diff options
| author | David Howells <dhowells@redhat.com> | 2009-09-13 21:17:35 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2009-09-15 05:44:23 -0400 |
| commit | 339412841d7620f93fea805fbd7469f08186f458 (patch) | |
| tree | e2d385d76e3b9361671411442c5253417f95d5a6 /net/rxrpc/ar-key.c | |
| parent | 8b815477f382f96deefbe5bd4404fa7b31cf5dcf (diff) | |
RxRPC: Allow key payloads to be passed in XDR form
Allow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as
described by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of
passing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and
allows for future expansion.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/rxrpc/ar-key.c')
| -rw-r--r-- | net/rxrpc/ar-key.c | 308 |
1 files changed, 270 insertions, 38 deletions
diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index b3d10e7ccd7e..a3a7acb5071a 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c | |||
| @@ -17,6 +17,7 @@ | |||
| 17 | #include <linux/skbuff.h> | 17 | #include <linux/skbuff.h> |
| 18 | #include <linux/key-type.h> | 18 | #include <linux/key-type.h> |
| 19 | #include <linux/crypto.h> | 19 | #include <linux/crypto.h> |
| 20 | #include <linux/ctype.h> | ||
| 20 | #include <net/sock.h> | 21 | #include <net/sock.h> |
| 21 | #include <net/af_rxrpc.h> | 22 | #include <net/af_rxrpc.h> |
| 22 | #include <keys/rxrpc-type.h> | 23 | #include <keys/rxrpc-type.h> |
| @@ -55,6 +56,202 @@ struct key_type key_type_rxrpc_s = { | |||
| 55 | }; | 56 | }; |
| 56 | 57 | ||
| 57 | /* | 58 | /* |
| 59 | * parse an RxKAD type XDR format token | ||
| 60 | * - the caller guarantees we have at least 4 words | ||
| 61 | */ | ||
| 62 | static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr, | ||
| 63 | unsigned toklen) | ||
| 64 | { | ||
| 65 | struct rxrpc_key_token *token; | ||
| 66 | size_t plen; | ||
| 67 | u32 tktlen; | ||
| 68 | int ret; | ||
| 69 | |||
| 70 | _enter(",{%x,%x,%x,%x},%u", | ||
| 71 | ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), | ||
| 72 | toklen); | ||
| 73 | |||
| 74 | if (toklen <= 8 * 4) | ||
| 75 | return -EKEYREJECTED; | ||
| 76 | tktlen = ntohl(xdr[7]); | ||
| 77 | _debug("tktlen: %x", tktlen); | ||
| 78 | if (tktlen > AFSTOKEN_RK_TIX_MAX) | ||
| 79 | return -EKEYREJECTED; | ||
| 80 | if (8 * 4 + tktlen != toklen) | ||
| 81 | return -EKEYREJECTED; | ||
| 82 | |||
| 83 | plen = sizeof(*token) + sizeof(*token->kad) + tktlen; | ||
| 84 | ret = key_payload_reserve(key, key->datalen + plen); | ||
| 85 | if (ret < 0) | ||
| 86 | return ret; | ||
| 87 | |||
| 88 | plen -= sizeof(*token); | ||
| 89 | token = kmalloc(sizeof(*token), GFP_KERNEL); | ||
| 90 | if (!token) | ||
| 91 | return -ENOMEM; | ||
| 92 | |||
| 93 | token->kad = kmalloc(plen, GFP_KERNEL); | ||
| 94 | if (!token->kad) { | ||
| 95 | kfree(token); | ||
| 96 | return -ENOMEM; | ||
| 97 | } | ||
| 98 | |||
| 99 | token->security_index = RXRPC_SECURITY_RXKAD; | ||
| 100 | token->kad->ticket_len = tktlen; | ||
| 101 | token->kad->vice_id = ntohl(xdr[0]); | ||
| 102 | token->kad->kvno = ntohl(xdr[1]); | ||
| 103 | token->kad->start = ntohl(xdr[4]); | ||
| 104 | token->kad->expiry = ntohl(xdr[5]); | ||
| 105 | token->kad->primary_flag = ntohl(xdr[6]); | ||
