aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss
diff options
context:
space:
mode:
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c39
-rw-r--r--net/sunrpc/auth_gss/gss_generic_token.c1
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_crypto.c1
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c4
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_seal.c1
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_seqnum.c5
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_unseal.c1
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_wrap.c1
-rw-r--r--net/sunrpc/auth_gss/gss_mech_switch.c2
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_seal.c1
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c5
11 files changed, 39 insertions, 22 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index fc6a43ccd950..c389ccf6437d 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -206,8 +206,14 @@ gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct
206 ctx->gc_win = window_size; 206 ctx->gc_win = window_size;
207 /* gssd signals an error by passing ctx->gc_win = 0: */ 207 /* gssd signals an error by passing ctx->gc_win = 0: */
208 if (ctx->gc_win == 0) { 208 if (ctx->gc_win == 0) {
209 /* in which case, p points to an error code which we ignore */ 209 /*
210 p = ERR_PTR(-EACCES); 210 * in which case, p points to an error code. Anything other
211 * than -EKEYEXPIRED gets converted to -EACCES.
212 */
213 p = simple_get_bytes(p, end, &ret, sizeof(ret));
214 if (!IS_ERR(p))
215 p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
216 ERR_PTR(-EACCES);
211 goto err; 217 goto err;
212 } 218 }
213 /* copy the opaque wire context */ 219 /* copy the opaque wire context */
@@ -304,7 +310,7 @@ __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
304 * to that upcall instead of adding the new upcall. 310 * to that upcall instead of adding the new upcall.
305 */ 311 */
306static inline struct gss_upcall_msg * 312static inline struct gss_upcall_msg *
307gss_add_msg(struct gss_auth *gss_auth, struct gss_upcall_msg *gss_msg) 313gss_add_msg(struct gss_upcall_msg *gss_msg)
308{ 314{
309 struct rpc_inode *rpci = gss_msg->inode; 315 struct rpc_inode *rpci = gss_msg->inode;
310 struct inode *inode = &rpci->vfs_inode; 316 struct inode *inode = &rpci->vfs_inode;
@@ -445,7 +451,7 @@ gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cr
445 gss_new = gss_alloc_msg(gss_auth, uid, clnt, gss_cred->gc_machine_cred); 451 gss_new = gss_alloc_msg(gss_auth, uid, clnt, gss_cred->gc_machine_cred);
446 if (IS_ERR(gss_new)) 452 if (IS_ERR(gss_new))
447 return gss_new; 453 return gss_new;
448 gss_msg = gss_add_msg(gss_auth, gss_new); 454 gss_msg = gss_add_msg(gss_new);
449 if (gss_msg == gss_new) { 455 if (gss_msg == gss_new) {
450 struct inode *inode = &gss_new->inode->vfs_inode; 456 struct inode *inode = &gss_new->inode->vfs_inode;
451 int res = rpc_queue_upcall(inode, &gss_new->msg); 457 int res = rpc_queue_upcall(inode, &gss_new->msg);
@@ -485,7 +491,7 @@ gss_refresh_upcall(struct rpc_task *task)
485 dprintk("RPC: %5u gss_refresh_upcall for uid %u\n", task->tk_pid, 491 dprintk("RPC: %5u gss_refresh_upcall for uid %u\n", task->tk_pid,
486 cred->cr_uid); 492 cred->cr_uid);
487 gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred); 493 gss_msg = gss_setup_upcall(task->tk_client, gss_auth, cred);
488 if (IS_ERR(gss_msg) == -EAGAIN) { 494 if (PTR_ERR(gss_msg) == -EAGAIN) {
489 /* XXX: warning on the first, under the assumption we 495 /* XXX: warning on the first, under the assumption we
490 * shouldn't normally hit this case on a refresh. */ 496 * shouldn't normally hit this case on a refresh. */
491 warn_gssd(); 497 warn_gssd();
@@ -644,7 +650,23 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
