Lines Matching refs:cp
238 struct nfs_gss_clnt_ctx *cp;
245 TAILQ_FOREACH(cp, &nmp->nm_gsscl, gss_clnt_entries) {
246 if (cp->gss_clnt_uid == uid) {
247 if (cp->gss_clnt_flags & GSS_CTX_INVAL)
250 nfs_gss_clnt_ctx_ref(req, cp);
263 TAILQ_FOREACH(cp, &nmp->nm_gsscl, gss_clnt_entries) {
264 if (!(cp->gss_clnt_flags & GSS_CTX_INVAL)) {
266 nfs_gss_clnt_ctx_ref(req, cp);
295 MALLOC(cp, struct nfs_gss_clnt_ctx *, sizeof(*cp), M_TEMP, M_WAITOK|M_ZERO);
296 if (cp == NULL) {
301 cp->gss_clnt_uid = uid;
302 cp->gss_clnt_mtx = lck_mtx_alloc_init(nfs_gss_clnt_grp, LCK_ATTR_NULL);
303 cp->gss_clnt_thread = current_thread();
304 nfs_gss_clnt_ctx_ref(req, cp);
305 TAILQ_INSERT_TAIL(&nmp->nm_gsscl, cp, gss_clnt_entries);
308 error = nfs_gss_clnt_ctx_init(req, cp);
346 struct nfs_gss_clnt_ctx *cp;
350 MALLOC(cp, struct nfs_gss_clnt_ctx *, sizeof(*cp), M_TEMP, M_WAITOK|M_ZERO);
351 if (cp == NULL)
354 cp->gss_clnt_service = RPCSEC_GSS_SVC_SYS;
355 cp->gss_clnt_uid = uid;
356 cp->gss_clnt_mtx = lck_mtx_alloc_init(nfs_gss_clnt_grp, LCK_ATTR_NULL);
358 cp->gss_clnt_ctime = now.tv_sec; // time stamp
359 nfs_gss_clnt_ctx_ref(req, cp);
360 TAILQ_INSERT_TAIL(&nmp->nm_gsscl, cp, gss_clnt_entries);
375 struct nfs_gss_clnt_ctx *cp;
398 cp = req->r_gss_ctx;
405 if (cp->gss_clnt_service == RPCSEC_GSS_SVC_SYS) {
412 lck_mtx_lock(cp->gss_clnt_mtx);
414 if (now.tv_sec > cp->gss_clnt_ctime + GSS_CLNT_SYS_VALID) {
415 cp->gss_clnt_flags |= GSS_CTX_INVAL;
416 lck_mtx_unlock(cp->gss_clnt_mtx);
420 lck_mtx_unlock(cp->gss_clnt_mtx);
430 lck_mtx_lock(cp->gss_clnt_mtx);
431 if (cp->gss_clnt_thread && cp->gss_clnt_thread != current_thread()) {
432 cp->gss_clnt_flags |= GSS_NEEDCTX;
434 msleep(cp, cp->gss_clnt_mtx, slpflag, "ctxwait", NULL);
440 lck_mtx_unlock(cp->gss_clnt_mtx);
442 if (cp->gss_clnt_flags & GSS_CTX_COMPLETE) {
450 lck_mtx_lock(cp->gss_clnt_mtx);
451 while (win_getbit(cp->gss_clnt_seqbits,
452 ((cp->gss_clnt_seqnum - cp->gss_clnt_seqwin) + 1) % cp->gss_clnt_seqwin)) {
453 cp->gss_clnt_flags |= GSS_NEEDSEQ;
455 msleep(cp, cp->gss_clnt_mtx, slpflag, "seqwin", NULL);
457 lck_mtx_unlock(cp->gss_clnt_mtx);
460 if (cp->gss_clnt_flags & GSS_CTX_INVAL) {
462 lck_mtx_unlock(cp->gss_clnt_mtx);
467 seqnum = ++cp->gss_clnt_seqnum;
468 win_setbit(cp->gss_clnt_seqbits, seqnum % cp->gss_clnt_seqwin);
469 lck_mtx_unlock(cp->gss_clnt_mtx);
480 nfsm_chain_add_32(error, nmc, 5 * NFSX_UNSIGNED + cp->gss_clnt_handle_len);
482 nfsm_chain_add_32(error, nmc, cp->gss_clnt_proc);
484 nfsm_chain_add_32(error, nmc, cp->gss_clnt_service);
485 nfsm_chain_add_32(error, nmc, cp->gss_clnt_handle_len);
