Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/fs/cifs/cifs_spnego.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2)  *   fs/cifs/cifs_spnego.c -- SPNEGO upcall management for CIFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *   Copyright (c) 2007 Red Hat, Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  *   Author(s): Jeff Layton (jlayton@redhat.com)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  *   This library is free software; you can redistribute it and/or modify
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  *   it under the terms of the GNU Lesser General Public License as published
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  *   by the Free Software Foundation; either version 2.1 of the License, or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  *   (at your option) any later version.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12)  *   This library is distributed in the hope that it will be useful,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13)  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14)  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15)  *   the GNU Lesser General Public License for more details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17)  *   You should have received a copy of the GNU Lesser General Public License
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18)  *   along with this library; if not, write to the Free Software
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19)  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #include <linux/list.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) #include <linux/string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) #include <keys/user-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) #include <linux/key-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) #include <linux/keyctl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) #include <linux/inet.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) #include "cifsglob.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) #include "cifs_spnego.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) #include "cifs_debug.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) #include "cifsproto.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) static const struct cred *spnego_cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) /* create a new cifs key */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) cifs_spnego_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	char *payload;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 	ret = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 	payload = kmemdup(prep->data, prep->datalen, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	if (!payload)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 		goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	/* attach the data */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 	key->payload.data[0] = payload;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 	ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) static void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) cifs_spnego_key_destroy(struct key *key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	kfree(key->payload.data[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63)  * keytype for CIFS spnego keys
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) struct key_type cifs_spnego_key_type = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	.name		= "cifs.spnego",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	.instantiate	= cifs_spnego_key_instantiate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 	.destroy	= cifs_spnego_key_destroy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 	.describe	= user_describe,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) /* length of longest version string e.g.  strlen("ver=0xFF") */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) #define MAX_VER_STR_LEN		8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) /* length of longest security mechanism name, eg in future could have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76)  * strlen(";sec=ntlmsspi") */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) #define MAX_MECH_STR_LEN	13
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) /* strlen of "host=" */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) #define HOST_KEY_LEN		5
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) /* strlen of ";ip4=" or ";ip6=" */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) #define IP_KEY_LEN		5
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) /* strlen of ";uid=0x" */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) #define UID_KEY_LEN		7
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) /* strlen of ";creduid=0x" */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) #define CREDUID_KEY_LEN		11
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) /* strlen of ";user=" */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) #define USER_KEY_LEN		6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) /* strlen of ";pid=0x" */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) #define PID_KEY_LEN		7
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) /* get a key struct with a SPNEGO security blob, suitable for session setup */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) struct key *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) cifs_get_spnego_key(struct cifs_ses *sesInfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 	struct TCP_Server_Info *server = cifs_ses_server(sesInfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	struct sockaddr_in *sa = (struct sockaddr_in *) &server->dstaddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) &server->dstaddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	char *description, *dp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 	size_t desc_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	struct key *spnego_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	const char *hostname = server->hostname;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	const struct cred *saved_cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	/* length of fields (with semicolons): ver=0xyz ip4=ipaddress
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 	   host=hostname sec=mechanism uid=0xFF user=username */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	desc_len = MAX_VER_STR_LEN +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 		   HOST_KEY_LEN + strlen(hostname) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 		   IP_KEY_LEN + INET6_ADDRSTRLEN +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 		   MAX_MECH_STR_LEN +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 		   UID_KEY_LEN + (sizeof(uid_t) * 2) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 		   CREDUID_KEY_LEN + (sizeof(uid_t) * 2) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 		   PID_KEY_LEN + (sizeof(pid_t) * 2) + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 	if (sesInfo->user_name)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 		desc_len += USER_KEY_LEN + strlen(sesInfo->user_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 	spnego_key = ERR_PTR(-ENOMEM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	description = kzalloc(desc_len, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	if (description == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 	dp = description;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 	/* start with version and hostname portion of UNC string */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	spnego_key = ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 	sprintf(dp, "ver=0x%x;host=%s;", CIFS_SPNEGO_UPCALL_VERSION,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 		hostname);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	dp = description + strlen(description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 	/* add the server address */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	if (server->dstaddr.ss_family == AF_INET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 		sprintf(dp, "ip4=%pI4", &sa->sin_addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 	else if (server->dstaddr.ss_family == AF_INET6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 		sprintf(dp, "ip6=%pI6", &sa6->sin6_addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	dp = description + strlen(description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 	/* for now, only sec=krb5 and sec=mskrb5 are valid */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 	if (server->sec_kerberos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 		sprintf(dp, ";sec=krb5");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	else if (server->sec_mskerberos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 		sprintf(dp, ";sec=mskrb5");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 		cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 		sprintf(dp, ";sec=krb5");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	dp = description + strlen(description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	sprintf(dp, ";uid=0x%x",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 		from_kuid_munged(&init_user_ns, sesInfo->linux_uid));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	dp = description + strlen(description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	sprintf(dp, ";creduid=0x%x",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 		from_kuid_munged(&init_user_ns, sesInfo->cred_uid));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 	if (sesInfo->user_name) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 		dp = description + strlen(description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 		sprintf(dp, ";user=%s", sesInfo->user_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	dp = description + strlen(description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	sprintf(dp, ";pid=0x%x", current->pid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	cifs_dbg(FYI, "key description = %s\n", description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 	saved_cred = override_creds(spnego_cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 	spnego_key = request_key(&cifs_spnego_key_type, description, "");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 	revert_creds(saved_cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) #ifdef CONFIG_CIFS_DEBUG2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	if (cifsFYI && !IS_ERR(spnego_key)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 		struct cifs_spnego_msg *msg = spnego_key->payload.data[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 		cifs_dump_mem("SPNEGO reply blob:", msg->data, min(1024U,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 				msg->secblob_len + msg->sesskey_len));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) #endif /* CONFIG_CIFS_DEBUG2 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	kfree(description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	return spnego_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) init_cifs_spnego(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 	struct cred *cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 	struct key *keyring;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 	cifs_dbg(FYI, "Registering the %s key type\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 		 cifs_spnego_key_type.name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 	 * Create an override credential set with special thread keyring for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	 * spnego upcalls.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	cred = prepare_kernel_cred(NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	if (!cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	keyring = keyring_alloc(".cifs_spnego",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 				GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 				(KEY_POS_ALL & ~KEY_POS_SETATTR) |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 				KEY_USR_VIEW | KEY_USR_READ,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 				KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 	if (IS_ERR(keyring)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 		ret = PTR_ERR(keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 		goto failed_put_cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 	ret = register_key_type(&cifs_spnego_key_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 	if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 		goto failed_put_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	 * instruct request_key() to use this special keyring as a cache for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 	 * the results it looks up
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	cred->thread_keyring = keyring;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 	cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 	spnego_cred = cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	cifs_dbg(FYI, "cifs spnego keyring: %d\n", key_serial(keyring));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) failed_put_key:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	key_put(keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) failed_put_cred:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	put_cred(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) void
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) exit_cifs_spnego(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	key_revoke(spnego_cred->thread_keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 	unregister_key_type(&cifs_spnego_key_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 	put_cred(spnego_cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	cifs_dbg(FYI, "Unregistered %s key type\n", cifs_spnego_key_type.name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.