2010-03-17 17:02:51 +00:00
|
|
|
/*
|
|
|
|
|
* COPYRIGHT (c) 2008
|
|
|
|
|
* The Regents of the University of Michigan
|
|
|
|
|
* ALL RIGHTS RESERVED
|
|
|
|
|
*
|
|
|
|
|
* Permission is granted to use, copy, create derivative works
|
|
|
|
|
* and redistribute this software and such derivative works
|
|
|
|
|
* for any purpose, so long as the name of The University of
|
|
|
|
|
* Michigan is not used in any advertising or publicity
|
|
|
|
|
* pertaining to the use of distribution of this software
|
|
|
|
|
* without specific, written prior authorization. If the
|
|
|
|
|
* above copyright notice or any other identification of the
|
|
|
|
|
* University of Michigan is included in any copy of any
|
|
|
|
|
* portion of this software, then the disclaimer below must
|
|
|
|
|
* also be included.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
|
|
|
|
|
* FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
|
|
|
|
|
* PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
|
|
|
|
|
* MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
|
|
|
|
|
* WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
|
|
|
|
|
* REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
|
|
|
|
|
* FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
|
|
|
|
|
* CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
|
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
|
|
|
|
|
* IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGES.
|
|
|
|
|
*/
|
|
|
|
|
|
2016-01-24 13:17:59 +00:00
|
|
|
#include <crypto/skcipher.h>
|
2005-10-13 20:55:13 +00:00
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <linux/jiffies.h>
|
|
|
|
|
#include <linux/sunrpc/gss_krb5.h>
|
|
|
|
|
#include <linux/random.h>
|
|
|
|
|
#include <linux/pagemap.h>
|
|
|
|
|
|
2014-11-17 21:58:04 +00:00
|
|
|
#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
|
2005-10-13 20:55:13 +00:00
|
|
|
# define RPCDBG_FACILITY RPCDBG_AUTH
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
static inline int
|
|
|
|
|
gss_krb5_padding(int blocksize, int length)
|
|
|
|
|
{
|
2010-03-17 17:02:48 +00:00
|
|
|
return blocksize - (length % blocksize);
|
2005-10-13 20:55:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline void
|
|
|
|
|
gss_krb5_add_padding(struct xdr_buf *buf, int offset, int blocksize)
|
|
|
|
|
{
|
|
|
|
|
int padding = gss_krb5_padding(blocksize, buf->len - offset);
|
|
|
|
|
char *p;
|
|
|
|
|
struct kvec *iov;
|
|
|
|
|
|
|
|
|
|
if (buf->page_len || buf->tail[0].iov_len)
|
|
|
|
|
iov = &buf->tail[0];
|
|
|
|
|
else
|
|
|
|
|
iov = &buf->head[0];
|
|
|
|
|
p = iov->iov_base + iov->iov_len;
|
|
|
|
|
iov->iov_len += padding;
|
|
|
|
|
buf->len += padding;
|
|
|
|
|
memset(p, padding, padding);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline int
|
|
|
|
|
gss_krb5_remove_padding(struct xdr_buf *buf, int blocksize)
|
|
|
|
|
{
|
|
|
|
|
u8 *ptr;
|
|
|
|
|
u8 pad;
|
2007-09-26 18:38:10 +00:00
|
|
|
size_t len = buf->len;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
|
|
|
|
if (len <= buf->head[0].iov_len) {
|
|
|
|
|
pad = *(u8 *)(buf->head[0].iov_base + len - 1);
|
|
|
|
|
if (pad > buf->head[0].iov_len)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
buf->head[0].iov_len -= pad;
|
|
|
|
|
goto out;
|
|
|
|
|
} else
|
|
|
|
|
len -= buf->head[0].iov_len;
|
|
|
|
|
if (len <= buf->page_len) {
|
2007-09-26 18:38:10 +00:00
|
|
|
unsigned int last = (buf->page_base + len - 1)
|
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time
ago with promise that one day it will be possible to implement page
cache with bigger chunks than PAGE_SIZE.
This promise never materialized. And unlikely will.
We have many places where PAGE_CACHE_SIZE assumed to be equal to
PAGE_SIZE. And it's constant source of confusion on whether
PAGE_CACHE_* or PAGE_* constant should be used in a particular case,
especially on the border between fs and mm.
Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much
breakage to be doable.
Let's stop pretending that pages in page cache are special. They are
not.
The changes are pretty straight-forward:
- <foo> << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- <foo> >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN};
- page_cache_get() -> get_page();
- page_cache_release() -> put_page();
This patch contains automated changes generated with coccinelle using
script below. For some reason, coccinelle doesn't patch header files.
I've called spatch for them manually.
The only adjustment after coccinelle is revert of changes to
PAGE_CAHCE_ALIGN definition: we are going to drop it later.
There are few places in the code where coccinelle didn't reach. I'll
fix them manually in a separate patch. Comments and documentation also
will be addressed with the separate patch.
virtual patch
@@
expression E;
@@
- E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
expression E;
@@
- E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
@@
- PAGE_CACHE_SHIFT
+ PAGE_SHIFT
@@
@@
- PAGE_CACHE_SIZE
+ PAGE_SIZE
@@
@@
- PAGE_CACHE_MASK
+ PAGE_MASK
@@
expression E;
@@
- PAGE_CACHE_ALIGN(E)
+ PAGE_ALIGN(E)
@@
expression E;
@@
- page_cache_get(E)
+ get_page(E)
@@
expression E;
@@
- page_cache_release(E)
+ put_page(E)
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-04-01 12:29:47 +00:00
|
|
|
>>PAGE_SHIFT;
|
2007-09-26 18:38:10 +00:00
|
|
|
unsigned int offset = (buf->page_base + len - 1)
|
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time
ago with promise that one day it will be possible to implement page
cache with bigger chunks than PAGE_SIZE.
This promise never materialized. And unlikely will.
