aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss
diff options
context:
space:
mode:
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c27
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c4
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_mech.c4
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_token.c2
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c12
5 files changed, 17 insertions, 32 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 019d4b4478c9..853a4142cea1 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -61,22 +61,11 @@ static const struct rpc_credops gss_nullops;
61# define RPCDBG_FACILITY RPCDBG_AUTH 61# define RPCDBG_FACILITY RPCDBG_AUTH
62#endif 62#endif
63 63
64#define NFS_NGROUPS 16 64#define GSS_CRED_SLACK 1024
65
66#define GSS_CRED_SLACK 1024 /* XXX: unused */
67/* length of a krb5 verifier (48), plus data added before arguments when 65/* length of a krb5 verifier (48), plus data added before arguments when
68 * using integrity (two 4-byte integers): */ 66 * using integrity (two 4-byte integers): */
69#define GSS_VERF_SLACK 100 67#define GSS_VERF_SLACK 100
70 68
71/* XXX this define must match the gssd define
72* as it is passed to gssd to signal the use of
73* machine creds should be part of the shared rpc interface */
74
75#define CA_RUN_AS_MACHINE 0x00000200
76
77/* dump the buffer in `emacs-hexl' style */
78#define isprint(c) ((c > 0x1f) && (c < 0x7f))
79
80struct gss_auth { 69struct gss_auth {
81 struct kref kref; 70 struct kref kref;
82 struct rpc_auth rpc_auth; 71 struct rpc_auth rpc_auth;
@@ -144,7 +133,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest)
144 q = (const void *)((const char *)p + len); 133 q = (const void *)((const char *)p + len);
145 if (unlikely(q > end || q < p)) 134 if (unlikely(q > end || q < p))
146 return ERR_PTR(-EFAULT); 135 return ERR_PTR(-EFAULT);
147 dest->data = kmemdup(p, len, GFP_KERNEL); 136 dest->data = kmemdup(p, len, GFP_NOFS);
148 if (unlikely(dest->data == NULL)) 137 if (unlikely(dest->data == NULL))
149 return ERR_PTR(-ENOMEM); 138 return ERR_PTR(-ENOMEM);
150 dest->len = len; 139 dest->len = len;
@@ -169,7 +158,7 @@ gss_alloc_context(void)
169{ 158{
170 struct gss_cl_ctx *ctx; 159 struct gss_cl_ctx *ctx;
171 160
172 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 161 ctx = kzalloc(sizeof(*ctx), GFP_NOFS);
173 if (ctx != NULL) { 162 if (ctx != NULL) {
174 ctx->gc_proc = RPC_GSS_PROC_DATA; 163 ctx->gc_proc = RPC_GSS_PROC_DATA;
175 ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */ 164 ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */
@@ -270,7 +259,7 @@ __gss_find_upcall(struct rpc_inode *rpci, uid_t uid)
270 return NULL; 259 return NULL;
271} 260}
272 261
273/* Try to add a upcall to the pipefs queue. 262/* Try to add an upcall to the pipefs queue.
274 * If an upcall owned by our uid already exists, then we return a reference 263 * If an upcall owned by our uid already exists, then we return a reference
275 * to that upcall instead of adding the new upcall. 264 * to that upcall instead of adding the new upcall.
276 */ 265 */
@@ -339,7 +328,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid)
339{ 328{
340 struct gss_upcall_msg *gss_msg; 329 struct gss_upcall_msg *gss_msg;
341 330
342 gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL); 331 gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS);
343 if (gss_msg != NULL) { 332 if (gss_msg != NULL) {
344 INIT_LIST_HEAD(&gss_msg->list); 333 INIT_LIST_HEAD(&gss_msg->list);
345 rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq"); 334 rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq");
@@ -491,7 +480,6 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
491{ 480{
492 const void *p, *end; 481 const void *p, *end;
493 void *buf; 482 void *buf;
494 struct rpc_clnt *clnt;
495 struct gss_upcall_msg *gss_msg; 483 struct gss_upcall_msg *gss_msg;
496 struct inode *inode = filp->f_path.dentry->d_inode; 484 struct inode *inode = filp->f_path.dentry->d_inode;
497 struct gss_cl_ctx *ctx; 485 struct gss_cl_ctx *ctx;
@@ -501,11 +489,10 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
501 if (mlen > MSG_BUF_MAXSIZE) 489 if (mlen > MSG_BUF_MAXSIZE)
502 goto out; 490 goto out;
503 err = -ENOMEM; 491 err = -ENOMEM;
504 buf = kmalloc(mlen, GFP_KERNEL); 492 buf = kmalloc(mlen, GFP_NOFS);
505 if (!buf) 493 if (!buf)
506 goto out; 494 goto out;
507 495
508 clnt = RPC_I(inode)->private;
509 err = -EFAULT; 496 err = -EFAULT;
510 if (copy_from_user(buf, src, mlen)) 497 if (copy_from_user(buf, src, mlen))
511 goto err; 498 goto err;
@@ -804,7 +791,7 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
804 dprintk("RPC: gss_create_cred for uid %d, flavor %d\n", 791 dprintk("RPC: gss_create_cred for uid %d, flavor %d\n",
805 acred->uid, auth->au_flavor); 792 acred->uid, auth->au_flavor);
806 793
807 if (!(cred = kzalloc(sizeof(*cred), GFP_KERNEL))) 794 if (!(cred = kzalloc(sizeof(*cred), GFP_NOFS)))