| 106 | memcpy(&token->kad->session_key, &xdr[2], 8); | ||
| 107 | memcpy(&token->kad->ticket, &xdr[8], tktlen); | ||
| 108 | |||
| 109 | _debug("SCIX: %u", token->security_index); | ||
| 110 | _debug("TLEN: %u", token->kad->ticket_len); | ||
| 111 | _debug("EXPY: %x", token->kad->expiry); | ||
| 112 | _debug("KVNO: %u", token->kad->kvno); | ||
| 113 | _debug("PRIM: %u", token->kad->primary_flag); | ||
| 114 | _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", | ||
| 115 | token->kad->session_key[0], token->kad->session_key[1], | ||
| 116 | token->kad->session_key[2], token->kad->session_key[3], | ||
| 117 | token->kad->session_key[4], token->kad->session_key[5], | ||
| 118 | token->kad->session_key[6], token->kad->session_key[7]); | ||
| 119 | if (token->kad->ticket_len >= 8) | ||
| 120 | _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", | ||
| 121 | token->kad->ticket[0], token->kad->ticket[1], | ||
| 122 | token->kad->ticket[2], token->kad->ticket[3], | ||
| 123 | token->kad->ticket[4], token->kad->ticket[5], | ||
| 124 | token->kad->ticket[6], token->kad->ticket[7]); | ||
| 125 | |||
| 126 | /* count the number of tokens attached */ | ||
| 127 | key->type_data.x[0]++; | ||
| 128 | |||
| 129 | /* attach the data */ | ||
| 130 | token->next = key->payload.data; | ||
| 131 | key->payload.data = token; | ||
| 132 | if (token->kad->expiry < key->expiry) | ||
| 133 | key->expiry = token->kad->expiry; | ||
| 134 | |||
| 135 | _leave(" = 0"); | ||
| 136 | return 0; | ||
| 137 | } | ||
| 138 | |||
| 139 | /* | ||
| 140 | * attempt to parse the data as the XDR format | ||
| 141 | * - the caller guarantees we have more than 7 words | ||
| 142 | */ | ||
| 143 | static int rxrpc_instantiate_xdr(struct key *key, const void *data, size_t datalen) | ||
| 144 | { | ||
| 145 | const __be32 *xdr = data, *token; | ||
| 146 | const char *cp; | ||
| 147 | unsigned len, tmp, loop, ntoken, toklen, sec_ix; | ||
| 148 | int ret; | ||
| 149 | |||
| 150 | _enter(",{%x,%x,%x,%x},%zu", | ||
| 151 | ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), | ||
| 152 | datalen); | ||
| 153 | |||
| 154 | if (datalen > AFSTOKEN_LENGTH_MAX) | ||
| 155 | goto not_xdr; | ||
| 156 | |||
| 157 | /* XDR is an array of __be32's */ | ||
| 158 | if (datalen & 3) | ||
| 159 | goto not_xdr; | ||
| 160 | |||
| 161 | /* the flags should be 0 (the setpag bit must be handled by | ||
| 162 | * userspace) */ | ||
| 163 | if (ntohl(*xdr++) != 0) | ||
| 164 | goto not_xdr; | ||
| 165 | datalen -= 4; | ||
| 166 | |||
| 167 | /* check the cell name */ | ||
| 168 | len = ntohl(*xdr++); | ||
| 169 | if (len < 1 || len > AFSTOKEN_CELL_MAX) | ||
| 170 | goto not_xdr; | ||
| 171 | datalen -= 4; | ||
| 172 | tmp = (len + 3) & ~3; | ||
| 173 | if (tmp > datalen) | ||
| 174 | goto not_xdr; | ||
| 175 | |||
| 176 | cp = (const char *) xdr; | ||
| 177 | for (loop = 0; loop < len; loop++) | ||
| 178 | if (!isprint(cp[loop])) | ||
| 179 | goto not_xdr; | ||
| 180 | if (len < tmp) | ||
| 181 | for (; loop < tmp; loop++) | ||
| 182 | if (cp[loop]) | ||
| 183 | goto not_xdr; | ||
| 184 | _debug("cellname: [%u/%u] '%*.*s'", | ||
| 185 | len, tmp, len, len, (const char *) xdr); | ||
| 186 | datalen -= tmp; | ||
| 187 | xdr += tmp >> 2; | ||
| 188 | |||
