#
99d074d6 |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Check rq_auth_stat when preparing to wrap a response
Commit 5b304bc5bfcc ("[PATCH] knfsd: svcrpc: gss: fix failure on SVC_DENIED in integrity case") added a check to prevent wrapping an RPC
SUNRPC: Check rq_auth_stat when preparing to wrap a response
Commit 5b304bc5bfcc ("[PATCH] knfsd: svcrpc: gss: fix failure on SVC_DENIED in integrity case") added a check to prevent wrapping an RPC response if reply_stat == MSG_DENIED, assuming that the only way to get to svcauth_gss_release() with that reply_stat value was if the reject_stat was AUTH_ERROR (reject_stat == MISMATCH is handled earlier in svc_process_common()).
The code there is somewhat confusing. For one thing, rpc_success is an accept_stat value, not a reply_stat value. The correct reply_stat value to look for is RPC_MSG_DENIED. It happens to be the same value as rpc_success, so it all works out, but it's not terribly readable.
Since commit 438623a06bac ("SUNRPC: Add svc_rqst::rq_auth_stat"), the actual auth_stat value is stored in the svc_rqst, so that value is now available to svcauth_gss_prepare_to_wrap() to make its decision to wrap, based on direct information about the authentication status of the RPC caller.
No behavior change is intended, this simply replaces some old code with something that should be more self-documenting.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
eb1b780f |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Convert svcauth_gss_wrap_priv() to use xdr_stream()
Actually xdr_stream does not add value here because of how gss_wrap() works. This is just a clean-up patch.
Reviewed-by: Jeff Layton <jla
SUNRPC: Convert svcauth_gss_wrap_priv() to use xdr_stream()
Actually xdr_stream does not add value here because of how gss_wrap() works. This is just a clean-up patch.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
a84cfbcd |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Add @head and @tail variables in svcauth_gss_wrap_priv()
Simplify the references to the head and tail iovecs for readability.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Ch
SUNRPC: Add @head and @tail variables in svcauth_gss_wrap_priv()
Simplify the references to the head and tail iovecs for readability.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
ba8b13e5 |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Record gss_wrap() errors in svcauth_gss_wrap_priv()
Match the error reporting in the other unwrap and wrap functions.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Leve
SUNRPC: Record gss_wrap() errors in svcauth_gss_wrap_priv()
Match the error reporting in the other unwrap and wrap functions.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
7b135c65 |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_priv()
Clean up variable names to match the other unwrap and wrap functions.
Additionally, the explicit type cast on @gsd in unnecessary;
SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_priv()
Clean up variable names to match the other unwrap and wrap functions.
Additionally, the explicit type cast on @gsd in unnecessary; and @resbuf is renamed to match the variable naming in the unwrap functions.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
7702378a |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Convert svcauth_gss_wrap_integ() to use xdr_stream()
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck L
SUNRPC: Convert svcauth_gss_wrap_integ() to use xdr_stream()
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
d91f0323 |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Replace checksum construction in svcauth_gss_wrap_integ()
Replace finicky logic: Instead of trying to find scratch space in the response buffer, use the scratch buffer from struct gss_svc_da
SUNRPC: Replace checksum construction in svcauth_gss_wrap_integ()
Replace finicky logic: Instead of trying to find scratch space in the response buffer, use the scratch buffer from struct gss_svc_data.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
15d8f808 |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Record gss_get_mic() errors in svcauth_gss_wrap_integ()
An error computing the checksum here is an exceptional event.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Leve
SUNRPC: Record gss_get_mic() errors in svcauth_gss_wrap_integ()
An error computing the checksum here is an exceptional event.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
0adaddd3 |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_integ()
Clean up: To help orient readers, name the stack variables to match the XDR field names.
Additionally, the explicit type cast on
SUNRPC: Rename automatic variables in svcauth_gss_wrap_resp_integ()
Clean up: To help orient readers, name the stack variables to match the XDR field names.
Additionally, the explicit type cast on @gsd is unnecessary; and @resbuf is renamed to match the variable naming in the unwrap functions.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
5a929383 |
| 08-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Clean up svcauth_gss_release()
Now that upper layers use an xdr_stream to track the construction of each RPC Reply message, resbuf->len is kept up-to-date automatically. There's no need to r
SUNRPC: Clean up svcauth_gss_release()
Now that upper layers use an xdr_stream to track the construction of each RPC Reply message, resbuf->len is kept up-to-date automatically. There's no need to recompute it in svc_gss_release().
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
Revision tags: v6.0.18, v6.1.4, v6.1.3, v6.0.17 |
|
#
6898b47a |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Hoist init_decode out of svc_authenticate()
Now that each ->accept method has been converted to use xdr_stream, the svcxdr_init_decode() calls can be hoisted back up into the generic RPC ser
SUNRPC: Hoist init_decode out of svc_authenticate()
Now that each ->accept method has been converted to use xdr_stream, the svcxdr_init_decode() calls can be hoisted back up into the generic RPC server code.
