2 * fs/cifs/cifs_spnego.c -- SPNEGO upcall management for CIFS
4 * Copyright (c) 2007 Red Hat, Inc.
5 * Author(s): Jeff Layton (jlayton@redhat.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/list.h>
23 #include <linux/string.h>
24 #include <keys/user-type.h>
25 #include <linux/key-type.h>
27 #include "cifs_spnego.h"
28 #include "cifs_debug.h"
30 /* create a new cifs key */
32 cifs_spnego_key_instantiate(struct key
*key
, const void *data
, size_t datalen
)
38 payload
= kmalloc(datalen
, GFP_KERNEL
);
43 memcpy(payload
, data
, datalen
);
44 rcu_assign_pointer(key
->payload
.data
, payload
);
52 cifs_spnego_key_destroy(struct key
*key
)
54 kfree(key
->payload
.data
);
59 * keytype for CIFS spnego keys
61 struct key_type cifs_spnego_key_type
= {
62 .name
= "cifs.spnego",
63 .instantiate
= cifs_spnego_key_instantiate
,
65 .destroy
= cifs_spnego_key_destroy
,
66 .describe
= user_describe
,
69 #define MAX_VER_STR_LEN 8 /* length of longest version string e.g.
71 #define MAX_MECH_STR_LEN 13 /* length of longest security mechanism name, eg
72 in future could have strlen(";sec=ntlmsspi") */
73 #define MAX_IPV6_ADDR_LEN 42 /* eg FEDC:BA98:7654:3210:FEDC:BA98:7654:3210/60 */
74 /* get a key struct with a SPNEGO security blob, suitable for session setup */
76 cifs_get_spnego_key(struct cifsSesInfo
*sesInfo
)
78 struct TCP_Server_Info
*server
= sesInfo
->server
;
79 char *description
, *dp
;
81 struct key
*spnego_key
;
82 const char *hostname
= server
->hostname
;
84 /* length of fields (with semicolons): ver=0xyz ip4=ipaddress
85 host=hostname sec=mechanism uid=0xFF user=username */
86 desc_len
= MAX_VER_STR_LEN
+
87 6 /* len of "host=" */ + strlen(hostname
) +
88 5 /* len of ";ipv4=" */ + MAX_IPV6_ADDR_LEN
+
90 7 /* len of ";uid=0x" */ + (sizeof(uid_t
) * 2) +
91 6 /* len of ";user=" */ + strlen(sesInfo
->userName
) + 1;
93 spnego_key
= ERR_PTR(-ENOMEM
);
94 description
= kzalloc(desc_len
, GFP_KERNEL
);
95 if (description
== NULL
)
99 /* start with version and hostname portion of UNC string */
100 spnego_key
= ERR_PTR(-EINVAL
);
101 sprintf(dp
, "ver=0x%x;host=%s;", CIFS_SPNEGO_UPCALL_VERSION
,
103 dp
= description
+ strlen(description
);
105 /* add the server address */
106 if (server
->addr
.sockAddr
.sin_family
== AF_INET
)
107 sprintf(dp
, "ip4=" NIPQUAD_FMT
,
108 NIPQUAD(server
->addr
.sockAddr
.sin_addr
));
109 else if (server
->addr
.sockAddr
.sin_family
== AF_INET6
)
110 sprintf(dp
, "ip6=" NIP6_SEQFMT
,
111 NIP6(server
->addr
.sockAddr6
.sin6_addr
));
115 dp
= description
+ strlen(description
);
117 /* for now, only sec=krb5 and sec=mskrb5 are valid */
118 if (server
->secType
== Kerberos
)
119 sprintf(dp
, ";sec=krb5");
120 else if (server
->secType
== MSKerberos
)
121 sprintf(dp
, ";sec=mskrb5");
125 dp
= description
+ strlen(description
);
126 sprintf(dp
, ";uid=0x%x", sesInfo
->linux_uid
);
128 dp
= description
+ strlen(description
);
129 sprintf(dp
, ";user=%s", sesInfo
->userName
);
131 cFYI(1, ("key description = %s", description
));
132 spnego_key
= request_key(&cifs_spnego_key_type
, description
, "");
134 #ifdef CONFIG_CIFS_DEBUG2
135 if (cifsFYI
&& !IS_ERR(spnego_key
)) {
136 struct cifs_spnego_msg
*msg
= spnego_key
->payload
.data
;
137 cifs_dump_mem("SPNEGO reply blob:", msg
->data
, min(1024U,
138 msg
->secblob_len
+ msg
->sesskey_len
));
140 #endif /* CONFIG_CIFS_DEBUG2 */