diff options
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 27 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_mech.c | 4 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_spkm3_mech.c | 4 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_spkm3_token.c | 2 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 12 |
5 files changed, 17 insertions, 32 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 019d4b4478c9..853a4142cea1 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
@@ -61,22 +61,11 @@ static const struct rpc_credops gss_nullops; | |||
61 | # define RPCDBG_FACILITY RPCDBG_AUTH | 61 | # define RPCDBG_FACILITY RPCDBG_AUTH |
62 | #endif | 62 | #endif |
63 | 63 | ||
64 | #define NFS_NGROUPS 16 | 64 | #define GSS_CRED_SLACK 1024 |
65 | |||
66 | #define GSS_CRED_SLACK 1024 /* XXX: unused */ | ||
67 | /* length of a krb5 verifier (48), plus data added before arguments when | 65 | /* length of a krb5 verifier (48), plus data added before arguments when |
68 | * using integrity (two 4-byte integers): */ | 66 | * using integrity (two 4-byte integers): */ |
69 | #define GSS_VERF_SLACK 100 | 67 | #define GSS_VERF_SLACK 100 |
70 | 68 | ||
71 | /* XXX this define must match the gssd define | ||
72 | * as it is passed to gssd to signal the use of | ||
73 | * machine creds should be part of the shared rpc interface */ | ||
74 | |||
75 | #define CA_RUN_AS_MACHINE 0x00000200 | ||
76 | |||
77 | /* dump the buffer in `emacs-hexl' style */ | ||
78 | #define isprint(c) ((c > 0x1f) && (c < 0x7f)) | ||
79 | |||
80 | struct gss_auth { | 69 | struct gss_auth { |
81 | struct kref kref; | 70 | struct kref kref; |
82 | struct rpc_auth rpc_auth; | 71 | struct rpc_auth rpc_auth; |
@@ -144,7 +133,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *dest) | |||
144 | q = (const void *)((const char *)p + len); | 133 | q = (const void *)((const char *)p + len); |
145 | if (unlikely(q > end || q < p)) | 134 | if (unlikely(q > end || q < p)) |
146 | return ERR_PTR(-EFAULT); | 135 | return ERR_PTR(-EFAULT); |
147 | dest->data = kmemdup(p, len, GFP_KERNEL); | 136 | dest->data = kmemdup(p, len, GFP_NOFS); |
148 | if (unlikely(dest->data == NULL)) | 137 | if (unlikely(dest->data == NULL)) |
149 | return ERR_PTR(-ENOMEM); | 138 | return ERR_PTR(-ENOMEM); |
150 | dest->len = len; | 139 | dest->len = len; |
@@ -169,7 +158,7 @@ gss_alloc_context(void) | |||
169 | { | 158 | { |
170 | struct gss_cl_ctx *ctx; | 159 | struct gss_cl_ctx *ctx; |
171 | 160 | ||
172 | ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); | 161 | ctx = kzalloc(sizeof(*ctx), GFP_NOFS); |
173 | if (ctx != NULL) { | 162 | if (ctx != NULL) { |
174 | ctx->gc_proc = RPC_GSS_PROC_DATA; | 163 | ctx->gc_proc = RPC_GSS_PROC_DATA; |
175 | ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */ | 164 | ctx->gc_seq = 1; /* NetApp 6.4R1 doesn't accept seq. no. 0 */ |
@@ -270,7 +259,7 @@ __gss_find_upcall(struct rpc_inode *rpci, uid_t uid) | |||
270 | return NULL; | 259 | return NULL; |
271 | } | 260 | } |
272 | 261 | ||
273 | /* Try to add a upcall to the pipefs queue. | 262 | /* Try to add an upcall to the pipefs queue. |
274 | * If an upcall owned by our uid already exists, then we return a reference | 263 | * If an upcall owned by our uid already exists, then we return a reference |
275 | * to that upcall instead of adding the new upcall. | 264 | * to that upcall instead of adding the new upcall. |
276 | */ | 265 | */ |
@@ -339,7 +328,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid) | |||
339 | { | 328 | { |
340 | struct gss_upcall_msg *gss_msg; | 329 | struct gss_upcall_msg *gss_msg; |
341 | 330 | ||
342 | gss_msg = kzalloc(sizeof(*gss_msg), GFP_KERNEL); | 331 | gss_msg = kzalloc(sizeof(*gss_msg), GFP_NOFS); |
