diff options
Diffstat (limited to 'net/sunrpc/auth.c')
| -rw-r--r-- | net/sunrpc/auth.c | 136 |
1 files changed, 73 insertions, 63 deletions
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c index f3023bbc0b7f..e7861026b9e5 100644 --- a/net/sunrpc/auth.c +++ b/net/sunrpc/auth.c | |||
| @@ -17,9 +17,7 @@ | |||
| 17 | #include <linux/sunrpc/gss_api.h> | 17 | #include <linux/sunrpc/gss_api.h> |
| 18 | #include <linux/spinlock.h> | 18 | #include <linux/spinlock.h> |
| 19 | 19 | ||
| 20 | #if IS_ENABLED(CONFIG_SUNRPC_DEBUG) | 20 | #include <trace/events/sunrpc.h> |
| 21 | # define RPCDBG_FACILITY RPCDBG_AUTH | ||
| 22 | #endif | ||
| 23 | 21 | ||
| 24 | #define RPC_CREDCACHE_DEFAULT_HASHBITS (4) | 22 | #define RPC_CREDCACHE_DEFAULT_HASHBITS (4) |
| 25 | struct rpc_cred_cache { | 23 | struct rpc_cred_cache { |
| @@ -267,8 +265,6 @@ rpcauth_list_flavors(rpc_authflavor_t *array, int size) | |||
| 267 | } | 265 | } |
| 268 | } | 266 | } |
| 269 | rcu_read_unlock(); | 267 | rcu_read_unlock(); |
| 270 | |||
| 271 | dprintk("RPC: %s returns %d\n", __func__, result); | ||
| 272 | return result; | 268 | return result; |
| 273 | } | 269 | } |
| 274 | EXPORT_SYMBOL_GPL(rpcauth_list_flavors); | 270 | EXPORT_SYMBOL_GPL(rpcauth_list_flavors); |
| @@ -636,9 +632,6 @@ rpcauth_lookupcred(struct rpc_auth *auth, int flags) | |||
| 636 | struct rpc_cred *ret; | 632 | struct rpc_cred *ret; |
| 637 | const struct cred *cred = current_cred(); | 633 | const struct cred *cred = current_cred(); |
| 638 | 634 | ||
| 639 | dprintk("RPC: looking up %s cred\n", | ||
| 640 | auth->au_ops->au_name); | ||
| 641 | |||
| 642 | memset(&acred, 0, sizeof(acred)); | 635 | memset(&acred, 0, sizeof(acred)); |
| 643 | acred.cred = cred; | 636 | acred.cred = cred; |
| 644 | ret = auth->au_ops->lookup_cred(auth, &acred, flags); | 637 | ret = auth->au_ops->lookup_cred(auth, &acred, flags); |
| @@ -670,8 +663,6 @@ rpcauth_bind_root_cred(struct rpc_task *task, int lookupflags) | |||
| 670 | }; | 663 | }; |
| 671 | struct rpc_cred *ret; | 664 | struct rpc_cred *ret; |
| 672 | 665 | ||
| 673 | dprintk("RPC: %5u looking up %s cred\n", | ||
| 674 | task->tk_pid, task->tk_client->cl_auth->au_ops->au_name); | ||
| 675 | ret = auth->au_ops->lookup_cred(auth, &acred, lookupflags); | 666 | ret = auth->au_ops->lookup_cred(auth, &acred, lookupflags); |
| 676 | put_cred(acred.cred); | 667 | put_cred(acred.cred); |
| 677 | return ret; | 668 | return ret; |
| @@ -688,8 +679,6 @@ rpcauth_bind_machine_cred(struct rpc_task *task, int lookupflags) | |||
| 688 | 679 | ||
| 689 | if (!acred.principal) | 680 | if (!acred.principal) |
| 690 | return NULL; | 681 | return NULL; |
| 691 | dprintk("RPC: %5u looking up %s machine cred\n", | ||
| 692 | task->tk_pid, task->tk_client->cl_auth->au_ops->au_name); | ||
| 693 | return auth->au_ops->lookup_cred(auth, &acred, lookupflags); | 682 | return auth->au_ops->lookup_cred(auth, &acred, lookupflags); |
| 694 | } | 683 | } |
| 695 | 684 | ||
| @@ -698,8 +687,6 @@ rpcauth_bind_new_cred(struct rpc_task *task, int lookupflags) | |||
| 698 | { | 687 | { |
| 699 | struct rpc_auth *auth = task->tk_client->cl_auth; | 688 | struct rpc_auth *auth = task->tk_client->cl_auth; |
| 700 | 689 | ||
| 701 | dprintk("RPC: %5u looking up %s cred\n", | ||
| 702 | task->tk_pid, auth->au_ops->au_name); | ||
| 703 | return rpcauth_lookupcred(auth, lookupflags); | 690 | return rpcauth_lookupcred(auth, lookupflags); |
| 704 | } | 691 | } |
| 705 | 692 | ||
| @@ -771,75 +758,102 @@ destroy: | |||
| 771 | } | 758 | } |
| 772 | EXPORT_SYMBOL_GPL(put_rpccred); | 759 | EXPORT_SYMBOL_GPL(put_rpccred); |
| 773 | 760 | ||
| 774 | __be32 * | 761 | /** |
| 775 | rpcauth_marshcred(struct rpc_task *task, __be32 *p) | 762 | * rpcauth_marshcred - Append RPC credential to end of @xdr |
