Home Explore Help
Register Sign In
dingyu
/
CooCenter-System-kernel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
CooCenter-Sy...
/
net
/
sunrpc
/
auth_gss
/
gss_generic_token.c

gss_generic_token.c 6.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234 
  1. /*
    2. 

  2.  *  linux/net/sunrpc/gss_generic_token.c
    3. 

  3.  *
    4. 

  4.  *  Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/generic/util_token.c
    5. 

  5.  *
    6. 

  6.  *  Copyright (c) 2000 The Regents of the University of Michigan.
    7. 

  7.  *  All rights reserved.
    8. 

  8.  *
    9. 

  9.  *  Andy Adamson   <andros@umich.edu>
    10. 

  10.  */
    11. 

  11. 

  12. /*
    13. 

  13.  * Copyright 1993 by OpenVision Technologies, Inc.
    14. 

  14.  *
    15. 

  15.  * Permission to use, copy, modify, distribute, and sell this software
    16. 

  16.  * and its documentation for any purpose is hereby granted without fee,
    17. 

  17.  * provided that the above copyright notice appears in all copies and
    18. 

  18.  * that both that copyright notice and this permission notice appear in
    19. 

  19.  * supporting documentation, and that the name of OpenVision not be used
    20. 

  20.  * in advertising or publicity pertaining to distribution of the software
    21. 

  21.  * without specific, written prior permission. OpenVision makes no
    22. 

  22.  * representations about the suitability of this software for any
    23. 

  23.  * purpose.  It is provided "as is" without express or implied warranty.
    24. 

  24.  *
    25. 

  25.  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
    26. 

  26.  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
    27. 

  27.  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
    28. 

  28.  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
    29. 

  29.  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
    30. 

  30.  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
    31. 

  31.  * PERFORMANCE OF THIS SOFTWARE.
    32. 

  32.  */
    33. 

  33. 

  34. #include <linux/types.h>
    35. 

  35. #include <linux/module.h>
    36. 

  36. #include <linux/string.h>
    37. 

  37. #include <linux/sunrpc/sched.h>
    38. 

  38. #include <linux/sunrpc/gss_asn1.h>
    39. 

  39. 

  40. 

  41. #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
    42. 

  42. # define RPCDBG_FACILITY        RPCDBG_AUTH
    43. 

  43. #endif
    44. 

  44. 

  45. 

  46. /* TWRITE_STR from gssapiP_generic.h */
    47. 

  47. #define TWRITE_STR(ptr, str, len) \
    48. 

  48. 	memcpy((ptr), (char *) (str), (len)); \
    49. 

  49. 	(ptr) += (len);
    50. 

  50. 

  51. /* XXXX this code currently makes the assumption that a mech oid will
    52. 

  52.    never be longer than 127 bytes.  This assumption is not inherent in
    53. 

  53.    the interfaces, so the code can be fixed if the OSI namespace
    54. 

  54.    balloons unexpectedly. */
    55. 

  55. 

  56. /* Each token looks like this:
    57. 

  57. 

  58. 0x60				tag for APPLICATION 0, SEQUENCE
    59. 

  59. 					(constructed, definite-length)
    60. 

  60. 	<length>		possible multiple bytes, need to parse/generate
    61. 

  61. 	0x06			tag for OBJECT IDENTIFIER
    62. 

  62. 		<moid_length>	compile-time constant string (assume 1 byte)
    63. 

  63. 		<moid_bytes>	compile-time constant string
    64. 

  64. 	<inner_bytes>		the ANY containing the application token
    65. 

  65. 					bytes 0,1 are the token type
    66. 

  66. 					bytes 2,n are the token data
    67. 

  67. 

  68. For the purposes of this abstraction, the token "header" consists of
    69. 

  69. the sequence tag and length octets, the mech OID DER encoding, and the
    70. 

  70. first two inner bytes, which indicate the token type.  The token
    71. 

  71. "body" consists of everything else.
    72. 

