197 	struct rpc_gss_data	*gd, *tgd;  in rpc_gss_secfind()  local
220 	TAILQ_FOREACH(gd, &rpc_gss_cache[h], gd_link) {  in rpc_gss_secfind()
221 		if (gd->gd_ucred->cr_uid == cred->cr_uid  in rpc_gss_secfind()
222 		    && !strcmp(gd->gd_principal, principal)  in rpc_gss_secfind()
223 		    && gd->gd_mech == mech_oid  in rpc_gss_secfind()
224 		    && gd->gd_cred.gc_svc == service) {  in rpc_gss_secfind()
225 			refcount_acquire(&gd->gd_refs);  in rpc_gss_secfind()
230 				TAILQ_REMOVE(&rpc_gss_all, gd, gd_alllink);  in rpc_gss_secfind()
231 				TAILQ_INSERT_TAIL(&rpc_gss_all, gd,  in rpc_gss_secfind()
244 			if (gd->gd_state != RPCSEC_GSS_ESTABLISHED) {  in rpc_gss_secfind()
246 				(void) rpc_gss_init(gd->gd_auth, &options);  in rpc_gss_secfind()
248 			return (gd->gd_auth);  in rpc_gss_secfind()
261 	gd = AUTH_PRIVATE(auth);  in rpc_gss_secfind()
262 	gd->gd_hash = h;  in rpc_gss_secfind()
281 	TAILQ_INSERT_TAIL(&rpc_gss_cache[h], gd, gd_link);  in rpc_gss_secfind()
282 	TAILQ_INSERT_TAIL(&rpc_gss_all, gd, gd_alllink);  in rpc_gss_secfind()
283 	refcount_acquire(&gd->gd_refs);	/* one for the cache, one for user */  in rpc_gss_secfind()
293 	struct rpc_gss_data	*gd, *tgd;  in rpc_gss_secpurge()  local
295 	TAILQ_FOREACH_SAFE(gd, &rpc_gss_all, gd_alllink, tgd) {  in rpc_gss_secpurge()
296 		if (gd->gd_clnt == clnt) {  in rpc_gss_secpurge()
298 			h = gd->gd_hash;  in rpc_gss_secpurge()
299 			TAILQ_REMOVE(&rpc_gss_cache[h], gd, gd_link);  in rpc_gss_secpurge()
300 			TAILQ_REMOVE(&rpc_gss_all, gd, gd_alllink);  in rpc_gss_secpurge()
303 			AUTH_DESTROY(gd->gd_auth);  in rpc_gss_secpurge()
337 	struct rpc_gss_data	*gd;  in rpc_gss_refresh_auth()  local
340 	gd = AUTH_PRIVATE(auth);  in rpc_gss_refresh_auth()
347 	if (gd->gd_state != RPCSEC_GSS_ESTABLISHED) {  in rpc_gss_refresh_auth()
361 	struct rpc_gss_data	*gd;  in rpc_gss_seccreate_int()  local
388 	gd = mem_alloc(sizeof(*gd));  in rpc_gss_seccreate_int()
389 	if (gd == NULL) {  in rpc_gss_seccreate_int()
397 	auth->ah_private = (caddr_t) gd;  in rpc_gss_seccreate_int()
400 	refcount_init(&gd->gd_refs, 1);  in rpc_gss_seccreate_int()
401 	mtx_init(&gd->gd_lock, "gd->gd_lock", NULL, MTX_DEF);  in rpc_gss_seccreate_int()
402 	gd->gd_auth = auth;  in rpc_gss_seccreate_int()
403 	gd->gd_ucred = crdup(cred);  in rpc_gss_seccreate_int()
404 	gd->gd_principal = strdup(principal, M_RPC);  in rpc_gss_seccreate_int()
406 		gd->gd_clntprincipal = strdup(clnt_principal, M_RPC);  in rpc_gss_seccreate_int()
408 		gd->gd_clntprincipal = NULL;  in rpc_gss_seccreate_int()
412 		gd->gd_options = *options_req;  in rpc_gss_seccreate_int()
414 		gd->gd_options.req_flags = GSS_C_MUTUAL_FLAG;  in rpc_gss_seccreate_int()
