Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/net/sunrpc/auth_gss/gss_generic_token.c
15112 views
1
/*

2
 *  linux/net/sunrpc/gss_generic_token.c

3
 *

4
 *  Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/generic/util_token.c

5
 *

6
 *  Copyright (c) 2000 The Regents of the University of Michigan.

7
 *  All rights reserved.

8
 *

9
 *  Andy Adamson   <[email protected]>

10
 */

11


12
/*

13
 * Copyright 1993 by OpenVision Technologies, Inc.

14
 *

15
 * Permission to use, copy, modify, distribute, and sell this software

16
 * and its documentation for any purpose is hereby granted without fee,

17
 * provided that the above copyright notice appears in all copies and

18
 * that both that copyright notice and this permission notice appear in

19
 * supporting documentation, and that the name of OpenVision not be used

20
 * in advertising or publicity pertaining to distribution of the software

21
 * without specific, written prior permission. OpenVision makes no

22
 * representations about the suitability of this software for any

23
 * purpose.  It is provided "as is" without express or implied warranty.

24
 *

25
 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,

26
 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO

27
 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR

28
 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF

29
 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR

30
 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR

31
 * PERFORMANCE OF THIS SOFTWARE.

32
 */

33


34
#include <linux/types.h>

35
#include <linux/module.h>

36
#include <linux/string.h>

37
#include <linux/sunrpc/sched.h>

38
#include <linux/sunrpc/gss_asn1.h>

39


40


41
#ifdef RPC_DEBUG

42
# define RPCDBG_FACILITY        RPCDBG_AUTH

43
#endif

44


45


46
/* TWRITE_STR from gssapiP_generic.h */

47
#define TWRITE_STR(ptr, str, len) \

48
	memcpy((ptr), (char *) (str), (len)); \

49
	(ptr) += (len);

50


51
/* XXXX this code currently makes the assumption that a mech oid will

52
   never be longer than 127 bytes.  This assumption is not inherent in

53
   the interfaces, so the code can be fixed if the OSI namespace

54
   balloons unexpectedly. */

55


56
/* Each token looks like this:

57


58
0x60				tag for APPLICATION 0, SEQUENCE

59
					(constructed, definite-length)

60
	<length>		possible multiple bytes, need to parse/generate

61
	0x06			tag for OBJECT IDENTIFIER

62
		<moid_length>	compile-time constant string (assume 1 byte)

63
		<moid_bytes>	compile-time constant string

64
	<inner_bytes>		the ANY containing the application token

65
					bytes 0,1 are the token type

66
					bytes 2,n are the token data

67


68
For the purposes of this abstraction, the token "header" consists of

69
the sequence tag and length octets, the mech OID DER encoding, and the

70
first two inner bytes, which indicate the token type.  The token

71
"body" consists of everything else.

72


73
*/

74


75
static int

76
der_length_size( int length)

77
{

78
	if (length < (1<<7))

79
		return 1;

80
	else if (length < (1<<8))

81
		return 2;

82
#if (SIZEOF_INT == 2)

83
	else

84
		return 3;

85
#else

86
	else if (length < (1<<16))

87
		return 3;

88
	else if (length < (1<<24))

89
		return 4;

90
	else

91
		return 5;

92
#endif

93
}

94


95
static void

96
der_write_length(unsigned char **buf, int length)

97
{

98
	if (length < (1<<7)) {

99
		*(*buf)++ = (unsigned char) length;

100
	} else {

101
		*(*buf)++ = (unsigned char) (der_length_size(length)+127);

102
#if (SIZEOF_INT > 2)

103
		if (length >= (1<<24))

104
			*(*buf)++ = (unsigned char) (length>>24);

105
		if (length >= (1<<16))

106
			*(*buf)++ = (unsigned char) ((length>>16)&0xff);

107
#endif

108
		if (length >= (1<<8))

109
			*(*buf)++ = (unsigned char) ((length>>8)&0xff);

110
		*(*buf)++ = (unsigned char) (length&0xff);