  72. 

  73. */
    74. 

  74. 

  75. static int
    76. 

  76. der_length_size( int length)
    77. 

  77. {
    78. 

  78. 	if (length < (1<<7))
    79. 

  79. 		return 1;
    80. 

  80. 	else if (length < (1<<8))
    81. 

  81. 		return 2;
    82. 

  82. #if (SIZEOF_INT == 2)
    83. 

  83. 	else
    84. 

  84. 		return 3;
    85. 

  85. #else
    86. 

  86. 	else if (length < (1<<16))
    87. 

  87. 		return 3;
    88. 

  88. 	else if (length < (1<<24))
    89. 

  89. 		return 4;
    90. 

  90. 	else
    91. 

  91. 		return 5;
    92. 

  92. #endif
    93. 

  93. }
    94. 

  94. 

  95. static void
    96. 

  96. der_write_length(unsigned char **buf, int length)
    97. 

  97. {
    98. 

  98. 	if (length < (1<<7)) {
    99. 

  99. 		*(*buf)++ = (unsigned char) length;
    100. 

  100. 	} else {
    101. 

  101. 		*(*buf)++ = (unsigned char) (der_length_size(length)+127);
    102. 

  102. #if (SIZEOF_INT > 2)
    103. 

  103. 		if (length >= (1<<24))
    104. 

  104. 			*(*buf)++ = (unsigned char) (length>>24);
    105. 

  105. 		if (length >= (1<<16))
    106. 

  106. 			*(*buf)++ = (unsigned char) ((length>>16)&0xff);
    107. 

  107. #endif
    108. 

  108. 		if (length >= (1<<8))
    109. 

  109. 			*(*buf)++ = (unsigned char) ((length>>8)&0xff);
    110. 

  110. 		*(*buf)++ = (unsigned char) (length&0xff);
    111. 

  111. 	}
    112. 

  112. }
    113. 

  113. 

  114. /* returns decoded length, or < 0 on failure.  Advances buf and
    115. 

  115.    decrements bufsize */
    116. 

  116. 

  117. static int
    118. 

  118. der_read_length(unsigned char **buf, int *bufsize)
    119. 

  119. {
    120. 

  120. 	unsigned char sf;
    121. 

  121. 	int ret;
    122. 

  122. 

  123. 	if (*bufsize < 1)
    124. 

  124. 		return -1;
    125. 

  125. 	sf = *(*buf)++;
    126. 

  126. 	(*bufsize)--;
    127. 

  127. 	if (sf & 0x80) {
    128. 

  128. 		if ((sf &= 0x7f) > ((*bufsize)-1))
    129. 

  129. 			return -1;
    130. 

  130. 		if (sf > SIZEOF_INT)
    131. 

  131. 			return -1;
    132. 

  132. 		ret = 0;
    133. 

  133. 		for (; sf; sf--) {
    134. 

  134. 			ret = (ret<<8) + (*(*buf)++);
    135. 

  135. 			(*bufsize)--;
    136. 

  136. 		}
    137. 

  137. 	} else {
    138. 

  138. 		ret = sf;
    139. 

  139. 	}
    140. 

  140. 

  141. 	return ret;
    142. 

  142. }
    143. 

  143. 

  144. /* returns the length of a token, given the mech oid and the body size */
    145. 

  145. 

  146. int
    147. 

  147. g_token_size(struct xdr_netobj *mech, unsigned int body_size)
    148. 

  148. {
    149. 

  149. 	/* set body_size to sequence contents size */
    150. 

  150. 	body_size += 2 + (int) mech->len;         /* NEED overflow check */
    151. 

  151. 	return 1 + der_length_size(body_size) + body_size;
    152. 

  152. }
    153. 

  153. 

  154. EXPORT_SYMBOL_GPL(g_token_size);
    155. 

  155. 

  156. /* fills in a buffer with the token header.  The buffer is assumed to
    157. 