644 p = gss_fill_context(p, end, ctx, gss_msg->auth->mech); 650 p = gss_fill_context(p, end, ctx, gss_msg->auth->mech);
645 if (IS_ERR(p)) { 651 if (IS_ERR(p)) {
646 err = PTR_ERR(p); 652 err = PTR_ERR(p);
647 gss_msg->msg.errno = (err == -EAGAIN) ? -EAGAIN : -EACCES; 653 switch (err) {
654 case -EACCES:
655 case -EKEYEXPIRED:
656 gss_msg->msg.errno = err;
657 err = mlen;
658 break;
659 case -EFAULT:
660 case -ENOMEM:
661 case -EINVAL:
662 case -ENOSYS:
663 gss_msg->msg.errno = -EAGAIN;
664 break;
665 default:
666 printk(KERN_CRIT "%s: bad return from "
667 "gss_fill_context: %zd\n", __func__, err);
668 BUG();
669 }
648 goto err_release_msg; 670 goto err_release_msg;
649 } 671 }
650 gss_msg->ctx = gss_get_ctx(ctx); 672 gss_msg->ctx = gss_get_ctx(ctx);
@@ -1258,9 +1280,8 @@ alloc_enc_pages(struct rpc_rqst *rqstp)
1258 rqstp->rq_release_snd_buf = priv_release_snd_buf; 1280 rqstp->rq_release_snd_buf = priv_release_snd_buf;
1259 return 0; 1281 return 0;
1260out_free: 1282out_free:
1261 for (i--; i >= 0; i--) { 1283 rqstp->rq_enc_pages_num = i;
1262 __free_page(rqstp->rq_enc_pages[i]); 1284 priv_release_snd_buf(rqstp);
1263 }
1264out: 1285out:
1265 return -EAGAIN; 1286 return -EAGAIN;
1266} 1287}
diff --git a/net/sunrpc/auth_gss/gss_generic_token.c b/net/sunrpc/auth_gss/gss_generic_token.c
index c0ba39c4f5f2..310b78e99456 100644
--- a/net/sunrpc/auth_gss/gss_generic_token.c
+++ b/net/sunrpc/auth_gss/gss_generic_token.c
@@ -33,7 +33,6 @@
33 33
34#include <linux/types.h> 34#include <linux/types.h>
35#include <linux/module.h> 35#include <linux/module.h>
36#include <linux/slab.h>
37#include <linux/string.h> 36#include <linux/string.h>
38#include <linux/sunrpc/sched.h> 37#include <linux/sunrpc/sched.h>
39#include <linux/sunrpc/gss_asn1.h> 38#include <linux/sunrpc/gss_asn1.h>
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index c93fca204558..e9b636176687 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -37,7 +37,6 @@
37#include <linux/err.h> 37#include <linux/err.h>
38#include <linux/types.h> 38#include <linux/types.h>
39#include <linux/mm.h> 39#include <linux/mm.h>
40#include <linux/slab.h>
41#include <linux/scatterlist.h> 40#include <linux/scatterlist.h>
42#include <linux/crypto.h> 41#include <linux/crypto.h>
43#include <linux/highmem.h> 42#include <linux/highmem.h>
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index ef45eba22485..2deb0ed72ff4 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -131,8 +131,10 @@ gss_import_sec_context_kerberos(const void *p,
131 struct krb5_ctx *ctx; 131 struct krb5_ctx *ctx;
132 int tmp; 132 int tmp;
133 133
134 if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) 134 if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) {
135 p = ERR_PTR(-ENOMEM);
135 goto out_err; 136 goto out_err;
137 }
136 138
137 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); 139 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
138 if (IS_ERR(p)) 140 if (IS_ERR(p))
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index b8f42ef7178e..88fe6e75ed7e 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -59,7 +59,6 @@
59 */ 59 */
60 60
61#include <linux/types.h> 61#include <linux/types.h>
62#include <linux/slab.h>
63#include <linux/jiffies.h> 62#include <linux/jiffies.h>
64#include <linux/sunrpc/gss_krb5.h> 63#include <linux/sunrpc/gss_krb5.h>
65#include <linux/random.h> 64#include <linux/random.h>
diff --git a/net/sunrpc/auth_gss/gss_krb5_seqnum.c b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
index f160be6c1a46..6331cd6866ec 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
@@ -32,7 +32,6 @@
32 */ 32 */
33 33
34#include <linux/types.h> 34#include <linux/types.h>
35#include <linux/slab.h>