| 189 | /* get the token count */ | ||
| 190 | if (datalen < 12) | ||
| 191 | goto not_xdr; | ||
| 192 | ntoken = ntohl(*xdr++); | ||
| 193 | datalen -= 4; | ||
| 194 | _debug("ntoken: %x", ntoken); | ||
| 195 | if (ntoken < 1 || ntoken > AFSTOKEN_MAX) | ||
| 196 | goto not_xdr; | ||
| 197 | |||
| 198 | /* check each token wrapper */ | ||
| 199 | token = xdr; | ||
| 200 | loop = ntoken; | ||
| 201 | do { | ||
| 202 | if (datalen < 8) | ||
| 203 | goto not_xdr; | ||
| 204 | toklen = ntohl(*xdr++); | ||
| 205 | sec_ix = ntohl(*xdr); | ||
| 206 | datalen -= 4; | ||
| 207 | _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix); | ||
| 208 | if (toklen < 20 || toklen > datalen) | ||
| 209 | goto not_xdr; | ||
| 210 | datalen -= (toklen + 3) & ~3; | ||
| 211 | xdr += (toklen + 3) >> 2; | ||
| 212 | |||
| 213 | } while (--loop > 0); | ||
| 214 | |||
| 215 | _debug("remainder: %zu", datalen); | ||
| 216 | if (datalen != 0) | ||
| 217 | goto not_xdr; | ||
| 218 | |||
| 219 | /* okay: we're going to assume it's valid XDR format | ||
| 220 | * - we ignore the cellname, relying on the key to be correctly named | ||
| 221 | */ | ||
| 222 | do { | ||
| 223 | xdr = token; | ||
| 224 | toklen = ntohl(*xdr++); | ||
| 225 | token = xdr + ((toklen + 3) >> 2); | ||
| 226 | sec_ix = ntohl(*xdr++); | ||
| 227 | toklen -= 4; | ||
| 228 | |||
| 229 | switch (sec_ix) { | ||
| 230 | case RXRPC_SECURITY_RXKAD: | ||
| 231 | ret = rxrpc_instantiate_xdr_rxkad(key, xdr, toklen); | ||
| 232 | if (ret != 0) | ||
| 233 | goto error; | ||
| 234 | break; | ||
| 235 | |||
| 236 | default: | ||
| 237 | ret = -EPROTONOSUPPORT; | ||
| 238 | goto error; | ||
| 239 | } | ||
| 240 | |||
| 241 | } while (--ntoken > 0); | ||
| 242 | |||
| 243 | _leave(" = 0"); | ||
| 244 | return 0; | ||
| 245 | |||
| 246 | not_xdr: | ||
| 247 | _leave(" = -EPROTO"); | ||
| 248 | return -EPROTO; | ||
| 249 | error: | ||
| 250 | _leave(" = %d", ret); | ||
| 251 | return ret; | ||
| 252 | } | ||
| 253 | |||
| 254 | /* | ||
| 58 | * instantiate an rxrpc defined key | 255 | * instantiate an rxrpc defined key |
| 59 | * data should be of the form: | 256 | * data should be of the form: |
| 60 | * OFFSET LEN CONTENT | 257 | * OFFSET LEN CONTENT |
| @@ -70,8 +267,8 @@ struct key_type key_type_rxrpc_s = { | |||
| 70 | */ | 267 | */ |
| 71 | static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) | 268 | static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) |
| 72 | { | 269 | { |
| 73 | const struct rxkad_key *tsec; | 270 | const struct rxrpc_key_data_v1 *v1; |
| 74 | struct rxrpc_key_payload *upayload; | 271 | struct rxrpc_key_token *token, **pp; |
| 75 | size_t plen; | 272 | size_t plen; |
| 76 | u32 kver; | 273 | u32 kver; |
| 77 | int ret; | 274 | int ret; |
| @@ -82,6 +279,13 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) | |||
| 82 | if (!data && datalen == 0) | 279 | if (!data && datalen == 0) |
| 83 | return 0; | 280 | return 0; |
| 84 | 281 | ||
| 282 | /* determine if the XDR payload format is being used */ | ||
| 283 | if (datalen > 7 * 4) { | ||
| 284 | ret = rxrpc_instantiate_xdr(key, data, datalen); | ||
| 285 | if (ret != -EPROTO) | ||
| 286 | return ret; | ||
| 287 | } | ||
| 288 | |||
