diff options
Diffstat (limited to 'net/sunrpc/auth_gss/auth_gss.c')
| -rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 40 |
1 files changed, 29 insertions, 11 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 8d782282ec19..bb46efd92e57 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
| @@ -158,6 +158,7 @@ gss_cred_set_ctx(struct rpc_cred *cred, struct gss_cl_ctx *ctx) | |||
| 158 | old = gss_cred->gc_ctx; | 158 | old = gss_cred->gc_ctx; |
| 159 | gss_cred->gc_ctx = ctx; | 159 | gss_cred->gc_ctx = ctx; |
| 160 | cred->cr_flags |= RPCAUTH_CRED_UPTODATE; | 160 | cred->cr_flags |= RPCAUTH_CRED_UPTODATE; |
| 161 | cred->cr_flags &= ~RPCAUTH_CRED_NEW; | ||
| 161 | write_unlock(&gss_ctx_lock); | 162 | write_unlock(&gss_ctx_lock); |
| 162 | if (old) | 163 | if (old) |
| 163 | gss_put_ctx(old); | 164 | gss_put_ctx(old); |
| @@ -580,7 +581,7 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen) | |||
| 580 | } else { | 581 | } else { |
| 581 | struct auth_cred acred = { .uid = uid }; | 582 | struct auth_cred acred = { .uid = uid }; |
| 582 | spin_unlock(&gss_auth->lock); | 583 | spin_unlock(&gss_auth->lock); |
| 583 | cred = rpcauth_lookup_credcache(clnt->cl_auth, &acred, 0); | 584 | cred = rpcauth_lookup_credcache(clnt->cl_auth, &acred, RPCAUTH_LOOKUP_NEW); |
| 584 | if (IS_ERR(cred)) { | 585 | if (IS_ERR(cred)) { |
| 585 | err = PTR_ERR(cred); | 586 | err = PTR_ERR(cred); |
| 586 | goto err_put_ctx; | 587 | goto err_put_ctx; |
| @@ -758,13 +759,13 @@ gss_destroy_cred(struct rpc_cred *rc) | |||
| 758 | * Lookup RPCSEC_GSS cred for the current process | 759 | * Lookup RPCSEC_GSS cred for the current process |
| 759 | */ | 760 | */ |
| 760 | static struct rpc_cred * | 761 | static struct rpc_cred * |
| 761 | gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int taskflags) | 762 | gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) |
| 762 | { | 763 | { |
| 763 | return rpcauth_lookup_credcache(auth, acred, taskflags); | 764 | return rpcauth_lookup_credcache(auth, acred, flags); |
| 764 | } | 765 | } |
| 765 | 766 | ||
| 766 | static struct rpc_cred * | 767 | static struct rpc_cred * |
| 767 | gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int taskflags) | 768 | gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) |
| 768 | { | 769 | { |
| 769 | struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth); | 770 | struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth); |
| 770 | struct gss_cred *cred = NULL; | 771 | struct gss_cred *cred = NULL; |
| @@ -785,13 +786,8 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int taskflags) | |||
| 785 | */ | 786 | */ |
| 786 | cred->gc_flags = 0; | 787 | cred->gc_flags = 0; |
| 787 | cred->gc_base.cr_ops = &gss_credops; | 788 | cred->gc_base.cr_ops = &gss_credops; |
| 789 | cred->gc_base.cr_flags = RPCAUTH_CRED_NEW; | ||
| 788 | cred->gc_service = gss_auth->service; | 790 | cred->gc_service = gss_auth->service; |
| 789 | do { | ||
| 790 | err = gss_create_upcall(gss_auth, cred); | ||
| 791 | } while (err == -EAGAIN); | ||
| 792 | if (err < 0) | ||
| 793 | goto out_err; | ||
| 794 | |||
| 795 | return &cred->gc_base; | 791 | return &cred->gc_base; |
| 796 | 792 | ||
| 797 | out_err: | 793 | out_err: |
| @@ -801,13 +797,34 @@ out_err: | |||
| 801 | } | 797 | } |
| 802 | 798 | ||
| 803 | static int | 799 | static int |
| 804 | gss_match(struct auth_cred *acred, struct rpc_cred *rc, int taskflags) | 800 | gss_cred_init(struct rpc_auth *auth, struct rpc_cred *cred) |
| 801 | { | ||
| 802 | struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth); | ||
| 803 | struct gss_cred *gss_cred = container_of(cred,struct gss_cred, gc_base); | ||
| 804 | int err; | ||
| 805 | |||
| 806 | do { | ||
| 807 | err = gss_create_upcall(gss_auth, gss_cred); | ||
| 808 | } while (err == -EAGAIN); | ||
| 809 | return err; | ||
| 810 | } | ||
| 811 | |||
| 812 | static int | ||
| 813 | gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags) | ||
| 805 | { | 814 | { |
| 806 | struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base); | 815 | struct gss_cred *gss_cred = container_of(rc, struct gss_cred, gc_base); |
| 807 | 816 | ||
| 817 | /* | ||
| 818 | * If the searchflags have set RPCAUTH_LOOKUP_NEW, then | ||
| 819 | * we don't really care if the credential has expired or not, | ||
| 820 | * since the caller should be prepared to reinitialise it. | ||
| 821 | */ | ||
| 822 | if ((flags & RPCAUTH_LOOKUP_NEW) && (rc->cr_flags & RPCAUTH_CRED_NEW)) | ||
| 823 | goto out; | ||
| 808 | /* Don't match with creds that have expired. */ | 824 | /* Don't match with creds that have expired. */ |
| 809 | if (gss_cred->gc_ctx && time_after(jiffies, gss_cred->gc_ctx->gc_expiry)) | 825 | if (gss_cred->gc_ctx && time_after(jiffies, gss_cred->gc_ctx->gc_expiry)) |
| 810 | return 0; | 826 | return 0; |
| 827 | out: | ||
| 811 | return (rc->cr_uid == acred->uid); | 828 | return (rc->cr_uid == acred->uid); |
| 812 | } | 829 | } |
| 813 | 830 | ||
| @@ -1241,6 +1258,7 @@ static struct rpc_authops authgss_ops = { | |||
| 1241 | static struct rpc_credops gss_credops = { | 1258 | static struct rpc_credops gss_credops = { |
| 1242 | .cr_name = "AUTH_GSS", | 1259 | .cr_name = "AUTH_GSS", |
| 1243 | .crdestroy = gss_destroy_cred, | 1260 | .crdestroy = gss_destroy_cred, |
| 1261 | .cr_init = gss_cred_init, | ||
| 1244 | .crmatch = gss_match, | 1262 | .crmatch = gss_match, |
| 1245 | .crmarshal = gss_marshal, | 1263 | .crmarshal = gss_marshal, |
| 1246 | .crrefresh = gss_refresh, | 1264 | .crrefresh = gss_refresh, |