_clnt_token);
1272 if (cp->gss_clnt_major != GSS_S_COMPLETE &&
1273 cp->gss_clnt_major != GSS_S_CONTINUE_NEEDED) {
1278 cp->gss_clnt_mport,
1281 cp->gss_clnt_uid,
1283 cp->gss_clnt_major,
1284 cp->gss_clnt_minor);
1369 nfs_gss_clnt_gssd_upcall(struct nfsreq *req, struct nfs_gss_clnt_ctx *cp)
1391 if (!IPC_PORT_VALID(cp->gss_clnt_mport)) {
1392 cp->gss_clnt_mport = nfs_gss_clnt_get_upcall_port(req->r_cred);
1393 if (cp->gss_clnt_mport == IPC_PORT_NULL)
1397 if (cp->gss_clnt_tokenlen > 0)
1398 nfs_gss_mach_alloc_buffer(cp->gss_clnt_token, cp->gss_clnt_tokenlen, &itoken);
1402 cp->gss_clnt_mport,
1404 (gssd_byte_buffer) itoken, (mach_msg_type_number_t) cp->gss_clnt_tokenlen,
1405 cp->gss_clnt_uid,
1407 cp->gss_clnt_svcname,
1409 cp->gss_clnt_gssd_flags,
1410 &cp->gss_clnt_context,
1411 &cp->gss_clnt_cred_handle,
1415 &cp->gss_clnt_major,
1416 &cp->gss_clnt_minor);
1418 cp->gss_clnt_gssd_flags &= ~GSSD_RESTART;
1422 if (kr == MIG_SERVER_DIED && cp->gss_clnt_cred_handle == 0 &&
1424 if (cp->gss_clnt_tokenlen > 0)
1425 nfs_gss_mach_alloc_buffer(cp->gss_clnt_token, cp->gss_clnt_tokenlen, &itoken);
1429 host_release_special_port(cp->gss_clnt_mport);
1430 cp->gss_clnt_mport = IPC_PORT_NULL;
1437 if (cp->gss_clnt_major != GSS_S_COMPLETE &&
1438 cp->gss_clnt_major != GSS_S_CONTINUE_NEEDED) {
1443 cp->gss_clnt_mport,
1446 cp->gss_clnt_uid,
1448 cp->gss_clnt_major,
1449 cp->gss_clnt_minor);
1460 cp->gss_clnt_kinfo.skey);
1466 error = gss_key_init(&cp->gss_clnt_kinfo, skeylen);
1472 if (cp->gss_clnt_token)
1473 FREE(cp->gss_clnt_token, M_TEMP);
1474 cp->gss_clnt_token = NULL;
1475 cp->gss_clnt_tokenlen = 0;
1479 MALLOC(cp->gss_clnt_token, u_char *, otokenlen, M_TEMP, M_WAITOK);
1480 if (cp->gss_clnt_token == NULL) {
1485 error = nfs_gss_mach_vmcopyout((vm_map_copy_t) otoken, otokenlen, cp->gss_clnt_token);
1487 FREE(cp->gss_clnt_token, M_TEMP);
1488 cp->gss_clnt_token = NULL;
1491 cp->gss_clnt_tokenlen = otokenlen;
1497 if (cp->gss_clnt_token)
1498 FREE(cp->gss_clnt_token, M_TEMP);
1499 cp->gss_clnt_token = NULL;
1500 cp->gss_clnt_tokenlen = 0;
1522 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
1526 if (cp == NULL || !(cp->gss_clnt_flags & GSS_CTX_COMPLETE))
1533 lck_mtx_lock(cp->gss_clnt_mtx);
1535 if (gsp && gsp->gss_seqnum > (cp->gss_clnt_seqnum - cp->gss_clnt_seqwin))
1536 win_resetbit(cp->gss_clnt_seqbits,
1537 gsp->gss_seqnum % cp->gss_clnt_seqwin);
1553 if (cp->gss_clnt_flags & GSS_NEEDSEQ) {
1554 cp->gss_clnt_flags &= ~GSS_NEEDSEQ;
1555 wakeup(cp);
1557 lck_mtx_unlock(cp->gss_clnt_mtx);
1565 nfs_gss_clnt_ctx_ref(struct nfsreq *req, struct nfs_gss_clnt_ctx *cp)
1567 req->r_gss_ctx = cp;
1569 lck_mtx_lock(cp->gss_clnt_mtx);
1570 cp->gss_clnt_refcnt++;
1571 lck_mtx_unlock(cp->gss_clnt_mtx);
1583 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
1585 if (cp == NULL)
1590 lck_mtx_lock(cp->gss_clnt_mtx);
1591 if (--cp->gss_clnt_refcnt == 0