The dprintk in svc_authenticate() is removed, since trace_svc_authenticate() reports the same information.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
b0bc5347 |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Convert the svcauth_gss_accept() pre-amble to use xdr_stream
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by:
SUNRPC: Convert the svcauth_gss_accept() pre-amble to use xdr_stream
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
6734706b |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Clean up svcauth_gss_accept's NULL procedure check
Micro-optimizations:
1. The value of rqstp->rq_auth_stat is replaced no matter which arm of the switch is taken, so the initial assignm
SUNRPC: Clean up svcauth_gss_accept's NULL procedure check
Micro-optimizations:
1. The value of rqstp->rq_auth_stat is replaced no matter which arm of the switch is taken, so the initial assignment can be safely removed.
2. Avoid checking the value of gc->gc_proc twice in the I/O (RPC_GSS_PROC_DATA) path.
The cost is a little extra code redundancy.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
0653028e |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Convert gss_verify_header() to use xdr_stream
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <c
SUNRPC: Convert gss_verify_header() to use xdr_stream
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
42140718 |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Convert unwrap_priv_data() to use xdr_stream
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <ch
SUNRPC: Convert unwrap_priv_data() to use xdr_stream
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
f4a59e82 |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Rename automatic variables in unwrap_priv_data()
Clean up: To help orient readers, name the stack variables to match the XDR field names.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signe
SUNRPC: Rename automatic variables in unwrap_priv_data()
Clean up: To help orient readers, name the stack variables to match the XDR field names.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
b68e4c5c |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Convert unwrap_integ_data() to use xdr_stream
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <c
SUNRPC: Convert unwrap_integ_data() to use xdr_stream
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
e14673c9 |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Rename automatic variables in unwrap_integ_data()
Clean up: To help orient readers, name the stack variables to match the XDR field names.
For readability, I'm also going to rename the unwr
SUNRPC: Rename automatic variables in unwrap_integ_data()
Clean up: To help orient readers, name the stack variables to match the XDR field names.
For readability, I'm also going to rename the unwrap and wrap functions in a consistent manner, starting with unwrap_integ_data().
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
26a949d1 |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Replace read_u32_from_xdr_buf() with existing XDR helper
Clean up / code de-duplication - this functionality is already available in the generic XDR layer.
Reviewed-by: Jeff Layton <jlayton
SUNRPC: Replace read_u32_from_xdr_buf() with existing XDR helper
Clean up / code de-duplication - this functionality is already available in the generic XDR layer.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
c020fa69 |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Convert server-side GSS upcall helpers to use xdr_stream
The entire RPC_GSS_PROC_INIT path is converted over to xdr_stream for decoding the Call credential and verifier.
Done as part of har
SUNRPC: Convert server-side GSS upcall helpers to use xdr_stream
The entire RPC_GSS_PROC_INIT path is converted over to xdr_stream for decoding the Call credential and verifier.
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
1cbfb921 |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Remove gss_read_verf()
gss_read_verf() is already short. Fold it into its only caller.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
|
#
4d51366d |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Remove gss_read_common_verf()
gss_read_common_verf() is now just a wrapper for dup_netobj(), thus it can be replaced with direct calls to dup_netobj().
Reviewed-by: Jeff Layton <jlayton@ker
SUNRPC: Remove gss_read_common_verf()
gss_read_common_verf() is now just a wrapper for dup_netobj(), thus it can be replaced with direct calls to dup_netobj().
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
20ebe927 |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Hoist common verifier decoding code into svcauth_gss_proc_init()
Pre-requisite to replacing gss_read_common_verf().
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever
SUNRPC: Hoist common verifier decoding code into svcauth_gss_proc_init()
Pre-requisite to replacing gss_read_common_verf().
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
4ac5e7a6 |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Move the server-side GSS upcall to a noinline function
Since upcalls are infrequent, ensure the compiler places the upcall mechanism out-of-line from the I/O path.
Reviewed-by: Jeff Layton
SUNRPC: Move the server-side GSS upcall to a noinline function
Since upcalls are infrequent, ensure the compiler places the upcall mechanism out-of-line from the I/O path.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|
#
1e9e177d |
| 02-Jan-2023 |
Chuck Lever <chuck.lever@oracle.com> |
SUNRPC: Move svcxdr_init_decode() into ->accept methods
Refactor: So that the overhaul of each ->accept method can be done in separate smaller patches, temporarily move the svcxdr_init_decode() call
SUNRPC: Move svcxdr_init_decode() into ->accept methods
Refactor: So that the overhaul of each ->accept method can be done in separate smaller patches, temporarily move the svcxdr_init_decode() call into those methods.
Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
show more ...
|