We have many places where PAGE_CACHE_SIZE assumed to be equal to
PAGE_SIZE. And it's constant source of confusion on whether
PAGE_CACHE_* or PAGE_* constant should be used in a particular case,
especially on the border between fs and mm.
Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much
breakage to be doable.
Let's stop pretending that pages in page cache are special. They are
not.
The changes are pretty straight-forward:
- <foo> << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- <foo> >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN};
- page_cache_get() -> get_page();
- page_cache_release() -> put_page();
This patch contains automated changes generated with coccinelle using
script below. For some reason, coccinelle doesn't patch header files.
I've called spatch for them manually.
The only adjustment after coccinelle is revert of changes to
PAGE_CAHCE_ALIGN definition: we are going to drop it later.
There are few places in the code where coccinelle didn't reach. I'll
fix them manually in a separate patch. Comments and documentation also
will be addressed with the separate patch.
virtual patch
@@
expression E;
@@
- E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
expression E;
@@
- E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
@@
- PAGE_CACHE_SHIFT
+ PAGE_SHIFT
@@
@@
- PAGE_CACHE_SIZE
+ PAGE_SIZE
@@
@@
- PAGE_CACHE_MASK
+ PAGE_MASK
@@
expression E;
@@
- PAGE_CACHE_ALIGN(E)
+ PAGE_ALIGN(E)
@@
expression E;
@@
- page_cache_get(E)
+ get_page(E)
@@
expression E;
@@
- page_cache_release(E)
+ put_page(E)
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-04-01 12:29:47 +00:00
|
|
|
& (PAGE_SIZE - 1);
|
2011-11-25 15:14:40 +00:00
|
|
|
ptr = kmap_atomic(buf->pages[last]);
|
2005-10-13 20:55:13 +00:00
|
|
|
pad = *(ptr + offset);
|
2011-11-25 15:14:40 +00:00
|
|
|
kunmap_atomic(ptr);
|
2005-10-13 20:55:13 +00:00
|
|
|
goto out;
|
|
|
|
|
} else
|
|
|
|
|
len -= buf->page_len;
|
|
|
|
|
BUG_ON(len > buf->tail[0].iov_len);
|
|
|
|
|
pad = *(u8 *)(buf->tail[0].iov_base + len - 1);
|
|
|
|
|
out:
|
|
|
|
|
/* XXX: NOTE: we do not adjust the page lengths--they represent
|
|
|
|
|
* a range of data in the real filesystem page cache, and we need
|
|
|
|
|
* to know that range so the xdr code can properly place read data.
|
|
|
|
|
* However adjusting the head length, as we do above, is harmless.
|
|
|
|
|
* In the case of a request that fits into a single page, the server
|
|
|
|
|
* also uses length and head length together to determine the original
|
|
|
|
|
* start of the request to copy the request for deferal; so it's
|
|
|
|
|
* easier on the server if we adjust head and tail length in tandem.
|
|
|
|
|
* It's not really a problem that we don't fool with the page and
|
|
|
|
|
* tail lengths, though--at worst badly formed xdr might lead the
|
|
|
|
|
* server to attempt to parse the padding.
|
|
|
|
|
* XXX: Document all these weird requirements for gss mechanism
|
|
|
|
|
* wrap/unwrap functions. */
|
|
|
|
|
if (pad > blocksize)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
if (buf->len > pad)
|
|
|
|
|
buf->len -= pad;
|
|
|
|
|
else
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-17 17:03:00 +00:00
|
|
|
void
|
|
|
|
|
gss_krb5_make_confounder(char *p, u32 conflen)
|
2005-10-13 20:55:13 +00:00
|
|
|
{
|
|
|
|
|
static u64 i = 0;
|
|
|
|
|
u64 *q = (u64 *)p;
|
|
|
|
|
|
|
|
|
|
/* rfc1964 claims this should be "random". But all that's really
|
|
|
|
|
* necessary is that it be unique. And not even that is necessary in
|
|
|
|
|
* our case since our "gssapi" implementation exists only to support
|
|
|
|
|
* rpcsec_gss, so we know that the only buffers we will ever encrypt
|
|
|
|
|
* already begin with a unique sequence number. Just to hedge my bets
|
|
|
|
|
* I'll make a half-hearted attempt at something unique, but ensuring
|
|
|
|
|
* uniqueness would mean worrying about atomicity and rollover, and I
|
|
|
|
|
* don't care enough. */
|
|
|
|
|
|
2008-04-30 16:46:08 +00:00
|
|
|
/* initialize to random value */
|
|
|
|
|
if (i == 0) {
|
2022-10-05 15:43:22 +00:00
|
|
|
i = get_random_u32();
|
|
|
|
|
i = (i << 32) | get_random_u32();
|
2008-04-30 16:46:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (conflen) {
|
|
|
|
|
case 16:
|
|
|
|
|
*q++ = i++;
|
2020-08-23 22:36:59 +00:00
|
|
|
fallthrough;
|
2008-04-30 16:46:08 +00:00
|
|
|
case 8:
|
|
|
|
|
*q++ = i++;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
BUG();
|
|
|
|
|
}
|
2005-10-13 20:55:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Assumptions: the head and tail of inbuf are ours to play with.
