aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Coffman <kwc@citi.umich.edu>2010-03-17 13:02:47 -0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2010-05-14 15:09:15 -0400
commit7561042fb7870be0b4ee57efddce68bda8968abf (patch)
tree8946703293d7904928f473f14f4e645f6d5be65a
parent725f2865d4df31ac0768b13ae763beadc4bb8ce9 (diff)
gss_krb5: Added and improved code comments
Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c12
-rw-r--r--net/sunrpc/auth_gss/gss_mech_switch.c14
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c15
3 files changed, 38 insertions, 3 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 75602ece58eb..d64a58b8ed33 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -1316,15 +1316,21 @@ gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx,
1316 inpages = snd_buf->pages + first; 1316 inpages = snd_buf->pages + first;
1317 snd_buf->pages = rqstp->rq_enc_pages; 1317 snd_buf->pages = rqstp->rq_enc_pages;
1318 snd_buf->page_base -= first << PAGE_CACHE_SHIFT; 1318 snd_buf->page_base -= first << PAGE_CACHE_SHIFT;
1319 /* Give the tail its own page, in case we need extra space in the 1319 /*
1320 * head when wrapping: */ 1320 * Give the tail its own page, in case we need extra space in the
1321 * head when wrapping:
1322 *
1323 * call_allocate() allocates twice the slack space required
1324 * by the authentication flavor to rq_callsize.
1325 * For GSS, slack is GSS_CRED_SLACK.
1326 */
1321 if (snd_buf->page_len || snd_buf->tail[0].iov_len) { 1327 if (snd_buf->page_len || snd_buf->tail[0].iov_len) {
1322 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]); 1328 tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
1323 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len); 1329 memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
1324 snd_buf->tail[0].iov_base = tmp; 1330 snd_buf->tail[0].iov_base = tmp;
1325 } 1331 }
1326 maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages); 1332 maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
1327 /* RPC_SLACK_SPACE should prevent this ever happening: */ 1333 /* slack space should prevent this ever happening: */
1328 BUG_ON(snd_buf->len > snd_buf->buflen); 1334 BUG_ON(snd_buf->len > snd_buf->buflen);
1329 status = -EIO; 1335 status = -EIO;
1330 /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was 1336 /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index 76e4c6f4ac3c..28a84ef41d13 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -285,6 +285,20 @@ gss_verify_mic(struct gss_ctx *context_handle,
285 mic_token); 285 mic_token);
286} 286}
287 287
288/*
289 * This function is called from both the client and server code.
290 * Each makes guarantees about how much "slack" space is available
291 * for the underlying function in "buf"'s head and tail while
292 * performing the wrap.
293 *
294 * The client and server code allocate RPC_MAX_AUTH_SIZE extra
295 * space in both the head and tail which is available for use by
296 * the wrap function.
297 *
298 * Underlying functions should verify they do not use more than
299 * RPC_MAX_AUTH_SIZE of extra space in either the head or tail
300 * when performing the wrap.
301 */
288u32 302u32
289gss_wrap(struct gss_ctx *ctx_id, 303gss_wrap(struct gss_ctx *ctx_id,
290 int offset, 304 int offset,
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index b81e790ef9f4..1d9ac4ac818a 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1315,6 +1315,14 @@ svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp)
1315 inpages = resbuf->pages; 1315 inpages = resbuf->pages;
1316 /* XXX: Would be better to write some xdr helper functions for 1316 /* XXX: Would be better to write some xdr helper functions for
1317 * nfs{2,3,4}xdr.c that place the data right, instead of copying: */ 1317 * nfs{2,3,4}xdr.c that place the data right, instead of copying: */
1318
1319 /*
1320 * If there is currently tail data, make sure there is
1321 * room for the head, tail, and 2 * RPC_MAX_AUTH_SIZE in
1322 * the page, and move the current tail data such that
1323 * there is RPC_MAX_AUTH_SIZE slack space available in
1324 * both the head and tail.
1325 */
1318 if (resbuf->tail[0].iov_base) { 1326 if (resbuf->tail[0].iov_base) {
1319 BUG_ON(resbuf->tail[0].iov_base >= resbuf->head[0].iov_base 1327 BUG_ON(resbuf->tail[0].iov_base >= resbuf->head[0].iov_base
1320 + PAGE_SIZE); 1328 + PAGE_SIZE);
@@ -1327,6 +1335,13 @@ svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp)
1327 resbuf->tail[0].iov_len); 1335 resbuf->tail[0].iov_len);
1328 resbuf->tail[0].iov_base += RPC_MAX_AUTH_SIZE; 1336 resbuf->tail[0].iov_base += RPC_MAX_AUTH_SIZE;
1329 } 1337 }
1338 /*
1339 * If there is no current tail data, make sure there is
1340 * room for the head data, and 2 * RPC_MAX_AUTH_SIZE in the
1341 * allotted page, and set up tail information such that there
1342 * is RPC_MAX_AUTH_SIZE slack space available in both the
1343 * head and tail.
1344 */
1330 if (resbuf->tail[0].iov_base == NULL) { 1345 if (resbuf->tail[0].iov_base == NULL) {
1331 if (resbuf->head[0].iov_len + 2*RPC_MAX_AUTH_SIZE > PAGE_SIZE) 1346 if (resbuf->head[0].iov_len + 2*RPC_MAX_AUTH_SIZE > PAGE_SIZE)
1332 return -ENOMEM; 1347 return -ENOMEM;