1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 * SPNEGO upcall management for CIFS
4 *
5 * Copyright (c) 2007 Red Hat, Inc.
6 * Author(s): Jeff Layton ([email protected])
7 *
8 */
9
10 #include <linux/list.h>
11 #include <linux/slab.h>
12 #include <linux/string.h>
13 #include <keys/user-type.h>
14 #include <linux/key-type.h>
15 #include <linux/keyctl.h>
16 #include <linux/inet.h>
17 #include "cifsglob.h"
18 #include "cifs_spnego.h"
19 #include "cifs_debug.h"
20 #include "cifsproto.h"
21 static const struct cred *spnego_cred;
22
23 /* create a new cifs key */
24 static int
cifs_spnego_key_instantiate(struct key * key,struct key_preparsed_payload * prep)25 cifs_spnego_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
26 {
27 char *payload;
28 int ret;
29
30 ret = -ENOMEM;
31 payload = kmemdup(prep->data, prep->datalen, GFP_KERNEL);
32 if (!payload)
33 goto error;
34
35 /* attach the data */
36 key->payload.data[0] = payload;
37 ret = 0;
38
39 error:
40 return ret;
41 }
42
43 static void
cifs_spnego_key_destroy(struct key * key)44 cifs_spnego_key_destroy(struct key *key)
45 {
46 kfree(key->payload.data[0]);
47 }
48
49
50 /*
51 * keytype for CIFS spnego keys
52 */
53 struct key_type cifs_spnego_key_type = {
54 .name = "cifs.spnego",
55 .instantiate = cifs_spnego_key_instantiate,
56 .destroy = cifs_spnego_key_destroy,
57 .describe = user_describe,
58 };
59
60 /* length of longest version string e.g. strlen("ver=0xFF") */
61 #define MAX_VER_STR_LEN 8
62
63 /* length of longest security mechanism name, eg in future could have
64 * strlen(";sec=ntlmsspi") */
65 #define MAX_MECH_STR_LEN 13
66
67 /* strlen of ";host=" */
68 #define HOST_KEY_LEN 6
69
70 /* strlen of ";ip4=" or ";ip6=" */
71 #define IP_KEY_LEN 5
72
73 /* strlen of ";uid=0x" */
74 #define UID_KEY_LEN 7
75
76 /* strlen of ";creduid=0x" */
77 #define CREDUID_KEY_LEN 11
78
79 /* strlen of ";user=" */
80 #define USER_KEY_LEN 6
81
82 /* strlen of ";pid=0x" */
83 #define PID_KEY_LEN 7
84
85 /* strlen of ";upcall_target=" */
86 #define UPCALL_TARGET_KEY_LEN 15
87
88 /* get a key struct with a SPNEGO security blob, suitable for session setup */
89 struct key *
cifs_get_spnego_key(struct cifs_ses * sesInfo,struct TCP_Server_Info * server)90 cifs_get_spnego_key(struct cifs_ses *sesInfo,
91 struct TCP_Server_Info *server)
92 {
93 struct sockaddr_in *sa = (struct sockaddr_in *) &server->dstaddr;
94 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) &server->dstaddr;
95 char *description, *dp;
96 size_t desc_len;
97 struct key *spnego_key;
98 const char *hostname = server->hostname;
99 const struct cred *saved_cred;
100
101 /* length of fields (with semicolons): ver=0xyz ip4=ipaddress
102 host=hostname sec=mechanism uid=0xFF user=username */
103 desc_len = MAX_VER_STR_LEN +
104 HOST_KEY_LEN + strlen(hostname) +
105 IP_KEY_LEN + INET6_ADDRSTRLEN +
106 MAX_MECH_STR_LEN +
107 UID_KEY_LEN + (sizeof(uid_t) * 2) +
108 CREDUID_KEY_LEN + (sizeof(uid_t) * 2) +
109 PID_KEY_LEN + (sizeof(pid_t) * 2) + 1;
110
111 if (sesInfo->user_name)
112 desc_len += USER_KEY_LEN + strlen(sesInfo->user_name);
113
114 if (sesInfo->upcall_target == UPTARGET_MOUNT)
115 desc_len += UPCALL_TARGET_KEY_LEN + 5; // strlen("mount")
116 else
117 desc_len += UPCALL_TARGET_KEY_LEN + 3; // strlen("app")
118
119 spnego_key = ERR_PTR(-ENOMEM);
120 description = kzalloc(desc_len, GFP_KERNEL);
121 if (description == NULL)
122 goto out;
123
124 dp = description;
125 /* start with version and hostname portion of UNC string */
126 spnego_key = ERR_PTR(-EINVAL);
127 sprintf(dp, "ver=0x%x;host=%s;", CIFS_SPNEGO_UPCALL_VERSION,
128 hostname);
