diff options
author | Kevin Coffman <kwc@citi.umich.edu> | 2010-03-17 13:02:47 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-05-14 15:09:15 -0400 |
commit | 7561042fb7870be0b4ee57efddce68bda8968abf (patch) | |
tree | 8946703293d7904928f473f14f4e645f6d5be65a /net/sunrpc/auth_gss | |
parent | 725f2865d4df31ac0768b13ae763beadc4bb8ce9 (diff) |
gss_krb5: Added and improved code comments
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 12 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_mech_switch.c | 14 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 15 |
3 files changed, 38 insertions, 3 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 75602ece58eb..d64a58b8ed33 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
@@ -1316,15 +1316,21 @@ gss_wrap_req_priv(struct rpc_cred *cred, struct gss_cl_ctx *ctx, | |||
1316 | inpages = snd_buf->pages + first; | 1316 | inpages = snd_buf->pages + first; |
1317 | snd_buf->pages = rqstp->rq_enc_pages; | 1317 | snd_buf->pages = rqstp->rq_enc_pages; |
1318 | snd_buf->page_base -= first << PAGE_CACHE_SHIFT; | 1318 | snd_buf->page_base -= first << PAGE_CACHE_SHIFT; |
1319 | /* Give the tail its own page, in case we need extra space in the | 1319 | /* |
1320 | * head when wrapping: */ | 1320 | * Give the tail its own page, in case we need extra space in the |
1321 | * head when wrapping: | ||
1322 | * | ||
1323 | * call_allocate() allocates twice the slack space required | ||
1324 | * by the authentication flavor to rq_callsize. | ||
1325 | * For GSS, slack is GSS_CRED_SLACK. | ||
1326 | */ | ||
1321 | if (snd_buf->page_len || snd_buf->tail[0].iov_len) { | 1327 | if (snd_buf->page_len || snd_buf->tail[0].iov_len) { |
1322 | tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]); | 1328 | tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]); |
1323 | memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len); | 1329 | memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len); |
1324 | snd_buf->tail[0].iov_base = tmp; | 1330 | snd_buf->tail[0].iov_base = tmp; |
1325 | } | 1331 | } |
1326 | maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages); | 1332 | maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages); |
1327 | /* RPC_SLACK_SPACE should prevent this ever happening: */ | 1333 | /* slack space should prevent this ever happening: */ |
1328 | BUG_ON(snd_buf->len > snd_buf->buflen); | 1334 | BUG_ON(snd_buf->len > snd_buf->buflen); |
1329 | status = -EIO; | 1335 | status = -EIO; |
1330 | /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was | 1336 | /* We're assuming that when GSS_S_CONTEXT_EXPIRED, the encryption was |
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c index 76e4c6f4ac3c..28a84ef41d13 100644 --- a/net/sunrpc/auth_gss/gss_mech_switch.c +++ b/net/sunrpc/auth_gss/gss_mech_switch.c | |||
@@ -285,6 +285,20 @@ gss_verify_mic(struct gss_ctx *context_handle, | |||
285 | mic_token); | 285 | mic_token); |
286 | } | 286 | } |
287 | 287 | ||
288 | /* | ||
289 | * This function is called from both the client and server code. | ||
290 | * Each makes guarantees about how much "slack" space is available | ||
291 | * for the underlying function in "buf"'s head and tail while | ||
292 | * performing the wrap. | ||
293 | * | ||
294 | * The client and server code allocate RPC_MAX_AUTH_SIZE extra | ||
295 | * space in both the head and tail which is available for use by | ||
296 | * the wrap function. | ||
297 | * | ||
298 | * Underlying functions should verify they do not use more than | ||
299 | * RPC_MAX_AUTH_SIZE of extra space in either the head or tail | ||
300 | * when performing the wrap. | ||
301 | */ | ||
288 | u32 | 302 | u32 |
289 | gss_wrap(struct gss_ctx *ctx_id, | 303 | gss_wrap(struct gss_ctx *ctx_id, |
290 | int offset, | 304 | int offset, |
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index b81e790ef9f4..1d9ac4ac818a 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c | |||
@@ -1315,6 +1315,14 @@ svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp) | |||
1315 | inpages = resbuf->pages; | 1315 | inpages = resbuf->pages; |
1316 | /* XXX: Would be better to write some xdr helper functions for | 1316 | /* XXX: Would be better to write some xdr helper functions for |
1317 | * nfs{2,3,4}xdr.c that place the data right, instead of copying: */ | 1317 | * nfs{2,3,4}xdr.c that place the data right, instead of copying: */ |
1318 | |||
1319 | /* | ||
1320 | * If there is currently tail data, make sure there is | ||
1321 | * room for the head, tail, and 2 * RPC_MAX_AUTH_SIZE in | ||
1322 | * the page, and move the current tail data such that | ||
1323 | * there is RPC_MAX_AUTH_SIZE slack space available in | ||
1324 | * both the head and tail. | ||
1325 | */ | ||
1318 | if (resbuf->tail[0].iov_base) { | 1326 | if (resbuf->tail[0].iov_base) { |
1319 | BUG_ON(resbuf->tail[0].iov_base >= resbuf->head[0].iov_base | 1327 | BUG_ON(resbuf->tail[0].iov_base >= resbuf->head[0].iov_base |
1320 | + PAGE_SIZE); | 1328 | + PAGE_SIZE); |
@@ -1327,6 +1335,13 @@ svcauth_gss_wrap_resp_priv(struct svc_rqst *rqstp) | |||
1327 | resbuf->tail[0].iov_len); | 1335 | resbuf->tail[0].iov_len); |
1328 | resbuf->tail[0].iov_base += RPC_MAX_AUTH_SIZE; | 1336 | resbuf->tail[0].iov_base += RPC_MAX_AUTH_SIZE; |
1329 | } | 1337 | } |
1338 | /* | ||
1339 | * If there is no current tail data, make sure there is | ||
1340 | * room for the head data, and 2 * RPC_MAX_AUTH_SIZE in the | ||
1341 | * allotted page, and set up tail information such that there | ||
1342 | * is RPC_MAX_AUTH_SIZE slack space available in both the | ||
1343 | * head and tail. | ||
1344 | */ | ||
1330 | if (resbuf->tail[0].iov_base == NULL) { | 1345 | if (resbuf->tail[0].iov_base == NULL) { |
1331 | if (resbuf->head[0].iov_len + 2*RPC_MAX_AUTH_SIZE > PAGE_SIZE) | 1346 | if (resbuf->head[0].iov_len + 2*RPC_MAX_AUTH_SIZE > PAGE_SIZE) |
1332 | return -ENOMEM; | 1347 | return -ENOMEM; |