415 		gd->gd_options.time_req = 0;  in rpc_gss_seccreate_int()
416 		gd->gd_options.my_cred = GSS_C_NO_CREDENTIAL;  in rpc_gss_seccreate_int()
417 		gd->gd_options.input_channel_bindings = NULL;  in rpc_gss_seccreate_int()
420 	gd->gd_clnt = clnt;  in rpc_gss_seccreate_int()
421 	gd->gd_ctx = GSS_C_NO_CONTEXT;  in rpc_gss_seccreate_int()
422 	gd->gd_mech = mech_oid;  in rpc_gss_seccreate_int()
423 	gd->gd_qop = qop_num;  in rpc_gss_seccreate_int()
425 	gd->gd_cred.gc_version = RPCSEC_GSS_VERSION;  in rpc_gss_seccreate_int()
426 	gd->gd_cred.gc_proc = RPCSEC_GSS_INIT;  in rpc_gss_seccreate_int()
427 	gd->gd_cred.gc_seq = 0;  in rpc_gss_seccreate_int()
428 	gd->gd_cred.gc_svc = service;  in rpc_gss_seccreate_int()
429 	LIST_INIT(&gd->gd_reqs);  in rpc_gss_seccreate_int()
445 	struct rpc_gss_data	*gd;  in rpc_gss_set_defaults()  local
449 	gd = AUTH_PRIVATE(auth);  in rpc_gss_set_defaults()
450 	if (!rpc_gss_oid_to_mech(gd->gd_mech, &mechanism)) {  in rpc_gss_set_defaults()
462 	gd->gd_cred.gc_svc = service;  in rpc_gss_set_defaults()
463 	gd->gd_qop = qop_num;  in rpc_gss_set_defaults()
468 rpc_gss_purge_xid(struct rpc_gss_data *gd, uint32_t xid)  in rpc_gss_purge_xid()  argument
474 	mtx_lock(&gd->gd_lock);  in rpc_gss_purge_xid()
475 	LIST_FOREACH_SAFE(pr, &gd->gd_reqs, pr_link, npr) {  in rpc_gss_purge_xid()
482 	mtx_unlock(&gd->gd_lock);  in rpc_gss_purge_xid()
490 rpc_gss_alloc_seq(struct rpc_gss_data *gd)  in rpc_gss_alloc_seq()  argument
494 	mtx_lock(&gd->gd_lock);  in rpc_gss_alloc_seq()
495 	seq = gd->gd_seq;  in rpc_gss_alloc_seq()
496 	gd->gd_seq++;  in rpc_gss_alloc_seq()
497 	mtx_unlock(&gd->gd_lock);  in rpc_gss_alloc_seq()
512 	struct rpc_gss_data	*gd;  in rpc_gss_marshal()  local
525 	gd = AUTH_PRIVATE(auth);  in rpc_gss_marshal()
527 	gsscred = gd->gd_cred;  in rpc_gss_marshal()
528 	seq = rpc_gss_alloc_seq(gd);  in rpc_gss_marshal()
544 	if (gd->gd_cred.gc_proc == RPCSEC_GSS_INIT ||  in rpc_gss_marshal()
545 	    gd->gd_cred.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {  in rpc_gss_marshal()
557 		mtx_lock(&gd->gd_lock);  in rpc_gss_marshal()
560 		LIST_INSERT_HEAD(&gd->gd_reqs, pr, pr_link);  in rpc_gss_marshal()
561 		mtx_unlock(&gd->gd_lock);  in rpc_gss_marshal()
573 		maj_stat = gss_get_mic(&min_stat, gd->gd_ctx, gd->gd_qop,  in rpc_gss_marshal()
577 			rpc_gss_log_status("gss_get_mic", gd->gd_mech,  in rpc_gss_marshal()
596 		if (gd->gd_state != RPCSEC_GSS_ESTABLISHED ||  in rpc_gss_marshal()
597 		    gd->gd_cred.gc_svc == rpc_gss_svc_none) {  in rpc_gss_marshal()
601 				gd->gd_ctx, gd->gd_qop, gd->gd_cred.gc_svc,  in rpc_gss_marshal()