| 85 | /* get the key interface version number */ | 289 | /* get the key interface version number */ |
| 86 | ret = -EINVAL; | 290 | ret = -EINVAL; |
| 87 | if (datalen <= 4 || !data) | 291 | if (datalen <= 4 || !data) |
| @@ -98,53 +302,67 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) | |||
| 98 | 302 | ||
| 99 | /* deal with a version 1 key */ | 303 | /* deal with a version 1 key */ |
| 100 | ret = -EINVAL; | 304 | ret = -EINVAL; |
| 101 | if (datalen < sizeof(*tsec)) | 305 | if (datalen < sizeof(*v1)) |
| 102 | goto error; | 306 | goto error; |
| 103 | 307 | ||
| 104 | tsec = data; | 308 | v1 = data; |
| 105 | if (datalen != sizeof(*tsec) + tsec->ticket_len) | 309 | if (datalen != sizeof(*v1) + v1->ticket_length) |
| 106 | goto error; | 310 | goto error; |
| 107 | 311 | ||
| 108 | _debug("SCIX: %u", tsec->security_index); | 312 | _debug("SCIX: %u", v1->security_index); |
| 109 | _debug("TLEN: %u", tsec->ticket_len); | 313 | _debug("TLEN: %u", v1->ticket_length); |
| 110 | _debug("EXPY: %x", tsec->expiry); | 314 | _debug("EXPY: %x", v1->expiry); |
| 111 | _debug("KVNO: %u", tsec->kvno); | 315 | _debug("KVNO: %u", v1->kvno); |
| 112 | _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", | 316 | _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", |
| 113 | tsec->session_key[0], tsec->session_key[1], | 317 | v1->session_key[0], v1->session_key[1], |
| 114 | tsec->session_key[2], tsec->session_key[3], | 318 | v1->session_key[2], v1->session_key[3], |
| 115 | tsec->session_key[4], tsec->session_key[5], | 319 | v1->session_key[4], v1->session_key[5], |
| 116 | tsec->session_key[6], tsec->session_key[7]); | 320 | v1->session_key[6], v1->session_key[7]); |
| 117 | if (tsec->ticket_len >= 8) | 321 | if (v1->ticket_length >= 8) |
| 118 | _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", | 322 | _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", |
| 119 | tsec->ticket[0], tsec->ticket[1], | 323 | v1->ticket[0], v1->ticket[1], |
| 120 | tsec->ticket[2], tsec->ticket[3], | 324 | v1->ticket[2], v1->ticket[3], |
| 121 | tsec->ticket[4], tsec->ticket[5], | 325 | v1->ticket[4], v1->ticket[5], |
| 122 | tsec->ticket[6], tsec->ticket[7]); | 326 | v1->ticket[6], v1->ticket[7]); |
| 123 | 327 | ||
| 124 | ret = -EPROTONOSUPPORT; | 328 | ret = -EPROTONOSUPPORT; |
| 125 | if (tsec->security_index != RXRPC_SECURITY_RXKAD) | 329 | if (v1->security_index != RXRPC_SECURITY_RXKAD) |
| 126 | goto error; | 330 | goto error; |
| 127 | 331 | ||
| 128 | key->type_data.x[0] = tsec->security_index; | 332 | plen = sizeof(*token->kad) + v1->ticket_length; |
| 129 | 333 | ret = key_payload_reserve(key, plen + sizeof(*token)); | |
| 130 | plen = sizeof(*upayload) + tsec->ticket_len; | ||
| 131 | ret = key_payload_reserve(key, plen); | ||
| 132 | if (ret < 0) | 334 | if (ret < 0) |
| 133 | goto error; | 335 | goto error; |
| 134 | 336 | ||
| 135 | ret = -ENOMEM; | 337 | ret = -ENOMEM; |
| 136 | upayload = kmalloc(plen, GFP_KERNEL); | 338 | token = kmalloc(sizeof(*token), GFP_KERNEL); |
| 137 | if (!upayload) | 339 | if (!token) |
| 138 | goto error; | 340 | goto error; |
| 341 | token->kad = kmalloc(plen, GFP_KERNEL); | ||
| 342 | if (!token->kad) | ||
| 343 | goto error_free; | ||
| 344 | |||
