Root/
1 | /* |
2 | * fs/cifs/cifs_spnego.c -- SPNEGO upcall management for CIFS |
3 | * |
4 | * Copyright (c) 2007 Red Hat, Inc. |
5 | * Author(s): Jeff Layton (jlayton@redhat.com) |
6 | * |
7 | * This library is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU Lesser General Public License as published |
9 | * by the Free Software Foundation; either version 2.1 of the License, or |
10 | * (at your option) any later version. |
11 | * |
12 | * This library is distributed in the hope that it will be useful, |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See |
15 | * the GNU Lesser General Public License for more details. |
16 | * |
17 | * You should have received a copy of the GNU Lesser General Public License |
18 | * along with this library; if not, write to the Free Software |
19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
20 | */ |
21 | |
22 | #include <linux/list.h> |
23 | #include <linux/slab.h> |
24 | #include <linux/string.h> |
25 | #include <keys/user-type.h> |
26 | #include <linux/key-type.h> |
27 | #include <linux/inet.h> |
28 | #include "cifsglob.h" |
29 | #include "cifs_spnego.h" |
30 | #include "cifs_debug.h" |
31 | |
32 | /* create a new cifs key */ |
33 | static int |
34 | cifs_spnego_key_instantiate(struct key *key, const void *data, size_t datalen) |
35 | { |
36 | char *payload; |
37 | int ret; |
38 | |
39 | ret = -ENOMEM; |
40 | payload = kmalloc(datalen, GFP_KERNEL); |
41 | if (!payload) |
42 | goto error; |
43 | |
44 | /* attach the data */ |
45 | memcpy(payload, data, datalen); |
46 | key->payload.data = payload; |
47 | ret = 0; |
48 | |
49 | error: |
50 | return ret; |
51 | } |
52 | |
53 | static void |
54 | cifs_spnego_key_destroy(struct key *key) |
55 | { |
56 | kfree(key->payload.data); |
57 | } |
58 | |
59 | |
60 | /* |
61 | * keytype for CIFS spnego keys |
62 | */ |
63 | struct key_type cifs_spnego_key_type = { |
64 | .name = "cifs.spnego", |
65 | .instantiate = cifs_spnego_key_instantiate, |
66 | .match = user_match, |
67 | .destroy = cifs_spnego_key_destroy, |
68 | .describe = user_describe, |
69 | }; |
70 | |
71 | /* length of longest version string e.g. strlen("ver=0xFF") */ |
72 | #define MAX_VER_STR_LEN 8 |
73 | |
74 | /* length of longest security mechanism name, eg in future could have |
75 | * strlen(";sec=ntlmsspi") */ |
76 | #define MAX_MECH_STR_LEN 13 |
77 | |
78 | /* strlen of "host=" */ |
79 | #define HOST_KEY_LEN 5 |
80 | |
81 | /* strlen of ";ip4=" or ";ip6=" */ |
82 | #define IP_KEY_LEN 5 |
83 | |
84 | /* strlen of ";uid=0x" */ |
85 | #define UID_KEY_LEN 7 |
86 | |
87 | /* strlen of ";user=" */ |
88 | #define USER_KEY_LEN 6 |
89 | |
90 | /* strlen of ";pid=0x" */ |
91 | #define PID_KEY_LEN 7 |
92 | |
93 | /* get a key struct with a SPNEGO security blob, suitable for session setup */ |
94 | struct key * |
95 | cifs_get_spnego_key(struct cifsSesInfo *sesInfo) |
96 | { |
97 | struct TCP_Server_Info *server = sesInfo->server; |
98 | char *description, *dp; |
99 | size_t desc_len; |
100 | struct key *spnego_key; |
101 | const char *hostname = server->hostname; |
102 | |
103 | /* length of fields (with semicolons): ver=0xyz ip4=ipaddress |
104 | host=hostname sec=mechanism uid=0xFF user=username */ |
105 | desc_len = MAX_VER_STR_LEN + |
106 | HOST_KEY_LEN + strlen(hostname) + |
107 | IP_KEY_LEN + INET6_ADDRSTRLEN + |
108 | MAX_MECH_STR_LEN + |
109 | UID_KEY_LEN + (sizeof(uid_t) * 2) + |
110 | USER_KEY_LEN + strlen(sesInfo->userName) + |
111 | PID_KEY_LEN + (sizeof(pid_t) * 2) + 1; |
112 | |
113 | spnego_key = ERR_PTR(-ENOMEM); |
114 | description = kzalloc(desc_len, GFP_KERNEL); |
115 | if (description == NULL) |
116 | goto out; |
117 | |
118 | dp = description; |
119 | /* start with version and hostname portion of UNC string */ |
120 | spnego_key = ERR_PTR(-EINVAL); |
121 | sprintf(dp, "ver=0x%x;host=%s;", CIFS_SPNEGO_UPCALL_VERSION, |
122 | hostname); |
123 | dp = description + strlen(description); |
124 | |
125 | /* add the server address */ |
126 | if (server->addr.sockAddr.sin_family == AF_INET) |
127 | sprintf(dp, "ip4=%pI4", &server->addr.sockAddr.sin_addr); |
128 | else if (server->addr.sockAddr.sin_family == AF_INET6) |
129 | sprintf(dp, "ip6=%pI6", &server->addr.sockAddr6.sin6_addr); |
130 | else |
131 | goto out; |
132 | |
133 | dp = description + strlen(description); |
134 | |
135 | /* for now, only sec=krb5 and sec=mskrb5 are valid */ |
136 | if (server->secType == Kerberos) |
137 | sprintf(dp, ";sec=krb5"); |
138 | else if (server->secType == MSKerberos) |
139 | sprintf(dp, ";sec=mskrb5"); |
140 | else |
141 | goto out; |
142 | |
143 | dp = description + strlen(description); |
144 | sprintf(dp, ";uid=0x%x", sesInfo->linux_uid); |
145 | |
146 | dp = description + strlen(description); |
147 | sprintf(dp, ";user=%s", sesInfo->userName); |
148 | |
149 | dp = description + strlen(description); |
150 | sprintf(dp, ";pid=0x%x", current->pid); |
151 | |
152 | cFYI(1, ("key description = %s", description)); |
153 | spnego_key = request_key(&cifs_spnego_key_type, description, ""); |
154 | |
155 | #ifdef CONFIG_CIFS_DEBUG2 |
156 | if (cifsFYI && !IS_ERR(spnego_key)) { |
157 | struct cifs_spnego_msg *msg = spnego_key->payload.data; |
158 | cifs_dump_mem("SPNEGO reply blob:", msg->data, min(1024U, |
159 | msg->secblob_len + msg->sesskey_len)); |
160 | } |
161 | #endif /* CONFIG_CIFS_DEBUG2 */ |
162 | |
163 | out: |
164 | kfree(description); |
165 | return spnego_key; |
166 | } |
167 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9