615 	struct rpc_gss_data	*gd;  in rpc_gss_validate()  local
625 	gd = AUTH_PRIVATE(auth);  in rpc_gss_validate()
632 		rpc_gss_purge_xid(gd, xid);  in rpc_gss_validate()
636 	if (gd->gd_state == RPCSEC_GSS_CONTEXT) {  in rpc_gss_validate()
642 		if (gd->gd_verf.value)  in rpc_gss_validate()
644 			    (char *) &gd->gd_verf);  in rpc_gss_validate()
645 		gd->gd_verf.value = mem_alloc(verf->oa_length);  in rpc_gss_validate()
646 		if (gd->gd_verf.value == NULL) {  in rpc_gss_validate()
653 		memcpy(gd->gd_verf.value, verf->oa_base, verf->oa_length);  in rpc_gss_validate()
654 		gd->gd_verf.length = verf->oa_length;  in rpc_gss_validate()
667 	mtx_lock(&gd->gd_lock);  in rpc_gss_validate()
669 	LIST_FOREACH_SAFE(pr, &gd->gd_reqs, pr_link, npr) {  in rpc_gss_validate()
675 	mtx_unlock(&gd->gd_lock);  in rpc_gss_validate()
686 			maj_stat = gss_verify_mic(&min_stat, gd->gd_ctx,  in rpc_gss_validate()
689 			    || qop_state != gd->gd_qop) {  in rpc_gss_validate()
700 			if (gd->gd_cred.gc_svc == rpc_gss_svc_none) {  in rpc_gss_validate()
704 					gd->gd_ctx, gd->gd_qop,  in rpc_gss_validate()
705 					gd->gd_cred.gc_svc, seq)) {  in rpc_gss_validate()
717 	mtx_lock(&gd->gd_lock);  in rpc_gss_validate()
720 		LIST_INSERT_HEAD(&gd->gd_reqs, pr, pr_link);  in rpc_gss_validate()
722 	mtx_unlock(&gd->gd_lock);  in rpc_gss_validate()
738 	struct rpc_gss_data	*gd;  in rpc_gss_init()  local
751 	gd = AUTH_PRIVATE(auth);  in rpc_gss_init()
753 	mtx_lock(&gd->gd_lock);  in rpc_gss_init()
760 	while (gd->gd_state != RPCSEC_GSS_START  in rpc_gss_init()
761 	    && gd->gd_state != RPCSEC_GSS_ESTABLISHED) {  in rpc_gss_init()
762 		msleep(gd, &gd->gd_lock, 0, "gssstate", 0);  in rpc_gss_init()
764 	if (gd->gd_state == RPCSEC_GSS_ESTABLISHED) {  in rpc_gss_init()
765 		mtx_unlock(&gd->gd_lock);  in rpc_gss_init()
768 	gd->gd_state = RPCSEC_GSS_CONTEXT;  in rpc_gss_init()
769 	mtx_unlock(&gd->gd_lock);  in rpc_gss_init()
771 	gd->gd_cred.gc_proc = RPCSEC_GSS_INIT;  in rpc_gss_init()
772 	gd->gd_cred.gc_seq = 0;  in rpc_gss_init()
782 	if (gd->gd_clntprincipal != NULL &&  in rpc_gss_init()
784 	    gd->gd_mech == mech_oid) {  in rpc_gss_init()
786 		if (gd->gd_options.my_cred != GSS_C_NO_CREDENTIAL) {  in rpc_gss_init()
787 			gss_release_cred(&min_stat, &gd->gd_options.my_cred);  in rpc_gss_init()
788 			gd->gd_options.my_cred = GSS_C_NO_CREDENTIAL;  in rpc_gss_init()
801 		maj_stat = gss_add_oid_set_member(&min_stat, gd->gd_mech,  in rpc_gss_init()
810 		principal_desc.value = (void *)gd->gd_clntprincipal;  in rpc_gss_init()
811 		principal_desc.length = strlen(gd->gd_clntprincipal);  in rpc_gss_init()
823 		    &gd->gd_options.my_cred, NULL, NULL);  in rpc_gss_init()