486 nfsm_chain_add_opaque(error, nmc, cp->gss_clnt_handle, cp->gss_clnt_handle_len);
491 if (cp->gss_clnt_proc == RPCSEC_GSS_INIT ||
492 cp->gss_clnt_proc == RPCSEC_GSS_CONTINUE_INIT) {
507 nfs_gss_cksum_chain(cp->gss_clnt_sched, nmc, krb5_mic, offset, 0, cksum);
509 toklen = nfs_gss_token_put(cp->gss_clnt_sched, krb5_mic, tokbuf, 1, 0, cksum);
521 switch (cp->gss_clnt_service) {
539 nfs_gss_cksum_chain(cp->gss_clnt_sched, nmc, krb5_mic, start, len, cksum);
542 toklen = nfs_gss_token_put(cp->gss_clnt_sched, krb5_mic, tokbuf, 1, 0, cksum);
580 nfs_gss_cksum_chain(cp->gss_clnt_sched, &nmc_tmp, krb5_wrap, 0, len, cksum);
583 toklen = nfs_gss_token_put(cp->gss_clnt_sched, krb5_wrap, tokbuf, 1, len, cksum);
593 nfs_gss_encrypt_chain(cp->gss_clnt_skey, &nmc_tmp, 0, len, DES_ENCRYPT);
626 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
635 if (cp == NULL)
647 if (cp->gss_clnt_flags & GSS_CTX_COMPLETE &&
648 cp->gss_clnt_service != RPCSEC_GSS_SVC_SYS)
669 if (!(cp->gss_clnt_flags & GSS_CTX_COMPLETE)) {
670 MALLOC(cp->gss_clnt_verf, u_char *, verflen, M_TEMP, M_WAITOK|M_ZERO);
671 if (cp->gss_clnt_verf == NULL)
673 nfsm_chain_get_opaque(error, nmc, verflen, cp->gss_clnt_verf);
685 error = nfs_gss_token_get(cp->gss_clnt_sched, krb5_mic, tokbuf, 0, NULL, cksum1);
695 nfs_gss_cksum_rep(cp->gss_clnt_sched, gsp->gss_seqnum, cksum2);
713 switch (cp->gss_clnt_service) {
735 nfs_gss_cksum_chain(cp->gss_clnt_sched, nmc, krb5_mic, start, reslen, cksum1);
766 error = nfs_gss_token_get(cp->gss_clnt_sched, krb5_mic, tokbuf, 0,
797 error = nfs_gss_token_get(cp->gss_clnt_sched, krb5_wrap, tokbuf, 0,
806 nfs_gss_encrypt_chain(cp->gss_clnt_skey, nmc, start, reslen, DES_DECRYPT);
809 nfs_gss_cksum_chain(cp->gss_clnt_sched, nmc, krb5_wrap, start, reslen, cksum2);
854 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
858 if (cp == NULL)
861 if ((cp->gss_clnt_flags & GSS_CTX_COMPLETE) == 0)
869 switch (cp->gss_clnt_service) {
897 nfs_gss_encrypt_chain(cp->gss_clnt_skey, nmc,
921 nfs_gss_clnt_ctx_init(struct nfsreq *req, struct nfs_gss_clnt_ctx *cp)
932 cp->gss_clnt_svcname = nfs_gss_clnt_svcname(nmp);
933 if (cp->gss_clnt_svcname == NULL) {
937 cp->gss_clnt_proc = RPCSEC_GSS_INIT;
939 cp->gss_clnt_service =
952 error = nfs_gss_clnt_gssd_upcall(req, cp);
956 if (cp->gss_clnt_major == GSS_S_COMPLETE) {
960 } else if (cp->gss_clnt_major != GSS_S_CONTINUE_NEEDED) {
968 error = nfs_gss_clnt_ctx_callserver(req, cp);
972 if (cp->gss_clnt_major == GSS_S_COMPLETE) {
976 } else if (cp->gss_clnt_major != GSS_S_CONTINUE_NEEDED) {
981 cp->gss_clnt_proc = RPCSEC_GSS_CONTINUE_INIT;
987 cp->gss_clnt_flags |= GSS_CTX_COMPLETE;
988 cp->gss_clnt_proc = RPCSEC_GSS_DATA;
