diff options
Diffstat (limited to 'net/sunrpc/auth_gss')
| -rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 29 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_mech.c | 4 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_spkm3_mech.c | 4 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_spkm3_token.c | 2 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 12 |
5 files changed, 17 insertions, 34 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index cc12d5f5d5d..853a4142cea 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
| @@ -33,8 +33,6 @@ | |||
| 33 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 33 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
| 34 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | 34 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
| 35 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | * | ||
| 37 | * $Id$ | ||
| 38 | */ | 36 | */ |
| 39 | 37 | ||
| 40 | 38 | ||
| @@ -63,22 +61,11 @@ static const struct rpc_credops gss_nullops; | |||
| 63 | # define RPCDBG_FACILITY RPCDBG_AUTH | 61 | # define RPCDBG_FACILITY RPCDBG_AUTH |
| 64 | #endif | 62 | #endif |
| 65 | 63 | ||
| 66 | #define NFS_NGROUPS 16 | 64 | #define GSS_CRED_SLACK 1024 |
| 67 | |||
| 68 | #define GSS_CRED_SLACK 1024 /* XXX: unused */ | ||
| 69 | /* length of a krb5 verifier (48), plus data added before arguments when | 65 | /* length of a krb5 verifier (48), plus data added before arguments when |
| 70 | * using integrity (two 4-byte integers): */ | 66 | * using integrity (two 4-byte integers): */ |
| 71 | #define GSS_VERF_SLACK 100 | 67 | #define GSS_VERF_SLACK 100 |
| 72 | 68 | ||
| 73 | /* XXX this define must match the gssd define | ||
| 74 | * as it is passed to gssd to signal the use of | ||
| 75 | * machine creds should be part of the shared rpc interface */ | ||
| 76 | |||
| 77 | #define CA_RUN_AS_MACHINE 0x00000200 | ||
| 78 | |||
| 79 | /* dump the buffer in `emacs-hexl' style */ | ||
| 80 | #define isprint(c) ((c > 0x1f) && (c < 0x7f)) | ||
| 81 | |||
| 82 | struct gss_auth { | 69 | struct gss_auth { |
| 83 | struct kref kref; | 70 | struct kref kref; |
| 84 | struct rpc_auth rpc_auth; | 71 | struct rpc_auth rpc_auth; |
| @@ -146,7 +133,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest) | |||
| 146 | q = (const void *)((const char *)p + len); | 133 | q = (const void *)((const char *)p + len); |
| 147 | if (unlikely(q > end || q < p)) | 134 | if (unlikely(q > end || q < p)) |
| 148 | return ERR_PTR(-EFAULT); | 135 | return ERR_PTR(-EFAULT); |
| 149 | dest->data = kmemdup(p, len, GFP_KERNEL); | 136 | dest->data = kmemdup(p, len, GFP_NOFS); |
| 150 | if (unlikely(dest->data == NULL)) | 137 | if (unlikely(dest->data == NULL)) |
| 151 | return ERR_PTR(-ENOMEM); | 138 | return ERR_PTR(-ENOMEM); |
| 152 | dest->len = len; | 139 | dest->len = len; |
| @@ -171,7 +158,7 @@ gss_alloc_context(void) | |||
| 171 | { | 158 | { |
| 172 | struct gss_cl_ctx *ctx; | 159 | struct gss_cl_ctx *ctx; |
| 173 | 160 | ||
| 174 | ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); | 161 | ctx = kzalloc(sizeof(*ctx), GFP_NOFS); |
| 175 | if (ctx != NULL) { | 162 | if (ctx != NULL) { |
| 176 | ctx->gc_proc = RPC_GSS_PROC_DATA; | 163 | ctx->gc_proc = RPC_GSS_PROC_DATA; |
| 177 | ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */ | 164 | ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */ |
| @@ -272,7 +259,7 @@ __gss_find_upcall(struct rpc_inode *rpci, uid_t uid) | |||
| 272 | return NULL; | 259 | return NULL; |
| 273 | } | 260 | } |
| 274 | 261 | ||
| 275 | /* Try to add a upcall to the pipefs queue. | 262 | /* Try to add an upcall to the pipefs queue. |
| 276 | * If an upcall owned by our uid already exists, then we return a reference | 263 | * If an upcall owned by our uid already exists, then we return a reference |
| 277 | * to that upcall instead of adding the new upcall. | 264 | * to that upcall instead of adding the new upcall. |