|
|
|
|
|
* The pages, however, may be real pages in the page cache and we replace
|
|
|
|
|
* them with scratch pages from **pages before writing to them. */
|
|
|
|
|
/* XXX: obviously the above should be documentation of wrap interface,
|
|
|
|
|
* and shouldn't be in this kerberos-specific file. */
|
|
|
|
|
|
|
|
|
|
/* XXX factor out common code with seal/unseal. */
|
|
|
|
|
|
2010-03-17 17:02:49 +00:00
|
|
|
static u32
|
|
|
|
|
gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
|
2005-10-13 20:55:13 +00:00
|
|
|
struct xdr_buf *buf, struct page **pages)
|
|
|
|
|
{
|
2010-03-17 17:02:51 +00:00
|
|
|
char cksumdata[GSS_KRB5_MAX_CKSUM_LEN];
|
|
|
|
|
struct xdr_netobj md5cksum = {.len = sizeof(cksumdata),
|
|
|
|
|
.data = cksumdata};
|
2005-10-13 20:55:13 +00:00
|
|
|
int blocksize = 0, plainlen;
|
2008-04-30 16:45:53 +00:00
|
|
|
unsigned char *ptr, *msg_start;
|
2018-06-07 15:02:50 +00:00
|
|
|
time64_t now;
|
2005-10-13 20:55:13 +00:00
|
|
|
int headlen;
|
|
|
|
|
struct page **tmp_pages;
|
2006-03-21 04:24:04 +00:00
|
|
|
u32 seq_send;
|
2010-03-17 17:02:52 +00:00
|
|
|
u8 *cksumkey;
|
2010-03-17 17:03:05 +00:00
|
|
|
u32 conflen = kctx->gk5e->conflen;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2010-03-17 17:02:51 +00:00
|
|
|
dprintk("RPC: %s\n", __func__);
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2018-06-07 15:02:50 +00:00
|
|
|
now = ktime_get_real_seconds();
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2018-09-19 02:10:39 +00:00
|
|
|
blocksize = crypto_sync_skcipher_blocksize(kctx->enc);
|
2005-10-13 20:55:13 +00:00
|
|
|
gss_krb5_add_padding(buf, offset, blocksize);
|
|
|
|
|
BUG_ON((buf->len - offset) % blocksize);
|
2010-03-17 17:03:05 +00:00
|
|
|
plainlen = conflen + buf->len - offset;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2010-03-17 17:02:51 +00:00
|
|
|
headlen = g_token_size(&kctx->mech_used,
|
|
|
|
|
GSS_KRB5_TOK_HDR_LEN + kctx->gk5e->cksumlength + plainlen) -
|
|
|
|
|
(buf->len - offset);
|
2005-10-13 20:55:13 +00:00
|
|
|
|
|
|
|
|
ptr = buf->head[0].iov_base + offset;
|
|
|
|
|
/* shift data to make room for header. */
|
2010-03-17 17:02:46 +00:00
|
|
|
xdr_extend_head(buf, offset, headlen);
|
|
|
|
|
|
2005-10-13 20:55:13 +00:00
|
|
|
/* XXX Would be cleverer to encrypt while copying. */
|
|
|
|
|
BUG_ON((buf->len - offset - headlen) % blocksize);
|
|
|
|
|
|
2008-04-30 16:45:53 +00:00
|
|
|
g_make_token_header(&kctx->mech_used,
|
2010-03-17 17:02:51 +00:00
|
|
|
GSS_KRB5_TOK_HDR_LEN +
|
|
|
|
|
kctx->gk5e->cksumlength + plainlen, &ptr);
|
2005-10-13 20:55:13 +00:00
|
|
|
|
|
|
|
|
|
2008-04-30 16:45:53 +00:00
|
|
|
/* ptr now at header described in rfc 1964, section 1.2.1: */
|
|
|
|
|
ptr[0] = (unsigned char) ((KG_TOK_WRAP_MSG >> 8) & 0xff);
|
|
|
|
|
ptr[1] = (unsigned char) (KG_TOK_WRAP_MSG & 0xff);
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2010-03-17 17:02:51 +00:00
|
|
|
msg_start = ptr + GSS_KRB5_TOK_HDR_LEN + kctx->gk5e->cksumlength;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2014-07-16 10:52:21 +00:00
|
|
|
/*
|
|
|
|
|
* signalg and sealalg are stored as if they were converted from LE
|
|
|
|
|
* to host endian, even though they're opaque pairs of bytes according
|
|
|
|
|
* to the RFC.
|
|
|
|
|
*/
|
|
|
|
|
*(__le16 *)(ptr + 2) = cpu_to_le16(kctx->gk5e->signalg);
|
|
|
|
|
*(__le16 *)(ptr + 4) = cpu_to_le16(kctx->gk5e->sealalg);
|
|
|
|
|
ptr[6] = 0xff;
|
|
|
|
|
ptr[7] = 0xff;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2010-03-17 17:03:05 +00:00
|
|
|
gss_krb5_make_confounder(msg_start, conflen);
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2010-03-17 17:02:52 +00:00
|
|
|
if (kctx->gk5e->keyed_cksum)
|
|
|
|
|
cksumkey = kctx->cksum;
|
|
|
|
|
else
|
|
|
|
|
cksumkey = NULL;
|
|
|
|
|
|
2005-10-13 20:55:13 +00:00
|
|
|
/* XXXJBF: UGH!: */
|
|
|
|
|
tmp_pages = buf->pages;
|
|
|
|
|
buf->pages = pages;
|
2010-03-17 17:03:05 +00:00
|
|
|
if (make_checksum(kctx, ptr, 8, buf, offset + headlen - conflen,
|
2010-03-17 17:03:02 +00:00
|
|
|
cksumkey, KG_USAGE_SEAL, &md5cksum))
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_FAILURE;
|
2005-10-13 20:55:13 +00:00
|
|
|
buf->pages = tmp_pages;
|
|
|
|
|
|
2010-03-17 17:02:52 +00:00
|
|
|
memcpy(ptr + GSS_KRB5_TOK_HDR_LEN, md5cksum.data, md5cksum.len);
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2018-11-01 17:51:34 +00:00
|
|
|
seq_send = atomic_fetch_inc(&kctx->seq_send);
|
2006-03-21 04:24:04 +00:00
|
|
|
|
2005-10-13 20:55:13 +00:00
|
|
|
/* XXX would probably be more efficient to compute checksum
|
|
|
|
|
* and encrypt at the same time: */
|
2010-03-17 17:03:04 +00:00
|
|
|
if ((krb5_make_seq_num(kctx, kctx->seq, kctx->initiate ? 0 : 0xff,
|
2008-04-30 16:45:53 +00:00
|
|
|
seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8)))
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_FAILURE;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
SUNRPC: remove RC4-HMAC-MD5 support from KerberosV
The RC4-HMAC-MD5 KerberosV algorithm is based on RFC 4757 [0], which
was specifically issued for interoperability with Windows 2000, but was
never intended to receive the same level of support. The RFC says
The IETF Kerberos community supports publishing this specification as
an informational document in order to describe this widely
implemented technology. However, while these encryption types
provide the operations necessary to implement the base Kerberos
specification [RFC4120], they do not provide all the required
operations in the Kerberos cryptography framework [RFC3961]. As a
result, it is not generally possible to implement potential
extensions to Kerberos using these encryption types. The Kerberos
encryption type negotiation mechanism [RFC4537] provides one approach
for using such extensions even when a Kerberos infrastructure uses
long-term RC4 keys. Because this specification does not implement
operations required by RFC 3961 and because of security concerns with
the use of RC4 and MD4 discussed in Section 8, this specification is
not appropriate for publication on the standards track.
