diff options
author | Jeff Layton <jlayton@redhat.com> | 2010-01-07 09:42:02 -0500 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-02-10 08:30:50 -0500 |
commit | dc5ddce956660247e004a4b20a26b7d137ab1644 (patch) | |
tree | 8e067bfb6f1fc84adf76a9370e35fbad77dd4636 /net/sunrpc/auth_gss | |
parent | ac73fddfc523bf3c3525d16356b44527c44fae6d (diff) |
sunrpc: parse and return errors reported by gssd
The kernel currently ignores any error code sent by gssd and always
considers it to be -EACCES. In order to better handle the situation of
an expired KRB5 TGT, the kernel needs to be able to parse and deal with
the errors that gssd sends. Aside from -EACCES the only error we care
about is -EKEYEXPIRED, which we're using to indicate that the upper
layers should retry the call a little later.
To maintain backward compatibility with older gssd's, any error other
than -EKEYEXPIRED is interpreted as -EACCES.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index f7a7f8380e38..0cfccc2a0297 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
@@ -206,8 +206,14 @@ gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct | |||
206 | ctx->gc_win = window_size; | 206 | ctx->gc_win = window_size; |
207 | /* gssd signals an error by passing ctx->gc_win = 0: */ | 207 | /* gssd signals an error by passing ctx->gc_win = 0: */ |
208 | if (ctx->gc_win == 0) { | 208 | if (ctx->gc_win == 0) { |
209 | /* in which case, p points to an error code which we ignore */ | 209 | /* |
210 | p = ERR_PTR(-EACCES); | 210 | * in which case, p points to an error code. Anything other |
211 | * than -EKEYEXPIRED gets converted to -EACCES. | ||
212 | */ | ||
213 | p = simple_get_bytes(p, end, &ret, sizeof(ret)); | ||
214 | if (!IS_ERR(p)) | ||
215 | p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) : | ||
216 | ERR_PTR(-EACCES); | ||
211 | goto err; | 217 | goto err; |
212 | } | 218 | } |
213 | /* copy the opaque wire context */ | 219 | /* copy the opaque wire context */ |
@@ -646,6 +652,7 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen) | |||
646 | err = PTR_ERR(p); | 652 | err = PTR_ERR(p); |
647 | switch (err) { | 653 | switch (err) { |
648 | case -EACCES: | 654 | case -EACCES: |
655 | case -EKEYEXPIRED: | ||
649 | gss_msg->msg.errno = err; | 656 | gss_msg->msg.errno = err; |
650 | err = mlen; | 657 | err = mlen; |
651 | break; | 658 | break; |