aboutsummaryrefslogtreecommitdiffstats
path: root/net/rxrpc/ar-security.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2009-09-13 21:17:35 -0400
committerDavid S. Miller <davem@davemloft.net>2009-09-15 05:44:23 -0400
commit339412841d7620f93fea805fbd7469f08186f458 (patch)
treee2d385d76e3b9361671411442c5253417f95d5a6 /net/rxrpc/ar-security.c
parent8b815477f382f96deefbe5bd4404fa7b31cf5dcf (diff)
RxRPC: Allow key payloads to be passed in XDR form
Allow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as described by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of passing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and allows for future expansion. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/rxrpc/ar-security.c')
-rw-r--r--net/rxrpc/ar-security.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/net/rxrpc/ar-security.c b/net/rxrpc/ar-security.c
index dc62920ee19a..49b3cc31ee1f 100644
--- a/net/rxrpc/ar-security.c
+++ b/net/rxrpc/ar-security.c
@@ -16,6 +16,7 @@
16#include <linux/crypto.h> 16#include <linux/crypto.h>
17#include <net/sock.h> 17#include <net/sock.h>
18#include <net/af_rxrpc.h> 18#include <net/af_rxrpc.h>
19#include <keys/rxrpc-type.h>
19#include "ar-internal.h" 20#include "ar-internal.h"
20 21
21static LIST_HEAD(rxrpc_security_methods); 22static LIST_HEAD(rxrpc_security_methods);
@@ -122,6 +123,7 @@ EXPORT_SYMBOL_GPL(rxrpc_unregister_security);
122 */ 123 */
123int rxrpc_init_client_conn_security(struct rxrpc_connection *conn) 124int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
124{ 125{
126 struct rxrpc_key_token *token;
125 struct rxrpc_security *sec; 127 struct rxrpc_security *sec;
126 struct key *key = conn->key; 128 struct key *key = conn->key;
127 int ret; 129 int ret;
@@ -135,7 +137,11 @@ int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
135 if (ret < 0) 137 if (ret < 0)
136 return ret; 138 return ret;
137 139
138 sec = rxrpc_security_lookup(key->type_data.x[0]); 140 if (!key->payload.data)
141 return -EKEYREJECTED;
142 token = key->payload.data;
143
144 sec = rxrpc_security_lookup(token->security_index);
139 if (!sec) 145 if (!sec)
140 return -EKEYREJECTED; 146 return -EKEYREJECTED;
141 conn->security = sec; 147 conn->security = sec;