343 | if (gss_msg != NULL) { | 332 | if (gss_msg != NULL) { |
344 | INIT_LIST_HEAD(&gss_msg->list); | 333 | INIT_LIST_HEAD(&gss_msg->list); |
345 | rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq"); | 334 | rpc_init_wait_queue(&gss_msg->rpc_waitqueue, "RPCSEC_GSS upcall waitq"); |
@@ -491,7 +480,6 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen) | |||
491 | { | 480 | { |
492 | const void *p, *end; | 481 | const void *p, *end; |
493 | void *buf; | 482 | void *buf; |
494 | struct rpc_clnt *clnt; | ||
495 | struct gss_upcall_msg *gss_msg; | 483 | struct gss_upcall_msg *gss_msg; |
496 | struct inode *inode = filp->f_path.dentry->d_inode; | 484 | struct inode *inode = filp->f_path.dentry->d_inode; |
497 | struct gss_cl_ctx *ctx; | 485 | struct gss_cl_ctx *ctx; |
@@ -501,11 +489,10 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen) | |||
501 | if (mlen > MSG_BUF_MAXSIZE) | 489 | if (mlen > MSG_BUF_MAXSIZE) |
502 | goto out; | 490 | goto out; |
503 | err = -ENOMEM; | 491 | err = -ENOMEM; |
504 | buf = kmalloc(mlen, GFP_KERNEL); | 492 | buf = kmalloc(mlen, GFP_NOFS); |
505 | if (!buf) | 493 | if (!buf) |
506 | goto out; | 494 | goto out; |
507 | 495 | ||
508 | clnt = RPC_I(inode)->private; | ||
509 | err = -EFAULT; | 496 | err = -EFAULT; |
510 | if (copy_from_user(buf, src, mlen)) | 497 | if (copy_from_user(buf, src, mlen)) |
511 | goto err; | 498 | goto err; |
@@ -804,7 +791,7 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) | |||
804 | dprintk("RPC: gss_create_cred for uid %d, flavor %d\n", | 791 | dprintk("RPC: gss_create_cred for uid %d, flavor %d\n", |
805 | acred->uid, auth->au_flavor); | 792 | acred->uid, auth->au_flavor); |
806 | 793 | ||
807 | if (!(cred = kzalloc(sizeof(*cred), GFP_KERNEL))) | 794 | if (!(cred = kzalloc(sizeof(*cred), GFP_NOFS))) |
808 | goto out_err; | 795 | goto out_err; |
809 | 796 | ||
810 | rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops); | 797 | rpcauth_init_cred(&cred->gc_base, acred, auth, &gss_credops); |
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 60c3dba545d7..ef45eba22485 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c | |||
@@ -70,7 +70,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res) | |||
70 | q = (const void *)((const char *)p + len); | 70 | q = (const void *)((const char *)p + len); |
71 | if (unlikely(q > end || q < p)) | 71 | if (unlikely(q > end || q < p)) |
72 | return ERR_PTR(-EFAULT); | 72 | return ERR_PTR(-EFAULT); |
73 | res->data = kmemdup(p, len, GFP_KERNEL); | 73 | res->data = kmemdup(p, len, GFP_NOFS); |
74 | if (unlikely(res->data == NULL)) | 74 | if (unlikely(res->data == NULL)) |
75 | return ERR_PTR(-ENOMEM); | 75 | return ERR_PTR(-ENOMEM); |
76 | res->len = len; | 76 | res->len = len; |
@@ -131,7 +131,7 @@ gss_import_sec_context_kerberos(const void *p, | |||
131 | struct krb5_ctx *ctx; | 131 | struct krb5_ctx *ctx; |
132 | int tmp; | 132 | int tmp; |
133 | 133 | ||
134 | if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL))) | 134 | if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) |
135 | goto out_err; | 135 | goto out_err; |
136 | 136 | ||
137 | p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); | 137 | p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate)); |
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c index 5deb4b6e4514..035e1dd6af1b 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_mech.c +++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c | |||
@@ -76,7 +76,7 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res) | |||
76 | q = (const void *)((const char *)p + len); | 76 | q = (const void *)((const char *)p + len); |