808 goto out_err; 795 goto out_err;
809 796
810 rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops); 797 rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops);
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 60c3dba545d7..ef45eba22485 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -70,7 +70,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res)
70 q = (const void *)((const char *)p + len); 70 q = (const void *)((const char *)p + len);
71 if (unlikely(q > end || q < p)) 71 if (unlikely(q > end || q < p))
72 return ERR_PTR(-EFAULT); 72 return ERR_PTR(-EFAULT);
73 res->data = kmemdup(p, len, GFP_KERNEL); 73 res->data = kmemdup(p, len, GFP_NOFS);
74 if (unlikely(res->data == NULL)) 74 if (unlikely(res->data == NULL))
75 return ERR_PTR(-ENOMEM); 75 return ERR_PTR(-ENOMEM);
76 res->len = len; 76 res->len = len;
@@ -131,7 +131,7 @@ gss_import_sec_context_kerberos(const void *p,
131 struct krb5_ctx *ctx; 131 struct krb5_ctx *ctx;
132 int tmp; 132 int tmp;
133 133
134 if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL))) 134 if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS)))
135 goto out_err; 135 goto out_err;
136 136
137 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); 137 p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c
index 5deb4b6e4514..035e1dd6af1b 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_mech.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c
@@ -76,7 +76,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res)
76 q = (const void *)((const char *)p + len); 76 q = (const void *)((const char *)p + len);
77 if (unlikely(q > end || q < p)) 77 if (unlikely(q > end || q < p))
78 return ERR_PTR(-EFAULT); 78 return ERR_PTR(-EFAULT);
79 res->data = kmemdup(p, len, GFP_KERNEL); 79 res->data = kmemdup(p, len, GFP_NOFS);
80 if (unlikely(res->data == NULL)) 80 if (unlikely(res->data == NULL))
81 return ERR_PTR(-ENOMEM); 81 return ERR_PTR(-ENOMEM);
82 return q; 82 return q;
@@ -90,7 +90,7 @@ gss_import_sec_context_spkm3(const void *p, size_t len,
90 struct spkm3_ctx *ctx; 90 struct spkm3_ctx *ctx;
91 int version; 91 int version;
92 92
93 if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL))) 93 if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS)))
94 goto out_err; 94 goto out_err;
95 95
96 p = simple_get_bytes(p, end, &version, sizeof(version)); 96 p = simple_get_bytes(p, end, &version, sizeof(version));
diff --git a/net/sunrpc/auth_gss/gss_spkm3_token.c b/net/sunrpc/auth_gss/gss_spkm3_token.c
index 6cdd241ad267..3308157436d2 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_token.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_token.c
@@ -90,7 +90,7 @@ asn1_bitstring_len(struct xdr_netobj *in, int *enclen, int *zerobits)
90int 90int
91decode_asn1_bitstring(struct xdr_netobj *out, char *in, int enclen, int explen) 91decode_asn1_bitstring(struct xdr_netobj *out, char *in, int enclen, int explen)
92{ 92{
93 if (!(out->data = kzalloc(explen,GFP_KERNEL))) 93 if (!(out->data = kzalloc(explen,GFP_NOFS)))
94 return 0; 94 return 0;
95 out->len = explen; 95 out->len = explen;
96 memcpy(out->data, in, enclen); 96 memcpy(out->data, in, enclen);
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 5905d56737d6..81ae3d62a0cc 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1144,20 +1144,20 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
1144 case RPC_GSS_SVC_NONE: 1144 case RPC_GSS_SVC_NONE:
1145 break; 1145 break;
1146 case RPC_GSS_SVC_INTEGRITY: 1146 case RPC_GSS_SVC_INTEGRITY:
1147 /* placeholders for length and seq. number: */
1148 svc_putnl(resv, 0);
1149 svc_putnl(resv, 0);
1147 if (unwrap_integ_data(&rqstp->rq_arg, 1150 if (unwrap_integ_data(&rqstp->rq_arg,
1148 gc->gc_seq, rsci->mechctx)) 1151 gc->gc_seq, rsci->mechctx))
1149 goto garbage_args; 1152 goto garbage_args;
1153 break;
1154 case RPC_GSS_SVC_PRIVACY:
1150 /* placeholders for length and seq. number: */ 1155 /* placeholders for length and seq. number: */
1151 svc_putnl(resv, 0); 1156 svc_putnl(resv, 0);
1152 svc_putnl(resv, 0); 1157 svc_putnl(resv, 0);
1153 break;
1154 case RPC_GSS_SVC_PRIVACY:
1155 if (unwrap_priv_data(rqstp, &rqstp->rq_arg, 1158 if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
1156 gc->gc_seq, rsci->mechctx)) 1159 gc->gc_seq, rsci->mechctx))
1157 goto garbage_args; 1160 goto garbage_args;
1158 /* placeholders for length and seq. number: */
1159 svc_putnl(resv, 0);
1160 svc_putnl(resv, 0);
1161 break; 1161 break;
1162 default: 1162 default:
1163 goto auth_err; 1163 goto auth_err;
@@ -1170,8 +1170,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
1170 goto out; 1170 goto out;
1171 } 1171 }
1172garbage_args: 1172garbage_args:
1173 /* Restore write pointer to its original value: */
1174 xdr_ressize_check(rqstp, reject_stat);
1175 ret = SVC_GARBAGE; 1173 ret = SVC_GARBAGE;
1176 goto out; 1174 goto out;
1177auth_err: 1175auth_err: