sctp: add SCTP_AUTH_SUPPORTED sockopt

SCTP_AUTH_SUPPORTED sockopt is used to set enpoint's auth
flag. With this feature, each endpoint will have its own
flag for its future asoc's auth_capable, instead of netns
auth flag.

Note that when both ep's auth_enable is enabled, endpoint
auth related data should be initialized. If asconf_enable
is also set, SCTP_CID_ASCONF/SCTP_CID_ASCONF_ACK should
be added into auth_chunk_list.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h
index 9b9b82debc0dbbd6ddedde3f8084aea2e445aa94..62527aca84771ed4ed045560221085651104d136 100644 (file)
--- a/include/uapi/linux/sctp.h
+++ b/include/uapi/linux/sctp.h
@@ -135,6 +135,7 @@ typedef __s32 sctp_assoc_t;
 #define SCTP_SENDMSG_CONNECT   126
 #define SCTP_EVENT     127
 #define SCTP_ASCONF_SUPPORTED  128
+#define SCTP_AUTH_SUPPORTED    129
 
 /* PR-SCTP policies */
 #define SCTP_PR_SCTP_NONE      0x0000

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index dcde8d92c568a07e187f686b8754a4163a204120..82bc25223cfeddc8dcb2000ab01062f41ad2dcdd 100644 (file)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4520,6 +4520,46 @@ out:
        return retval;
 }
 
+static int sctp_setsockopt_auth_supported(struct sock *sk,
+                                         char __user *optval,
+                                         unsigned int optlen)
+{
+       struct sctp_assoc_value params;
+       struct sctp_association *asoc;
+       struct sctp_endpoint *ep;
+       int retval = -EINVAL;
+
+       if (optlen != sizeof(params))
+               goto out;
+
+       if (copy_from_user(&params, optval, optlen)) {
+               retval = -EFAULT;
+               goto out;
+       }
+
+       asoc = sctp_id2assoc(sk, params.assoc_id);
+       if (!asoc && params.assoc_id != SCTP_FUTURE_ASSOC &&
+           sctp_style(sk, UDP))
+               goto out;
+
+       ep = sctp_sk(sk)->ep;
+       if (params.assoc_value) {
+               retval = sctp_auth_init(ep, GFP_KERNEL);
+               if (retval)
+                       goto out;
+               if (ep->asconf_enable) {
+                       sctp_auth_ep_add_chunkid(ep, SCTP_CID_ASCONF);
+                       sctp_auth_ep_add_chunkid(ep, SCTP_CID_ASCONF_ACK);
+               }
+       }
+
+       ep->auth_enable = !!params.assoc_value;
+       retval = 0;
+
+out:
+       return retval;
+}
+
 /* API 6.2 setsockopt(), getsockopt()
  *
  * Applications use setsockopt() and getsockopt() to set or retrieve
@@ -4723,6 +4763,9 @@ static int sctp_setsockopt(struct sock *sk, int level, int optname,
        case SCTP_ASCONF_SUPPORTED:
                retval = sctp_setsockopt_asconf_supported(sk, optval, optlen);
                break;
+       case SCTP_AUTH_SUPPORTED:
+               retval = sctp_setsockopt_auth_supported(sk, optval, optlen);
+               break;
        default:
                retval = -ENOPROTOOPT;
                break;
@@ -7746,6 +7789,45 @@ out:
        return retval;
 }
 
+static int sctp_getsockopt_auth_supported(struct sock *sk, int len,
+                                         char __user *optval,
+                                         int __user *optlen)
+{
+       struct sctp_assoc_value params;
+       struct sctp_association *asoc;
+       int retval = -EFAULT;
+
+       if (len < sizeof(params)) {
+               retval = -EINVAL;
+               goto out;
+       }
+
+       len = sizeof(params);
+       if (copy_from_user(&params, optval, len))
+               goto out;
+
+       asoc = sctp_id2assoc(sk, params.assoc_id);
+       if (!asoc && params.assoc_id != SCTP_FUTURE_ASSOC &&
+           sctp_style(sk, UDP)) {
+               retval = -EINVAL;
+               goto out;
+       }
+
+       params.assoc_value = asoc ? asoc->peer.auth_capable
+                                 : sctp_sk(sk)->ep->auth_enable;
+
+       if (put_user(len, optlen))
+               goto out;
+
+       if (copy_to_user(optval, &params, len))
+               goto out;
+
+       retval = 0;
+
+out:
+       return retval;
+}
+
 static int sctp_getsockopt(struct sock *sk, int level, int optname,
                           char __user *optval, int __user *optlen)
 {
@@ -7951,6 +8033,10 @@ static int sctp_getsockopt(struct sock *sk, int level, int optname,
                retval = sctp_getsockopt_asconf_supported(sk, len, optval,
                                                          optlen);
                break;
+       case SCTP_AUTH_SUPPORTED:
+               retval = sctp_getsockopt_auth_supported(sk, len, optval,
+                                                       optlen);
+               break;
        default:
                retval = -ENOPROTOOPT;
                break;