990 cp->gss_clnt_ctime = now.tv_sec; // time stamp
995 error = des_key_sched((des_cblock *) cp->gss_clnt_skey, cp->gss_clnt_sched);
1004 nfs_gss_cksum_rep(cp->gss_clnt_sched, cp->gss_clnt_seqwin, cksum1);
1010 error = nfs_gss_token_get(cp->gss_clnt_sched, krb5_mic, cp->gss_clnt_verf, 0,
1012 FREE(cp->gss_clnt_verf, M_TEMP);
1013 cp->gss_clnt_verf = NULL;
1026 cp->gss_clnt_seqnum = (random() & 0xffff) + cp->gss_clnt_seqwin;
1032 MALLOC(cp->gss_clnt_seqbits, uint32_t *,
1033 nfsm_rndup((cp->gss_clnt_seqwin + 7) / 8), M_TEMP, M_WAITOK|M_ZERO);
1034 if (cp->gss_clnt_seqbits == NULL)
1043 cp->gss_clnt_flags |= GSS_CTX_INVAL;
1048 lck_mtx_lock(cp->gss_clnt_mtx);
1049 cp->gss_clnt_thread = NULL;
1050 if (cp->gss_clnt_flags & GSS_NEEDCTX) {
1051 cp->gss_clnt_flags &= ~GSS_NEEDCTX;
1052 wakeup(cp);
1054 lck_mtx_unlock(cp->gss_clnt_mtx);
1066 nfs_gss_clnt_ctx_callserver(struct nfsreq *req, struct nfs_gss_clnt_ctx *cp)
1076 sz = NFSX_UNSIGNED + nfsm_rndup(cp->gss_clnt_tokenlen);
1078 nfsm_chain_add_32(error, &nmreq, cp->gss_clnt_tokenlen);
1079 nfsm_chain_add_opaque(error, &nmreq, cp->gss_clnt_token, cp->gss_clnt_tokenlen);
1087 if (cp->gss_clnt_token != NULL) {
1088 FREE(cp->gss_clnt_token, M_TEMP);
1089 cp->gss_clnt_token = NULL;
1098 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_handle_len);
1099 if (cp->gss_clnt_handle != NULL)
1100 FREE(cp->gss_clnt_handle, M_TEMP);
1101 if (cp->gss_clnt_handle_len > 0) {
1102 MALLOC(cp->gss_clnt_handle, u_char *, cp->gss_clnt_handle_len, M_TEMP, M_WAITOK);
1103 if (cp->gss_clnt_handle == NULL) {
1107 nfsm_chain_get_opaque(error, &nmrep, cp->gss_clnt_handle_len, cp->gss_clnt_handle);
1109 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_major);
1110 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_minor);
1111 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_seqwin);
1112 nfsm_chain_get_32(error, &nmrep, cp->gss_clnt_tokenlen);
1115 if (cp->gss_clnt_tokenlen > 0) {
1116 MALLOC(cp->gss_clnt_token, u_char *, cp->gss_clnt_tokenlen, M_TEMP, M_WAITOK);
1117 if (cp->gss_clnt_token == NULL) {
1121 nfsm_chain_get_opaque(error, &nmrep, cp->gss_clnt_tokenlen, cp->gss_clnt_token);
1127 if (cp->gss_clnt_major != GSS_S_COMPLETE &&
1128 cp->gss_clnt_major != GSS_S_CONTINUE_NEEDED) {
1132 cp->gss_clnt_mport,
1134 cp->gss_clnt_uid,
1136 cp->gss_clnt_major,
1137 cp->gss_clnt_minor);
1182 nfs_gss_clnt_gssd_upcall(struct nfsreq *req, struct nfs_gss_clnt_ctx *cp)
1202 if (cp->gss_clnt_mport == NULL) {
1203 kr = task_get_gssd_port(get_threadtask(req->r_thread), &cp->gss_clnt_mport);
1208 if (!IPC_PORT_VALID(cp->gss_clnt_mport)) {
1210 cp->gss_clnt_mport = NULL;