77 | if (unlikely(q > end || q < p)) | 77 | if (unlikely(q > end || q < p)) |
78 | return ERR_PTR(-EFAULT); | 78 | return ERR_PTR(-EFAULT); |
79 | res->data = kmemdup(p, len, GFP_KERNEL); | 79 | res->data = kmemdup(p, len, GFP_NOFS); |
80 | if (unlikely(res->data == NULL)) | 80 | if (unlikely(res->data == NULL)) |
81 | return ERR_PTR(-ENOMEM); | 81 | return ERR_PTR(-ENOMEM); |
82 | return q; | 82 | return q; |
@@ -90,7 +90,7 @@ gss_import_sec_context_spkm3(const void *p, size_t len, | |||
90 | struct spkm3_ctx *ctx; | 90 | struct spkm3_ctx *ctx; |
91 | int version; | 91 | int version; |
92 | 92 | ||
93 | if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL))) | 93 | if (!(ctx = kzalloc(sizeof(*ctx), GFP_NOFS))) |
94 | goto out_err; | 94 | goto out_err; |
95 | 95 | ||
96 | p = simple_get_bytes(p, end, &version, sizeof(version)); | 96 | p = simple_get_bytes(p, end, &version, sizeof(version)); |
diff --git a/net/sunrpc/auth_gss/gss_spkm3_token.c b/net/sunrpc/auth_gss/gss_spkm3_token.c index 6cdd241ad267..3308157436d2 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_token.c +++ b/net/sunrpc/auth_gss/gss_spkm3_token.c | |||
@@ -90,7 +90,7 @@ asn1_bitstring_len(struct xdr_netobj *in, int *enclen, int *zerobits) | |||
90 | int | 90 | int |
91 | decode_asn1_bitstring(struct xdr_netobj *out, char *in, int enclen, int explen) | 91 | decode_asn1_bitstring(struct xdr_netobj *out, char *in, int enclen, int explen) |
92 | { | 92 | { |
93 | if (!(out->data = kzalloc(explen,GFP_KERNEL))) | 93 | if (!(out->data = kzalloc(explen,GFP_NOFS))) |
94 | return 0; | 94 | return 0; |
95 | out->len = explen; | 95 | out->len = explen; |
96 | memcpy(out->data, in, enclen); | 96 | memcpy(out->data, in, enclen); |
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 5905d56737d6..81ae3d62a0cc 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c | |||
@@ -1144,20 +1144,20 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
1144 | case RPC_GSS_SVC_NONE: | 1144 | case RPC_GSS_SVC_NONE: |
1145 | break; | 1145 | break; |
1146 | case RPC_GSS_SVC_INTEGRITY: | 1146 | case RPC_GSS_SVC_INTEGRITY: |
1147 | /* placeholders for length and seq. number: */ | ||
1148 | svc_putnl(resv, 0); | ||
1149 | svc_putnl(resv, 0); | ||
1147 | if (unwrap_integ_data(&rqstp->rq_arg, | 1150 | if (unwrap_integ_data(&rqstp->rq_arg, |
1148 | gc->gc_seq, rsci->mechctx)) | 1151 | gc->gc_seq, rsci->mechctx)) |
1149 | goto garbage_args; | 1152 | goto garbage_args; |
1153 | break; | ||
1154 | case RPC_GSS_SVC_PRIVACY: | ||
1150 | /* placeholders for length and seq. number: */ | 1155 | /* placeholders for length and seq. number: */ |
1151 | svc_putnl(resv, 0); | 1156 | svc_putnl(resv, 0); |
1152 | svc_putnl(resv, 0); | 1157 | svc_putnl(resv, 0); |
1153 | break; | ||
1154 | case RPC_GSS_SVC_PRIVACY: | ||
1155 | if (unwrap_priv_data(rqstp, &rqstp->rq_arg, | 1158 | if (unwrap_priv_data(rqstp, &rqstp->rq_arg, |
1156 | gc->gc_seq, rsci->mechctx)) | 1159 | gc->gc_seq, rsci->mechctx)) |
1157 | goto garbage_args; | 1160 | goto garbage_args; |
1158 | /* placeholders for length and seq. number: */ | ||
1159 | svc_putnl(resv, 0); | ||
1160 | svc_putnl(resv, 0); | ||
1161 | break; | 1161 | break; |
1162 | default: | 1162 | default: |
1163 | goto auth_err; | 1163 | goto auth_err; |
@@ -1170,8 +1170,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
1170 | goto out; | 1170 | goto out; |
1171 | } | 1171 | } |
1172 | garbage_args: | 1172 | garbage_args: |
1173 | /* Restore write pointer to its original value: */ | ||
1174 | xdr_ressize_check(rqstp, reject_stat); | ||
1175 | ret = SVC_GARBAGE; | 1173 | ret = SVC_GARBAGE; |
1176 | goto out; | 1174 | goto out; |
1177 | auth_err: | 1175 | auth_err: |