| 345 | token->security_index = RXRPC_SECURITY_RXKAD; | ||
| 346 | token->kad->ticket_len = v1->ticket_length; | ||
| 347 | token->kad->expiry = v1->expiry; | ||
| 348 | token->kad->kvno = v1->kvno; | ||
| 349 | memcpy(&token->kad->session_key, &v1->session_key, 8); | ||
| 350 | memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length); | ||
| 139 | 351 | ||
| 140 | /* attach the data */ | 352 | /* attach the data */ |
| 141 | memcpy(&upayload->k, tsec, sizeof(*tsec)); | 353 | key->type_data.x[0]++; |
| 142 | memcpy(&upayload->k.ticket, (void *)tsec + sizeof(*tsec), | 354 | |
| 143 | tsec->ticket_len); | 355 | pp = (struct rxrpc_key_token **)&key->payload.data; |
| 144 | key->payload.data = upayload; | 356 | while (*pp) |
| 145 | key->expiry = tsec->expiry; | 357 | pp = &(*pp)->next; |
| 358 | *pp = token; | ||
| 359 | if (token->kad->expiry < key->expiry) | ||
| 360 | key->expiry = token->kad->expiry; | ||
| 361 | token = NULL; | ||
| 146 | ret = 0; | 362 | ret = 0; |
| 147 | 363 | ||
| 364 | error_free: | ||
| 365 | kfree(token); | ||
| 148 | error: | 366 | error: |
| 149 | return ret; | 367 | return ret; |
| 150 | } | 368 | } |
| @@ -184,7 +402,22 @@ static int rxrpc_instantiate_s(struct key *key, const void *data, | |||
| 184 | */ | 402 | */ |
| 185 | static void rxrpc_destroy(struct key *key) | 403 | static void rxrpc_destroy(struct key *key) |
| 186 | { | 404 | { |
| 187 | kfree(key->payload.data); | 405 | struct rxrpc_key_token *token; |
| 406 | |||
| 407 | while ((token = key->payload.data)) { | ||
| 408 | key->payload.data = token->next; | ||
| 409 | switch (token->security_index) { | ||
| 410 | case RXRPC_SECURITY_RXKAD: | ||
| 411 | kfree(token->kad); | ||
| 412 | break; | ||
| 413 | default: | ||
| 414 | printk(KERN_ERR "Unknown token type %x on rxrpc key\n", | ||
| 415 | token->security_index); | ||
| 416 | BUG(); | ||
| 417 | } | ||
| 418 | |||
| 419 | kfree(token); | ||
| 420 | } | ||
| 188 | } | 421 | } |
| 189 | 422 | ||
| 190 | /* | 423 | /* |
| @@ -293,7 +526,7 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn, | |||
| 293 | 526 | ||
| 294 | struct { | 527 | struct { |
| 295 | u32 kver; | 528 | u32 kver; |
| 296 | struct rxkad_key tsec; | 529 | struct rxrpc_key_data_v1 v1; |
| 297 | } data; | 530 | } data; |
| 298 | 531 | ||
| 299 | _enter(""); | 532 | _enter(""); |
| @@ -308,13 +541,12 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn, | |||
| 308 | _debug("key %d", key_serial(key)); | 541 | _debug("key %d", key_serial(key)); |
| 309 | 542 | ||
| 310 | data.kver = 1; | 543 | data.kver = 1; |
| 311 | data.tsec.security_index = RXRPC_SECURITY_RXKAD; | 544 | data.v1.security_index = RXRPC_SECURITY_RXKAD; |
| 312 | data.tsec.ticket_len = 0; | 545 | data.v1.ticket_length = 0; |
| 313 | data.tsec.expiry = expiry; | 546 | data.v1.expiry = expiry; |
| 314 | data.tsec.kvno = 0; | 547 | data.v1.kvno = 0; |
| 315 | 548 | ||
| 316 | memcpy(&data.tsec.session_key, session_key, | 549 | memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key)); |
| 317 | sizeof(data.tsec.session_key)); | ||
| 318 | 550 | ||
| 319 | ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); | 551 | ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); |
| 320 | if (ret < 0) | 552 | if (ret < 0) |