1215 if (cp->gss_clnt_tokenlen > 0)
1216 nfs_gss_mach_alloc_buffer(cp->gss_clnt_token, cp->gss_clnt_tokenlen, &itoken);
1220 cp->gss_clnt_mport,
1222 (byte_buffer) itoken, (mach_msg_type_number_t) cp->gss_clnt_tokenlen,
1223 cp->gss_clnt_uid,
1225 cp->gss_clnt_svcname,
1227 &cp->gss_clnt_gssd_verf,
1228 &cp->gss_clnt_context,
1229 &cp->gss_clnt_cred_handle,
1231 &otoken, (mach_msg_type_number_t *) &cp->gss_clnt_tokenlen,
1232 &cp->gss_clnt_major,
1233 &cp->gss_clnt_minor);
1237 if (kr == MIG_SERVER_DIED && cp->gss_clnt_cred_handle == 0 &&
1240 task_release_special_port(cp->gss_clnt_mport);
1241 cp->gss_clnt_mport = NULL;
1248 if (cp->gss_clnt_major != GSS_S_COMPLETE &&
1249 cp->gss_clnt_major != GSS_S_CONTINUE_NEEDED) {
1253 cp->gss_clnt_mport,
1255 cp->gss_clnt_uid,
1257 cp->gss_clnt_major,
1258 cp->gss_clnt_minor);
1266 error = nfs_gss_mach_vmcopyout((vm_map_copy_t) okey, skeylen, cp->gss_clnt_skey);
1271 if (cp->gss_clnt_tokenlen > 0) {
1272 MALLOC(cp->gss_clnt_token, u_char *, cp->gss_clnt_tokenlen, M_TEMP, M_WAITOK);
1273 if (cp->gss_clnt_token == NULL)
1275 error = nfs_gss_mach_vmcopyout((vm_map_copy_t) otoken, cp->gss_clnt_tokenlen,
1276 cp->gss_clnt_token);
1301 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
1305 if (cp == NULL || !(cp->gss_clnt_flags & GSS_CTX_COMPLETE))
1312 lck_mtx_lock(cp->gss_clnt_mtx);
1314 if (gsp && gsp->gss_seqnum > (cp->gss_clnt_seqnum - cp->gss_clnt_seqwin))
1315 win_resetbit(cp->gss_clnt_seqbits,
1316 gsp->gss_seqnum % cp->gss_clnt_seqwin);
1332 if (cp->gss_clnt_flags & GSS_NEEDSEQ) {
1333 cp->gss_clnt_flags &= ~GSS_NEEDSEQ;
1334 wakeup(cp);
1336 lck_mtx_unlock(cp->gss_clnt_mtx);
1344 nfs_gss_clnt_ctx_ref(struct nfsreq *req, struct nfs_gss_clnt_ctx *cp)
1346 req->r_gss_ctx = cp;
1348 lck_mtx_lock(cp->gss_clnt_mtx);
1349 cp->gss_clnt_refcnt++;
1350 lck_mtx_unlock(cp->gss_clnt_mtx);
1362 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
1364 if (cp == NULL)
1369 lck_mtx_lock(cp->gss_clnt_mtx);
1370 if (--cp->gss_clnt_refcnt == 0
1371 && cp->gss_clnt_flags & GSS_CTX_INVAL) {
1372 lck_mtx_unlock(cp->gss_clnt_mtx);
1376 nfs_gss_clnt_ctx_remove(nmp, cp);
1382 lck_mtx_unlock(cp->gss_clnt_mtx);
1389 nfs_gss_clnt_ctx_remove(struct nfsmount *nmp, struct nfs_gss_clnt_ctx *cp)
1395 TAILQ_REMOVE(&nmp->nm_gsscl, cp, gss_clnt_entries);
1397 if (cp->gss_clnt_mport)
1398 task_release_special_port(cp->gss_clnt_mport);
1399 if (cp->gss_clnt_mtx)
1400 lck_mtx_destroy(cp->gss_clnt_mtx, nfs_gss_clnt_grp);
1401 if (cp->gss_clnt_handle)
1402 FREE(cp->gss_clnt_handle, M_TEMP);
1403 if (cp->gss_clnt_seqbits)
1404 FREE(cp->gss_clnt_seqbits, M_TEMP);
