Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
phyus
/
linux-vybrid_public
8
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: 5af7fa6810
Atzari Tagi
linux-vybrid_pu...
/
net
/
sunrpc
/
auth_gss
/
gss_generic_token.c

gss_generic_token.c 6.1 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235 
  1. /*
    2. 

  2.  *  linux/net/sunrpc/gss_generic_token.c
    3. 

  3.  *
    4. 

  4.  *  Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/generic/util_token.c
    5. 

  5.  *
    6. 

  6.  *  Copyright (c) 2000 The Regents of the University of Michigan.
    7. 

  7.  *  All rights reserved.
    8. 

  8.  *
    9. 

  9.  *  Andy Adamson   <andros@umich.edu>
    10. 

  10.  */
    11. 

  11. 

  12. /*
    13. 

  13.  * Copyright 1993 by OpenVision Technologies, Inc.
    14. 

  14.  *
    15. 

  15.  * Permission to use, copy, modify, distribute, and sell this software
    16. 

  16.  * and its documentation for any purpose is hereby granted without fee,
    17. 

  17.  * provided that the above copyright notice appears in all copies and
    18. 

  18.  * that both that copyright notice and this permission notice appear in
    19. 

  19.  * supporting documentation, and that the name of OpenVision not be used
    20. 

  20.  * in advertising or publicity pertaining to distribution of the software
    21. 

  21.  * without specific, written prior permission. OpenVision makes no
    22. 

  22.  * representations about the suitability of this software for any
    23. 

  23.  * purpose.  It is provided "as is" without express or implied warranty.
    24. 

  24.  *
    25. 

  25.  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
    26. 

  26.  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
    27. 

  27.  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
    28. 

  28.  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
    29. 

  29.  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
    30. 

  30.  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
    31. 

  31.  * PERFORMANCE OF THIS SOFTWARE.
    32. 

  32.  */
    33. 

  33. 

  34. #include <linux/types.h>
    35. 

  35. #include <linux/module.h>
    36. 

  36. #include <linux/slab.h>
    37. 

  37. #include <linux/string.h>
    38. 

  38. #include <linux/sunrpc/sched.h>
    39. 

  39. #include <linux/sunrpc/gss_asn1.h>
    40. 

  40. 

  41. 

  42. #ifdef RPC_DEBUG
    43. 

  43. # define RPCDBG_FACILITY        RPCDBG_AUTH
    44. 

  44. #endif
    45. 

  45. 

  46. 

  47. /* TWRITE_STR from gssapiP_generic.h */
    48. 

  48. #define TWRITE_STR(ptr, str, len) \
    49. 

  49. 	memcpy((ptr), (char *) (str), (len)); \
    50. 

  50. 	(ptr) += (len);
    51. 

  51. 

  52. /* XXXX this code currently makes the assumption that a mech oid will
    53. 

  53.    never be longer than 127 bytes.  This assumption is not inherent in
    54. 

  54.    the interfaces, so the code can be fixed if the OSI namespace
    55. 

  55.    balloons unexpectedly. */
    56. 

  56. 

  57. /* Each token looks like this:
    58. 

  58. 

  59. 0x60				tag for APPLICATION 0, SEQUENCE
    60. 

  60. 					(constructed, definite-length)
    61. 

  61. 	<length>		possible multiple bytes, need to parse/generate
    62. 

  62. 	0x06			tag for OBJECT IDENTIFIER
    63. 

  63. 		<moid_length>	compile-time constant string (assume 1 byte)
    64. 

  64. 		<moid_bytes>	compile-time constant string
    65. 

  65. 	<inner_bytes>		the ANY containing the application token
    66. 

  66. 					bytes 0,1 are the token type
    67. 

  67. 					bytes 2,n are the token data
    68. 

  68. 

  69. For the purposes of this abstraction, the token "header" consists of
    70. 

  70. the sequence tag and length octets, the mech OID DER encoding, and the
    71. 

  71. first two inner bytes, which indicate the token type.  The token
    72. 