The RC4-HMAC encryption types are used to ease upgrade of existing
Windows NT environments, provide strong cryptography (128-bit key
lengths), and provide exportable (meet United States government
export restriction requirements) encryption. This document describes
the implementation of those encryption types.
Furthermore, this RFC was re-classified as 'historic' by RFC 8429 [1] in
2018, stating that 'none of the encryption types it specifies should be
used'
Note that other outdated algorithms are left in place (some of which are
guarded by CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES), so this should only
adversely affect interoperability with Windows NT/2000 systems that have
not received any updates since 2008 (but are connected to a network
nonetheless)
[0] https://tools.ietf.org/html/rfc4757
[1] https://tools.ietf.org/html/rfc8429
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-08-31 15:16:45 +00:00
|
|
|
if (gss_encrypt_xdr_buf(kctx->enc, buf,
|
|
|
|
|
offset + headlen - conflen, pages))
|
|
|
|
|
return GSS_S_FAILURE;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2006-12-05 01:22:42 +00:00
|
|
|
return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
|
2005-10-13 20:55:13 +00:00
|
|
|
}
|
|
|
|
|
|
2010-03-17 17:02:49 +00:00
|
|
|
static u32
|
2020-04-19 01:06:23 +00:00
|
|
|
gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, int len,
|
2020-04-18 18:38:19 +00:00
|
|
|
struct xdr_buf *buf, unsigned int *slack,
|
|
|
|
|
unsigned int *align)
|
2005-10-13 20:55:13 +00:00
|
|
|
{
|
|
|
|
|
int signalg;
|
|
|
|
|
int sealalg;
|
2010-03-17 17:02:51 +00:00
|
|
|
char cksumdata[GSS_KRB5_MAX_CKSUM_LEN];
|
|
|
|
|
struct xdr_netobj md5cksum = {.len = sizeof(cksumdata),
|
|
|
|
|
.data = cksumdata};
|
2018-06-07 15:02:50 +00:00
|
|
|
time64_t now;
|
2005-10-13 20:55:13 +00:00
|
|
|
int direction;
|
|
|
|
|
s32 seqnum;
|
|
|
|
|
unsigned char *ptr;
|
|
|
|
|
int bodysize;
|
|
|
|
|
void *data_start, *orig_start;
|
|
|
|
|
int data_len;
|
|
|
|
|
int blocksize;
|
2010-03-17 17:03:05 +00:00
|
|
|
u32 conflen = kctx->gk5e->conflen;
|
2010-03-17 17:02:51 +00:00
|
|
|
int crypt_offset;
|
2010-03-17 17:02:52 +00:00
|
|
|
u8 *cksumkey;
|
2020-04-18 18:38:19 +00:00
|
|
|
unsigned int saved_len = buf->len;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2007-01-31 17:14:05 +00:00
|
|
|
dprintk("RPC: gss_unwrap_kerberos\n");
|
2005-10-13 20:55:13 +00:00
|
|
|
|
|
|
|
|
ptr = (u8 *)buf->head[0].iov_base + offset;
|
|
|
|
|
if (g_verify_token_header(&kctx->mech_used, &bodysize, &ptr,
|
2020-04-19 01:06:23 +00:00
|
|
|
len - offset))
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2008-04-30 16:45:53 +00:00
|
|
|
if ((ptr[0] != ((KG_TOK_WRAP_MSG >> 8) & 0xff)) ||
|
|
|
|
|
(ptr[1] != (KG_TOK_WRAP_MSG & 0xff)))
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
|
|
|
|
/* XXX sanity-check bodysize?? */
|
|
|
|
|
|
|
|
|
|
/* get the sign and seal algorithms */
|
|
|
|
|
|
2008-04-30 16:45:53 +00:00
|
|
|
signalg = ptr[2] + (ptr[3] << 8);
|
2010-03-17 17:02:51 +00:00
|
|
|
if (signalg != kctx->gk5e->signalg)
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2008-04-30 16:45:53 +00:00
|
|
|
sealalg = ptr[4] + (ptr[5] << 8);
|
2010-03-17 17:02:51 +00:00
|
|
|
if (sealalg != kctx->gk5e->sealalg)
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
2006-12-05 01:22:42 +00:00
|
|
|
|
2008-04-30 16:45:53 +00:00
|
|
|
if ((ptr[6] != 0xff) || (ptr[7] != 0xff))
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2010-03-17 17:02:51 +00:00
|
|
|
/*
|
|
|
|
|
* Data starts after token header and checksum. ptr points
|
|
|
|
|
* to the beginning of the token header
|
|
|
|
|
*/
|
|
|
|
|
crypt_offset = ptr + (GSS_KRB5_TOK_HDR_LEN + kctx->gk5e->cksumlength) -
|
|
|
|
|
(unsigned char *)buf->head[0].iov_base;
|
2010-03-17 17:03:06 +00:00
|
|
|
|
2020-04-19 01:06:23 +00:00
|
|
|
buf->len = len;
|
SUNRPC: remove RC4-HMAC-MD5 support from KerberosV
The RC4-HMAC-MD5 KerberosV algorithm is based on RFC 4757 [0], which
was specifically issued for interoperability with Windows 2000, but was
never intended to receive the same level of support. The RFC says
The IETF Kerberos community supports publishing this specification as
an informational document in order to describe this widely
implemented technology. However, while these encryption types
provide the operations necessary to implement the base Kerberos
specification [RFC4120], they do not provide all the required
operations in the Kerberos cryptography framework [RFC3961]. As a
result, it is not generally possible to implement potential
extensions to Kerberos using these encryption types. The Kerberos
encryption type negotiation mechanism [RFC4537] provides one approach
for using such extensions even when a Kerberos infrastructure uses
long-term RC4 keys. Because this specification does not implement
operations required by RFC 3961 and because of security concerns with
the use of RC4 and MD4 discussed in Section 8, this specification is
not appropriate for publication on the standards track.
