Merge tag 'rxrpc-next-20201123' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs (23c01ed3) · Commits · 戴 / test

include/keys/rxrpc-type.h

+1 −55

Original line number	Diff line number	Diff line
		@@ -31,63 +31,15 @@ struct rxkad_key {
		u8 ticket[]; /* the encrypted ticket */
		};

		/*
		* Kerberos 5 principal
		* name/name/name@realm
		*/
		struct krb5_principal {
		u8 n_name_parts; /* N of parts of the name part of the principal */
		char *name_parts; / parts of the name part of the principal */
		char realm; / parts of the realm part of the principal */
		};

		/*
		* Kerberos 5 tagged data
		*/
		struct krb5_tagged_data {
		/* for tag value, see /usr/include/krb5/krb5.h
		* - KRB5_AUTHDATA_* for auth data
		* -
		*/
		s32 tag;
		u32 data_len;
		u8 *data;
		};

		/*
		* RxRPC key for Kerberos V (type-5 security)
		*/
		struct rxk5_key {
		u64 authtime; /* time at which auth token generated */
		u64 starttime; /* time at which auth token starts */
		u64 endtime; /* time at which auth token expired */
		u64 renew_till; /* time to which auth token can be renewed */
		s32 is_skey; /* T if ticket is encrypted in another ticket's
		* skey */
		s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */
		struct krb5_principal client; /* client principal name */
		struct krb5_principal server; /* server principal name */
		u16 ticket_len; /* length of ticket */
		u16 ticket2_len; /* length of second ticket */
		u8 n_authdata; /* number of authorisation data elements */
		u8 n_addresses; /* number of addresses */
		struct krb5_tagged_data session; /* session data; tag is enctype */
		struct krb5_tagged_data addresses; / addresses */
		u8 ticket; / krb5 ticket */
		u8 ticket2; / second krb5 ticket, if related to ticket (via
		* DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
		struct krb5_tagged_data authdata; / authorisation data */
		};

		/*
		* list of tokens attached to an rxrpc key
		*/
		struct rxrpc_key_token {
		u16 security_index; /* RxRPC header security index */
		bool no_leak_key; /* Don't copy the key to userspace */
		struct rxrpc_key_token next; / the next token in the list */
		union {
		struct rxkad_key *kad;
		struct rxk5_key *k5;
		};
		};

		@@ -116,12 +68,6 @@ struct rxrpc_key_data_v1 {
		#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */
		#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */
		#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */
		#define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */
		#define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */
		#define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */
		#define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */
		#define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */
		#define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */

		/*
		* Truncate a time64_t to the range from 1970 to 2106 as in the network

include/linux/key-type.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -29,6 +29,7 @@ struct kernel_pkey_params;
		* clear the contents.
		*/
		struct key_preparsed_payload {
		const char orig_description; / Actual or proposed description (maybe NULL) */
		char description; / Proposed key description (or NULL) */
		union key_payload payload; /* Proposed payload */
		const void data; / Raw data */

net/rxrpc/Makefile

+1 −0

Original line number	Diff line number	Diff line
		@@ -28,6 +28,7 @@ rxrpc-y := \
		rtt.o \
		security.o \
		sendmsg.o \
		server_key.o \
		skbuff.o \
		utils.o

net/rxrpc/ar-internal.h

+43 −20

Original line number	Diff line number	Diff line
		@@ -12,6 +12,7 @@
		#include <net/netns/generic.h>
		#include <net/sock.h>
		#include <net/af_rxrpc.h>
		#include <keys/rxrpc-type.h>
		#include "protocol.h"

		#if 0
		@@ -34,6 +35,7 @@ struct rxrpc_crypt {
		#define rxrpc_queue_delayed_work(WS,D) \
		queue_delayed_work(rxrpc_workqueue, (WS), (D))

		struct key_preparsed_payload;
		struct rxrpc_connection;

		/*
		@@ -216,17 +218,30 @@ struct rxrpc_security {
		/* Clean up a security service */
		void (*exit)(void);

		/* Parse the information from a server key */
		int (preparse_server_key)(struct key_preparsed_payload );

		/* Clean up the preparse buffer after parsing a server key */
		void (free_preparse_server_key)(struct key_preparsed_payload );

		/* Destroy the payload of a server key */
		void (destroy_server_key)(struct key );

		/* Describe a server key */
		void (describe_server_key)(const struct key , struct seq_file *);

		/* initialise a connection's security */
		int (init_connection_security)(struct rxrpc_connection );
		int (init_connection_security)(struct rxrpc_connection ,
		struct rxrpc_key_token *);

		/* prime a connection's packet security */
		int (prime_packet_security)(struct rxrpc_connection );
		/* Work out how much data we can store in a packet, given an estimate
		* of the amount of data remaining.
		*/
		int (how_much_data)(struct rxrpc_call , size_t,
		size_t , size_t , size_t *);

		/* impose security on a packet */
		int (secure_packet)(struct rxrpc_call ,
		struct sk_buff *,
		size_t,
		void *);
		int (secure_packet)(struct rxrpc_call , struct sk_buff *, size_t);

