aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/rxrpc/Makefile1
-rw-r--r--net/rxrpc/ar-ack.c3
-rw-r--r--net/rxrpc/ar-connection.c9
-rw-r--r--net/rxrpc/ar-connevent.c11
-rw-r--r--net/rxrpc/ar-input.c2
-rw-r--r--net/rxrpc/ar-internal.h10
-rw-r--r--net/rxrpc/ar-output.c4
-rw-r--r--net/rxrpc/ar-security.c43
-rw-r--r--net/rxrpc/insecure.c83
9 files changed, 105 insertions, 61 deletions
diff --git a/net/rxrpc/Makefile b/net/rxrpc/Makefile
index fa09cb55bfce..e05a06ef2254 100644
--- a/net/rxrpc/Makefile
+++ b/net/rxrpc/Makefile
@@ -19,6 +19,7 @@ af-rxrpc-y := \
19 ar-security.o \ 19 ar-security.o \
20 ar-skbuff.o \ 20 ar-skbuff.o \
21 ar-transport.o \ 21 ar-transport.o \
22 insecure.o \
22 misc.o 23 misc.o
23 24
24af-rxrpc-$(CONFIG_PROC_FS) += ar-proc.o 25af-rxrpc-$(CONFIG_PROC_FS) += ar-proc.o
diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c
index 3cd9264806a4..374478e006e7 100644
--- a/net/rxrpc/ar-ack.c
+++ b/net/rxrpc/ar-ack.c
@@ -588,7 +588,8 @@ process_further:
588 _proto("OOSQ DATA %%%u { #%u }", sp->hdr.serial, sp->hdr.seq); 588 _proto("OOSQ DATA %%%u { #%u }", sp->hdr.serial, sp->hdr.seq);
589 589
590 /* secured packets must be verified and possibly decrypted */ 590 /* secured packets must be verified and possibly decrypted */
591 if (rxrpc_verify_packet(call, skb, _abort_code) < 0) 591 if (call->conn->security->verify_packet(call, skb,
592 _abort_code) < 0)
592 goto protocol_error; 593 goto protocol_error;
593 594
594 rxrpc_insert_oos_packet(call, skb); 595 rxrpc_insert_oos_packet(call, skb);
diff --git a/net/rxrpc/ar-connection.c b/net/rxrpc/ar-connection.c
index 9b6966777633..97f4fae74bca 100644
--- a/net/rxrpc/ar-connection.c
+++ b/net/rxrpc/ar-connection.c
@@ -207,6 +207,7 @@ static struct rxrpc_connection *rxrpc_alloc_connection(gfp_t gfp)
207 INIT_LIST_HEAD(&conn->bundle_link); 207 INIT_LIST_HEAD(&conn->bundle_link);
208 conn->calls = RB_ROOT; 208 conn->calls = RB_ROOT;
209 skb_queue_head_init(&conn->rx_queue); 209 skb_queue_head_init(&conn->rx_queue);
210 conn->security = &rxrpc_no_security;
210 rwlock_init(&conn->lock); 211 rwlock_init(&conn->lock);
211 spin_lock_init(&conn->state_lock); 212 spin_lock_init(&conn->state_lock);
212 atomic_set(&conn->usage, 1); 213 atomic_set(&conn->usage, 1);
@@ -564,8 +565,7 @@ int rxrpc_connect_call(struct rxrpc_sock *rx,
564 candidate->debug_id, candidate->trans->debug_id); 565 candidate->debug_id, candidate->trans->debug_id);
565 566
566 rxrpc_assign_connection_id(candidate); 567 rxrpc_assign_connection_id(candidate);
567 if (candidate->security) 568 candidate->security->prime_packet_security(candidate);
568 candidate->security->prime_packet_security(candidate);
569 569
570 /* leave the candidate lurking in zombie mode attached to the 570 /* leave the candidate lurking in zombie mode attached to the
571 * bundle until we're ready for it */ 571 * bundle until we're ready for it */
@@ -830,7 +830,10 @@ static void rxrpc_destroy_connection(struct rxrpc_connection *conn)
830 ASSERT(RB_EMPTY_ROOT(&conn->calls)); 830 ASSERT(RB_EMPTY_ROOT(&conn->calls));
831 rxrpc_purge_queue(&conn->rx_queue); 831 rxrpc_purge_queue(&conn->rx_queue);
832 832
833 rxrpc_clear_conn_security(conn); 833 conn->security->clear(conn);
834 key_put(conn->key);
835 key_put(conn->server_key);
836
834 rxrpc_put_transport(conn->trans); 837 rxrpc_put_transport(conn->trans);
835 kfree(conn); 838 kfree(conn);
836 _leave(""); 839 _leave("");
diff --git a/net/rxrpc/ar-connevent.c b/net/rxrpc/ar-connevent.c
index 291522392ac7..5f9563968a5b 100644
--- a/net/rxrpc/ar-connevent.c
+++ b/net/rxrpc/ar-connevent.c
@@ -174,15 +174,10 @@ static int rxrpc_process_event(struct rxrpc_connection *conn,
174 return -ECONNABORTED; 174 return -ECONNABORTED;
175 175
176 case RXRPC_PACKET_TYPE_CHALLENGE: 176 case RXRPC_PACKET_TYPE_CHALLENGE:
177 if (conn->security) 177 return conn->security->respond_to_challenge(conn, skb,
