]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - net/rxrpc/ar-security.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rxrpc: Absorb the rxkad security module
[mirror_ubuntu-zesty-kernel.git] / net / rxrpc / ar-security.c
1 /* RxRPC security handling
2 *
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12 #include <linux/module.h>
13 #include <linux/net.h>
14 #include <linux/skbuff.h>
15 #include <linux/udp.h>
16 #include <linux/crypto.h>
17 #include <net/sock.h>
18 #include <net/af_rxrpc.h>
19 #include <keys/rxrpc-type.h>
20 #include "ar-internal.h"
21
22 static LIST_HEAD(rxrpc_security_methods);
23 static DECLARE_RWSEM(rxrpc_security_sem);
24
25 static const struct rxrpc_security *rxrpc_security_types[] = {
26 #ifdef CONFIG_RXKAD
27 [RXRPC_SECURITY_RXKAD] = &rxkad,
28 #endif
29 };
30
31 int __init rxrpc_init_security(void)
32 {
33 int i, ret;
34
35 for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++) {
36 if (rxrpc_security_types[i]) {
37 ret = rxrpc_security_types[i]->init();
38 if (ret < 0)
39 goto failed;
40 }
41 }
42
43 return 0;
44
45 failed:
46 for (i--; i >= 0; i--)
47 if (rxrpc_security_types[i])
48 rxrpc_security_types[i]->exit();
49 return ret;
50 }
51
52 void rxrpc_exit_security(void)
53 {
54 int i;
55
56 for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++)
57 if (rxrpc_security_types[i])
58 rxrpc_security_types[i]->exit();
59 }
60
61 /*
62 * look up an rxrpc security module
63 */
64 static const struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
65 {
66 if (security_index >= ARRAY_SIZE(rxrpc_security_types))
67 return NULL;
68 return rxrpc_security_types[security_index];
69 }
70
71 /*
72 * initialise the security on a client connection
73 */
74 int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
75 {
76 const struct rxrpc_security *sec;
77 struct rxrpc_key_token *token;
78 struct key *key = conn->key;
79 int ret;
80
81 _enter("{%d},{%x}", conn->debug_id, key_serial(key));
82
83 if (!key)
84 return 0;
85
86 ret = key_validate(key);
87 if (ret < 0)
88 return ret;
89
90 token = key->payload.data[0];
91 if (!token)
92 return -EKEYREJECTED;
93
94 sec = rxrpc_security_lookup(token->security_index);
95 if (!sec)
96 return -EKEYREJECTED;
97 conn->security = sec;
98
99 ret = conn->security->init_connection_security(conn);
100 if (ret < 0) {
101 conn->security = NULL;
102 return ret;
103 }
104
105 _leave(" = 0");
106 return 0;
107 }
108
109 /*
110 * initialise the security on a server connection
111 */
112 int rxrpc_init_server_conn_security(struct rxrpc_connection *conn)
113 {
114 const struct rxrpc_security *sec;
115 struct rxrpc_local *local = conn->trans->local;
116 struct rxrpc_sock *rx;
117 struct key *key;
118 key_ref_t kref;
119 char kdesc[5 + 1 + 3 + 1];
120
121 _enter("");
122
123 sprintf(kdesc, "%u:%u", conn->service_id, conn->security_ix);
124
125 sec = rxrpc_security_lookup(conn->security_ix);
126 if (!sec) {
127 _leave(" = -ENOKEY [lookup]");
128 return -ENOKEY;
129 }
130
131 /* find the service */
132 read_lock_bh(&local->services_lock);
133 list_for_each_entry(rx, &local->services, listen_link) {
134 if (rx->srx.srx_service == conn->service_id)
135 goto found_service;
136 }
137
138 /* the service appears to have died */
139 read_unlock_bh(&local->services_lock);
140 _leave(" = -ENOENT");
141 return -ENOENT;
142
143 found_service:
144 if (!rx->securities) {
145 read_unlock_bh(&local->services_lock);
146 _leave(" = -ENOKEY");
147 return -ENOKEY;
148 }
149
150 /* look through the service's keyring */
151 kref = keyring_search(make_key_ref(rx->securities, 1UL),
152 &key_type_rxrpc_s, kdesc);
153 if (IS_ERR(kref)) {
154 read_unlock_bh(&local->services_lock);
155 _leave(" = %ld [search]", PTR_ERR(kref));
156 return PTR_ERR(kref);
157 }
158
159 key = key_ref_to_ptr(kref);
160 read_unlock_bh(&local->services_lock);
161
162 conn->server_key = key;
163 conn->security = sec;
164
165 _leave(" = 0");
166 return 0;
167 }
168
169 /*
170 * secure a packet prior to transmission
171 */
172 int rxrpc_secure_packet(const struct rxrpc_call *call,
173 struct sk_buff *skb,
174 size_t data_size,
175 void *sechdr)
176 {
177 if (call->conn->security)
178 return call->conn->security->secure_packet(
179 call, skb, data_size, sechdr);
180 return 0;
181 }
182
183 /*
184 * secure a packet prior to transmission
185 */
186 int rxrpc_verify_packet(const struct rxrpc_call *call, struct sk_buff *skb,
187 u32 *_abort_code)
188 {
189 if (call->conn->security)
190 return call->conn->security->verify_packet(
191 call, skb, _abort_code);
192 return 0;
193 }
194
195 /*
196 * clear connection security
197 */
198 void rxrpc_clear_conn_security(struct rxrpc_connection *conn)
199 {
200 _enter("{%d}", conn->debug_id);
201
202 if (conn->security)
203 conn->security->clear(conn);
204
205 key_put(conn->key);
206 key_put(conn->server_key);
207 }
ubuntu-zesty-kernel mirror