Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
65a87514
Commit
65a87514
authored
Dec 27, 2004
by
Adrian Bunk
Committed by
Thomas Graf
Dec 27, 2004
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[SUNRPC]: Remove unused file net/sunrpc/svcauth_des.c
Signed-off-by:
David S. Miller
<
davem@davemloft.net
>
parent
86bf00fa
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
0 additions
and
215 deletions
+0
-215
net/sunrpc/svcauth_des.c
net/sunrpc/svcauth_des.c
+0
-215
No files found.
net/sunrpc/svcauth_des.c
deleted
100644 → 0
View file @
86bf00fa
/*
* linux/net/sunrpc/svcauth_des.c
*
* Server-side AUTH_DES handling.
*
* Copyright (C) 1996, 1997 Olaf Kirch <okir@monad.swb.de>
*/
#include <linux/types.h>
#include <linux/sched.h>
#include <linux/sunrpc/types.h>
#include <linux/sunrpc/xdr.h>
#include <linux/sunrpc/svcauth.h>
#include <linux/sunrpc/svcsock.h>
#define RPCDBG_FACILITY RPCDBG_AUTH
/*
* DES cedential cache.
* The cache is indexed by fullname/key to allow for multiple sessions
* by the same user from different hosts.
* It would be tempting to use the client's IP address rather than the
* conversation key as an index, but that could become problematic for
* multi-homed hosts that distribute traffic across their interfaces.
*/
struct
des_cred
{
struct
des_cred
*
dc_next
;
char
*
dc_fullname
;
u32
dc_nickname
;
des_cblock
dc_key
;
/* conversation key */
des_cblock
dc_xkey
;
/* encrypted conv. key */
des_key_schedule
dc_keysched
;
};
#define ADN_FULLNAME 0
#define ADN_NICKNAME 1
/*
* The default slack allowed when checking for replayed credentials
* (in milliseconds).
*/
#define DES_REPLAY_SLACK 2000
/*
* Make sure we don't place more than one call to the key server at
* a time.
*/
static
int
in_keycall
;
#define FAIL(err) \
{ if (data) put_cred(data); \
*authp = rpc_autherr_##err; \
return; \
}
void
svcauth_des
(
struct
svc_rqst
*
rqstp
,
u32
*
statp
,
u32
*
authp
)
{
struct
svc_buf
*
argp
=
&
rqstp
->
rq_argbuf
;
struct
svc_buf
*
resp
=
&
rqstp
->
rq_resbuf
;
struct
svc_cred
*
cred
=
&
rqstp
->
rq_cred
;
struct
des_cred
*
data
=
NULL
;
u32
cryptkey
[
2
];
u32
cryptbuf
[
4
];
u32
*
p
=
argp
->
buf
;
int
len
=
argp
->
len
,
slen
,
i
;
*
authp
=
rpc_auth_ok
;
if
((
argp
->
len
-=
3
)
<
0
)
{
*
statp
=
rpc_garbage_args
;
return
;
}
p
++
;
/* skip length field */
namekind
=
ntohl
(
*
p
++
);
/* fullname/nickname */
/* Get the credentials */
if
(
namekind
==
ADN_NICKNAME
)
{
/* If we can't find the cached session key, initiate a
* new session. */
if
(
!
(
data
=
get_cred_bynick
(
*
p
++
)))
FAIL
(
rejectedcred
);
}
else
if
(
namekind
==
ADN_FULLNAME
)
{
p
=
xdr_decode_string
(
p
,
&
fullname
,
&
len
,
RPC_MAXNETNAMELEN
);
if
(
p
==
NULL
)
FAIL
(
badcred
);
cryptkey
[
0
]
=
*
p
++
;
/* get the encrypted key */
cryptkey
[
1
]
=
*
p
++
;
cryptbuf
[
2
]
=
*
p
++
;
/* get the encrypted window */
}
else
{
FAIL
(
badcred
);
}
/* If we're just updating the key, silently discard the request. */
if
(
data
&&
data
->
dc_locked
)
{
*
authp
=
rpc_autherr_dropit
;
_put_cred
(
data
);
/* release but don't unlock */
return
;
}
/* Get the verifier flavor and length */
if
(
ntohl
(
*
p
++
)
!=
RPC_AUTH_DES
&&
ntohl
(
*
p
++
)
!=
12
)
FAIL
(
badverf
);
cryptbuf
[
0
]
=
*
p
++
;
/* encrypted time stamp */
cryptbuf
[
1
]
=
*
p
++
;
cryptbuf
[
3
]
=
*
p
++
;
/* 0 or window - 1 */
if
(
namekind
==
ADN_NICKNAME
)
{
status
=
des_ecb_encrypt
((
des_block
*
)
cryptbuf
,
(
des_block
*
)
cryptbuf
,
data
->
dc_keysched
,
DES_DECRYPT
);
}
else
{
/* We first have to decrypt the new session key and
* fill in the UNIX creds. */
if
(
!
