1 /* krxsecd.c: Rx security daemon
3 * Copyright (C) 2002 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
11 * This daemon deals with:
12 * - consulting the application as to whether inbound peers and calls should be authorised
13 * - generating security challenges for inbound connections
14 * - responding to security challenges on outbound connections
17 #include <linux/module.h>
18 #include <linux/sched.h>
19 #include <linux/completion.h>
20 #include <linux/spinlock.h>
21 #include <linux/init.h>
22 #include <rxrpc/krxsecd.h>
23 #include <rxrpc/transport.h>
24 #include <rxrpc/connection.h>
25 #include <rxrpc/message.h>
26 #include <rxrpc/peer.h>
27 #include <rxrpc/call.h>
28 #include <linux/udp.h>
33 static DECLARE_WAIT_QUEUE_HEAD(rxrpc_krxsecd_sleepq
);
34 static DECLARE_COMPLETION(rxrpc_krxsecd_dead
);
35 static volatile int rxrpc_krxsecd_die
;
37 static atomic_t rxrpc_krxsecd_qcount
;
39 /* queue of unprocessed inbound messages with seqno #1 and
40 * RXRPC_CLIENT_INITIATED flag set */
41 static LIST_HEAD(rxrpc_krxsecd_initmsgq
);
42 static DEFINE_SPINLOCK(rxrpc_krxsecd_initmsgq_lock
);
44 static void rxrpc_krxsecd_process_incoming_call(struct rxrpc_message
*msg
);
46 /*****************************************************************************/
50 static int rxrpc_krxsecd(void *arg
)
52 DECLARE_WAITQUEUE(krxsecd
, current
);
56 printk("Started krxsecd %d\n", current
->pid
);
60 /* loop around waiting for work to do */
62 /* wait for work or to be told to exit */
63 _debug("### Begin Wait");
64 if (!atomic_read(&rxrpc_krxsecd_qcount
)) {
65 set_current_state(TASK_INTERRUPTIBLE
);
67 add_wait_queue(&rxrpc_krxsecd_sleepq
, &krxsecd
);
70 set_current_state(TASK_INTERRUPTIBLE
);
71 if (atomic_read(&rxrpc_krxsecd_qcount
) ||
73 signal_pending(current
))
79 remove_wait_queue(&rxrpc_krxsecd_sleepq
, &krxsecd
);
80 set_current_state(TASK_RUNNING
);
82 die
= rxrpc_krxsecd_die
;
83 _debug("### End Wait");
85 /* see if there're incoming calls in need of authenticating */
86 _debug("### Begin Inbound Calls");
88 if (!list_empty(&rxrpc_krxsecd_initmsgq
)) {
89 struct rxrpc_message
*msg
= NULL
;
91 spin_lock(&rxrpc_krxsecd_initmsgq_lock
);
93 if (!list_empty(&rxrpc_krxsecd_initmsgq
)) {
94 msg
= list_entry(rxrpc_krxsecd_initmsgq
.next
,
95 struct rxrpc_message
, link
);
96 list_del_init(&msg
->link
);
97 atomic_dec(&rxrpc_krxsecd_qcount
);
100 spin_unlock(&rxrpc_krxsecd_initmsgq_lock
);
103 rxrpc_krxsecd_process_incoming_call(msg
);
104 rxrpc_put_message(msg
);
108 _debug("### End Inbound Calls");
110 try_to_freeze(PF_FREEZE
);
112 /* discard pending signals */
113 rxrpc_discard_my_signals();
118 complete_and_exit(&rxrpc_krxsecd_dead
, 0);
120 } /* end rxrpc_krxsecd() */
122 /*****************************************************************************/
124 * start up a krxsecd daemon
126 int __init
rxrpc_krxsecd_init(void)
128 return kernel_thread(rxrpc_krxsecd
, NULL
, 0);
130 } /* end rxrpc_krxsecd_init() */
132 /*****************************************************************************/
134 * kill the krxsecd daemon and wait for it to complete
136 void rxrpc_krxsecd_kill(void)
138 rxrpc_krxsecd_die
= 1;
139 wake_up_all(&rxrpc_krxsecd_sleepq
);
140 wait_for_completion(&rxrpc_krxsecd_dead
