aboutsummaryrefslogtreecommitdiff
path: root/net/sunrpc/auth_gss
AgeCommit message (Collapse)Author
2007-07-24nfsd: fix possible oops on re-insertion of rpcsec_gss modulesJ. Bruce Fields
The handling of the re-registration case is wrong here; the "test" that was returned from auth_domain_lookup will not be used again, so that reference should be put. And auth_domain_lookup never did anything with "new" in this case, so we should just clean it up ourself. Thanks to Akinobu Mita for bug report, analysis, and testing. Cc: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Cc: Neil Brown <neilb@suse.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-19SUNRPC: move bkl locking and xdr proc invocation into a common helperJ. Bruce Fields
Since every invocation of xdr encode or decode functions takes the BKL now, there's a lot of redundant lock_kernel/unlock_kernel pairs that we can pull out into a common function. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-19[NET] SUNRPC: Fix whitespace errors.YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
2007-07-17knfsd: nfsd4: secinfo handling without secinfo= optionJ. Bruce Fields
We could return some sort of error in the case where someone asks for secinfo on an export without the secinfo= option set--that'd be no worse than what we've been doing. But it's not really correct. So, hack up an approximate secinfo response in that case--it may not be complete, but it'll tell the client at least one acceptable security flavor. Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-17knfsd: rpc: add gss krb5 and spkm3 oid valuesUsha Ketineni
Adds oid values to the gss_api mechanism structures. On the NFSV4 server side, these are required as part of the security triple (oid,qop,service) information being sent in the response of the SECINFO operation. Signed-off-by: Usha Ketineni <uketinen@us.ibm.com> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-17knfsd: nfsd: set rq_client to ip-address-determined-domainJ. Bruce Fields
We want it to be possible for users to restrict exports both by IP address and by pseudoflavor. The pseudoflavor information has previously been passed using special auth_domains stored in the rq_client field. After the preceding patch that stored the pseudoflavor in rq_pflavor, that's now superfluous; so now we use rq_client for the ip information, as auth_null and auth_unix do. However, we keep around the special auth_domain in the rq_gssclient field for backwards compatibility purposes, so we can still do upcalls using the old "gss/pseudoflavor" auth_domain if upcalls using the unix domain to give us an appropriate export. This allows us to continue supporting old mountd. In fact, for this first patch, we always use the "gss/pseudoflavor" auth_domain (and only it) if it is available; thus rq_client is ignored in the auth_gss case, and this patch on its own makes no change in behavior; that will be left to later patches. Note on idmap: I'm almost tempted to just replace the auth_domain in the idmap upcall by a dummy value--no version of idmapd has ever used it, and it's unlikely anyone really wants to perform idmapping differently depending on the where the client is (they may want to perform *credential* mapping differently, but that's a different matter--the idmapper just handles id's used in getattr and setattr). But I'm updating the idmapd code anyway, just out of general backwards-compatibility paranoia. Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-17knfsd: nfsd4: store pseudoflavor in requestAndy Adamson
Add a new field to the svc_rqst structure to record the pseudoflavor that the request was made with. For now we record the pseudoflavor but don't use it for anything. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-16authgss build fixAndrew Morton
Recent breakage.. net/sunrpc/auth_gss/auth_gss.c:1002: warning: implicit declaration of function 'lock_kernel' net/sunrpc/auth_gss/auth_gss.c:1004: warning: implicit declaration of function 'unlock_kernel' Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: "J. Bruce Fields" <bfields@fieldses.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-10sunrpc: drop BKL around wrap and unwrapJ. Bruce Fields
We don't need the BKL when wrapping and unwrapping; and experiments by Avishay Traeger have found that permitting multiple encryption and decryption operations to proceed in parallel can provide significant performance improvements. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Cc: Avishay Traeger <atraeger@cs.sunysb.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Ensure RPCSEC_GSS destroys the security context when freeing a credTrond Myklebust
Do so by set the gc_proc field to RPC_GSS_PROC_DESTROY, and then sending a NULL RPC call. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Ensure that the struct gss_auth lifetime exceeds the credential'sTrond Myklebust
Add a refcount in order to ensure that the gss_auth doesn't disappear from underneath us while we're freeing up GSS contexts. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Remove the tk_auth macro...Trond Myklebust
We should almost always be deferencing the rpc_auth struct by means of the credential's cr_auth field instead of the rpc_clnt->cl_auth anyway. Fix up that historical mistake, and remove the macro that propagated it. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Convert gss_ctx_lock to an RCU lockTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Convert the credential garbage collector into a shrinker callbackTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Convert the credcache lookup code to use RCUTrond Myklebust
