aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2010-01-07 09:42:02 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2010-02-10 08:30:50 -0500
commitdc5ddce956660247e004a4b20a26b7d137ab1644 (patch)
tree8e067bfb6f1fc84adf76a9370e35fbad77dd4636 /net/sunrpc/auth_gss
parentac73fddfc523bf3c3525d16356b44527c44fae6d (diff)
sunrpc: parse and return errors reported by gssd
The kernel currently ignores any error code sent by gssd and always considers it to be -EACCES. In order to better handle the situation of an expired KRB5 TGT, the kernel needs to be able to parse and deal with the errors that gssd sends. Aside from -EACCES the only error we care about is -EKEYEXPIRED, which we're using to indicate that the upper layers should retry the call a little later. To maintain backward compatibility with older gssd's, any error other than -EKEYEXPIRED is interpreted as -EACCES. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index f7a7f8380e38..0cfccc2a0297 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -206,8 +206,14 @@ gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct
206 ctx->gc_win = window_size; 206 ctx->gc_win = window_size;
207 /* gssd signals an error by passing ctx->gc_win = 0: */ 207 /* gssd signals an error by passing ctx->gc_win = 0: */
208 if (ctx->gc_win == 0) { 208 if (ctx->gc_win == 0) {
209 /* in which case, p points to an error code which we ignore */ 209 /*
210 p = ERR_PTR(-EACCES); 210 * in which case, p points to an error code. Anything other
211 * than -EKEYEXPIRED gets converted to -EACCES.
212 */
213 p = simple_get_bytes(p, end, &ret, sizeof(ret));
214 if (!IS_ERR(p))
215 p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
216 ERR_PTR(-EACCES);
211 goto err; 217 goto err;
212 } 218 }
213 /* copy the opaque wire context */ 219 /* copy the opaque wire context */
@@ -646,6 +652,7 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
646 err = PTR_ERR(p); 652 err = PTR_ERR(p);
647 switch (err) { 653 switch (err) {
648 case -EACCES: 654 case -EACCES:
655 case -EKEYEXPIRED:
649 gss_msg->msg.errno = err; 656 gss_msg->msg.errno = err;
650 err = mlen; 657 err = mlen;
651 break; 658 break;