[IPV6]: Fix slab corruption running ip6sic
[linux-2.6] / net / rxrpc / ar-security.c
1 /* RxRPC security handling
2  *
3  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11
12 #include <linux/module.h>
13 #include <linux/net.h>
14 #include <linux/skbuff.h>
15 #include <linux/udp.h>
16 #include <linux/crypto.h>
17 #include <net/sock.h>
18 #include <net/af_rxrpc.h>
19 #include "ar-internal.h"
20
21 static LIST_HEAD(rxrpc_security_methods);
22 static DECLARE_RWSEM(rxrpc_security_sem);
23
24 /*
25  * get an RxRPC security module
26  */
27 static struct rxrpc_security *rxrpc_security_get(struct rxrpc_security *sec)
28 {
29         return try_module_get(sec->owner) ? sec : NULL;
30 }
31
32 /*
33  * release an RxRPC security module
34  */
35 static void rxrpc_security_put(struct rxrpc_security *sec)
36 {
37         module_put(sec->owner);
38 }
39
40 /*
41  * look up an rxrpc security module
42  */
43 struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
44 {
45         struct rxrpc_security *sec = NULL;
46
47         _enter("");
48
49         down_read(&rxrpc_security_sem);
50
51         list_for_each_entry(sec, &rxrpc_security_methods, link) {
52                 if (sec->security_index == security_index) {
53                         if (unlikely(!rxrpc_security_get(sec)))
54                                 break;
55                         goto out;
56                 }
57         }
58
59         sec = NULL;
60 out:
61         up_read(&rxrpc_security_sem);
62         _leave(" = %p [%s]", sec, sec ? sec->name : "");
63         return sec;
64 }
65
66 /**
67  * rxrpc_register_security - register an RxRPC security handler
68  * @sec: security module
69  *
70  * register an RxRPC security handler for use by RxRPC
71  */
72 int rxrpc_register_security(struct rxrpc_security *sec)
73 {
74         struct rxrpc_security *psec;
75         int ret;
76
77         _enter("");
78         down_write(&rxrpc_security_sem);
79
80         ret = -EEXIST;
81         list_for_each_entry(psec, &rxrpc_security_methods, link) {
82                 if (psec->security_index == sec->security_index)
83                         goto out;
84         }
85
86         list_add(&sec->link, &rxrpc_security_methods);
87
88         printk(KERN_NOTICE "RxRPC: Registered security type %d '%s'\n",
89                sec->security_index, sec->name);
90         ret = 0;
91
92 out:
93         up_write(&rxrpc_security_sem);
94         _leave(" = %d", ret);
95         return ret;
96 }
97
98 EXPORT_SYMBOL_GPL(rxrpc_register_security);
99
100 /**
101  * rxrpc_unregister_security - unregister an RxRPC security handler
102  * @sec: security module
103  *
104  * unregister an RxRPC security handler
105  */
106 void rxrpc_unregister_security(struct rxrpc_security *sec)
107 {
108
109         _enter("");
110         down_write(&rxrpc_security_sem);
111         list_del_init(&sec->link);
112         up_write(&rxrpc_security_sem);
113
114         printk(KERN_NOTICE "RxRPC: Unregistered security type %d '%s'\n",
115                sec->security_index, sec->name);
116 }
117
118 EXPORT_SYMBOL_GPL(rxrpc_unregister_security);
119
120 /*
121  * initialise the security on a client connection
122  */
123 int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
124 {
125         struct rxrpc_security *sec;
126         struct key *key = conn->key;
127         int ret;
128
129         _enter("{%d},{%x}", conn->debug_id, key_serial(key));
130
131         if (!key)
132                 return 0;
133
134         ret = key_validate(key);
135         if (ret < 0)
136                 return ret;
137
138         sec = rxrpc_security_lookup(key->type_data.x[0]);
139         if (!sec)
140                 return -EKEYREJECTED;
141         conn->security = sec;
142
143         ret = conn->security->init_connection_security(conn);
144         if (ret < 0) {
145                 rxrpc_security_put(conn->security);
146                 conn->security = NULL;
147                 return ret;
148         }
149
150         _leave(" = 0");
151         return 0;
152 }
153
154 /*
155  * initialise the security on a server connection
156  */
157 int rxrpc_init_server_conn_security(struct rxrpc_connection *conn)
158 {
159         struct rxrpc_security *sec;
160         struct rxrpc_local *local = conn->trans->local;
161         struct rxrpc_sock *rx;
162         struct key *key;
163         key_ref_t kref;
164         char kdesc[5+1+3+1];
165
166         _enter("");
167
168         sprintf(kdesc, "%u:%u", ntohs(conn->service_id), conn->security_ix);
169
170         sec = rxrpc_security_lookup(conn->security_ix);
171         if (!sec) {
172                 _leave(" = -ENOKEY [lookup]");
173                 return -ENOKEY;
174         }
175
176         /* find the service */
177         read_lock_bh(&local->services_lock);
178         list_for_each_entry(rx, &local->services, listen_link) {
179                 if (rx->service_id == conn->service_id)
180                         goto found_service;
181         }
182
183         /* the service appears to have died */
184         read_unlock_bh(&local->services_lock);
185         rxrpc_security_put(sec);
186         _leave(" = -ENOENT");
187         return -ENOENT;
188
189 found_service:
190         if (!rx->securities) {
191                 read_unlock_bh(&local->services_lock);
192                 rxrpc_security_put(sec);
193                 _leave(" = -ENOKEY");
194                 return -ENOKEY;
195         }
196
197         /* look through the service's keyring */
198         kref = keyring_search(make_key_ref(rx->securities, 1UL),
199                               &key_type_rxrpc_s, kdesc);
200         if (IS_ERR(kref)) {
201                 read_unlock_bh(&local->services_lock);
202                 rxrpc_security_put(sec);
203                 _leave(" = %ld [search]", PTR_ERR(kref));
204                 return PTR_ERR(kref);
205         }
206
207         key = key_ref_to_ptr(kref);
208         read_unlock_bh(&local->services_lock);
209
210         conn->server_key = key;
211         conn->security = sec;
212
213         _leave(" = 0");
214         return 0;
215 }
216
217 /*
218  * secure a packet prior to transmission
219  */
220 int rxrpc_secure_packet(const struct rxrpc_call *call,
221                         struct sk_buff *skb,
222                         size_t data_size,
223                         void *sechdr)
224 {
225         if (call->conn->security)
226                 return call->conn->security->secure_packet(
227                         call, skb, data_size, sechdr);
228         return 0;
229 }
230
231 /*
232  * secure a packet prior to transmission
233  */
234 int rxrpc_verify_packet(const struct rxrpc_call *call, struct sk_buff *skb,
235                         u32 *_abort_code)
236 {
237         if (call->conn->security)
238                 return call->conn->security->verify_packet(
239                         call, skb, _abort_code);
240         return 0;
241 }
242
243 /*
244  * clear connection security
245  */
246 void rxrpc_clear_conn_security(struct rxrpc_connection *conn)
247 {
248         _enter("{%d}", conn->debug_id);
249
250         if (conn->security) {
251                 conn->security->clear(conn);
252                 rxrpc_security_put(conn->security);
253                 conn->security = NULL;
254         }
255
256         key_put(conn->key);
257         key_put(conn->server_key);
258 }