| 278 | */ | 265 | */ |
| @@ -341,7 +328,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid) | |||
| 341 | { | 328 | { |
| 342 | struct gss_upcall_msg *gss_msg; | 329 | struct gss_upcall_msg *gss_msg; |
| 343 | 330 | ||
| 344 | gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL); | 331 | gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS); |
| 345 | if (gss_msg != NULL) { | 332 | if (gss_msg != NULL) { |
| 346 | INIT_LIST_HEAD(&gss_msg->list); | 333 | INIT_LIST_HEAD(&gss_msg->list); |
| 347 | rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq"); | 334 | rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq"); |
| @@ -493,7 +480,6 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen) | |||
| 493 | { | 480 | { |
| 494 | const void *p, *end; | 481 | const void *p, *end; |
| 495 | void *buf; | 482 | void *buf; |
| 496 | struct rpc_clnt *clnt; | ||
| 497 | struct gss_upcall_msg *gss_msg; | 483 | struct gss_upcall_msg *gss_msg; |
| 498 | struct inode *inode = filp->f_path.dentry->d_inode; | 484 | struct inode *inode = filp->f_path.dentry->d_inode; |
| 499 | struct gss_cl_ctx *ctx; | 485 | struct gss_cl_ctx *ctx; |
| @@ -503,11 +489,10 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen) | |||
| 503 | if (mlen > MSG_BUF_MAXSIZE) | 489 | if (mlen > MSG_BUF_MAXSIZE) |
| 504 | goto out; | 490 | goto out; |
| 505 | err = -ENOMEM; | 491 | err = -ENOMEM; |
| 506 | buf = kmalloc(mlen, GFP_KERNEL); | 492 | buf = kmalloc(mlen, GFP_NOFS); |
| 507 | if (!buf) | 493 | if (!buf) |
| 508 | goto out; | 494 | goto out; |
| 509 | 495 | ||
| 510 | clnt = RPC_I(inode)->private; | ||
| 511 | err = -EFAULT; | 496 | err = -EFAULT; |
| 512 | if (copy_from_user(buf, src, mlen)) | 497 | if (copy_from_user(buf, src, mlen)) |
| 513 | goto err; | 498 | goto err; |
| @@ -806,7 +791,7 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) | |||
| 806 | dprintk("RPC: gss_create_cred for uid %d, flavor %d\n", | 791 | dprintk("RPC: gss_create_cred for uid %d, flavor %d\n", |
| 807 | acred->uid, auth->au_flavor); | 792 | acred->uid, auth->au_flavor); |
| 808 | 793 | ||
| 809 | if (!(cred = kzalloc(sizeof(*cred), GFP_KERNEL))) | 794 | if (!(cred = kzalloc(sizeof(*cred), GFP_NOFS))) |
| 810 | goto out_err; | 795 | goto out_err; |
| 811 | 796 | ||
| 812 | rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops); | 797 | rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops); |
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 60c3dba545d..ef45eba2248 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c | |||
| @@ -70,7 +70,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res) | |||
| 70 | q = (const void *)((const char *)p + len); | 70 | q = (const void *)((const char *)p + len); |
| 71 | if (unlikely(q > end || q < p)) | 71 | if (unlikely(q > end || q < p)) |
| 72 | return ERR_PTR(-EFAULT); | 72 | return ERR_PTR(-EFAULT); |
| 73 | res->data = kmemdup(p, len, GFP_KERNEL); | 73 | res->data = kmemdup(p, len, GFP_NOFS); |
| 74 | if (unlikely(res->data == NULL)) | 74 | if (unlikely(res->data == NULL)) |
| 75 | return ERR_PTR(-ENOMEM); | 75 | return ERR_PTR(-ENOMEM); |
| 76 | res->len = len; | 76 | res->len = len; |
| @@ -131,7 +131,7 @@ gss_import_sec_context_kerberos(const void *p, | |||
| 131 | struct krb5_ctx *ctx; | 131 | struct krb5_ctx *ctx; |
| 132 | int tmp; | 132 | int tmp; |
| 133 | 133 | ||
| 134 | if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL))) | 134 | if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) |
| 135 | goto out_err; | 135 | goto out_err; |
| 136 | 136 | ||
| 137 | p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); | 137 | p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); |
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c index 5deb4b6e451..035e1dd6af1 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_mech.c +++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c | |||
| @@ -76,7 +76,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res) | |||
