[MLSXFRM]: Add security context to acquire messages using netlink

This includes the security context of a security association created for use by IKE in the acquire messages sent to IKE daemons using netlink/xfrm_user. This would allow the daemons to include the security context in the negotiation, so that the resultant association is unique to that security context. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Serge Hallyn <serue@us.ibm.com> 2006-07-25 02:30:44 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 17:53:25 -0400
commit: 0d681623d30c6565e8b62889f3aa3f4d4662c3e8 (patch)
tree: ecda711a40bcee7472e2e25e68cc712854245fad /net
parent: e0d1caa7b0d5f02e4f34aa09c695d04251310c6c (diff)
1 files changed, 28 insertions, 15 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index fa79ddc4239e..dac8db1088bc 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -911,25 +911,38 @@ rtattr_failure:
        return -1;
 }
-static int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb)
+static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb)
 {
-        if (xp->security) {
+        int ctx_size = sizeof(struct xfrm_sec_ctx) + s->ctx_len;
-                int ctx_size = sizeof(struct xfrm_sec_ctx) +
+        struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size);
-                                xp->security->ctx_len;
+        struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt);
-                struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size);
-                struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt);
+        uctx->exttype = XFRMA_SEC_CTX;
+        uctx->len = ctx_size;
+        uctx->ctx_doi = s->ctx_doi;
+        uctx->ctx_alg = s->ctx_alg;
+        uctx->ctx_len = s->ctx_len;
+        memcpy(uctx + 1, s->ctx_str, s->ctx_len);
+        return 0;
-                uctx->exttype = XFRMA_SEC_CTX;
+ rtattr_failure:
-                uctx->len = ctx_size;
+        return -1;
-                uctx->ctx_doi = xp->security->ctx_doi;
+}
-                uctx->ctx_alg = xp->security->ctx_alg;
-                uctx->ctx_len = xp->security->ctx_len;
+static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb)
-                memcpy(uctx + 1, xp->security->ctx_str, xp->security->ctx_len);
+{
+        if (x->security) {
+                return copy_sec_ctx(x->security, skb);
        }
        return 0;
+}
- rtattr_failure:
+static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb)
-        return -1;
+{
+        if (xp->security) {
+                return copy_sec_ctx(xp->security, skb);
+        }
+        return 0;
 }
 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr)
@@ -1710,7 +1723,7 @@ static int build_acquire(struct sk_buff *skb, struct xfrm_state *x,
        if (copy_to_user_tmpl(xp, skb) < 0)
                goto nlmsg_failure;
-        if (copy_to_user_sec_ctx(xp, skb))
+        if (copy_to_user_state_sec_ctx(x, skb))
                goto nlmsg_failure;
        nlh->nlmsg_len = skb->tail - b;
author	Serge Hallyn <serue@us.ibm.com>	2006-07-25 02:30:44 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 17:53:25 -0400
commit	0d681623d30c6565e8b62889f3aa3f4d4662c3e8 (patch)
tree	ecda711a40bcee7472e2e25e68cc712854245fad /net
parent	e0d1caa7b0d5f02e4f34aa09c695d04251310c6c (diff)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index fa79ddc4239e..dac8db1088bc 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c
@@ -911,25 +911,38 @@ rtattr_failure:
911	return -1;	911	return -1;
912	}	912	}
913		913
914	static int copy_to_user_sec_ctx(struct xfrm_policy xp, struct sk_buff skb)	914	static int copy_sec_ctx(struct xfrm_sec_ctx s, struct sk_buff skb)
915	{	915	{
916	if (xp->security) {	916	int ctx_size = sizeof(struct xfrm_sec_ctx) + s->ctx_len;
917	int ctx_size = sizeof(struct xfrm_sec_ctx) +	917	struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size);
918	xp->security->ctx_len;	918	struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt);
919	struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size);	919
920	struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt);	920	uctx->exttype = XFRMA_SEC_CTX;
		921	uctx->len = ctx_size;
		922	uctx->ctx_doi = s->ctx_doi;
		923	uctx->ctx_alg = s->ctx_alg;
		924	uctx->ctx_len = s->ctx_len;
		925	memcpy(uctx + 1, s->ctx_str, s->ctx_len);
		926	return 0;
921		927
922	uctx->exttype = XFRMA_SEC_CTX;	928	rtattr_failure:
923	uctx->len = ctx_size;	929	return -1;
924	uctx->ctx_doi = xp->security->ctx_doi;	930	}
925	uctx->ctx_alg = xp->security->ctx_alg;	931
926	uctx->ctx_len = xp->security->ctx_len;	932	static inline int copy_to_user_state_sec_ctx(struct xfrm_state x, struct sk_buff skb)
927	memcpy(uctx + 1, xp->security->ctx_str, xp->security->ctx_len);	933	{
		934	if (x->security) {
		935	return copy_sec_ctx(x->security, skb);
928	}	936	}
929	return 0;	937	return 0;
		938	}
930		939
931	rtattr_failure:	940	static inline int copy_to_user_sec_ctx(struct xfrm_policy xp, struct sk_buff skb)
932	return -1;	941	{
		942	if (xp->security) {
		943	return copy_sec_ctx(xp->security, skb);
		944	}
		945	return 0;
933	}	946	}
934		947
935	static int dump_one_policy(struct xfrm_policy xp, int dir, int count, void ptr)	948	static int dump_one_policy(struct xfrm_policy xp, int dir, int count, void ptr)
@@ -1710,7 +1723,7 @@ static int build_acquire(struct sk_buff skb, struct xfrm_state x,
1710		1723
1711	if (copy_to_user_tmpl(xp, skb) < 0)	1724	if (copy_to_user_tmpl(xp, skb) < 0)
1712	goto nlmsg_failure;	1725	goto nlmsg_failure;
1713	if (copy_to_user_sec_ctx(xp, skb))	1726	if (copy_to_user_state_sec_ctx(x, skb))
1714	goto nlmsg_failure;	1727	goto nlmsg_failure;
1715		1728
1716	nlh->nlmsg_len = skb->tail - b;	1729	nlh->nlmsg_len = skb->tail - b;