The RC4-HMAC encryption types are used to ease upgrade of existing
Windows NT environments, provide strong cryptography (128-bit key
lengths), and provide exportable (meet United States government
export restriction requirements) encryption. This document describes
the implementation of those encryption types.
Furthermore, this RFC was re-classified as 'historic' by RFC 8429 [1] in
2018, stating that 'none of the encryption types it specifies should be
used'
Note that other outdated algorithms are left in place (some of which are
guarded by CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES), so this should only
adversely affect interoperability with Windows NT/2000 systems that have
not received any updates since 2008 (but are connected to a network
nonetheless)
[0] https://tools.ietf.org/html/rfc4757
[1] https://tools.ietf.org/html/rfc8429
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-08-31 15:16:45 +00:00
|
|
|
if (gss_decrypt_xdr_buf(kctx->enc, buf, crypt_offset))
|
|
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2010-03-17 17:02:52 +00:00
|
|
|
if (kctx->gk5e->keyed_cksum)
|
|
|
|
|
cksumkey = kctx->cksum;
|
|
|
|
|
else
|
|
|
|
|
cksumkey = NULL;
|
2006-12-05 01:22:36 +00:00
|
|
|
|
2010-03-17 17:02:52 +00:00
|
|
|
if (make_checksum(kctx, ptr, 8, buf, crypt_offset,
|
2010-03-17 17:03:02 +00:00
|
|
|
cksumkey, KG_USAGE_SEAL, &md5cksum))
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_FAILURE;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2010-03-17 17:02:52 +00:00
|
|
|
if (memcmp(md5cksum.data, ptr + GSS_KRB5_TOK_HDR_LEN,
|
|
|
|
|
kctx->gk5e->cksumlength))
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_BAD_SIG;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
|
|
|
|
/* it got through unscathed. Make sure the context is unexpired */
|
|
|
|
|
|
2018-06-07 15:02:50 +00:00
|
|
|
now = ktime_get_real_seconds();
|
2005-10-13 20:55:13 +00:00
|
|
|
|
|
|
|
|
if (now > kctx->endtime)
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_CONTEXT_EXPIRED;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
|
|
|
|
/* do sequencing checks */
|
|
|
|
|
|
SUNRPC: remove RC4-HMAC-MD5 support from KerberosV
The RC4-HMAC-MD5 KerberosV algorithm is based on RFC 4757 [0], which
was specifically issued for interoperability with Windows 2000, but was
never intended to receive the same level of support. The RFC says
The IETF Kerberos community supports publishing this specification as
an informational document in order to describe this widely
implemented technology. However, while these encryption types
provide the operations necessary to implement the base Kerberos
specification [RFC4120], they do not provide all the required
operations in the Kerberos cryptography framework [RFC3961]. As a
result, it is not generally possible to implement potential
extensions to Kerberos using these encryption types. The Kerberos
encryption type negotiation mechanism [RFC4537] provides one approach
for using such extensions even when a Kerberos infrastructure uses
long-term RC4 keys. Because this specification does not implement
operations required by RFC 3961 and because of security concerns with
the use of RC4 and MD4 discussed in Section 8, this specification is
not appropriate for publication on the standards track.
The RC4-HMAC encryption types are used to ease upgrade of existing
Windows NT environments, provide strong cryptography (128-bit key
lengths), and provide exportable (meet United States government
export restriction requirements) encryption. This document describes
the implementation of those encryption types.
