2 * fs/cifs/cifs_spnego.c -- SPNEGO upcall management for CIFS
4 * Copyright (c) 2007 Red Hat, Inc.
5 * Author(s): Jeff Layton (jlayton@redhat.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/list.h>
23 #include <linux/string.h>
24 #include <keys/user-type.h>
25 #include <linux/key-type.h>
27 #include "cifs_spnego.h"
28 #include "cifs_debug.h"
30 /* create a new cifs key */
32 cifs_spnego_key_instantiate(struct key *key, const void *data, size_t datalen)
38 payload = kmalloc(datalen, GFP_KERNEL);
43 memcpy(payload, data, datalen);
44 rcu_assign_pointer(key->payload.data, payload);
52 cifs_spnego_key_destroy(struct key *key)
54 kfree(key->payload.data);
59 * keytype for CIFS spnego keys
61 struct key_type cifs_spnego_key_type = {
62 .name = "cifs.spnego",
63 .instantiate = cifs_spnego_key_instantiate,
65 .destroy = cifs_spnego_key_destroy,
66 .describe = user_describe,
69 /* length of longest version string e.g. strlen("ver=0xFF") */
70 #define MAX_VER_STR_LEN 8
72 /* length of longest security mechanism name, eg in future could have
73 * strlen(";sec=ntlmsspi") */
74 #define MAX_MECH_STR_LEN 13
76 /* max possible addr len eg FEDC:BA98:7654:3210:FEDC:BA98:7654:3210/60 */
77 #define MAX_IPV6_ADDR_LEN 42
79 /* strlen of "host=" */
80 #define HOST_KEY_LEN 5
82 /* strlen of ";ip4=" or ";ip6=" */
85 /* strlen of ";uid=0x" */
88 /* strlen of ";user=" */
89 #define USER_KEY_LEN 6
91 /* get a key struct with a SPNEGO security blob, suitable for session setup */
93 cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
95 struct TCP_Server_Info *server = sesInfo->server;
96 char *description, *dp;
98 struct key *spnego_key;
99 const char *hostname = server->hostname;
101 /* length of fields (with semicolons): ver=0xyz ip4=ipaddress
102 host=hostname sec=mechanism uid=0xFF user=username */
103 desc_len = MAX_VER_STR_LEN +
104 HOST_KEY_LEN + strlen(hostname) +
105 IP_KEY_LEN + MAX_IPV6_ADDR_LEN +
107 UID_KEY_LEN + (sizeof(uid_t) * 2) +
108 USER_KEY_LEN + strlen(sesInfo->userName) + 1;
110 spnego_key = ERR_PTR(-ENOMEM);
111 description = kzalloc(desc_len, GFP_KERNEL);
112 if (description == NULL)
116 /* start with version and hostname portion of UNC string */
117 spnego_key = ERR_PTR(-EINVAL);
118 sprintf(dp, "ver=0x%x;host=%s;", CIFS_SPNEGO_UPCALL_VERSION,
120 dp = description + strlen(description);
122 /* add the server address */
123 if (server->addr.sockAddr.sin_family == AF_INET)
124 sprintf(dp, "ip4=" NIPQUAD_FMT,
125 NIPQUAD(server->addr.sockAddr.sin_addr));
126 else if (server->addr.sockAddr.sin_family == AF_INET6)
127 sprintf(dp, "ip6=" NIP6_SEQFMT,
128 NIP6(server->addr.sockAddr6.sin6_addr));
132 dp = description + strlen(description);
134 /* for now, only sec=krb5 and sec=mskrb5 are valid */
135 if (server->secType == Kerberos)
136 sprintf(dp, ";sec=krb5");
137 else if (server->secType == MSKerberos)
138 sprintf(dp, ";sec=mskrb5");
142 dp = description + strlen(description);
143 sprintf(dp, ";uid=0x%x", sesInfo->linux_uid);
145 dp = description + strlen(description);
146 sprintf(dp, ";user=%s", sesInfo->userName);
148 cFYI(1, ("key description = %s", description));
149 spnego_key = request_key(&cifs_spnego_key_type, description, "");
151 #ifdef CONFIG_CIFS_DEBUG2
152 if (cifsFYI && !IS_ERR(spnego_key)) {
153 struct cifs_spnego_msg *msg = spnego_key->payload.data;
154 cifs_dump_mem("SPNEGO reply blob:", msg->data, min(1024U,
155 msg->secblob_len + msg->sesskey_len));
157 #endif /* CONFIG_CIFS_DEBUG2 */