aboutsummaryrefslogtreecommitdiffstats
path: root/net/key/af_key.c
diff options
context:
space:
mode:
authorJoy Latten <latten@austin.ibm.com>2007-06-04 19:05:57 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-06-07 16:42:46 -0400
commit4aa2e62c45b5ca08be2d0d3c0744d7585b56e860 (patch)
tree16649593d55f3df4dac54227fcda28bb4fb49f17 /net/key/af_key.c
parentb00b4bf94edb42852d55619af453588b2de2dc5e (diff)
xfrm: Add security check before flushing SAD/SPD
Currently we check for permission before deleting entries from SAD and SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete()) However we are not checking for authorization when flushing the SPD and the SAD completely. It was perhaps missed in the original security hooks patch. This patch adds a security check when flushing entries from the SAD and SPD. It runs the entire database and checks each entry for a denial. If the process attempting the flush is unable to remove all of the entries a denial is logged the the flush function returns an error without removing anything. This is particularly useful when a process may need to create or delete its own xfrm entries used for things like labeled networking but that same process should not be able to delete other entries or flush the entire database. Signed-off-by: Joy Latten<latten@austin.ibm.com> Signed-off-by: Eric Paris <eparis@parisplace.org> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/key/af_key.c')
-rw-r--r--net/key/af_key.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index d302ddae580c..0f8304b0246b 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1682,6 +1682,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
1682 unsigned proto; 1682 unsigned proto;
1683 struct km_event c; 1683 struct km_event c;
1684 struct xfrm_audit audit_info; 1684 struct xfrm_audit audit_info;
1685 int err;
1685 1686
1686 proto = pfkey_satype2proto(hdr->sadb_msg_satype); 1687 proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1687 if (proto == 0) 1688 if (proto == 0)
@@ -1689,7 +1690,9 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
1689 1690
1690 audit_info.loginuid = audit_get_loginuid(current->audit_context); 1691 audit_info.loginuid = audit_get_loginuid(current->audit_context);
1691 audit_info.secid = 0; 1692 audit_info.secid = 0;
1692 xfrm_state_flush(proto, &audit_info); 1693 err = xfrm_state_flush(proto, &audit_info);
1694 if (err)
1695 return err;
1693 c.data.proto = proto; 1696 c.data.proto = proto;
1694 c.seq = hdr->sadb_msg_seq; 1697 c.seq = hdr->sadb_msg_seq;
1695 c.pid = hdr->sadb_msg_pid; 1698 c.pid = hdr->sadb_msg_pid;
@@ -2683,10 +2686,13 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2683{ 2686{
2684 struct km_event c; 2687 struct km_event c;
2685 struct xfrm_audit audit_info; 2688 struct xfrm_audit audit_info;
2689 int err;
2686 2690
2687 audit_info.loginuid = audit_get_loginuid(current->audit_context); 2691 audit_info.loginuid = audit_get_loginuid(current->audit_context);
2688 audit_info.secid = 0; 2692 audit_info.secid = 0;
2689 xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); 2693 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
2694 if (err)
2695 return err;
2690 c.data.type = XFRM_POLICY_TYPE_MAIN; 2696 c.data.type = XFRM_POLICY_TYPE_MAIN;
2691 c.event = XFRM_MSG_FLUSHPOLICY; 2697 c.event = XFRM_MSG_FLUSHPOLICY;
2692 c.pid = hdr->sadb_msg_pid; 2698 c.pid = hdr->sadb_msg_pid;