833 	principal_desc.value = (void *)gd->gd_principal;  in rpc_gss_init()
834 	principal_desc.length = strlen(gd->gd_principal);  in rpc_gss_init()
852 		td->td_ucred = gd->gd_ucred;  in rpc_gss_init()
854 		    gd->gd_options.my_cred,  in rpc_gss_init()
855 		    &gd->gd_ctx,  in rpc_gss_init()
857 		    gd->gd_mech,  in rpc_gss_init()
858 		    gd->gd_options.req_flags,  in rpc_gss_init()
859 		    gd->gd_options.time_req,  in rpc_gss_init()
860 		    gd->gd_options.input_channel_bindings,  in rpc_gss_init()
862 		    &gd->gd_mech,	/* used mech */  in rpc_gss_init()
878 		if (gd->gd_mech && rpc_gss_oid_to_mech(gd->gd_mech, &mech)) {  in rpc_gss_init()
885 			rpc_gss_log_status("gss_init_sec_context", gd->gd_mech,  in rpc_gss_init()
896 			call_stat = CLNT_CALL_EXT(gd->gd_clnt, &ext, NULLPROC,  in rpc_gss_init()
909 				rpc_gss_log_status("server reply", gd->gd_mech,  in rpc_gss_init()
923 				    (char *) &gd->gd_cred.gc_handle);  in rpc_gss_init()
924 				gd->gd_cred.gc_handle = gr.gr_handle;  in rpc_gss_init()
940 			gd->gd_cred.gc_proc = RPCSEC_GSS_CONTINUE_INIT;  in rpc_gss_init()
955 			maj_stat = gss_verify_mic(&min_stat, gd->gd_ctx,  in rpc_gss_init()
956 			    &bufin, &gd->gd_verf, &qop_state);  in rpc_gss_init()
959 			    qop_state != gd->gd_qop) {  in rpc_gss_init()
960 				rpc_gss_log_status("gss_verify_mic", gd->gd_mech,  in rpc_gss_init()
974 			options_ret->rpcsec_version = gd->gd_cred.gc_version;  in rpc_gss_init()
975 			options_ret->gss_context = gd->gd_ctx;  in rpc_gss_init()
977 			gd->gd_cred.gc_proc = RPCSEC_GSS_DATA;  in rpc_gss_init()
978 			gd->gd_seq = 1;  in rpc_gss_init()
979 			gd->gd_win = gr.gr_win;  in rpc_gss_init()
986 	    (char *) &gd->gd_verf);  in rpc_gss_init()
990 	if (gd->gd_cred.gc_proc != RPCSEC_GSS_DATA) {  in rpc_gss_init()
993 		if (gd->gd_ctx) {  in rpc_gss_init()
994 			gss_delete_sec_context(&min_stat, &gd->gd_ctx,  in rpc_gss_init()
997 		mtx_lock(&gd->gd_lock);  in rpc_gss_init()
998 		gd->gd_state = RPCSEC_GSS_START;  in rpc_gss_init()
999 		wakeup(gd);  in rpc_gss_init()
1000 		mtx_unlock(&gd->gd_lock);  in rpc_gss_init()
1004 	mtx_lock(&gd->gd_lock);  in rpc_gss_init()
1005 	gd->gd_state = RPCSEC_GSS_ESTABLISHED;  in rpc_gss_init()
1006 	wakeup(gd);  in rpc_gss_init()
1007 	mtx_unlock(&gd->gd_lock);  in rpc_gss_init()
1017 	struct rpc_gss_data *gd;  in rpc_gss_refresh()  local
1019 	gd = AUTH_PRIVATE(auth);  in rpc_gss_refresh()
1025 	mtx_lock(&gd->gd_lock);  in rpc_gss_refresh()
1026 	if (gd->gd_state == RPCSEC_GSS_DESTROYING) {  in rpc_gss_refresh()
1027 		mtx_unlock(&gd->gd_lock);  in rpc_gss_refresh()
1030 	mtx_unlock(&gd->gd_lock);  in rpc_gss_refresh()