		/* verify the security on a received packet */
		int (verify_packet)(struct rxrpc_call , struct sk_buff *,
		@@ -438,10 +453,15 @@ struct rxrpc_connection {
		struct list_head proc_link; /* link in procfs list */
		struct list_head link; /* link in master connection list */
		struct sk_buff_head rx_queue; /* received conn-level packets */

		const struct rxrpc_security security; / applied security module */
		struct key server_key; / security for this service */
		union {
		struct {
		struct crypto_sync_skcipher cipher; / encryption handle */
		struct rxrpc_crypt csum_iv; /* packet checksum base */
		u32 nonce; /* response re-use preventer */
		} rxkad;
		};
		unsigned long flags;
		unsigned long events;
		unsigned long idle_timestamp; /* Time at which last became idle */
		@@ -451,10 +471,7 @@ struct rxrpc_connection {
		int debug_id; /* debug ID for printks */
		atomic_t serial; /* packet serial number counter */
		unsigned int hi_serial; /* highest serial number received */
		u32 security_nonce; /* response re-use preventer */
		u32 service_id; /* Service ID, possibly upgraded */
		u8 size_align; /* data size alignment (for security) */
		u8 security_size; /* security header size */
		u8 security_ix; /* security type */
		u8 out_clientflag; /* RXRPC_CLIENT_INITIATED if we are client */
		u8 bundle_shift; /* Index into bundle->avail_chans */
		@@ -888,8 +905,7 @@ struct rxrpc_connection rxrpc_find_service_conn_rcu(struct rxrpc_peer ,
		struct sk_buff *);
		struct rxrpc_connection rxrpc_prealloc_service_connection(struct rxrpc_net , gfp_t);
		void rxrpc_new_incoming_connection(struct rxrpc_sock , struct rxrpc_connection ,
		const struct rxrpc_security , struct key ,
		struct sk_buff *);
		const struct rxrpc_security , struct sk_buff );
		void rxrpc_unpublish_service_conn(struct rxrpc_connection *);

		/*
		@@ -906,10 +922,8 @@ extern const struct rxrpc_security rxrpc_no_security;
		* key.c
		*/
		extern struct key_type key_type_rxrpc;
		extern struct key_type key_type_rxrpc_s;

		int rxrpc_request_key(struct rxrpc_sock *, sockptr_t , int);
		int rxrpc_server_keyring(struct rxrpc_sock *, sockptr_t, int);
		int rxrpc_get_server_data_key(struct rxrpc_connection , const void , time64_t,
		u32);

		@@ -1052,17 +1066,26 @@ extern const struct rxrpc_security rxkad;
		* security.c
		*/
		int __init rxrpc_init_security(void);
		const struct rxrpc_security *rxrpc_security_lookup(u8);
		void rxrpc_exit_security(void);
		int rxrpc_init_client_conn_security(struct rxrpc_connection *);
		bool rxrpc_look_up_server_security(struct rxrpc_local , struct rxrpc_sock ,
		const struct rxrpc_security , struct key ,
		const struct rxrpc_security rxrpc_get_incoming_security(struct rxrpc_sock ,
		struct sk_buff *);
		struct key rxrpc_look_up_server_security(struct rxrpc_connection ,
		struct sk_buff *, u32, u32);

		/*
		* sendmsg.c
		*/
		int rxrpc_do_sendmsg(struct rxrpc_sock , struct msghdr , size_t);

		/*
		* server_key.c
		*/
		extern struct key_type key_type_rxrpc_s;

		int rxrpc_server_keyring(struct rxrpc_sock *, sockptr_t, int);

		/*
		* skbuff.c
		*/

net/rxrpc/call_accept.c

+7 −7

Original line number	Diff line number	Diff line
		@@ -261,7 +261,6 @@ static struct rxrpc_call rxrpc_alloc_incoming_call(struct rxrpc_sock rx,
		struct rxrpc_peer *peer,
		struct rxrpc_connection *conn,
		const struct rxrpc_security *sec,
		struct key *key,
		struct sk_buff *skb)
		{
		struct rxrpc_backlog *b = rx->backlog;
		@@ -309,7 +308,7 @@ static struct rxrpc_call rxrpc_alloc_incoming_call(struct rxrpc_sock rx,
		conn->params.local = rxrpc_get_local(local);
		conn->params.peer = peer;
		rxrpc_see_connection(conn);
		rxrpc_new_incoming_connection(rx, conn, sec, key, skb);
		rxrpc_new_incoming_connection(rx, conn, sec, skb);
		} else {
		rxrpc_get_connection(conn);
		}
		@@ -353,7 +352,6 @@ struct rxrpc_call rxrpc_new_incoming_call(struct rxrpc_local local,
		struct rxrpc_connection *conn;
		struct rxrpc_peer *peer = NULL;
		struct rxrpc_call *call = NULL;
		struct key *key = NULL;

		_enter("");

		@@ -374,11 +372,13 @@ struct rxrpc_call rxrpc_new_incoming_call(struct rxrpc_local local,
		*/
		conn = rxrpc_find_connection_rcu(local, skb, &peer);

		if (!conn && !rxrpc_look_up_server_security(local, rx, &sec, &key, skb))
		if (!conn) {
		sec = rxrpc_get_incoming_security(rx, skb);
		if (!sec)
		goto no_call;
		}

		call = rxrpc_alloc_incoming_call(rx, local, peer, conn, sec, key, skb);
		key_put(key);
		call = rxrpc_alloc_incoming_call(rx, local, peer, conn, sec, skb);
		if (!call) {
		skb->mark = RXRPC_SKB_MARK_REJECT_BUSY;
		goto no_call;

Admin message