Furthermore, this RFC was re-classified as 'historic' by RFC 8429 [1] in
2018, stating that 'none of the encryption types it specifies should be
used'
Note that other outdated algorithms are left in place (some of which are
guarded by CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES), so this should only
adversely affect interoperability with Windows NT/2000 systems that have
not received any updates since 2008 (but are connected to a network
nonetheless)
[0] https://tools.ietf.org/html/rfc4757
[1] https://tools.ietf.org/html/rfc8429
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-08-31 15:16:45 +00:00
|
|
|
if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN,
|
|
|
|
|
ptr + 8, &direction, &seqnum))
|
|
|
|
|
return GSS_S_BAD_SIG;
|
|
|
|
|
|
|
|
|
|
if ((kctx->initiate && direction != 0xff) ||
|
|
|
|
|
(!kctx->initiate && direction != 0))
|
|
|
|
|
return GSS_S_BAD_SIG;
|
|
|
|
|
|
2005-10-13 20:55:13 +00:00
|
|
|
/* Copy the data back to the right position. XXX: Would probably be
|
|
|
|
|
* better to copy and encrypt at the same time. */
|
|
|
|
|
|
2018-09-19 02:10:39 +00:00
|
|
|
blocksize = crypto_sync_skcipher_blocksize(kctx->enc);
|
2010-03-17 17:02:51 +00:00
|
|
|
data_start = ptr + (GSS_KRB5_TOK_HDR_LEN + kctx->gk5e->cksumlength) +
|
2010-03-17 17:03:05 +00:00
|
|
|
conflen;
|
2005-10-13 20:55:13 +00:00
|
|
|
orig_start = buf->head[0].iov_base + offset;
|
|
|
|
|
data_len = (buf->head[0].iov_base + buf->head[0].iov_len) - data_start;
|
|
|
|
|
memmove(orig_start, data_start, data_len);
|
|
|
|
|
buf->head[0].iov_len -= (data_start - orig_start);
|
2020-04-19 01:06:23 +00:00
|
|
|
buf->len = len - (data_start - orig_start);
|
2005-10-13 20:55:13 +00:00
|
|
|
|
|
|
|
|
if (gss_krb5_remove_padding(buf, blocksize))
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
2005-10-13 20:55:13 +00:00
|
|
|
|
2020-04-18 18:38:19 +00:00
|
|
|
/* slack must include room for krb5 padding */
|
|
|
|
|
*slack = XDR_QUADLEN(saved_len - buf->len);
|
|
|
|
|
/* The GSS blob always precedes the RPC message payload */
|
|
|
|
|
*align = *slack;
|
2006-12-05 01:22:39 +00:00
|
|
|
return GSS_S_COMPLETE;
|
2005-10-13 20:55:13 +00:00
|
|
|
}
|
2010-03-17 17:02:49 +00:00
|
|
|
|
2010-03-17 17:02:59 +00:00
|
|
|
/*
|
2012-04-12 00:08:45 +00:00
|
|
|
* We can shift data by up to LOCAL_BUF_LEN bytes in a pass. If we need
|
|
|
|
|
* to do more than that, we shift repeatedly. Kevin Coffman reports
|
|
|
|
|
* seeing 28 bytes as the value used by Microsoft clients and servers
|
|
|
|
|
* with AES, so this constant is chosen to allow handling 28 in one pass
|
|
|
|
|
* without using too much stack space.
|
|
|
|
|
*
|
|
|
|
|
* If that proves to a problem perhaps we could use a more clever
|
|
|
|
|
* algorithm.
|
2010-03-17 17:02:59 +00:00
|
|
|
*/
|
2012-04-12 00:08:45 +00:00
|
|
|
#define LOCAL_BUF_LEN 32u
|
|
|
|
|
|
|
|
|
|
static void rotate_buf_a_little(struct xdr_buf *buf, unsigned int shift)
|
2010-03-17 17:02:59 +00:00
|
|
|
{
|
2012-04-12 00:08:45 +00:00
|
|
|
char head[LOCAL_BUF_LEN];
|
|
|
|
|
char tmp[LOCAL_BUF_LEN];
|
|
|
|
|
unsigned int this_len, i;
|
|
|
|
|
|
|
|
|
|
BUG_ON(shift > LOCAL_BUF_LEN);
|
2010-03-17 17:02:59 +00:00
|
|
|
|
2012-04-12 00:08:45 +00:00
|
|
|
read_bytes_from_xdr_buf(buf, 0, head, shift);
|
|
|
|
|
for (i = 0; i + shift < buf->len; i += LOCAL_BUF_LEN) {
|
|
|
|
|
this_len = min(LOCAL_BUF_LEN, buf->len - (i + shift));
|
|
|
|
|
read_bytes_from_xdr_buf(buf, i+shift, tmp, this_len);
|
|
|
|
|
write_bytes_to_xdr_buf(buf, i, tmp, this_len);
|
|
|
|
|
}
|
|
|
|
|
write_bytes_to_xdr_buf(buf, buf->len - shift, head, shift);
|
|
|
|
|
}
|
2010-03-17 17:02:59 +00:00
|
|
|
|
2012-04-12 00:08:45 +00:00
|
|
|
static void _rotate_left(struct xdr_buf *buf, unsigned int shift)
|
|
|
|
|
{
|
|
|
|
|
int shifted = 0;
|
|
|
|
|
int this_shift;
|
|
|
|
|
|
|
|
|
|
shift %= buf->len;
|
|
|
|
|
while (shifted < shift) {
|
|
|
|
|
this_shift = min(shift - shifted, LOCAL_BUF_LEN);
|
|
|
|
|
rotate_buf_a_little(buf, this_shift);
|
|
|
|
|
shifted += this_shift;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void rotate_left(u32 base, struct xdr_buf *buf, unsigned int shift)