| 76 | q = (const void *)((const char *)p + len); | 76 | q = (const void *)((const char *)p + len); |
| 77 | if (unlikely(q > end || q < p)) | 77 | if (unlikely(q > end || q < p)) |
| 78 | return ERR_PTR(-EFAULT); | 78 | return ERR_PTR(-EFAULT); |
| 79 | res->data = kmemdup(p, len, GFP_KERNEL); | 79 | res->data = kmemdup(p, len, GFP_NOFS); |
| 80 | if (unlikely(res->data == NULL)) | 80 | if (unlikely(res->data == NULL)) |
| 81 | return ERR_PTR(-ENOMEM); | 81 | return ERR_PTR(-ENOMEM); |
| 82 | return q; | 82 | return q; |
| @@ -90,7 +90,7 @@ gss_import_sec_context_spkm3(const void *p, size_t len, | |||
| 90 | struct spkm3_ctx *ctx; | 90 | struct spkm3_ctx *ctx; |
| 91 | int version; | 91 | int version; |
| 92 | 92 | ||
| 93 | if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL))) | 93 | if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) |
| 94 | goto out_err; | 94 | goto out_err; |
| 95 | 95 | ||
| 96 | p = simple_get_bytes(p, end, &version, sizeof(version)); | 96 | p = simple_get_bytes(p, end, &version, sizeof(version)); |
diff --git a/net/sunrpc/auth_gss/gss_spkm3_token.c b/net/sunrpc/auth_gss/gss_spkm3_token.c index 6cdd241ad26..3308157436d 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_token.c +++ b/net/sunrpc/auth_gss/gss_spkm3_token.c | |||
| @@ -90,7 +90,7 @@ asn1_bitstring_len(struct xdr_netobj *in, int *enclen, int *zerobits) | |||
| 90 | int | 90 | int |
| 91 | decode_asn1_bitstring(struct xdr_netobj *out, char *in, int enclen, int explen) | 91 | decode_asn1_bitstring(struct xdr_netobj *out, char *in, int enclen, int explen) |
| 92 | { | 92 | { |
| 93 | if (!(out->data = kzalloc(explen,GFP_KERNEL))) | 93 | if (!(out->data = kzalloc(explen,GFP_NOFS))) |
| 94 | return 0; | 94 | return 0; |
| 95 | out->len = explen; | 95 | out->len = explen; |
| 96 | memcpy(out->data, in, enclen); | 96 | memcpy(out->data, in, enclen); |
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 5905d56737d..81ae3d62a0c 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c | |||
| @@ -1144,20 +1144,20 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
| 1144 | case RPC_GSS_SVC_NONE: | 1144 | case RPC_GSS_SVC_NONE: |
| 1145 | break; | 1145 | break; |
| 1146 | case RPC_GSS_SVC_INTEGRITY: | 1146 | case RPC_GSS_SVC_INTEGRITY: |
| 1147 | /* placeholders for length and seq. number: */ | ||
| 1148 | svc_putnl(resv, 0); | ||
| 1149 | svc_putnl(resv, 0); | ||
| 1147 | if (unwrap_integ_data(&rqstp->rq_arg, | 1150 | if (unwrap_integ_data(&rqstp->rq_arg, |
| 1148 | gc->gc_seq, rsci->mechctx)) | 1151 | gc->gc_seq, rsci->mechctx)) |
| 1149 | goto garbage_args; | 1152 | goto garbage_args; |
| 1153 | break; | ||
| 1154 | case RPC_GSS_SVC_PRIVACY: | ||
| 1150 | /* placeholders for length and seq. number: */ | 1155 | /* placeholders for length and seq. number: */ |
| 1151 | svc_putnl(resv, 0); | 1156 | svc_putnl(resv, 0); |
| 1152 | svc_putnl(resv, 0); | 1157 | svc_putnl(resv, 0); |
| 1153 | break; | ||
| 1154 | case RPC_GSS_SVC_PRIVACY: | ||
| 1155 | if (unwrap_priv_data(rqstp, &rqstp->rq_arg, | 1158 | if (unwrap_priv_data(rqstp, &rqstp->rq_arg, |
| 1156 | gc->gc_seq, rsci->mechctx)) | 1159 | gc->gc_seq, rsci->mechctx)) |
| 1157 | goto garbage_args; | 1160 | goto garbage_args; |
| 1158 | /* placeholders for length and seq. number: */ | ||
| 1159 | svc_putnl(resv, 0); | ||
| 1160 | svc_putnl(resv, 0); | ||
| 1161 | break; | 1161 | break; |
| 1162 | default: | 1162 | default: |
| 1163 | goto auth_err; | 1163 | goto auth_err; |
| @@ -1170,8 +1170,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
| 1170 | goto out; | 1170 | goto out; |
| 1171 | } | 1171 | } |
| 1172 | garbage_args: | 1172 | garbage_args: |
| 1173 | /* Restore write pointer to its original value: */ | ||
| 1174 | xdr_ressize_check(rqstp, reject_stat); | ||
| 1175 | ret = SVC_GARBAGE; | 1173 | ret = SVC_GARBAGE; |
| 1176 | goto out; | 1174 | goto out; |
| 1177 | auth_err: | 1175 | auth_err: |