);
142 } /* end rxrpc_krxsecd_kill() */
144 /*****************************************************************************/
146 * clear all pending incoming calls for the specified transport
148 void rxrpc_krxsecd_clear_transport(struct rxrpc_transport
*trans
)
152 struct rxrpc_message
*msg
;
153 struct list_head
*_p
, *_n
;
157 /* move all the messages for this transport onto a temp list */
158 spin_lock(&rxrpc_krxsecd_initmsgq_lock
);
160 list_for_each_safe(_p
, _n
, &rxrpc_krxsecd_initmsgq
) {
161 msg
= list_entry(_p
, struct rxrpc_message
, link
);
162 if (msg
->trans
== trans
) {
163 list_del(&msg
->link
);
164 list_add_tail(&msg
->link
, &tmp
);
165 atomic_dec(&rxrpc_krxsecd_qcount
);
169 spin_unlock(&rxrpc_krxsecd_initmsgq_lock
);
171 /* zap all messages on the temp list */
172 while (!list_empty(&tmp
)) {
173 msg
= list_entry(tmp
.next
, struct rxrpc_message
, link
);
174 list_del_init(&msg
->link
);
175 rxrpc_put_message(msg
);
179 } /* end rxrpc_krxsecd_clear_transport() */
181 /*****************************************************************************/
183 * queue a message on the incoming calls list
185 void rxrpc_krxsecd_queue_incoming_call(struct rxrpc_message
*msg
)
189 /* queue for processing by krxsecd */
190 spin_lock(&rxrpc_krxsecd_initmsgq_lock
);
192 if (!rxrpc_krxsecd_die
) {
193 rxrpc_get_message(msg
);
194 list_add_tail(&msg
->link
, &rxrpc_krxsecd_initmsgq
);
195 atomic_inc(&rxrpc_krxsecd_qcount
);
198 spin_unlock(&rxrpc_krxsecd_initmsgq_lock
);
200 wake_up(&rxrpc_krxsecd_sleepq
);
203 } /* end rxrpc_krxsecd_queue_incoming_call() */
205 /*****************************************************************************/
207 * process the initial message of an incoming call
209 void rxrpc_krxsecd_process_incoming_call(struct rxrpc_message
*msg
)
211 struct rxrpc_transport
*trans
= msg
->trans
;
212 struct rxrpc_service
*srv
;
213 struct rxrpc_call
*call
;
214 struct list_head
*_p
;
218 _enter("%p{tr=%p}", msg
, trans
);
220 ret
= rxrpc_incoming_call(msg
->conn
, msg
, &call
);
224 /* find the matching service on the transport */
225 sid
= ntohs(msg
->hdr
.serviceId
);
228 spin_lock(&trans
->lock
);
229 list_for_each(_p
, &trans
->services
) {
230 srv
= list_entry(_p
, struct rxrpc_service
, link
);
231 if (srv
->service_id
== sid
&& try_module_get(srv
->owner
)) {
232 /* found a match (made sure it won't vanish) */
233 _debug("found service '%s'", srv
->name
);
234 call
->owner
= srv
->owner
;
238 spin_unlock(&trans
->lock
);
240 /* report the new connection
241 * - the func must inc the call's usage count to keep it
244 if (_p
!= &trans
->services
) {
245 /* attempt to accept the call */
246 call
->conn
->service
= srv
;
247 call
->app_attn_func
= srv
->attn_func
;
248 call
->app_error_func
= srv
->error_func
;
249 call
->app_aemap_func
= srv
->aemap_func
;
251 ret
= srv
->new_call(call
);
253 /* send an abort if an error occurred */
255 rxrpc_call_abort(call
, ret
);
258 /* formally receive and ACK the new packet */
259 ret
= rxrpc_conn_receive_call_packet(call
->conn
,
264 rxrpc_put_call(call
);
267 rxrpc_trans_immediate_abort(trans
, msg
, ret
);
269 _leave(" (%d)", ret
);
270 } /* end rxrpc_krxsecd_process_incoming_call() */