  157.    be the right size.  buf is advanced past the token header */
    158. 

  158. 

  159. void
    160. 

  160. g_make_token_header(struct xdr_netobj *mech, int body_size, unsigned char **buf)
    161. 

  161. {
    162. 

  162. 	*(*buf)++ = 0x60;
    163. 

  163. 	der_write_length(buf, 2 + mech->len + body_size);
    164. 

  164. 	*(*buf)++ = 0x06;
    165. 

  165. 	*(*buf)++ = (unsigned char) mech->len;
    166. 

  166. 	TWRITE_STR(*buf, mech->data, ((int) mech->len));
    167. 

  167. }
    168. 

  168. 

  169. EXPORT_SYMBOL_GPL(g_make_token_header);
    170. 

  170. 

  171. /*
    172. 

  172.  * Given a buffer containing a token, reads and verifies the token,
    173. 

  173.  * leaving buf advanced past the token header, and setting body_size
    174. 

  174.  * to the number of remaining bytes.  Returns 0 on success,
    175. 

  175.  * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the
    176. 

  176.  * mechanism in the token does not match the mech argument.  buf and
    177. 

  177.  * *body_size are left unmodified on error.
    178. 

  178.  */
    179. 

  179. u32
    180. 

  180. g_verify_token_header(struct xdr_netobj *mech, int *body_size,
    181. 

  181. 		      unsigned char **buf_in, int toksize)
    182. 

  182. {
    183. 

  183. 	unsigned char *buf = *buf_in;
    184. 

  184. 	int seqsize;
    185. 

  185. 	struct xdr_netobj toid;
    186. 

  186. 	int ret = 0;
    187. 

  187. 

  188. 	if ((toksize-=1) < 0)
    189. 

  189. 		return G_BAD_TOK_HEADER;
    190. 

  190. 	if (*buf++ != 0x60)
    191. 

  191. 		return G_BAD_TOK_HEADER;
    192. 

  192. 

  193. 	if ((seqsize = der_read_length(&buf, &toksize)) < 0)
    194. 

  194. 		return G_BAD_TOK_HEADER;
    195. 

  195. 

  196. 	if (seqsize != toksize)
    197. 

  197. 		return G_BAD_TOK_HEADER;
    198. 

  198. 

  199. 	if ((toksize-=1) < 0)
    200. 

  200. 		return G_BAD_TOK_HEADER;
    201. 

  201. 	if (*buf++ != 0x06)
    202. 

  202. 		return G_BAD_TOK_HEADER;
    203. 

  203. 

  204. 	if ((toksize-=1) < 0)
    205. 

  205. 		return G_BAD_TOK_HEADER;
    206. 

  206. 	toid.len = *buf++;
    207. 

  207. 

  208. 	if ((toksize-=toid.len) < 0)
    209. 

  209. 		return G_BAD_TOK_HEADER;
    210. 

  210. 	toid.data = buf;
    211. 

  211. 	buf+=toid.len;
    212. 

  212. 

  213. 	if (! g_OID_equal(&toid, mech))
    214. 

  214. 		ret = G_WRONG_MECH;
    215. 

  215. 

  216.    /* G_WRONG_MECH is not returned immediately because it's more important
    217. 

  217.       to return G_BAD_TOK_HEADER if the token header is in fact bad */
    218. 

  218. 

  219. 	if ((toksize-=2) < 0)
    220. 

  220. 		return G_BAD_TOK_HEADER;
    221. 

  221. 

  222. 	if (ret)
    223. 

  223. 		return ret;
    224. 

  224. 

  225. 	if (!ret) {
    226. 

  226. 		*buf_in = buf;
    227. 

  227. 		*body_size = toksize;
    228. 

  228. 	}
    229. 

  229. 

  230. 	return ret;
    231. 

  231. }
    232. 

  232. 

  233. EXPORT_SYMBOL_GPL(g_verify_token_header);
    234. 

  234.