1405 if (cp->gss_clnt_token)
1406 FREE(cp->gss_clnt_token, M_TEMP);
1407 if (cp->gss_clnt_svcname)
1408 FREE(cp->gss_clnt_svcname, M_TEMP);
1409 FREE(cp, M_TEMP);
1420 struct nfs_gss_clnt_ctx *cp = req->r_gss_ctx;
1428 if (cp == NULL || !(cp->gss_clnt_flags & GSS_CTX_COMPLETE))
1431 lck_mtx_lock(cp->gss_clnt_mtx);
1432 if (cp->gss_clnt_flags & GSS_CTX_INVAL) {
1433 lck_mtx_unlock(cp->gss_clnt_mtx);
1437 saved_uid = cp->gss_clnt_uid;
1438 saved_mport = task_copy_special_port(cp->gss_clnt_mport);
1442 cp->gss_clnt_flags |= GSS_CTX_INVAL;
1449 if (cp->gss_clnt_flags & (GSS_NEEDCTX | GSS_NEEDSEQ)) {
1450 cp->gss_clnt_flags &= ~GSS_NEEDSEQ;
1451 wakeup(cp);
1453 lck_mtx_unlock(cp->gss_clnt_mtx);
1498 struct nfs_gss_clnt_ctx *cp;
1512 cp = TAILQ_FIRST(&nmp->nm_gsscl);
1514 if (cp == NULL)
1517 nfs_gss_clnt_ctx_ref(&req, cp);
1524 if (!(mntflags & MNT_FORCE) && cp->gss_clnt_service != RPCSEC_GSS_SVC_SYS) {
1525 temp_cred.cr_uid = cp->gss_clnt_uid;
1527 cp->gss_clnt_proc = RPCSEC_GSS_DESTROY;
1547 cp->gss_clnt_flags |= GSS_CTX_INVAL;
1604 struct nfs_gss_svc_ctx *cp;
1609 LIST_FOREACH(cp, head, gss_svc_entries)
1610 if (cp->gss_svc_handle == handle)
1614 return (cp);
1622 nfs_gss_svc_ctx_insert(struct nfs_gss_svc_ctx *cp)
1626 head = &nfs_gss_svc_ctx_hashtbl[SVC_CTX_HASH(cp->gss_svc_handle)];
1629 LIST_INSERT_HEAD(head, cp, gss_svc_entries);
1649 struct nfs_gss_svc_ctx *cp, *next;
1667 for (cp = LIST_FIRST(head); cp; cp = next) {
1669 next = LIST_NEXT(cp, gss_svc_entries);
1670 if (timenow > cp->gss_svc_expiretime) {
1674 LIST_REMOVE(cp, gss_svc_entries);
1675 if (cp->gss_svc_seqbits)
1676 FREE(cp->gss_svc_seqbits, M_TEMP);
1677 lck_mtx_destroy(cp->gss_svc_mtx, nfs_gss_svc_grp);
1678 FREE(cp, M_TEMP);
1713 struct nfs_gss_svc_ctx *cp = NULL;
1772 MALLOC(cp, struct nfs_gss_svc_ctx *, sizeof(*cp), M_TEMP, M_WAITOK|M_ZERO);
1773 if (cp == NULL) {
1789 cp = nfs_gss_svc_ctx_find(handle);
1790 if (cp == NULL) {
1796 cp->gss_svc_proc = proc;
1801 if (cp->gss_svc_seqwin == 0) {
1809 if (!nfs_gss_svc_seqnum_valid(cp, seqnum)) {
1818 nfs_gss_cksum_chain(cp->gss_svc_sched, nmc, krb5_mic, 0, 0, cksum1);
1837 error = nfs_gss_token_get(cp->gss_svc_sched, krb5_mic, tokbuf, 1,
1853 temp_cred.cr_uid = cp->gss_svc_uid;
1854 bcopy(cp->gss_svc_gids, temp_cred.cr_groups,
1855 sizeof(gid_t) * cp->gss_svc_ngroups);
1856 temp_cred.cr_ngroups = cp->gss_svc_ngroups;
1864 &cp->gss_svc_expiretime);
1892 nfs_gss_cksum_chain(cp->gss_svc_sched, nmc, krb5_mic, start, arglen, cksum1);
1920 error = nfs_gss_token_get(cp->gss_svc_sched, krb5_mic, tokbuf, 1,
1949 error = nfs_gss_token_get(cp->gss_svc_sched, krb5_wrap, tokbuf, 1,
