1/* 2 * fs/cifs/cifs_spnego.c -- SPNEGO upcall management for CIFS 3 * 4 * Copyright (c) 2007 Red Hat, Inc. 5 * Author(s): Jeff Layton (jlayton@redhat.com) 6 * 7 * This library is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU Lesser General Public License as published 9 * by the Free Software Foundation; either version 2.1 of the License, or 10 * (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 15 * the GNU Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public License 18 * along with this library; if not, write to the Free Software 19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 */ 21 22#include <linux/list.h> 23#include <linux/slab.h> 24#include <linux/string.h> 25#include <keys/user-type.h> 26#include <linux/key-type.h> 27#include <linux/inet.h> 28#include "cifsglob.h" 29#include "cifs_spnego.h" 30#include "cifs_debug.h" 31 32/* create a new cifs key */ 33static int 34cifs_spnego_key_instantiate(struct key *key, const void *data, size_t datalen) 35{ 36 char *payload; 37 int ret; 38 39 ret = -ENOMEM; 40 payload = kmalloc(datalen, GFP_KERNEL); 41 if (!payload) 42 goto error; 43 44 /* attach the data */ 45 memcpy(payload, data, datalen); 46 key->payload.data = payload; 47 ret = 0; 48 49error: 50 return ret; 51} 52 53static void 54cifs_spnego_key_destroy(struct key *key) 55{ 56 kfree(key->payload.data); 57} 58 59 60/* 61 * keytype for CIFS spnego keys 62 */ 63struct key_type cifs_spnego_key_type = { 64 .name = "cifs.spnego", 65 .instantiate = cifs_spnego_key_instantiate, 66 .match = user_match, 67 .destroy = cifs_spnego_key_destroy, 68 .describe = user_describe, 69}; 70 71/* length of longest version string e.g. strlen("ver=0xFF") */ 72#define MAX_VER_STR_LEN 8 73 74/* length of longest security mechanism name, eg in future could have 75 * strlen(";sec=ntlmsspi") */ 76#define MAX_MECH_STR_LEN 13 77 78/* strlen of "host=" */ 79#define HOST_KEY_LEN 5 80 81/* strlen of ";ip4=" or ";ip6=" */ 82#define IP_KEY_LEN 5 83 84/* strlen of ";uid=0x" */ 85#define UID_KEY_LEN 7 86 87/* strlen of ";creduid=0x" */ 88#define CREDUID_KEY_LEN 11 89 90/* strlen of ";user=" */ 91#define USER_KEY_LEN 6 92 93/* strlen of ";pid=0x" */ 94#define PID_KEY_LEN 7 95 96/* get a key struct with a SPNEGO security blob, suitable for session setup */ 97struct key * 98cifs_get_spnego_key(struct cifsSesInfo *sesInfo) 99{ 100 struct TCP_Server_Info *server = sesInfo->server; 101 char *description, *dp; 102 size_t desc_len; 103 struct key *spnego_key; 104 const char *hostname = server->hostname; 105 106 /* length of fields (with semicolons): ver=0xyz ip4=ipaddress 107 host=hostname sec=mechanism uid=0xFF user=username */ 108 desc_len = MAX_VER_STR_LEN + 109 HOST_KEY_LEN + strlen(hostname) + 110 IP_KEY_LEN + INET6_ADDRSTRLEN + 111 MAX_MECH_STR_LEN + 112 UID_KEY_LEN + (sizeof(uid_t) * 2) + 113 CREDUID_KEY_LEN + (sizeof(uid_t) * 2) + 114 USER_KEY_LEN + strlen(sesInfo->userName) + 115 PID_KEY_LEN + (sizeof(pid_t) * 2) + 1; 116 117 spnego_key = ERR_PTR(-ENOMEM); 118 description = kzalloc(desc_len, GFP_KERNEL); 119 if (description == NULL) 120 goto out; 121 122 dp = description; 123 /* start with version and hostname portion of UNC string */ 124 spnego_key = ERR_PTR(-EINVAL); 125 sprintf(dp, "ver=0x%x;host=%s;", CIFS_SPNEGO_UPCALL_VERSION, 126 hostname); 127 dp = description + strlen(description); 128 129 /* add the server address */ 130 if (server->addr.sockAddr.sin_family == AF_INET) 131 sprintf(dp, "ip4=%pI4", &server->addr.sockAddr.sin_addr); 132 else if (server->addr.sockAddr.sin_family == AF_INET6) 133 sprintf(dp, "ip6=%pI6", &server->addr.sockAddr6.sin6_addr); 134 else 135 goto out; 136 137 dp = description + strlen(description); 138 139 /* for now, only sec=krb5 and sec=mskrb5 are valid */ 140 if (server->sec_kerberos) 141 sprintf(dp, ";sec=krb5"); 142 else if (server->sec_mskerberos) 143 sprintf(dp, ";sec=mskrb5"); 144 else 145 goto out; 146 147 dp = description + strlen(description); 148 sprintf(dp, ";uid=0x%x", sesInfo->linux_uid); 149 150 dp = description + strlen(description); 151 sprintf(dp, ";creduid=0x%x", sesInfo->cred_uid); 152 153 dp = description + strlen(description); 154 sprintf(dp, ";user=%s", sesInfo->userName); 155 156 dp = description + strlen(description); 157 sprintf(dp, ";pid=0x%x", current->pid); 158 159 cFYI(1, "key description = %s", description); 160 spnego_key = request_key(&cifs_spnego_key_type, description, ""); 161 162#ifdef CONFIG_CIFS_DEBUG2 163 if (cifsFYI && !IS_ERR(spnego_key)) { 164 struct cifs_spnego_msg *msg = spnego_key->payload.data; 165 cifs_dump_mem("SPNEGO reply blob:", msg->data, min(1024U, 166 msg->secblob_len + msg->sesskey_len)); 167 } 168#endif /* CONFIG_CIFS_DEBUG2 */ 169 170out: 171 kfree(description); 172 return spnego_key; 173} 174