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Enforce atomic updates of rpc_cred->cr_flagsTrond Myklebust
Convert to the use of atomic bitops... Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Clean up rpc credential initialisationTrond Myklebust
Add a helper rpc_cred_init() Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Mark auth and cred operation tables as constant.Trond Myklebust
Also do the same for gss_api operation tables. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Fix a memory leak in gss_create()Trond Myklebust
Fix a memory leak in gss_create() whereby the rpc credcache was not being freed if the rpc_mkpipe() call failed. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Fix a memory leak in the auth credcache codeTrond Myklebust
The leak only affects the RPCSEC_GSS caches, since they are the only ones that are dynamically allocated... Rename the existing rpcauth_free_credcache() to rpcauth_clear_credcache() in order to better describe its role, then add a new function rpcauth_destroy_credcache() that actually frees the cache in addition to clearing it out. Also move the call to destroy the credcache in gss_destroy() to come before the rpc upcall pipe is unlinked. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Add a downcall queue to struct rpc_inodeTrond Myklebust
Currently, the downcall queue is tied to the struct gss_auth, which means that different RPCSEC_GSS pseudoflavours must use different upcall pipes. Add a list to struct rpc_inode that can be used instead. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Always match an upcall message in gss_pipe_downcall()Trond Myklebust
It used to be possible for an rpc.gssd daemon to stuff the RPC credential cache for any rpc client simply by creating RPCSEC_GSS contexts and then doing downcalls. In practice, no daemons ever made use of this feature. Remove this feature now, since it will be impossible to figure out which mechanism a given context actually matches if we enable more than one gss mechanism to use the same upcall pipe. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Remove the gss_auth spinlockTrond Myklebust
We're just as well off using the inode spinlock instead. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10SUNRPC: Add a backpointer from the struct rpc_cred to the rpc_authTrond Myklebust
Cleans up an issue whereby rpcsec_gss uses the rpc_clnt->cl_auth. If we want to be able to add several rpc_auths to a single rpc_clnt, then this abuse must go. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-07-10sendfile: convert nfsd to splice_direct_to_actor()Jens Axboe
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
2007-05-09knfsd: rpcgss: RPC_GSS_PROC_ DESTROY request will get a bad rpcWei Yongjun
If I send a RPC_GSS_PROC_DESTROY message to NFSv4 server, it will reply with a bad rpc reply which lacks an authentication verifier. Maybe this patch is needed. Send/recv packets as following: send: RemoteProcedureCall xid rpcvers = 2 prog = 100003 vers = 4 proc = 0 cred = AUTH_GSS version = 1 gss_proc = 3 (RPCSEC_GSS_DESTROY) service = 1 (RPC_GSS_SVC_NONE) verf = AUTH_GSS checksum reply: RemoteProcedureReply xid msg_type reply_stat accepted_reply Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-09knfsd: fix resource leak resulting in module refcount leak for ↵Frank Filz
rpcsec_gss_krb5.ko I have been investigating a module reference count leak on the server for rpcsec_gss_krb5.ko. It turns out the problem is a reference count leak for the security context in net/sunrpc/auth_gss/svcauth_gss.c. The problem is that gss_write_init_verf() calls gss_svc_searchbyctx() which does a rsc_lookup() but never releases the reference to the context. There is another issue that rpc.svcgssd sets an "end of time" expiration for the context By adding a cache_put() call in gss_svc_searchbyctx(), and setting an expiration timeout in the downcall, cache_clean() does clean up the context and the module reference count now goes to zero after unmount. I also verified that if the context expires and then the client makes a new request, a new context is established. Here is the patch to fix the kernel, I will start a separate thread to discuss what expiration time should be set by rpc.svcgssd. Acked-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-09knfsd: rpc: fix server-side wrapping of krb5i repliesNeilBrown
It's not necessarily correct to assume that the xdr_buf used to hold the server's reply must have page data whenever it has tail data. And there's no need for us to deal with that case separately anyway. Acked-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-02spkm3: initialize hashJ. Bruce Fields - unquoted
There's an initialization step here I missed. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-05-02spkm3: remove bad kfree, unnecessary exportJ. Bruce Fields - unquoted
We're kfree()'ing something that was allocated on the stack! Also remove an unnecessary symbol export while we're at it. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-05-02spkm3: fix spkm3's use of hmacJ. Bruce Fields - unquoted
I think I botched an attempt to keep an spkm3 patch up-to-date with a recent crypto api change. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-02-12Merge branch 'master' of /home/trondmy/kernel/linux-2.6/Trond Myklebust
Conflicts: net/sunrpc/auth_gss/gss_krb5_crypto.c net/sunrpc/auth_gss/gss_spkm3_token.c net/sunrpc/clnt.c Merge with mainline and fix conflicts.