  72. "body" consists of everything else.
    73. 

  73. 

  74. */
    75. 

  75. 

  76. static int
    77. 

  77. der_length_size( int length)
    78. 

  78. {
    79. 

  79. 	if (length < (1<<7))
    80. 

  80. 		return(1);
    81. 

  81. 	else if (length < (1<<8))
    82. 

  82. 		return(2);
    83. 

  83. #if (SIZEOF_INT == 2)
    84. 

  84. 	else
    85. 

  85. 		return(3);
    86. 

  86. #else
    87. 

  87. 	else if (length < (1<<16))
    88. 

  88. 		return(3);
    89. 

  89. 	else if (length < (1<<24))
    90. 

  90. 		return(4);
    91. 

  91. 	else
    92. 

  92. 		return(5);
    93. 

  93. #endif
    94. 

  94. }
    95. 

  95. 

  96. static void
    97. 

  97. der_write_length(unsigned char **buf, int length)
    98. 

  98. {
    99. 

  99. 	if (length < (1<<7)) {
    100. 

  100. 		*(*buf)++ = (unsigned char) length;
    101. 

  101. 	} else {
    102. 

  102. 		*(*buf)++ = (unsigned char) (der_length_size(length)+127);
    103. 

  103. #if (SIZEOF_INT > 2)
    104. 

  104. 		if (length >= (1<<24))
    105. 

  105. 			*(*buf)++ = (unsigned char) (length>>24);
    106. 

  106. 		if (length >= (1<<16))
    107. 

  107. 			*(*buf)++ = (unsigned char) ((length>>16)&0xff);
    108. 

  108. #endif
    109. 

  109. 		if (length >= (1<<8))
    110. 

  110. 			*(*buf)++ = (unsigned char) ((length>>8)&0xff);
    111. 

  111. 		*(*buf)++ = (unsigned char) (length&0xff);
    112. 

  112. 	}
    113. 

  113. }
    114. 

  114. 

  115. /* returns decoded length, or < 0 on failure.  Advances buf and
    116. 

  116.    decrements bufsize */
    117. 

  117. 

  118. static int
    119. 

  119. der_read_length(unsigned char **buf, int *bufsize)
    120. 

  120. {
    121. 

  121. 	unsigned char sf;
    122. 

  122. 	int ret;
    123. 

  123. 

  124. 	if (*bufsize < 1)
    125. 

  125. 		return(-1);
    126. 

  126. 	sf = *(*buf)++;
    127. 

  127. 	(*bufsize)--;
    128. 

  128. 	if (sf & 0x80) {
    129. 

  129. 		if ((sf &= 0x7f) > ((*bufsize)-1))
    130. 

  130. 			return(-1);
    131. 

  131. 		if (sf > SIZEOF_INT)
    132. 

  132. 			return (-1);
    133. 

  133. 		ret = 0;
    134. 

  134. 		for (; sf; sf--) {
    135. 

  135. 			ret = (ret<<8) + (*(*buf)++);
    136. 

  136. 			(*bufsize)--;
    137. 

  137. 		}
    138. 

  138. 	} else {
    139. 

  139. 		ret = sf;
    140. 

  140. 	}
    141. 

  141. 

  142. 	return(ret);
    143. 

  143. }
    144. 

  144. 

  145. /* returns the length of a token, given the mech oid and the body size */
    146. 

  146. 

  147. int
    148. 

  148. g_token_size(struct xdr_netobj *mech, unsigned int body_size)
    149. 

  149. {
    150. 

  150. 	/* set body_size to sequence contents size */
    151. 

  151. 	body_size += 2 + (int) mech->len;         /* NEED overflow check */
    152. 

  152. 	return(1 + der_length_size(body_size) + body_size);
    153. 

  153. }
    154. 

  154. 

  155. EXPORT_SYMBOL_GPL(g_token_size);
    156. 

  156. 

  157. /* fills in a buffer with the token header.  The buffer is assumed to
    158. 