|
|
|
|
|
{
|
|
|
|
|
struct xdr_buf subbuf;
|
|
|
|
|
|
|
|
|
|
xdr_buf_subsegment(buf, &subbuf, base, buf->len - base);
|
|
|
|
|
_rotate_left(&subbuf, shift);
|
2010-03-17 17:02:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static u32
|
|
|
|
|
gss_wrap_kerberos_v2(struct krb5_ctx *kctx, u32 offset,
|
|
|
|
|
struct xdr_buf *buf, struct page **pages)
|
|
|
|
|
{
|
2022-01-30 22:44:10 +00:00
|
|
|
u8 *ptr;
|
2018-06-07 15:02:50 +00:00
|
|
|
time64_t now;
|
2010-03-17 17:02:59 +00:00
|
|
|
u8 flags = 0x00;
|
2014-07-16 10:52:21 +00:00
|
|
|
__be16 *be16ptr;
|
2010-03-17 17:02:59 +00:00
|
|
|
__be64 *be64ptr;
|
|
|
|
|
u32 err;
|
|
|
|
|
|
|
|
|
|
dprintk("RPC: %s\n", __func__);
|
|
|
|
|
|
|
|
|
|
if (kctx->gk5e->encrypt_v2 == NULL)
|
|
|
|
|
return GSS_S_FAILURE;
|
|
|
|
|
|
|
|
|
|
/* make room for gss token header */
|
|
|
|
|
if (xdr_extend_head(buf, offset, GSS_KRB5_TOK_HDR_LEN))
|
|
|
|
|
return GSS_S_FAILURE;
|
|
|
|
|
|
|
|
|
|
/* construct gss token header */
|
2022-01-30 22:44:10 +00:00
|
|
|
ptr = buf->head[0].iov_base + offset;
|
2010-03-17 17:02:59 +00:00
|
|
|
*ptr++ = (unsigned char) ((KG2_TOK_WRAP>>8) & 0xff);
|
|
|
|
|
*ptr++ = (unsigned char) (KG2_TOK_WRAP & 0xff);
|
|
|
|
|
|
|
|
|
|
if ((kctx->flags & KRB5_CTX_FLAG_INITIATOR) == 0)
|
|
|
|
|
flags |= KG2_TOKEN_FLAG_SENTBYACCEPTOR;
|
|
|
|
|
if ((kctx->flags & KRB5_CTX_FLAG_ACCEPTOR_SUBKEY) != 0)
|
|
|
|
|
flags |= KG2_TOKEN_FLAG_ACCEPTORSUBKEY;
|
|
|
|
|
/* We always do confidentiality in wrap tokens */
|
|
|
|
|
flags |= KG2_TOKEN_FLAG_SEALED;
|
|
|
|
|
|
|
|
|
|
*ptr++ = flags;
|
|
|
|
|
*ptr++ = 0xff;
|
|
|
|
|
be16ptr = (__be16 *)ptr;
|
|
|
|
|
|
2014-07-16 10:52:21 +00:00
|
|
|
*be16ptr++ = 0;
|
2010-03-17 17:02:59 +00:00
|
|
|
/* "inner" token header always uses 0 for RRC */
|
2014-07-16 10:52:21 +00:00
|
|
|
*be16ptr++ = 0;
|
2010-03-17 17:02:59 +00:00
|
|
|
|
|
|
|
|
be64ptr = (__be64 *)be16ptr;
|
2018-11-01 17:51:34 +00:00
|
|
|
*be64ptr = cpu_to_be64(atomic64_fetch_inc(&kctx->seq_send64));
|
2010-03-17 17:02:59 +00:00
|
|
|
|
2014-07-16 10:52:22 +00:00
|
|
|
err = (*kctx->gk5e->encrypt_v2)(kctx, offset, buf, pages);
|
2010-03-17 17:02:59 +00:00
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
|
2018-06-07 15:02:50 +00:00
|
|
|
now = ktime_get_real_seconds();
|
2010-03-17 17:02:59 +00:00
|
|
|
return (kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static u32
|
2020-04-19 01:06:23 +00:00
|
|
|
gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, int len,
|
2020-04-18 18:38:19 +00:00
|
|
|
struct xdr_buf *buf, unsigned int *slack,
|
|
|
|
|
unsigned int *align)
|
2010-03-17 17:02:59 +00:00
|
|
|
{
|
2018-06-07 15:02:50 +00:00
|
|
|
time64_t now;
|
2010-03-17 17:02:59 +00:00
|
|
|
u8 *ptr;
|
|
|
|
|
u8 flags = 0x00;
|
|
|
|
|
u16 ec, rrc;
|
|
|
|
|
int err;
|
|
|
|
|
u32 headskip, tailskip;
|
|
|
|
|
u8 decrypted_hdr[GSS_KRB5_TOK_HDR_LEN];
|
|
|
|
|
unsigned int movelen;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
dprintk("RPC: %s\n", __func__);
|
|
|
|
|
|
|
|
|
|
if (kctx->gk5e->decrypt_v2 == NULL)
|
|
|
|
|
return GSS_S_FAILURE;
|
|
|
|
|
|
|
|
|
|
ptr = buf->head[0].iov_base + offset;
|
|
|
|
|
|
|
|
|
|
if (be16_to_cpu(*((__be16 *)ptr)) != KG2_TOK_WRAP)
|
|
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
|
|
|
|
|
|
|
|
|
flags = ptr[2];
|
|
|
|
|
if ((!kctx->initiate && (flags & KG2_TOKEN_FLAG_SENTBYACCEPTOR)) ||
|
|
|
|
|
(kctx->initiate && !(flags & KG2_TOKEN_FLAG_SENTBYACCEPTOR)))
|
|
|
|
|
return GSS_S_BAD_SIG;
|
|
|
|
|
|
|
|
|
|
if ((flags & KG2_TOKEN_FLAG_SEALED) == 0) {
|
|
|
|
|
dprintk("%s: token missing expected sealed flag\n", __func__);
|
|
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ptr[3] != 0xff)
|
|
|
|
|
return GSS_S_DEFECTIVE_TOKEN;
|
|
|
|
|
|
|
|
|
|
ec = be16_to_cpup((__be16 *)(ptr + 4));
|
|
|
|
|
rrc = be16_to_cpup((__be16 *)(ptr + 6));
|
|
|
|
|
|
2013-10-09 19:59:29 +00:00
|
|
|
/*
|
|
|
|
|
* NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
|
|
|
|
|
* doesn't want it checked; see page 6 of rfc 2203.