1592 && cp->gss_clnt_flags & GSS_CTX_INVAL) {
1593 lck_mtx_unlock(cp->gss_clnt_mtx);
1597 nfs_gss_clnt_ctx_remove(nmp, cp);
1603 lck_mtx_unlock(cp->gss_clnt_mtx);
1610 nfs_gss_clnt_ctx_remove(struct nfsmount *nmp, struct nfs_gss_clnt_ctx *cp)
1616 TAILQ_REMOVE(&nmp->nm_gsscl, cp, gss_clnt_entries);
1618 host_release_special_port(cp->gss_clnt_mport);
1620 if (cp->gss_clnt_mtx)
1621 lck_mtx_destroy(cp->gss_clnt_mtx, nfs_gss_clnt_grp);
1622 if (cp->gss_clnt_handle)
1623 FREE(cp->gss_clnt_handle, M_TEMP);
1624 if (cp->gss_clnt_seqbits)
1625 FREE(cp->gss_clnt_seqbits, M_TEMP);
1626 if (cp->gss_clnt_token)
1627 FREE(cp->gss_clnt_token, M_TEMP);
1628 if (cp->gss_clnt_svcname)
1629 FREE(cp->gss_clnt_svcname, M_TEMP);
1630 FREE(cp, M_TEMP);
1641 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
1648 if (cp == NULL)
1651 lck_mtx_lock(cp->gss_clnt_mtx);
1652 if (cp->gss_clnt_flags & GSS_CTX_INVAL) {
1653 lck_mtx_unlock(cp->gss_clnt_mtx);
1657 saved_uid = cp->gss_clnt_uid;
1658 saved_mport = host_copy_special_port(cp->gss_clnt_mport);
1661 cp->gss_clnt_flags |= GSS_CTX_INVAL;
1667 if (cp->gss_clnt_flags & (GSS_NEEDCTX | GSS_NEEDSEQ)) {
1668 cp->gss_clnt_flags &= ~GSS_NEEDSEQ;
1669 wakeup(cp);
1671 lck_mtx_unlock(cp->gss_clnt_mtx);
1711 struct nfs_gss_clnt_ctx *cp;
1720 cp = TAILQ_FIRST(&nmp->nm_gsscl);
1722 if (cp == NULL)
1725 nfs_gss_clnt_ctx_ref(&req, cp);
1732 if (!(nmp->nm_state & NFSSTA_FORCE) && (cp->gss_clnt_service != RPCSEC_GSS_SVC_SYS)) {
1738 temp_pcred.cr_uid = cp->gss_clnt_uid;
1740 cp->gss_clnt_proc = RPCSEC_GSS_DESTROY;
1749 current_thread(), cred, 0, cp, &nmrep, &status);
1760 lck_mtx_lock(cp->gss_clnt_mtx);
1761 cp->gss_clnt_flags |= GSS_CTX_INVAL;
1762 lck_mtx_unlock(cp->gss_clnt_mtx);
1784 struct nfs_gss_svc_ctx *cp;
1798 LIST_FOREACH(cp, head, gss_svc_entries) {
1799 if (cp->gss_svc_handle == handle) {
1800 if (timenow > cp->gss_svc_incarnation + GSS_SVC_CTX_TTL) {
1806 cp->gss_svc_handle = 0;
1811 cp->gss_svc_incarnation = timenow;
1813 cp = NULL;
1816 lck_mtx_lock(cp->gss_svc_mtx);
1817 cp->gss_svc_refcnt++;
1818 lck_mtx_unlock(cp->gss_svc_mtx);
1825 return (cp);
1833 nfs_gss_svc_ctx_insert(struct nfs_gss_svc_ctx *cp)
1846 cp->gss_svc_handle = random();
1847 if (cp->gss_svc_handle == 0)
1849 head = &nfs_gss_svc_ctx_hashtbl[SVC_CTX_HASH(cp->gss_svc_handle)];
1851 if (p->gss_svc_handle == cp->gss_svc_handle)
1855 &cp->gss_svc_incarnation);
1856 LIST_INSERT_HEAD(head, cp, gss_svc_entries);
1877 struct nfs_gss_svc_ctx *cp, *next;
1893 LIST_FOREACH_SAFE(cp, &nfs_gss_svc_ctx_hashtbl[i], gss_svc_entries, next) {
1895 if (timenow > cp->gss_svc_incarnation +
1896 (cp->gss_svc_handle ? GSS_SVC_CTX_TTL : 0)
1897 && cp->gss_svc_refcnt == 0) {
1901 LIST_REMOVE(cp, gss_svc_entries);
1902 if (cp->gss_svc_seqbits)
1903 FREE(cp->gss_svc_seqbits, M_TEMP);
1904 lck_mtx_destroy(cp->gss_svc_mtx, nfs_gss_svc_grp);
1905 FREE(cp, M_TEMP);