  158.    be the right size.  buf is advanced past the token header */
    159. 

  159. 

  160. void
    161. 

  161. g_make_token_header(struct xdr_netobj *mech, int body_size, unsigned char **buf)
    162. 

  162. {
    163. 

  163. 	*(*buf)++ = 0x60;
    164. 

  164. 	der_write_length(buf, 2 + mech->len + body_size);
    165. 

  165. 	*(*buf)++ = 0x06;
    166. 

  166. 	*(*buf)++ = (unsigned char) mech->len;
    167. 

  167. 	TWRITE_STR(*buf, mech->data, ((int) mech->len));
    168. 

  168. }
    169. 

  169. 

  170. EXPORT_SYMBOL_GPL(g_make_token_header);
    171. 

  171. 

  172. /*
    173. 

  173.  * Given a buffer containing a token, reads and verifies the token,
    174. 

  174.  * leaving buf advanced past the token header, and setting body_size
    175. 

  175.  * to the number of remaining bytes.  Returns 0 on success,
    176. 

  176.  * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the
    177. 

  177.  * mechanism in the token does not match the mech argument.  buf and
    178. 

  178.  * *body_size are left unmodified on error.
    179. 

  179.  */
    180. 

  180. u32
    181. 

  181. g_verify_token_header(struct xdr_netobj *mech, int *body_size,
    182. 

  182. 		      unsigned char **buf_in, int toksize)
    183. 

  183. {
    184. 

  184. 	unsigned char *buf = *buf_in;
    185. 

  185. 	int seqsize;
    186. 

  186. 	struct xdr_netobj toid;
    187. 

  187. 	int ret = 0;
    188. 

  188. 

  189. 	if ((toksize-=1) < 0)
    190. 

  190. 		return(G_BAD_TOK_HEADER);
    191. 

  191. 	if (*buf++ != 0x60)
    192. 

  192. 		return(G_BAD_TOK_HEADER);
    193. 

  193. 

  194. 	if ((seqsize = der_read_length(&buf, &toksize)) < 0)
    195. 

  195. 		return(G_BAD_TOK_HEADER);
    196. 

  196. 

  197. 	if (seqsize != toksize)
    198. 

  198. 		return(G_BAD_TOK_HEADER);
    199. 

  199. 

  200. 	if ((toksize-=1) < 0)
    201. 

  201. 		return(G_BAD_TOK_HEADER);
    202. 

  202. 	if (*buf++ != 0x06)
    203. 

  203. 		return(G_BAD_TOK_HEADER);
    204. 

  204. 

  205. 	if ((toksize-=1) < 0)
    206. 

  206. 		return(G_BAD_TOK_HEADER);
    207. 

  207. 	toid.len = *buf++;
    208. 

  208. 

  209. 	if ((toksize-=toid.len) < 0)
    210. 

  210. 		return(G_BAD_TOK_HEADER);
    211. 

  211. 	toid.data = buf;
    212. 

  212. 	buf+=toid.len;
    213. 

  213. 

  214. 	if (! g_OID_equal(&toid, mech))
    215. 

  215. 		ret = G_WRONG_MECH;
    216. 

  216. 

  217.    /* G_WRONG_MECH is not returned immediately because it's more important
    218. 

  218.       to return G_BAD_TOK_HEADER if the token header is in fact bad */
    219. 

  219. 

  220. 	if ((toksize-=2) < 0)
    221. 

  221. 		return(G_BAD_TOK_HEADER);
    222. 

  222. 

  223. 	if (ret)
    224. 

  224. 		return(ret);
    225. 

  225. 

  226. 	if (!ret) {
    227. 

  227. 		*buf_in = buf;
    228. 

  228. 		*body_size = toksize;
    229. 

  229. 	}
    230. 

  230. 

  231. 	return(ret);
    232. 

  232. }
    233. 

  233. 

  234. EXPORT_SYMBOL_GPL(g_verify_token_header);
    235. 

  235.