129 dp = description + strlen(description);
130
131 /* add the server address */
132 if (server->dstaddr.ss_family == AF_INET)
133 sprintf(dp, "ip4=%pI4", &sa->sin_addr);
134 else if (server->dstaddr.ss_family == AF_INET6)
135 sprintf(dp, "ip6=%pI6", &sa6->sin6_addr);
136 else
137 goto out;
138
139 dp = description + strlen(description);
140
141 /* for now, only sec=krb5 and sec=mskrb5 and iakerb are valid */
142 if (server->sec_kerberos)
143 sprintf(dp, ";sec=krb5");
144 else if (server->sec_mskerberos)
145 sprintf(dp, ";sec=mskrb5");
146 else if (server->sec_iakerb)
147 sprintf(dp, ";sec=iakerb");
148 else {
149 cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
150 sprintf(dp, ";sec=krb5");
151 }
152
153 dp = description + strlen(description);
154 sprintf(dp, ";uid=0x%x",
155 from_kuid_munged(&init_user_ns, sesInfo->linux_uid));
156
157 dp = description + strlen(description);
158 sprintf(dp, ";creduid=0x%x",
159 from_kuid_munged(&init_user_ns, sesInfo->cred_uid));
160
161 if (sesInfo->user_name) {
162 dp = description + strlen(description);
163 sprintf(dp, ";user=%s", sesInfo->user_name);
164 }
165
166 dp = description + strlen(description);
167 sprintf(dp, ";pid=0x%x", current->pid);
168
169 if (sesInfo->upcall_target == UPTARGET_MOUNT) {
170 dp = description + strlen(description);
171 sprintf(dp, ";upcall_target=mount");
172 } else {
173 dp = description + strlen(description);
174 sprintf(dp, ";upcall_target=app");
175 }
176
177 cifs_dbg(FYI, "key description = %s\n", description);
178 saved_cred = override_creds(spnego_cred);
179 spnego_key = request_key(&cifs_spnego_key_type, description, "");
180 revert_creds(saved_cred);
181
182 #ifdef CONFIG_CIFS_DEBUG2
183 if (cifsFYI && !IS_ERR(spnego_key)) {
184 struct cifs_spnego_msg *msg = spnego_key->payload.data[0];
185 cifs_dump_mem("SPNEGO reply blob:", msg->data, min(1024U,
186 msg->secblob_len + msg->sesskey_len));
187 }
188 #endif /* CONFIG_CIFS_DEBUG2 */
189
190 out:
191 kfree(description);
192 return spnego_key;
193 }
194
195 int
init_cifs_spnego(void)196 init_cifs_spnego(void)
197 {
198 struct cred *cred;
199 struct key *keyring;
200 int ret;
201
202 cifs_dbg(FYI, "Registering the %s key type\n",
203 cifs_spnego_key_type.name);
204
205 /*
206 * Create an override credential set with special thread keyring for
207 * spnego upcalls.
208 */
209
210 cred = prepare_kernel_cred(&init_task);
211 if (!cred)
212 return -ENOMEM;
213
214 keyring = keyring_alloc(".cifs_spnego",
215 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
216 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
217 KEY_USR_VIEW | KEY_USR_READ,
218 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
219 if (IS_ERR(keyring)) {
220 ret = PTR_ERR(keyring);
221 goto failed_put_cred;
222 }
223
224 ret = register_key_type(&cifs_spnego_key_type);
225 if (ret < 0)
226 goto failed_put_key;
227
228 /*
229 * instruct request_key() to use this special keyring as a cache for
230 * the results it looks up
231 */
232 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
233 cred->thread_keyring = keyring;
234 cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
235 spnego_cred = cred;
236
237 cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring));
238 return 0;
239
240 failed_put_key:
241 key_put(keyring);
242 failed_put_cred:
243 put_cred(cred);
244 return ret;
245 }
246
247 void
exit_cifs_spnego(void)248 exit_cifs_spnego(void)
249 {
250 key_revoke(spnego_cred->thread_keyring);
251 unregister_key_type(&cifs_spnego_key_type);
252 put_cred(spnego_cred);
253 cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name);
254 }
255