1940 struct nfs_gss_svc_ctx *cp = NULL;
2000 MALLOC(cp, struct nfs_gss_svc_ctx *, sizeof(*cp), M_TEMP, M_WAITOK|M_ZERO);
2001 if (cp == NULL) {
2005 cp->gss_svc_mtx = lck_mtx_alloc_init(nfs_gss_svc_grp, LCK_ATTR_NULL);
2006 cp->gss_svc_refcnt = 1;
2019 cp = nfs_gss_svc_ctx_find(handle);
2020 if (cp == NULL) {
2026 cp->gss_svc_proc = proc;
2027 ki = &cp->gss_svc_kinfo;
2032 if (cp->gss_svc_seqwin == 0) {
2040 if (!nfs_gss_svc_seqnum_valid(cp, seqnum)) {
2086 temp_pcred.cr_uid = cp->gss_svc_uid;
2087 bcopy(cp->gss_svc_gids, temp_pcred.cr_groups,
2088 sizeof(gid_t) * cp->gss_svc_ngroups);
2089 temp_pcred.cr_ngroups = cp->gss_svc_ngroups;
2096 clock_get_uptime(&cp->gss_svc_incarnation);
2225 lck_mtx_destroy(cp->gss_svc_mtx, nfs_gss_svc_grp);
2226 FREE(cp, M_TEMP);
2227 cp = NULL;
2233 nd->nd_gss_context = cp;
2236 if (cp)
2237 nfs_gss_svc_ctx_deref(cp);
2250 struct nfs_gss_svc_ctx *cp;
2257 cp = nd->nd_gss_context;
2258 ki = &cp->gss_svc_kinfo;
2260 if (cp->gss_svc_major != GSS_S_COMPLETE) {
2276 if (cp->gss_svc_proc == RPCSEC_GSS_INIT ||
2277 cp->gss_svc_proc == RPCSEC_GSS_CONTINUE_INIT)
2278 nfs_gss_cksum_rep(ki, cp->gss_svc_seqwin, cksum);
2304 struct nfs_gss_svc_ctx *cp = nd->nd_gss_context;
2307 if (cp->gss_svc_proc == RPCSEC_GSS_INIT ||
2308 cp->gss_svc_proc == RPCSEC_GSS_CONTINUE_INIT)
2338 struct nfs_gss_svc_ctx *cp = nd->nd_gss_context;
2347 gss_key_info *ki = &cp->gss_svc_kinfo;
2437 struct nfs_gss_svc_ctx *cp = NULL;
2446 cp = nd->nd_gss_context;
2449 switch (cp->gss_svc_proc) {
2451 nfs_gss_svc_ctx_insert(cp);
2456 nfsm_chain_get_32(error, nmreq, cp->gss_svc_tokenlen);
2457 if (cp->gss_svc_tokenlen == 0) {
2461 MALLOC(cp->gss_svc_token, u_char *, cp->gss_svc_tokenlen, M_TEMP, M_WAITOK);
2462 if (cp->gss_svc_token == NULL) {
2466 nfsm_chain_get_opaque(error, nmreq, cp->gss_svc_tokenlen, cp->gss_svc_token);
2469 error = nfs_gss_svc_gssd_upcall(cp);
2481 if (cp->gss_svc_major != GSS_S_COMPLETE)
2488 clock_get_uptime(&cp->gss_svc_incarnation);
2490 cp->gss_svc_seqwin = GSS_SVC_SEQWINDOW;
2491 MALLOC(cp->gss_svc_seqbits, uint32_t *,
2492 nfsm_rndup((cp->gss_svc_seqwin + 7) / 8), M_TEMP, M_WAITOK|M_ZERO);
2493 if (cp->gss_svc_seqbits == NULL) {
2510 cp = nfs_gss_svc_ctx_find(cp->gss_svc_handle);
2511 if (cp != NULL) {
2512 cp->gss_svc_handle = 0; // so it can't be found
2513 lck_mtx_lock(cp->gss_svc_mtx);
2515 &cp->gss_svc_incarnation);
2516 lck_mtx_unlock(cp->gss_svc_mtx);
2528 sz = 7 * NFSX_UNSIGNED + nfsm_rndup(cp->gss_svc_tokenlen); // size of results
2534 if (cp->gss_svc_proc == RPCSEC_GSS_INIT ||
2535 cp->gss_svc_proc == RPCSEC_GSS_CONTINUE_INIT) {
2536 nfsm_chain_add_32(error, &nmrep, sizeof(cp->gss_svc_handle));
2537 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_handle);
2539 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_major);
2540 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_minor);
