mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-30 14:34:51 +08:00
8c3e34a4ff
Rename files matching net/rxrpc/ar-*.c to get rid of the "ar-" prefix. This will aid splitting those files by making easier to come up with new names. Note that the not all files are simply renamed from ar-X.c to X.c. The following exceptions are made: (*) ar-call.c -> call_object.c ar-ack.c -> call_event.c call_object.c is going to contain the core of the call object handling. Call event handling is all going to be in call_event.c. (*) ar-accept.c -> call_accept.c Incoming call handling is going to be here. (*) ar-connection.c -> conn_object.c ar-connevent.c -> conn_event.c The former file is going to have the basic connection object handling, but there will likely be some differentiation between client connections and service connections in additional files later. The latter file will have all the connection-level event handling. (*) ar-local.c -> local_object.c This will have the local endpoint object handling code. The local endpoint event handling code will later be split out into local_event.c. (*) ar-peer.c -> peer_object.c This will have the peer endpoint object handling code. Peer event handling code will be placed in peer_event.c (for the moment, there is none). (*) ar-error.c -> peer_event.c This will become the peer event handling code, though for the moment it's actually driven from the local endpoint's perspective. Note that I haven't renamed ar-transport.c to transport_object.c as the intention is to delete it when the rxrpc_transport struct is excised. The only file that actually has its contents changed is net/rxrpc/Makefile. net/rxrpc/ar-internal.h will need its section marker comments updating, but I'll do that in a separate patch to make it easier for git to follow the history across the rename. I may also want to rename ar-internal.h at some point - but that would mean updating all the #includes and I'd rather do that in a separate step. Signed-off-by: David Howells <dhowells@redhat.com.
169 lines
3.6 KiB
C
169 lines
3.6 KiB
C
/* RxRPC security handling
|
|
*
|
|
* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/net.h>
|
|
#include <linux/skbuff.h>
|
|
#include <linux/udp.h>
|
|
#include <linux/crypto.h>
|
|
#include <net/sock.h>
|
|
#include <net/af_rxrpc.h>
|
|
#include <keys/rxrpc-type.h>
|
|
#include "ar-internal.h"
|
|
|
|
static LIST_HEAD(rxrpc_security_methods);
|
|
static DECLARE_RWSEM(rxrpc_security_sem);
|
|
|
|
static const struct rxrpc_security *rxrpc_security_types[] = {
|
|
[RXRPC_SECURITY_NONE] = &rxrpc_no_security,
|
|
#ifdef CONFIG_RXKAD
|
|
[RXRPC_SECURITY_RXKAD] = &rxkad,
|
|
#endif
|
|
};
|
|
|
|
int __init rxrpc_init_security(void)
|
|
{
|
|
int i, ret;
|
|
|
|
for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++) {
|
|
if (rxrpc_security_types[i]) {
|
|
ret = rxrpc_security_types[i]->init();
|
|
if (ret < 0)
|
|
goto failed;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
|
|
failed:
|
|
for (i--; i >= 0; i--)
|
|
if (rxrpc_security_types[i])
|
|
rxrpc_security_types[i]->exit();
|
|
return ret;
|
|
}
|
|
|
|
void rxrpc_exit_security(void)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < ARRAY_SIZE(rxrpc_security_types); i++)
|
|
if (rxrpc_security_types[i])
|
|
rxrpc_security_types[i]->exit();
|
|
}
|
|
|
|
/*
|
|
* look up an rxrpc security module
|
|
*/
|
|
static const struct rxrpc_security *rxrpc_security_lookup(u8 security_index)
|
|
{
|
|
if (security_index >= ARRAY_SIZE(rxrpc_security_types))
|
|
return NULL;
|
|
return rxrpc_security_types[security_index];
|
|
}
|
|
|
|
/*
|
|
* initialise the security on a client connection
|
|
*/
|
|
int rxrpc_init_client_conn_security(struct rxrpc_connection *conn)
|
|
{
|
|
const struct rxrpc_security *sec;
|
|
struct rxrpc_key_token *token;
|
|
struct key *key = conn->key;
|
|
int ret;
|
|
|
|
_enter("{%d},{%x}", conn->debug_id, key_serial(key));
|
|
|
|
if (!key)
|
|
return 0;
|
|
|
|
ret = key_validate(key);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
token = key->payload.data[0];
|
|
if (!token)
|
|
return -EKEYREJECTED;
|
|
|
|
sec = rxrpc_security_lookup(token->security_index);
|
|
if (!sec)
|
|
return -EKEYREJECTED;
|
|
conn->security = sec;
|
|
|
|
ret = conn->security->init_connection_security(conn);
|
|
if (ret < 0) {
|
|
conn->security = &rxrpc_no_security;
|
|
return ret;
|
|
}
|
|
|
|
_leave(" = 0");
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* initialise the security on a server connection
|
|
*/
|
|
int rxrpc_init_server_conn_security(struct rxrpc_connection *conn)
|
|
{
|
|
const struct rxrpc_security *sec;
|
|
struct rxrpc_local *local = conn->trans->local;
|
|
struct rxrpc_sock *rx;
|
|
struct key *key;
|
|
key_ref_t kref;
|
|
char kdesc[5 + 1 + 3 + 1];
|
|
|
|
_enter("");
|
|
|
|
sprintf(kdesc, "%u:%u", conn->service_id, conn->security_ix);
|
|
|
|
sec = rxrpc_security_lookup(conn->security_ix);
|
|
if (!sec) {
|
|
_leave(" = -ENOKEY [lookup]");
|
|
return -ENOKEY;
|
|
}
|
|
|
|
/* find the service */
|
|
read_lock_bh(&local->services_lock);
|
|
list_for_each_entry(rx, &local->services, listen_link) {
|
|
if (rx->srx.srx_service == conn->service_id)
|
|
goto found_service;
|
|
}
|
|
|
|
/* the service appears to have died */
|
|
read_unlock_bh(&local->services_lock);
|
|
_leave(" = -ENOENT");
|
|
return -ENOENT;
|
|
|
|
found_service:
|
|
if (!rx->securities) {
|
|
read_unlock_bh(&local->services_lock);
|
|
_leave(" = -ENOKEY");
|
|
return -ENOKEY;
|
|
}
|
|
|
|
/* look through the service's keyring */
|
|
kref = keyring_search(make_key_ref(rx->securities, 1UL),
|
|
&key_type_rxrpc_s, kdesc);
|
|
if (IS_ERR(kref)) {
|
|
read_unlock_bh(&local->services_lock);
|
|
_leave(" = %ld [search]", PTR_ERR(kref));
|
|
return PTR_ERR(kref);
|
|
}
|
|
|
|
key = key_ref_to_ptr(kref);
|
|
read_unlock_bh(&local->services_lock);
|
|
|
|
conn->server_key = key;
|
|
conn->security = sec;
|
|
|
|
_leave(" = 0");
|
|
return 0;
|
|
}
|