1958 nfs_gss_encrypt_chain(cp->gss_svc_skey, nmc, start, arglen, DES_DECRYPT);
1961 nfs_gss_cksum_chain(cp->gss_svc_sched, nmc, krb5_wrap, start, arglen, cksum2);
1995 nd->nd_gss_context = cp;
2009 struct nfs_gss_svc_ctx *cp;
2015 cp = nd->nd_gss_context;
2017 if (cp->gss_svc_major != GSS_S_COMPLETE) {
2033 if (cp->gss_svc_proc == RPCSEC_GSS_INIT ||
2034 cp->gss_svc_proc == RPCSEC_GSS_CONTINUE_INIT)
2035 nfs_gss_cksum_rep(cp->gss_svc_sched, cp->gss_svc_seqwin, cksum);
2037 nfs_gss_cksum_rep(cp->gss_svc_sched, nd->nd_gss_seqnum, cksum);
2042 toklen = nfs_gss_token_put(cp->gss_svc_sched, krb5_mic, tokbuf, 0, 0, cksum);
2061 struct nfs_gss_svc_ctx *cp = nd->nd_gss_context;
2064 if (cp->gss_svc_proc == RPCSEC_GSS_INIT ||
2065 cp->gss_svc_proc == RPCSEC_GSS_CONTINUE_INIT)
2095 struct nfs_gss_svc_ctx *cp = nd->nd_gss_context;
2130 nfs_gss_cksum_mchain(cp->gss_svc_sched, results, krb5_mic, 0, reslen, cksum);
2133 toklen = nfs_gss_token_put(cp->gss_svc_sched, krb5_mic, tokbuf, 0, 0, cksum);
2155 nfs_gss_cksum_mchain(cp->gss_svc_sched, results, krb5_wrap, 0, reslen, cksum);
2158 toklen = nfs_gss_token_put(cp->gss_svc_sched, krb5_wrap, tokbuf, 0, reslen, cksum);
2167 nfs_gss_encrypt_mchain(cp->gss_svc_skey, results, 0, reslen, DES_ENCRYPT);
2193 struct nfs_gss_svc_ctx *cp = NULL;
2203 cp = nd->nd_gss_context;
2206 switch (cp->gss_svc_proc) {
2217 cp->gss_svc_handle = handle;
2218 cp->gss_svc_mtx = lck_mtx_alloc_init(nfs_gss_svc_grp, LCK_ATTR_NULL);
2220 &cp->gss_svc_expiretime);
2222 nfs_gss_svc_ctx_insert(cp);
2228 nfsm_chain_get_32(error, nmreq, cp->gss_svc_tokenlen);
2229 if (cp->gss_svc_tokenlen == 0) {
2233 MALLOC(cp->gss_svc_token, u_char *, cp->gss_svc_tokenlen, M_TEMP, M_WAITOK);
2234 if (cp->gss_svc_token == NULL) {
2238 nfsm_chain_get_opaque(error, nmreq, cp->gss_svc_tokenlen, cp->gss_svc_token);
2241 error = nfs_gss_svc_gssd_upcall(cp);
2253 if (cp->gss_svc_major != GSS_S_COMPLETE)
2261 &cp->gss_svc_expiretime);
2262 cp->gss_svc_seqwin = GSS_SVC_SEQWINDOW;
2263 MALLOC(cp->gss_svc_seqbits, uint32_t *,
2264 nfsm_rndup((cp->gss_svc_seqwin + 7) / 8), M_TEMP, M_WAITOK|M_ZERO);
2265 if (cp->gss_svc_seqbits == NULL) {
2273 error = des_key_sched((des_cblock *) cp->gss_svc_skey, cp->gss_svc_sched);
2292 cp = nfs_gss_svc_ctx_find(cp->gss_svc_handle);
2293 if (cp != NULL) {
2294 cp->gss_svc_handle = 0; // so it can't be found
2295 lck_mtx_lock(cp->gss_svc_mtx);
2297 &cp->gss_svc_expiretime);
2298 lck_mtx_unlock(cp->gss_svc_mtx);
2310 sz = 7 * NFSX_UNSIGNED + nfsm_rndup(cp->gss_svc_tokenlen); // size of results
2316 if (cp->gss_svc_proc == RPCSEC_GSS_INIT ||
2317 cp->gss_svc_proc == RPCSEC_GSS_CONTINUE_INIT) {