178 return conn->security->respond_to_challenge( 178 _abort_code);
179 conn, skb, _abort_code);
180 return -EPROTO;
181 179
182 case RXRPC_PACKET_TYPE_RESPONSE: 180 case RXRPC_PACKET_TYPE_RESPONSE:
183 if (!conn->security)
184 return -EPROTO;
185
186 ret = conn->security->verify_response(conn, skb, _abort_code); 181 ret = conn->security->verify_response(conn, skb, _abort_code);
187 if (ret < 0) 182 if (ret < 0)
188 return ret; 183 return ret;
@@ -238,8 +233,6 @@ static void rxrpc_secure_connection(struct rxrpc_connection *conn)
238 } 233 }
239 } 234 }
240 235
241 ASSERT(conn->security != NULL);
242
243 if (conn->security->issue_challenge(conn) < 0) { 236 if (conn->security->issue_challenge(conn) < 0) {
244 abort_code = RX_CALL_DEAD; 237 abort_code = RX_CALL_DEAD;
245 ret = -ENOMEM; 238 ret = -ENOMEM;
diff --git a/net/rxrpc/ar-input.c b/net/rxrpc/ar-input.c
index c6c784d3a3e8..01e038146b7c 100644
--- a/net/rxrpc/ar-input.c
+++ b/net/rxrpc/ar-input.c
@@ -193,7 +193,7 @@ static int rxrpc_fast_process_data(struct rxrpc_call *call,
193 193
194 /* if the packet need security things doing to it, then it goes down 194 /* if the packet need security things doing to it, then it goes down
195 * the slow path */ 195 * the slow path */
196 if (call->conn->security) 196 if (call->conn->security_ix)
197 goto enqueue_packet; 197 goto enqueue_packet;
198 198
199 sp->call = call; 199 sp->call = call;
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 72fd675a891e..f0b807a163fa 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -9,6 +9,7 @@
9 * 2 of the License, or (at your option) any later version. 9 * 2 of the License, or (at your option) any later version.
10 */ 10 */
11 11
12#include <net/sock.h>
12#include <rxrpc/packet.h> 13#include <rxrpc/packet.h>
13 14
14#if 0 15#if 0
@@ -612,10 +613,6 @@ int __init rxrpc_init_security(void);
612void rxrpc_exit_security(void); 613void rxrpc_exit_security(void);
613int rxrpc_init_client_conn_security(struct rxrpc_connection *); 614int rxrpc_init_client_conn_security(struct rxrpc_connection *);
614int rxrpc_init_server_conn_security(struct rxrpc_connection *); 615int rxrpc_init_server_conn_security(struct rxrpc_connection *);
615int rxrpc_secure_packet(const struct rxrpc_call *, struct sk_buff *, size_t,
616 void *);
617int rxrpc_verify_packet(const struct rxrpc_call *, struct sk_buff *, u32 *);
618void rxrpc_clear_conn_security(struct rxrpc_connection *);
619 616
620/* 617/*
621 * ar-skbuff.c 618 * ar-skbuff.c
@@ -635,6 +632,11 @@ struct rxrpc_transport *rxrpc_find_transport(struct rxrpc_local *,
635 struct rxrpc_peer *); 632 struct rxrpc_peer *);
636 633
637/* 634/*
635 * insecure.c
636 */
637extern const struct rxrpc_security rxrpc_no_security;
638
639/*
638 * misc.c 640 * misc.c
639 */ 641 */
640extern unsigned int rxrpc_requested_ack_delay; 642extern unsigned int rxrpc_requested_ack_delay;
diff --git a/net/rxrpc/ar-output.c b/net/rxrpc/ar-output.c
index 94e7d9537437..51cb10062a8d 100644
--- a/net/rxrpc/ar-output.c
+++ b/net/rxrpc/ar-output.c
@@ -663,7 +663,7 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
663 size_t pad; 663 size_t pad;
664 664
665 /* pad out if we're using security */ 665 /* pad out if we're using security */
666 if (conn->security) { 666 if (conn->security_ix) {
667 pad = conn->security_size + skb->mark; 667 pad = conn->security_size + skb->mark;
668 pad = conn->size_align - pad; 668 pad = conn->size_align - pad;
669 pad &= conn->size_align - 1; 669 pad &= conn->size_align - 1;
@@ -695,7 +695,7 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
695 if (more && seq & 1) 695 if (more && seq & 1)
696 sp->hdr.flags |= RXRPC_REQUEST_ACK; 696 sp->hdr.flags |= RXRPC_REQUEST_ACK;
697 697
698 ret = rxrpc_secure_packet( 698 ret = conn->security->secure_packet(
699 call, skb, skb->mark, 699 call, skb, skb->mark,
700 skb->head + sizeof(struct rxrpc_wire_header)); 700 skb->head + sizeof(struct rxrpc_wire_header));