|
|
|
|
|
*/
|
2010-03-17 17:02:59 +00:00
|
|
|
|
2012-04-12 00:08:45 +00:00
|
|
|
if (rrc != 0)
|
|
|
|
|
rotate_left(offset + 16, buf, rrc);
|
2010-03-17 17:02:59 +00:00
|
|
|
|
2020-04-19 01:06:23 +00:00
|
|
|
err = (*kctx->gk5e->decrypt_v2)(kctx, offset, len, buf,
|
2010-03-17 17:02:59 +00:00
|
|
|
&headskip, &tailskip);
|
|
|
|
|
if (err)
|
|
|
|
|
return GSS_S_FAILURE;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Retrieve the decrypted gss token header and verify
|
|
|
|
|
* it against the original
|
|
|
|
|
*/
|
|
|
|
|
err = read_bytes_from_xdr_buf(buf,
|
2020-04-19 01:06:23 +00:00
|
|
|
len - GSS_KRB5_TOK_HDR_LEN - tailskip,
|
2010-03-17 17:02:59 +00:00
|
|
|
decrypted_hdr, GSS_KRB5_TOK_HDR_LEN);
|
|
|
|
|
if (err) {
|
|
|
|
|
dprintk("%s: error %u getting decrypted_hdr\n", __func__, err);
|
|
|
|
|
return GSS_S_FAILURE;
|
|
|
|
|
}
|
|
|
|
|
if (memcmp(ptr, decrypted_hdr, 6)
|
|
|
|
|
|| memcmp(ptr + 8, decrypted_hdr + 8, 8)) {
|
|
|
|
|
dprintk("%s: token hdr, plaintext hdr mismatch!\n", __func__);
|
|
|
|
|
return GSS_S_FAILURE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* do sequencing checks */
|
|
|
|
|
|
|
|
|
|
/* it got through unscathed. Make sure the context is unexpired */
|
2018-06-07 15:02:50 +00:00
|
|
|
now = ktime_get_real_seconds();
|
2010-03-17 17:02:59 +00:00
|
|
|
if (now > kctx->endtime)
|
|
|
|
|
return GSS_S_CONTEXT_EXPIRED;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Move the head data back to the right position in xdr_buf.
|
|
|
|
|
* We ignore any "ec" data since it might be in the head or
|
|
|
|
|
* the tail, and we really don't need to deal with it.
|
|
|
|
|
* Note that buf->head[0].iov_len may indicate the available
|
|
|
|
|
* head buffer space rather than that actually occupied.
|
|
|
|
|
*/
|
2020-04-19 01:06:23 +00:00
|
|
|
movelen = min_t(unsigned int, buf->head[0].iov_len, len);
|
2010-03-17 17:02:59 +00:00
|
|
|
movelen -= offset + GSS_KRB5_TOK_HDR_LEN + headskip;
|
2020-04-15 21:36:22 +00:00
|
|
|
BUG_ON(offset + GSS_KRB5_TOK_HDR_LEN + headskip + movelen >
|
|
|
|
|
buf->head[0].iov_len);
|
2010-03-17 17:02:59 +00:00
|
|
|
memmove(ptr, ptr + GSS_KRB5_TOK_HDR_LEN + headskip, movelen);
|
|
|
|
|
buf->head[0].iov_len -= GSS_KRB5_TOK_HDR_LEN + headskip;
|
2020-07-24 21:08:57 +00:00
|
|
|
buf->len = len - (GSS_KRB5_TOK_HDR_LEN + headskip);
|
2010-03-17 17:02:59 +00:00
|
|
|
|
2013-10-10 10:55:35 +00:00
|
|
|
/* Trim off the trailing "extra count" and checksum blob */
|
2020-04-15 21:36:22 +00:00
|
|
|
xdr_buf_trim(buf, ec + GSS_KRB5_TOK_HDR_LEN + tailskip);
|
2019-02-11 16:25:09 +00:00
|
|
|
|
2020-04-18 18:38:19 +00:00
|
|
|
*align = XDR_QUADLEN(GSS_KRB5_TOK_HDR_LEN + headskip);
|
|
|
|
|
*slack = *align + XDR_QUADLEN(ec + GSS_KRB5_TOK_HDR_LEN + tailskip);
|
2010-03-17 17:02:59 +00:00
|
|
|
return GSS_S_COMPLETE;
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-17 17:02:49 +00:00
|
|
|
u32
|
|
|
|
|
gss_wrap_kerberos(struct gss_ctx *gctx, int offset,
|
|
|
|
|
struct xdr_buf *buf, struct page **pages)
|
|
|
|
|
{
|
|
|
|
|
struct krb5_ctx *kctx = gctx->internal_ctx_id;
|
|
|
|
|
|
|
|
|
|
switch (kctx->enctype) {
|
|
|
|
|
default:
|
|
|
|
|
BUG();
|
|
|
|
|
case ENCTYPE_DES_CBC_RAW:
|
2010-03-17 17:02:55 +00:00
|
|
|
case ENCTYPE_DES3_CBC_RAW:
|
2010-03-17 17:02:49 +00:00
|
|
|
return gss_wrap_kerberos_v1(kctx, offset, buf, pages);
|
2010-03-17 17:02:59 +00:00
|
|
|
case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
|
|
|
|
|
case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
|
|
|
|
|
return gss_wrap_kerberos_v2(kctx, offset, buf, pages);
|
2010-03-17 17:02:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
u32
|
2020-04-19 01:06:23 +00:00
|
|
|
gss_unwrap_kerberos(struct gss_ctx *gctx, int offset,
|
|
|
|
|
int len, struct xdr_buf *buf)
|
2010-03-17 17:02:49 +00:00
|
|
|
{
|
|
|
|
|
struct krb5_ctx *kctx = gctx->internal_ctx_id;
|
|
|
|
|
|
|
|
|
|
switch (kctx->enctype) {
|
|
|
|
|
default:
|
|
|
|
|
BUG();
|
|
|
|
|
case ENCTYPE_DES_CBC_RAW:
|
2010-03-17 17:02:55 +00:00
|
|
|
case ENCTYPE_DES3_CBC_RAW:
|
2020-04-18 18:38:19 +00:00
|
|
|
return gss_unwrap_kerberos_v1(kctx, offset, len, buf,
|
|
|
|
|
&gctx->slack, &gctx->align);
|
2010-03-17 17:02:59 +00:00
|
|
|
case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
|
|
|
|
|
case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
|
2020-04-18 18:38:19 +00:00
|
|
|
return gss_unwrap_kerberos_v2(kctx, offset, len, buf,
|
|
|
|
|
&gctx->slack, &gctx->align);
|
2010-03-17 17:02:49 +00:00
|
|
|
}
|
|
|
|
|
}
|