| 763 | * @task: controlling RPC task | ||
| 764 | * @xdr: xdr_stream containing initial portion of RPC Call header | ||
| 765 | * | ||
| 766 | * On success, an appropriate verifier is added to @xdr, @xdr is | ||
| 767 | * updated to point past the verifier, and zero is returned. | ||
| 768 | * Otherwise, @xdr is in an undefined state and a negative errno | ||
| 769 | * is returned. | ||
| 770 | */ | ||
| 771 | int rpcauth_marshcred(struct rpc_task *task, struct xdr_stream *xdr) | ||
| 776 | { | 772 | { |
| 777 | struct rpc_cred *cred = task->tk_rqstp->rq_cred; | 773 | const struct rpc_credops *ops = task->tk_rqstp->rq_cred->cr_ops; |
| 778 | 774 | ||
| 779 | dprintk("RPC: %5u marshaling %s cred %p\n", | 775 | return ops->crmarshal(task, xdr); |
| 780 | task->tk_pid, cred->cr_auth->au_ops->au_name, cred); | ||
| 781 | |||
| 782 | return cred->cr_ops->crmarshal(task, p); | ||
| 783 | } | 776 | } |
| 784 | 777 | ||
| 785 | __be32 * | 778 | /** |
| 786 | rpcauth_checkverf(struct rpc_task *task, __be32 *p) | 779 | * rpcauth_wrap_req_encode - XDR encode the RPC procedure |
| 780 | * @task: controlling RPC task | ||
| 781 | * @xdr: stream where on-the-wire bytes are to be marshalled | ||
| 782 | * | ||
| 783 | * On success, @xdr contains the encoded and wrapped message. | ||
| 784 | * Otherwise, @xdr is in an undefined state. | ||
| 785 | */ | ||
| 786 | int rpcauth_wrap_req_encode(struct rpc_task *task, struct xdr_stream *xdr) | ||
| 787 | { | 787 | { |
| 788 | struct rpc_cred *cred = task->tk_rqstp->rq_cred; | 788 | kxdreproc_t encode = task->tk_msg.rpc_proc->p_encode; |
| 789 | 789 | ||
| 790 | dprintk("RPC: %5u validating %s cred %p\n", | 790 | encode(task->tk_rqstp, xdr, task->tk_msg.rpc_argp); |
| 791 | task->tk_pid, cred->cr_auth->au_ops->au_name, cred); | 791 | return 0; |
| 792 | |||
| 793 | return cred->cr_ops->crvalidate(task, p); | ||
| 794 | } | 792 | } |
| 793 | EXPORT_SYMBOL_GPL(rpcauth_wrap_req_encode); | ||
| 795 | 794 | ||
| 796 | static void rpcauth_wrap_req_encode(kxdreproc_t encode, struct rpc_rqst *rqstp, | 795 | /** |
| 797 | __be32 *data, void *obj) | 796 | * rpcauth_wrap_req - XDR encode and wrap the RPC procedure |
| 797 | * @task: controlling RPC task | ||
| 798 | * @xdr: stream where on-the-wire bytes are to be marshalled | ||
| 799 | * | ||
| 800 | * On success, @xdr contains the encoded and wrapped message, | ||
| 801 | * and zero is returned. Otherwise, @xdr is in an undefined | ||
| 802 | * state and a negative errno is returned. | ||
| 803 | */ | ||
| 804 | int rpcauth_wrap_req(struct rpc_task *task, struct xdr_stream *xdr) | ||
| 798 | { | 805 | { |
| 799 | struct xdr_stream xdr; | 806 | const struct rpc_credops *ops = task->tk_rqstp->rq_cred->cr_ops; |
| 800 | 807 | ||
| 801 | xdr_init_encode(&xdr, &rqstp->rq_snd_buf, data); | 808 | return ops->crwrap_req(task, xdr); |
| 802 | encode(rqstp, &xdr, obj); | ||
| 803 | } | 809 | } |
| 804 | 810 | ||
| 811 | /** | ||
| 812 | * rpcauth_checkverf - Validate verifier in RPC Reply header | ||
| 813 | * @task: controlling RPC task | ||
| 814 | * @xdr: xdr_stream containing RPC Reply header | ||
| 815 | * | ||
| 816 | * On success, @xdr is updated to point past the verifier and | ||
| 817 | * zero is returned. Otherwise, @xdr is in an undefined state | ||
| 818 | * and a negative errno is returned. | ||
| 819 | */ | ||
| 805 | int | 820 | int |
| 806 | rpcauth_wrap_req(struct rpc_task *task, kxdreproc_t encode, void *rqstp, | 821 | rpcauth_checkverf(struct rpc_task *task, struct xdr_stream *xdr) |
| 807 | __be32 *data, void *obj) | ||
| 808 | { | 822 | { |
| 809 | struct rpc_cred *cred = task->tk_rqstp->rq_cred; | 823 | const struct rpc_credops *ops = task->tk_rqstp->rq_cred->cr_ops; |