2007-02-10[NET] SUNRPC: Fix whitespace errors.YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-03SUNRPC: fix print format for tk_pid in auth_gss supportChuck Lever
The tk_pid field is an unsigned short. The proper print format specifier for that type is %5u, not %4d. Also clean up some miscellaneous print formatting nits. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-22[PATCH] gss_spkm3: fix error handling in module initAkinobu Mita
Return error and prevent from loading module when gss_mech_register() failed. Cc: Andy Adamson <andros@citi.umich.edu> Cc: J. Bruce Fields <bfields@citi.umich.edu> Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13[PATCH] knfsd: nfsd: don't drop silently on upcall deferralJ.Bruce Fields
To avoid tying up server threads when nfsd makes an upcall (to mountd, to get export options, to idmapd, for nfsv4 name<->id mapping, etc.), we temporarily "drop" the request and save enough information so that we can revisit it later. Certain failures during the deferral process can cause us to really drop the request and never revisit it. This is often less than ideal, and is unacceptable in the NFSv4 case--rfc 3530 forbids the server from dropping a request without also closing the connection. As a first step, we modify the deferral code to return -ETIMEDOUT (which is translated to nfserr_jukebox in the v3 and v4 cases, and remains a drop in the v2 case). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13[PATCH] knfsd: svcrpc: fix gss krb5i memory leakJ.Bruce Fields
The memory leak here is embarassingly obvious. This fixes a problem that causes the kernel to leak a small amount of memory every time it receives a integrity-protected request. Thanks to Aim Le Rouzic for the bug report. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-08[PATCH] struct path: convert sunrpcJosef Sipek
Signed-off-by: Josef Sipek <jsipek@fsl.cs.sunysb.edu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-06rpcgss: krb5: miscellaneous cleanupJ. Bruce Fields
Miscellaneous cosmetic fixes. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: krb5: ignore seedJ. Bruce Fields
We're currently not actually using seed or seed_init. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: krb5: sanity check sealalg value in the downcallJ. Bruce Fields
The sealalg is checked in several places, giving the impression it could be either SEAL_ALG_NONE or SEAL_ALG_DES. But in fact SEAL_ALG_NONE seems to be sufficient only for making mic's, and all the contexts we get must be capable of wrapping as well. So the sealalg must be SEAL_ALG_DES. As with signalg, just check for the right value on the downcall and ignore it otherwise. Similarly, tighten expectations for the sealalg on incoming tokens, in case we do support other values eventually. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: krb5: clean up some goto's, etc.J. Bruce Fields
Remove some unnecessary goto labels; clean up some return values; etc. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: simplify make_checksumJ. Bruce Fields
We're doing some pointless translation between krb5 constants and kernel crypto string names. Also clean up some related spkm3 code as necessary. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: krb5: kill checksum_type, miscellaneous small cleanupJ. Bruce Fields
Previous changes reveal some obvious cruft. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpcgss: krb5: expect a constant signalg valueJ. Bruce Fields
We also only ever receive one value of the signalg, so let's not pretend otherwise Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06gss: krb5: remove signalg and sealalgJ. Bruce Fields
We designed the krb5 context import without completely understanding the context. Now it's clear that there are a number of fields that we ignore, or that we depend on having one single value. In particular, we only support one value of signalg currently; so let's check the signalg field in the downcall (in case we decide there's something else we could support here eventually), but ignore it otherwise. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpc: spkm3 updateOlga Kornievskaia
This updates the spkm3 code to bring it up to date with our current understanding of the spkm3 spec. In doing so, we're changing the downcall format used by gssd in the spkm3 case, which will cause an incompatilibity with old userland spkm3 support. Since the old code a) didn't implement the protocol correctly, and b) was never distributed except in the form of some experimental patches from the citi web site, we're assuming this is OK. We do detect the old downcall format and print warning (and fail). We also include a version number in the new downcall format, to be used in the future in case any further change is required. In some more detail: - fix integrity support - removed dependency on NIDs. instead OIDs are used - known OID values for algorithms added. - fixed some context fields and types Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpc: move process_xdr_bufOlga Kornievskaia
Since process_xdr_buf() is useful outside of the kerberos-specific code, we move it to net/sunrpc/xdr.c, export it, and rename it in keeping with xdr_* naming convention of xdr.c. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpc: gss: fix a kmap_atomic race in krb5 codeJ. Bruce Fields
This code is never called from interrupt context; it's always run by either a user thread or rpciod. So KM_SKB_SUNRPC_DATA is inappropriate here. Thanks to Aimé Le Rouzic for capturing an oops which showed the kernel taking an interrupt while we were in this piece of code, resulting in a nested kmap_atomic(.,KM_SKB_SUNRPC_DATA) call from xdr_partial_copy_from_skb(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-12-06rpc: gss: eliminate print_hexl()'sJ. Bruce Fields
Dumping all this data to the logs is wasteful (even when debugging is turned off), and creates too much output to be useful when it's turned on. Fix a minor style bug or two while we're at it. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>