111
	}

112
}

113


114
/* returns decoded length, or < 0 on failure.  Advances buf and

115
   decrements bufsize */

116


117
static int

118
der_read_length(unsigned char **buf, int *bufsize)

119
{

120
	unsigned char sf;

121
	int ret;

122


123
	if (*bufsize < 1)

124
		return -1;

125
	sf = *(*buf)++;

126
	(*bufsize)--;

127
	if (sf & 0x80) {

128
		if ((sf &= 0x7f) > ((*bufsize)-1))

129
			return -1;

130
		if (sf > SIZEOF_INT)

131
			return -1;

132
		ret = 0;

133
		for (; sf; sf--) {

134
			ret = (ret<<8) + (*(*buf)++);

135
			(*bufsize)--;

136
		}

137
	} else {

138
		ret = sf;

139
	}

140


141
	return ret;

142
}

143


144
/* returns the length of a token, given the mech oid and the body size */

145


146
int

147
g_token_size(struct xdr_netobj *mech, unsigned int body_size)

148
{

149
	/* set body_size to sequence contents size */

150
	body_size += 2 + (int) mech->len;         /* NEED overflow check */

151
	return 1 + der_length_size(body_size) + body_size;

152
}

153


154
EXPORT_SYMBOL_GPL(g_token_size);

155


156
/* fills in a buffer with the token header.  The buffer is assumed to

157
   be the right size.  buf is advanced past the token header */

158


159
void

160
g_make_token_header(struct xdr_netobj *mech, int body_size, unsigned char **buf)

161
{

162
	*(*buf)++ = 0x60;

163
	der_write_length(buf, 2 + mech->len + body_size);

164
	*(*buf)++ = 0x06;

165
	*(*buf)++ = (unsigned char) mech->len;

166
	TWRITE_STR(*buf, mech->data, ((int) mech->len));

167
}

168


169
EXPORT_SYMBOL_GPL(g_make_token_header);

170


171
/*

172
 * Given a buffer containing a token, reads and verifies the token,

173
 * leaving buf advanced past the token header, and setting body_size

174
 * to the number of remaining bytes.  Returns 0 on success,

175
 * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the

176
 * mechanism in the token does not match the mech argument.  buf and

177
 * *body_size are left unmodified on error.

178
 */

179
u32

180
g_verify_token_header(struct xdr_netobj *mech, int *body_size,

181
		      unsigned char **buf_in, int toksize)

182
{

183
	unsigned char *buf = *buf_in;

184
	int seqsize;

185
	struct xdr_netobj toid;

186
	int ret = 0;

187


188
	if ((toksize-=1) < 0)

189
		return G_BAD_TOK_HEADER;

190
	if (*buf++ != 0x60)

191
		return G_BAD_TOK_HEADER;

192


193
	if ((seqsize = der_read_length(&buf, &toksize)) < 0)

194
		return G_BAD_TOK_HEADER;

195


196
	if (seqsize != toksize)

197
		return G_BAD_TOK_HEADER;

198


199
	if ((toksize-=1) < 0)

200
		return G_BAD_TOK_HEADER;

201
	if (*buf++ != 0x06)

202
		return G_BAD_TOK_HEADER;

203


204
	if ((toksize-=1) < 0)

205
		return G_BAD_TOK_HEADER;

206
	toid.len = *buf++;

207


208
	if ((toksize-=toid.len) < 0)

209
		return G_BAD_TOK_HEADER;

210
	toid.data = buf;

211
	buf+=toid.len;

212


213
	if (! g_OID_equal(&toid, mech))

214
		ret = G_WRONG_MECH;

215


216
   /* G_WRONG_MECH is not returned immediately because it's more important

217
      to return G_BAD_TOK_HEADER if the token header is in fact bad */

218


219
	if ((toksize-=2) < 0)

220
		return G_BAD_TOK_HEADER;

221


222
	if (ret)

223
		return ret;

224


225
	if (!ret) {

226
		*buf_in = buf;

227
		*body_size = toksize;

228
	}

229


230
	return ret;

231
}

232


233
EXPORT_SYMBOL_GPL(g_verify_token_header);

234


235


236