| 810 | 824 | ||
| 811 | dprintk("RPC: %5u using %s cred %p to wrap rpc data\n", | 825 | return ops->crvalidate(task, xdr); |
| 812 | task->tk_pid, cred->cr_ops->cr_name, cred); | ||
| 813 | if (cred->cr_ops->crwrap_req) | ||
| 814 | return cred->cr_ops->crwrap_req(task, encode, rqstp, data, obj); | ||
| 815 | /* By default, we encode the arguments normally. */ | ||
| 816 | rpcauth_wrap_req_encode(encode, rqstp, data, obj); | ||
| 817 | return 0; | ||
| 818 | } | 826 | } |
| 819 | 827 | ||
| 820 | static int | 828 | /** |
| 821 | rpcauth_unwrap_req_decode(kxdrdproc_t decode, struct rpc_rqst *rqstp, | 829 | * rpcauth_unwrap_resp_decode - Invoke XDR decode function |
| 822 | __be32 *data, void *obj) | 830 | * @task: controlling RPC task |
| 831 | * @xdr: stream where the Reply message resides | ||
| 832 | * | ||
| 833 | * Returns zero on success; otherwise a negative errno is returned. | ||
| 834 | */ | ||
| 835 | int | ||
| 836 | rpcauth_unwrap_resp_decode(struct rpc_task *task, struct xdr_stream *xdr) | ||
| 823 | { | 837 | { |
| 824 | struct xdr_stream xdr; | 838 | kxdrdproc_t decode = task->tk_msg.rpc_proc->p_decode; |
| 825 | 839 | ||
| 826 | xdr_init_decode(&xdr, &rqstp->rq_rcv_buf, data); | 840 | return decode(task->tk_rqstp, xdr, task->tk_msg.rpc_resp); |
| 827 | return decode(rqstp, &xdr, obj); | ||
| 828 | } | 841 | } |
| 842 | EXPORT_SYMBOL_GPL(rpcauth_unwrap_resp_decode); | ||
| 829 | 843 | ||
| 844 | /** | ||
| 845 | * rpcauth_unwrap_resp - Invoke unwrap and decode function for the cred | ||
| 846 | * @task: controlling RPC task | ||
| 847 | * @xdr: stream where the Reply message resides | ||
| 848 | * | ||
| 849 | * Returns zero on success; otherwise a negative errno is returned. | ||
| 850 | */ | ||
| 830 | int | 851 | int |
| 831 | rpcauth_unwrap_resp(struct rpc_task *task, kxdrdproc_t decode, void *rqstp, | 852 | rpcauth_unwrap_resp(struct rpc_task *task, struct xdr_stream *xdr) |
| 832 | __be32 *data, void *obj) | ||
| 833 | { | 853 | { |
| 834 | struct rpc_cred *cred = task->tk_rqstp->rq_cred; | 854 | const struct rpc_credops *ops = task->tk_rqstp->rq_cred->cr_ops; |
| 835 | 855 | ||
| 836 | dprintk("RPC: %5u using %s cred %p to unwrap rpc data\n", | 856 | return ops->crunwrap_resp(task, xdr); |
| 837 | task->tk_pid, cred->cr_ops->cr_name, cred); | ||
| 838 | if (cred->cr_ops->crunwrap_resp) | ||
| 839 | return cred->cr_ops->crunwrap_resp(task, decode, rqstp, | ||
| 840 | data, obj); | ||
| 841 | /* By default, we decode the arguments normally. */ | ||
| 842 | return rpcauth_unwrap_req_decode(decode, rqstp, data, obj); | ||
| 843 | } | 857 | } |
| 844 | 858 | ||
| 845 | bool | 859 | bool |
| @@ -865,8 +879,6 @@ rpcauth_refreshcred(struct rpc_task *task) | |||
| 865 | goto out; | 879 | goto out; |
| 866 | cred = task->tk_rqstp->rq_cred; | 880 | cred = task->tk_rqstp->rq_cred; |
| 867 | } | 881 | } |
| 868 | dprintk("RPC: %5u refreshing %s cred %p\n", | ||
| 869 | task->tk_pid, cred->cr_auth->au_ops->au_name, cred); | ||
| 870 | 882 | ||
| 871 | err = cred->cr_ops->crrefresh(task); | 883 | err = cred->cr_ops->crrefresh(task); |
| 872 | out: | 884 | out: |
| @@ -880,8 +892,6 @@ rpcauth_invalcred(struct rpc_task *task) | |||
| 880 | { | 892 | { |
| 881 | struct rpc_cred *cred = task->tk_rqstp->rq_cred; | 893 | struct rpc_cred *cred = task->tk_rqstp->rq_cred; |
| 882 | 894 | ||
| 883 | dprintk("RPC: %5u invalidating %s cred %p\n", | ||
| 884 | task->tk_pid, cred->cr_auth->au_ops->au_name, cred); | ||
| 885 | if (cred) | 895 | if (cred) |
| 886 | clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags); | 896 | clear_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags); |
| 887 | } | 897 | } |