36#include <linux/sunrpc/gss_krb5.h> 35#include <linux/sunrpc/gss_krb5.h>
37#include <linux/crypto.h> 36#include <linux/crypto.h>
38 37
@@ -75,8 +74,8 @@ krb5_get_seq_num(struct crypto_blkcipher *key,
75 if ((code = krb5_decrypt(key, cksum, buf, plain, 8))) 74 if ((code = krb5_decrypt(key, cksum, buf, plain, 8)))
76 return code; 75 return code;
77 76
78 if ((plain[4] != plain[5]) || (plain[4] != plain[6]) 77 if ((plain[4] != plain[5]) || (plain[4] != plain[6]) ||
79 || (plain[4] != plain[7])) 78 (plain[4] != plain[7]))
80 return (s32)KG_BAD_SEQ; 79 return (s32)KG_BAD_SEQ;
81 80
82 *direction = plain[4]; 81 *direction = plain[4];
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 066ec73c84d6..ce6c247edad0 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -58,7 +58,6 @@
58 */ 58 */
59 59
60#include <linux/types.h> 60#include <linux/types.h>
61#include <linux/slab.h>
62#include <linux/jiffies.h> 61#include <linux/jiffies.h>
63#include <linux/sunrpc/gss_krb5.h> 62#include <linux/sunrpc/gss_krb5.h>
64#include <linux/crypto.h> 63#include <linux/crypto.h>
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index ae8e69b59c4c..a6e905637e03 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -1,5 +1,4 @@
1#include <linux/types.h> 1#include <linux/types.h>
2#include <linux/slab.h>
3#include <linux/jiffies.h> 2#include <linux/jiffies.h>
4#include <linux/sunrpc/gss_krb5.h> 3#include <linux/sunrpc/gss_krb5.h>
5#include <linux/random.h> 4#include <linux/random.h>
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index 6efbb0cd3c7c..76e4c6f4ac3c 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -252,7 +252,7 @@ gss_import_sec_context(const void *input_token, size_t bufsize,
252 struct gss_ctx **ctx_id) 252 struct gss_ctx **ctx_id)
253{ 253{
254 if (!(*ctx_id = kzalloc(sizeof(**ctx_id), GFP_KERNEL))) 254 if (!(*ctx_id = kzalloc(sizeof(**ctx_id), GFP_KERNEL)))
255 return GSS_S_FAILURE; 255 return -ENOMEM;
256 (*ctx_id)->mech_type = gss_mech_get(mech); 256 (*ctx_id)->mech_type = gss_mech_get(mech);
257 257
258 return mech->gm_ops 258 return mech->gm_ops
diff --git a/net/sunrpc/auth_gss/gss_spkm3_seal.c b/net/sunrpc/auth_gss/gss_spkm3_seal.c
index c832712f8d55..5a3a65a0e2b4 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_seal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_seal.c
@@ -34,7 +34,6 @@
34 */ 34 */
35 35
36#include <linux/types.h> 36#include <linux/types.h>
37#include <linux/slab.h>
38#include <linux/jiffies.h> 37#include <linux/jiffies.h>
39#include <linux/sunrpc/gss_spkm3.h> 38#include <linux/sunrpc/gss_spkm3.h>
40#include <linux/random.h> 39#include <linux/random.h>
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index f6c51e562a02..b81e790ef9f4 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -37,6 +37,7 @@
37 * 37 *
38 */ 38 */
39 39
40#include <linux/slab.h>
40#include <linux/types.h> 41#include <linux/types.h>
41#include <linux/module.h> 42#include <linux/module.h>
42#include <linux/pagemap.h> 43#include <linux/pagemap.h>
@@ -105,8 +106,8 @@ static int rsi_match(struct cache_head *a, struct cache_head *b)
105{ 106{
106 struct rsi *item = container_of(a, struct rsi, h); 107 struct rsi *item = container_of(a, struct rsi, h);
107 struct rsi *tmp = container_of(b, struct rsi, h); 108 struct rsi *tmp = container_of(b, struct rsi, h);
108 return netobj_equal(&item->in_handle, &tmp->in_handle) 109 return netobj_equal(&item->in_handle, &tmp->in_handle) &&
109 && netobj_equal(&item->in_token, &tmp->in_token); 110 netobj_equal(&item->in_token, &tmp->in_token);
110} 111}
111 112
112static int dup_to_netobj(struct xdr_netobj *dst, char *src, int len) 113static int dup_to_netobj(struct xdr_netobj *dst, char *src, int len)
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-17 01:29:40 -0400