rxrpc: Fix missing security check on incoming calls

struct rxrpc_security {

	const char		*name;		/* name of this service */

	u8			security_index;	/* security type provided */

	u32			no_key_abort;	/* Abort code indicating no key */

	/* Initialise a security service */

	int (*init)(void);

struct rxrpc_connection *rxrpc_find_service_conn_rcu(struct rxrpc_peer *,

						     struct sk_buff *);

struct rxrpc_connection *rxrpc_prealloc_service_connection(struct rxrpc_net *, gfp_t);

void rxrpc_new_incoming_connection(struct rxrpc_sock *,

				   struct rxrpc_connection *, struct sk_buff *);

void rxrpc_new_incoming_connection(struct rxrpc_sock *, struct rxrpc_connection *,

				   const struct rxrpc_security *, struct key *,

				   struct sk_buff *);

void rxrpc_unpublish_service_conn(struct rxrpc_connection *);

/*

int __init rxrpc_init_security(void);

void rxrpc_exit_security(void);

int rxrpc_init_client_conn_security(struct rxrpc_connection *);

int rxrpc_init_server_conn_security(struct rxrpc_connection *);

bool rxrpc_look_up_server_security(struct rxrpc_local *, struct rxrpc_sock *,

				   const struct rxrpc_security **, struct key **,

				   struct sk_buff *);

/*

 * sendmsg.c

						    struct rxrpc_local *local,

						    struct rxrpc_peer *peer,

						    struct rxrpc_connection *conn,

						    const struct rxrpc_security *sec,

						    struct key *key,

						    struct sk_buff *skb)

{

	struct rxrpc_backlog *b = rx->backlog;

		conn->params.local = rxrpc_get_local(local);

		conn->params.peer = peer;

		rxrpc_see_connection(conn);

		rxrpc_new_incoming_connection(rx, conn, skb);

		rxrpc_new_incoming_connection(rx, conn, sec, key, skb);

	} else {

		rxrpc_get_connection(conn);

	}

					   struct sk_buff *skb)

{

	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);

	const struct rxrpc_security *sec = NULL;

	struct rxrpc_connection *conn;

	struct rxrpc_peer *peer = NULL;

	struct rxrpc_call *call;

	struct rxrpc_call *call = NULL;

	struct key *key = NULL;

	_enter("");

	 */

	conn = rxrpc_find_connection_rcu(local, skb, &peer);

	call = rxrpc_alloc_incoming_call(rx, local, peer, conn, skb);

	if (!conn && !rxrpc_look_up_server_security(local, rx, &sec, &key, skb))

		goto no_call;

	call = rxrpc_alloc_incoming_call(rx, local, peer, conn, sec, key, skb);

	key_put(key);

	if (!call) {

		skb->mark = RXRPC_SKB_MARK_REJECT_BUSY;

		goto no_call;

	_enter("{%d}", conn->debug_id);

	ASSERT(conn->security_ix != 0);

	if (!conn->params.key) {

		_debug("set up security");

		ret = rxrpc_init_server_conn_security(conn);

		switch (ret) {

		case 0:

			break;

		case -ENOENT:

			abort_code = RX_CALL_DEAD;

			goto abort;

		default:

			abort_code = RXKADNOAUTH;

			goto abort;

		}

	}

	ASSERT(conn->server_key);

	if (conn->security->issue_challenge(conn) < 0) {

		abort_code = RX_CALL_DEAD;

 */

void rxrpc_new_incoming_connection(struct rxrpc_sock *rx,

				   struct rxrpc_connection *conn,

				   const struct rxrpc_security *sec,

				   struct key *key,

				   struct sk_buff *skb)

{

	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);

	conn->service_id	= sp->hdr.serviceId;

	conn->security_ix	= sp->hdr.securityIndex;

	conn->out_clientflag	= 0;

	conn->security		= sec;

	conn->server_key	= key_get(key);

	if (conn->security_ix)

		conn->state	= RXRPC_CONN_SERVICE_UNSECURED;

	else

	u32 serial;

	int ret;

	_enter("{%d,%x}", conn->debug_id, key_serial(conn->params.key));

	_enter("{%d,%x}", conn->debug_id, key_serial(conn->server_key));

	ret = key_validate(conn->params.key);

	ret = key_validate(conn->server_key);

	if (ret < 0)

		return ret;

const struct rxrpc_security rxkad = {

	.name				= "rxkad",

	.security_index			= RXRPC_SECURITY_RXKAD,

	.no_key_abort			= RXKADUNKNOWNKEY,

	.init				= rxkad_init,

	.exit				= rxkad_exit,

	.init_connection_security	= rxkad_init_connection_security,