2541 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_seqwin);
2543 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_tokenlen);
2544 if (cp->gss_svc_token != NULL) {
2545 nfsm_chain_add_opaque(error, &nmrep, cp->gss_svc_token, cp->gss_svc_tokenlen);
2546 FREE(cp->gss_svc_token, M_TEMP);
2547 cp->gss_svc_token = NULL;
2554 LIST_REMOVE(cp, gss_svc_entries);
2555 if (cp->gss_svc_seqbits != NULL)
2556 FREE(cp->gss_svc_seqbits, M_TEMP);
2557 if (cp->gss_svc_token != NULL)
2558 FREE(cp->gss_svc_token, M_TEMP);
2559 lck_mtx_destroy(cp->gss_svc_mtx, nfs_gss_svc_grp);
2560 FREE(cp, M_TEMP);
2578 nfs_gss_svc_gssd_upcall(struct nfs_gss_svc_ctx *cp)
2602 if (cp->gss_svc_tokenlen > 0)
2603 nfs_gss_mach_alloc_buffer(cp->gss_svc_token, cp->gss_svc_tokenlen, &itoken);
2608 (gssd_byte_buffer) itoken, (mach_msg_type_number_t) cp->gss_svc_tokenlen,
2611 &cp->gss_svc_context,
2612 &cp->gss_svc_cred_handle,
2614 &cp->gss_svc_uid,
2615 cp->gss_svc_gids,
2616 &cp->gss_svc_ngroups,
2619 &cp->gss_svc_major,
2620 &cp->gss_svc_minor);
2624 if (kr == MIG_SERVER_DIED && cp->gss_svc_context == 0 &&
2626 if (cp->gss_svc_tokenlen > 0)
2627 nfs_gss_mach_alloc_buffer(cp->gss_svc_token, cp->gss_svc_tokenlen, &itoken);
2643 error = nfs_gss_mach_vmcopyout((vm_map_copy_t) okey, skeylen, cp->gss_svc_kinfo.skey);
2648 error = gss_key_init(&cp->gss_svc_kinfo, skeylen);
2655 if (cp->gss_svc_token)
2656 FREE(cp->gss_svc_token, M_TEMP);
2657 cp->gss_svc_token = NULL;
2658 cp->gss_svc_tokenlen = 0;
2662 MALLOC(cp->gss_svc_token, u_char *, otokenlen, M_TEMP, M_WAITOK);
2663 if (cp->gss_svc_token == NULL) {
2668 error = nfs_gss_mach_vmcopyout((vm_map_copy_t) otoken, otokenlen, cp->gss_svc_token);
2670 FREE(cp->gss_svc_token, M_TEMP);
2671 cp->gss_svc_token = NULL;
2674 cp->gss_svc_tokenlen = otokenlen;
2680 FREE(cp->gss_svc_token, M_TEMP);
2681 cp->gss_svc_tokenlen = 0;
2682 cp->gss_svc_token = NULL;
2698 nfs_gss_svc_seqnum_valid(struct nfs_gss_svc_ctx *cp, uint32_t seq)
2700 uint32_t *bits = cp->gss_svc_seqbits;
2701 uint32_t win = cp->gss_svc_seqwin;
2704 lck_mtx_lock(cp->gss_svc_mtx);
2710 if (seq > cp->gss_svc_seqmax) {
2711 if (seq - cp->gss_svc_seqmax > win)
2714 for (i = cp->gss_svc_seqmax + 1; i < seq; i++)
2717 cp->gss_svc_seqmax = seq;
2718 lck_mtx_unlock(cp->gss_svc_mtx);
2725 if (seq <= cp->gss_svc_seqmax - win) {
2726 lck_mtx_unlock(cp->gss_svc_mtx);
2734 lck_mtx_unlock(cp->gss_svc_mtx);
2738 lck_mtx_unlock(cp->gss_svc_mtx);
2750 nfs_gss_svc_ctx_deref(struct nfs_gss_svc_ctx *cp)
2752 lck_mtx_lock(cp->gss_svc_mtx);
2753 if (cp->gss_svc_refcnt > 0)
2754 cp->gss_svc_refcnt--;
2757 lck_mtx_unlock(cp->gss_svc_mtx);
2767 struct nfs_gss_svc_ctx *cp, *ncp;
2780 LIST_FOREACH_SAFE(cp, head, gss_svc_entries, ncp) {
2781 LIST_REMOVE(cp, gss_svc_entries);
2782 if (cp->gss_svc_seqbits)
2783 FREE(cp->gss_svc_seqbits, M_TEMP);
2784 lck_mtx_destroy(cp->gss_svc_mtx, nfs_gss_svc_grp);
2785 FREE(cp, M_TEMP);