701 if (ret < 0) 701 if (ret < 0)
diff --git a/net/rxrpc/ar-security.c b/net/rxrpc/ar-security.c
index 6946aec7ab1f..d223253b22fa 100644
--- a/net/rxrpc/ar-security.c
+++ b/net/rxrpc/ar-security.c
@@ -23,6 +23,7 @@ static LIST_HEAD(rxrpc_security_methods);
23static DECLARE_RWSEM(rxrpc_security_sem); 23static DECLARE_RWSEM(rxrpc_security_sem);
24 24
25static const struct rxrpc_security *rxrpc_security_types[] = { 25static const struct rxrpc_security *rxrpc_security_types[] = {
26 [RXRPC_SECURITY_NONE] = &rxrpc_no_security,
26#ifdef CONFIG_RXKAD 27#ifdef CONFIG_RXKAD
27 [RXRPC_SECURITY_RXKAD] = &rxkad, 28 [RXRPC_SECURITY_RXKAD] = &rxkad,
28#endif 29#endif
@@ -98,7 +99,7 @@ int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
98 99
99 ret = conn->security->init_connection_security(conn); 100 ret = conn->security->init_connection_security(conn);
100 if (ret < 0) { 101 if (ret < 0) {
101 conn->security = NULL; 102 conn->security = &rxrpc_no_security;
102 return ret; 103 return ret;
103 } 104 }
104 105
@@ -165,43 +166,3 @@ found_service:
165 _leave(" = 0"); 166 _leave(" = 0");
166 return 0; 167 return 0;
167} 168}
168
169/*
170 * secure a packet prior to transmission
171 */
172int rxrpc_secure_packet(const struct rxrpc_call *call,
173 struct sk_buff *skb,
174 size_t data_size,
175 void *sechdr)
176{
177 if (call->conn->security)
178 return call->conn->security->secure_packet(
179 call, skb, data_size, sechdr);
180 return 0;
181}
182
183/*
184 * secure a packet prior to transmission
185 */
186int rxrpc_verify_packet(const struct rxrpc_call *call, struct sk_buff *skb,
187 u32 *_abort_code)
188{
189 if (call->conn->security)
190 return call->conn->security->verify_packet(
191 call, skb, _abort_code);
192 return 0;
193}
194
195/*
196 * clear connection security
197 */
198void rxrpc_clear_conn_security(struct rxrpc_connection *conn)
199{
200 _enter("{%d}", conn->debug_id);
201
202 if (conn->security)
203 conn->security->clear(conn);
204
205 key_put(conn->key);
206 key_put(conn->server_key);
207}
diff --git a/net/rxrpc/insecure.c b/net/rxrpc/insecure.c
new file mode 100644
index 000000000000..e571403613c1
--- /dev/null
+++ b/net/rxrpc/insecure.c
@@ -0,0 +1,83 @@
1/* Null security operations.
2 *
3 * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <net/af_rxrpc.h>
13#include "ar-internal.h"
14
15static int none_init_connection_security(struct rxrpc_connection *conn)
16{
17 return 0;
18}
19
20static void none_prime_packet_security(struct rxrpc_connection *conn)
21{
22}
23
24static int none_secure_packet(const struct rxrpc_call *call,
25 struct sk_buff *skb,
26 size_t data_size,
27 void *sechdr)
28{
29 return 0;
30}
31
32static int none_verify_packet(const struct rxrpc_call *call,
33 struct sk_buff *skb,
34 u32 *_abort_code)
35{
36 return 0;
37}
38
39static int none_respond_to_challenge(struct rxrpc_connection *conn,
40 struct sk_buff *skb,
41 u32 *_abort_code)
42{
43 *_abort_code = RX_PROTOCOL_ERROR;
44 return -EPROTO;
45}
46
47static int none_verify_response(struct rxrpc_connection *conn,
48 struct sk_buff *skb,
49 u32 *_abort_code)
50{
51 *_abort_code = RX_PROTOCOL_ERROR;
52 return -EPROTO;
53}
54
55static void none_clear(struct rxrpc_connection *conn)
56{
57}
58
59static int none_init(void)
60{
61 return 0;
62}
63
64static void none_exit(void)
65{
66}
67
68/*
69 * RxRPC Kerberos-based security
70 */
71const struct rxrpc_security rxrpc_no_security = {
72 .name = "none",
73 .security_index = RXRPC_SECURITY_NONE,
74 .init = none_init,
75 .exit = none_exit,
76 .init_connection_security = none_init_connection_security,
77 .prime_packet_security = none_prime_packet_security,
78 .secure_packet = none_secure_packet,
79 .verify_packet = none_verify_packet,
80 .respond_to_challenge = none_respond_to_challenge,
81 .verify_response = none_verify_response,
82 .clear = none_clear,
83};
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-01 12:41:19 -0400