1052 	struct rpc_gss_data	*gd;  in rpc_gss_destroy_context()  local
1059 	gd = AUTH_PRIVATE(auth);  in rpc_gss_destroy_context()
1061 	mtx_lock(&gd->gd_lock);  in rpc_gss_destroy_context()
1066 	if (gd->gd_state != RPCSEC_GSS_ESTABLISHED) {  in rpc_gss_destroy_context()
1067 		while (gd->gd_state != RPCSEC_GSS_START  in rpc_gss_destroy_context()
1068 		    && gd->gd_state != RPCSEC_GSS_ESTABLISHED)  in rpc_gss_destroy_context()
1069 			msleep(gd, &gd->gd_lock, 0, "gssstate", 0);  in rpc_gss_destroy_context()
1070 		mtx_unlock(&gd->gd_lock);  in rpc_gss_destroy_context()
1073 	gd->gd_state = RPCSEC_GSS_DESTROYING;  in rpc_gss_destroy_context()
1074 	mtx_unlock(&gd->gd_lock);  in rpc_gss_destroy_context()
1077 		gd->gd_cred.gc_proc = RPCSEC_GSS_DESTROY;  in rpc_gss_destroy_context()
1080 		CLNT_CALL_EXT(gd->gd_clnt, &ext, NULLPROC,  in rpc_gss_destroy_context()
1085 	while ((pr = LIST_FIRST(&gd->gd_reqs)) != NULL) {  in rpc_gss_destroy_context()
1095 	    (char *) &gd->gd_cred.gc_handle);  in rpc_gss_destroy_context()
1096 	gd->gd_cred.gc_handle.length = 0;  in rpc_gss_destroy_context()
1098 	if (gd->gd_ctx != GSS_C_NO_CONTEXT)  in rpc_gss_destroy_context()
1099 		gss_delete_sec_context(&min_stat, &gd->gd_ctx, NULL);  in rpc_gss_destroy_context()
1101 	mtx_lock(&gd->gd_lock);  in rpc_gss_destroy_context()
1102 	gd->gd_state = RPCSEC_GSS_START;  in rpc_gss_destroy_context()
1103 	wakeup(gd);  in rpc_gss_destroy_context()
1104 	mtx_unlock(&gd->gd_lock);  in rpc_gss_destroy_context()
1110 	struct rpc_gss_data	*gd;  in rpc_gss_destroy()  local
1114 	gd = AUTH_PRIVATE(auth);  in rpc_gss_destroy()
1116 	if (!refcount_release(&gd->gd_refs))  in rpc_gss_destroy()
1121 	CLNT_RELEASE(gd->gd_clnt);  in rpc_gss_destroy()
1122 	crfree(gd->gd_ucred);  in rpc_gss_destroy()
1123 	free(gd->gd_principal, M_RPC);  in rpc_gss_destroy()
1124 	if (gd->gd_clntprincipal != NULL)  in rpc_gss_destroy()
1125 		free(gd->gd_clntprincipal, M_RPC);  in rpc_gss_destroy()
1126 	if (gd->gd_verf.value)  in rpc_gss_destroy()
1128 		    (char *) &gd->gd_verf);  in rpc_gss_destroy()
1129 	mtx_destroy(&gd->gd_lock);  in rpc_gss_destroy()
1131 	mem_free(gd, sizeof(*gd));  in rpc_gss_destroy()
1138 	struct rpc_gss_data	*gd;  in rpc_gss_max_data_length()  local
1144 	gd = AUTH_PRIVATE(auth);  in rpc_gss_max_data_length()
1146 	switch (gd->gd_cred.gc_svc) {  in rpc_gss_max_data_length()
1164 	maj_stat = gss_wrap_size_limit(&min_stat, gd->gd_ctx, want_conf,  in rpc_gss_max_data_length()
1165 	    gd->gd_qop, max_tp_unit_len, &max);  in rpc_gss_max_data_length()
1173 		rpc_gss_log_status("gss_wrap_size_limit", gd->gd_mech,  in rpc_gss_max_data_length()