2318 nfsm_chain_add_32(error, &nmrep, sizeof(cp->gss_svc_handle));
2319 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_handle);
2321 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_major);
2322 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_minor);
2323 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_seqwin);
2325 nfsm_chain_add_32(error, &nmrep, cp->gss_svc_tokenlen);
2326 nfsm_chain_add_opaque(error, &nmrep, cp->gss_svc_token, cp->gss_svc_tokenlen);
2327 if (cp->gss_svc_token != NULL) {
2328 FREE(cp->gss_svc_token, M_TEMP);
2329 cp->gss_svc_token = NULL;
2335 LIST_REMOVE(cp, gss_svc_entries);
2336 if (cp->gss_svc_seqbits != NULL)
2337 FREE(cp->gss_svc_seqbits, M_TEMP);
2338 if (cp->gss_svc_token != NULL)
2339 FREE(cp->gss_svc_token, M_TEMP);
2340 lck_mtx_destroy(cp->gss_svc_mtx, nfs_gss_svc_grp);
2341 FREE(cp, M_TEMP);
2359 nfs_gss_svc_gssd_upcall(struct nfs_gss_svc_ctx *cp)
2381 if (cp->gss_svc_tokenlen > 0)
2382 nfs_gss_mach_alloc_buffer(cp->gss_svc_token, cp->gss_svc_tokenlen, &itoken);
2387 (byte_buffer) itoken, (mach_msg_type_number_t) cp->gss_svc_tokenlen,
2390 &cp->gss_svc_gssd_verf,
2391 &cp->gss_svc_context,
2392 &cp->gss_svc_cred_handle,
2393 &cp->gss_svc_uid,
2394 cp->gss_svc_gids,
2395 &cp->gss_svc_ngroups,
2397 &otoken, (mach_msg_type_number_t *) &cp->gss_svc_tokenlen,
2398 &cp->gss_svc_major,
2399 &cp->gss_svc_minor);
2403 if (kr == MIG_SERVER_DIED && cp->gss_svc_context == 0 &&
2416 error = nfs_gss_mach_vmcopyout((vm_map_copy_t) okey, skeylen, cp->gss_svc_skey);
2421 if (cp->gss_svc_tokenlen > 0) {
2422 MALLOC(cp->gss_svc_token, u_char *, cp->gss_svc_tokenlen, M_TEMP, M_WAITOK);
2423 if (cp->gss_svc_token == NULL)
2425 error = nfs_gss_mach_vmcopyout((vm_map_copy_t) otoken, cp->gss_svc_tokenlen,
2426 cp->gss_svc_token);
2445 nfs_gss_svc_seqnum_valid(struct nfs_gss_svc_ctx *cp, uint32_t seq)
2447 uint32_t *bits = cp->gss_svc_seqbits;
2448 uint32_t win = cp->gss_svc_seqwin;
2451 lck_mtx_lock(cp->gss_svc_mtx);
2457 if (seq > cp->gss_svc_seqmax) {
2458 if (seq - cp->gss_svc_seqmax > win)
2461 for (i = cp->gss_svc_seqmax + 1; i < seq; i++)
2464 cp->gss_svc_seqmax = seq;
2465 lck_mtx_unlock(cp->gss_svc_mtx);
2472 if (seq <= cp->gss_svc_seqmax - win) {
2473 lck_mtx_unlock(cp->gss_svc_mtx);
2481 lck_mtx_unlock(cp->gss_svc_mtx);
2485 lck_mtx_unlock(cp->gss_svc_mtx);
2496 struct nfs_gss_svc_ctx *cp, *ncp;
2509 LIST_FOREACH_SAFE(cp, head, gss_svc_entries, ncp) {
2510 LIST_REMOVE(cp, gss_svc_entries);
2511 if (cp->gss_svc_seqbits)
2512 FREE(cp->gss_svc_seqbits, M_TEMP);
2513 lck_mtx_destroy(cp->gss_svc_mtx, nfs_gss_svc_grp);
2514 FREE(cp, M_TEMP);