(
data
=
get_cred_byname
(
rqstp
,
authp
,
fullname
,
cryptkey
)))
return
;
status
=
des_cbc_encrypt
((
des_cblock
*
)
cryptbuf
,
(
des_cblock
*
)
cryptbuf
,
16
,
data
->
dc_keysched
,
(
des_cblock
*
)
&
ivec
,
DES_DECRYPT
);
}
if
(
status
)
{
printk
(
"svcauth_des: DES decryption failed (status %d)
\n
"
,
status
);
FAIL
(
badverf
);
}
/* Now check the whole lot */
if
(
namekind
==
ADN_FULLNAME
)
{
unsigned
long
winverf
;
data
->
dc_window
=
ntohl
(
cryptbuf
[
2
]);
winverf
=
ntohl
(
cryptbuf
[
2
]);
if
(
window
!=
winverf
-
1
)
{
printk
(
"svcauth_des: bad window verifier!
\n
"
);
FAIL
(
badverf
);
}
}
/* XDR the decrypted timestamp */
cryptbuf
[
0
]
=
ntohl
(
cryptbuf
[
0
]);
cryptbuf
[
1
]
=
ntohl
(
cryptbuf
[
1
]);
if
(
cryptbuf
[
1
]
>
1000000
)
{
dprintk
(
"svcauth_des: bad usec value %u
\n
"
,
cryptbuf
[
1
]);
if
(
namekind
==
ADN_NICKNAME
)
FAIL
(
rejectedverf
);
FAIL
(
badverf
);
}
/*
* Check for replayed credentials. We must allow for reordering
* of requests by the network, and the OS scheduler, hence we
* cannot expect timestamps to be increasing monotonically.
* This opens a small security hole, therefore the replay_slack
* value shouldn't be too large.
*/
if
((
delta
=
cryptbuf
[
0
]
-
data
->
dc_timestamp
[
0
])
<=
0
)
{
switch
(
delta
)
{
case
-
1
:
delta
=
-
1000000
;
case
0
:
delta
+=
cryptbuf
[
1
]
-
data
->
dc_timestamp
[
1
];
break
;
default:
delta
=
-
1000000
;
}
if
(
delta
<
DES_REPLAY_SLACK
)
FAIL
(
rejectedverf
);
#ifdef STRICT_REPLAY_CHECKS
/* TODO: compare time stamp to last five timestamps cached
* and reject (drop?) request if a match is found. */
#endif
}
now
=
xtime
;
now
.
tv_secs
-=
data
->
dc_window
;
if
(
now
.
tv_secs
<
cryptbuf
[
0
]
||
(
now
.
tv_secs
==
cryptbuf
[
0
]
&&
now
.
tv_usec
<
cryptbuf
[
1
]))
FAIL
(
rejectedverf
);
/* Okay, we're done. Update the lot */
if
(
namekind
==
ADN_FULLNAME
)
data
->
dc_valid
=
1
;
data
->
dc_timestamp
[
0
]
=
cryptbuf
[
0
];
data
->
dc_timestamp
[
1
]
=
cryptbuf
[
1
];
put_cred
(
data
);
return
;
garbage:
*
statp
=
rpc_garbage_args
;
return
;
}
/*
* Call the keyserver to obtain the decrypted conversation key and
* UNIX creds. We use a Linux-specific keycall extension that does
* both things in one go.
*/
static
struct
des_cred
*
get_cred_byname
(
struct
svc_rqst
*
rqstp
,
u32
*
authp
,
char
*
fullname
,
u32
*
cryptkey
)
{
static
int
in_keycall
;
struct
des_cred
*
cred
;
if
(
in_keycall
)
{
*
authp
=
rpc_autherr_dropit
;
return
NULL
;
}
in_keycall
=
1
;
in_keycall
=
0
;
return
cred
;
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment