summaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' of /home/trondmy/kernel/linux-2.6/Trond Myklebust2007-02-128-47/+47
|\ | | | | | | | | | | | | | | | | | | Conflicts: net/sunrpc/auth_gss/gss_krb5_crypto.c net/sunrpc/auth_gss/gss_spkm3_token.c net/sunrpc/clnt.c Merge with mainline and fix conflicts.
| * [NET] SUNRPC: Fix whitespace errors.YOSHIFUJI Hideaki2007-02-108-49/+49
| | | | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | SUNRPC: fix print format for tk_pid in auth_gss supportChuck Lever2007-02-0313-63/+73
|/ | | | | | | | | | The tk_pid field is an unsigned short. The proper print format specifier for that type is %5u, not %4d. Also clean up some miscellaneous print formatting nits. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [PATCH] gss_spkm3: fix error handling in module initAkinobu Mita2006-12-221-1/+1
| | | | | | | | | | | | Return error and prevent from loading module when gss_mech_register() failed. Cc: Andy Adamson <andros@citi.umich.edu> Cc: J. Bruce Fields <bfields@citi.umich.edu> Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: nfsd: don't drop silently on upcall deferralJ.Bruce Fields2006-12-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | To avoid tying up server threads when nfsd makes an upcall (to mountd, to get export options, to idmapd, for nfsv4 name<->id mapping, etc.), we temporarily "drop" the request and save enough information so that we can revisit it later. Certain failures during the deferral process can cause us to really drop the request and never revisit it. This is often less than ideal, and is unacceptable in the NFSv4 case--rfc 3530 forbids the server from dropping a request without also closing the connection. As a first step, we modify the deferral code to return -ETIMEDOUT (which is translated to nfserr_jukebox in the v3 and v4 cases, and remains a drop in the v2 case). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: svcrpc: fix gss krb5i memory leakJ.Bruce Fields2006-12-131-4/+5
| | | | | | | | | | | | | | The memory leak here is embarassingly obvious. This fixes a problem that causes the kernel to leak a small amount of memory every time it receives a integrity-protected request. Thanks to Aim Le Rouzic for the bug report. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] struct path: convert sunrpcJosef Sipek2006-12-081-1/+1
| | | | | | Signed-off-by: Josef Sipek <jsipek@fsl.cs.sunysb.edu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* rpcgss: krb5: miscellaneous cleanupJ. Bruce Fields2006-12-063-20/+15
| | | | | | | Miscellaneous cosmetic fixes. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpcgss: krb5: ignore seedJ. Bruce Fields2006-12-061-5/+6
| | | | | | | We're currently not actually using seed or seed_init. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpcgss: krb5: sanity check sealalg value in the downcallJ. Bruce Fields2006-12-063-30/+5
| | | | | | | | | | | | | The sealalg is checked in several places, giving the impression it could be either SEAL_ALG_NONE or SEAL_ALG_DES. But in fact SEAL_ALG_NONE seems to be sufficient only for making mic's, and all the contexts we get must be capable of wrapping as well. So the sealalg must be SEAL_ALG_DES. As with signalg, just check for the right value on the downcall and ignore it otherwise. Similarly, tighten expectations for the sealalg on incoming tokens, in case we do support other values eventually. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpcgss: krb5: clean up some goto's, etc.J. Bruce Fields2006-12-063-75/+48
| | | | | | | Remove some unnecessary goto labels; clean up some return values; etc. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpcgss: simplify make_checksumJ. Bruce Fields2006-12-064-16/+5
| | | | | | | | | | We're doing some pointless translation between krb5 constants and kernel crypto string names. Also clean up some related spkm3 code as necessary. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpcgss: krb5: kill checksum_type, miscellaneous small cleanupJ. Bruce Fields2006-12-063-20/+4
| | | | | | | Previous changes reveal some obvious cruft. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpcgss: krb5: expect a constant signalg valueJ. Bruce Fields2006-12-062-60/+27
| | | | | | | | We also only ever receive one value of the signalg, so let's not pretend otherwise Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* gss: krb5: remove signalg and sealalgJ. Bruce Fields2006-12-063-47/+22
| | | | | | | | | | | | | We designed the krb5 context import without completely understanding the context. Now it's clear that there are a number of fields that we ignore, or that we depend on having one single value. In particular, we only support one value of signalg currently; so let's check the signalg field in the downcall (in case we decide there's something else we could support here eventually), but ignore it otherwise. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpc: spkm3 updateOlga Kornievskaia2006-12-065-162/+166
| | | | | | | | | | | | | | | | | | | | | | | | | This updates the spkm3 code to bring it up to date with our current understanding of the spkm3 spec. In doing so, we're changing the downcall format used by gssd in the spkm3 case, which will cause an incompatilibity with old userland spkm3 support. Since the old code a) didn't implement the protocol correctly, and b) was never distributed except in the form of some experimental patches from the citi web site, we're assuming this is OK. We do detect the old downcall format and print warning (and fail). We also include a version number in the new downcall format, to be used in the future in case any further change is required. In some more detail: - fix integrity support - removed dependency on NIDs. instead OIDs are used - known OID values for algorithms added. - fixed some context fields and types Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpc: move process_xdr_bufOlga Kornievskaia2006-12-061-69/+4
| | | | | | | | | Since process_xdr_buf() is useful outside of the kerberos-specific code, we move it to net/sunrpc/xdr.c, export it, and rename it in keeping with xdr_* naming convention of xdr.c. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpc: gss: fix a kmap_atomic race in krb5 codeJ. Bruce Fields2006-12-061-2/+2
| | | | | | | | | | | | | This code is never called from interrupt context; it's always run by either a user thread or rpciod. So KM_SKB_SUNRPC_DATA is inappropriate here. Thanks to Aimé Le Rouzic for capturing an oops which showed the kernel taking an interrupt while we were in this piece of code, resulting in a nested kmap_atomic(.,KM_SKB_SUNRPC_DATA) call from xdr_partial_copy_from_skb(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* rpc: gss: eliminate print_hexl()'sJ. Bruce Fields2006-12-065-64/+2
| | | | | | | | | | Dumping all this data to the logs is wasteful (even when debugging is turned off), and creates too much output to be useful when it's turned on. Fix a minor style bug or two while we're at it. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [SUNRPC]: Use k{mem,str}dup where applicableArnaldo Carvalho de Melo2006-12-024-11/+5
| | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
* [PATCH] net/sunrpc/auth_gss/svcauth_gss.c endianness regressionAl Viro2006-10-101-2/+3
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: svcrpc: gss: fix failure on SVC_DENIED in integrity caseJ.Bruce Fields2006-10-041-12/+18
| | | | | | | | | | | | | If the request is denied after gss_accept was called, we shouldn't try to wrap the reply. We were checking the accept_stat but not the reply_stat. To check the reply_stat in _release, we need a pointer to before (rather than after) the verifier, so modify body_start appropriately. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: svcrpc: gss: factor out some common wrapping codeJ.Bruce Fields2006-10-041-20/+23
| | | | | | | | | Factor out some common code from the integrity and privacy cases. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Replace two page lists in struct svc_rqst with oneNeilBrown2006-10-041-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are planning to increase RPCSVC_MAXPAGES from about 8 to about 256. This means we need to be a bit careful about arrays of size RPCSVC_MAXPAGES. struct svc_rqst contains two such arrays. However the there are never more that RPCSVC_MAXPAGES pages in the two arrays together, so only one array is needed. The two arrays are for the pages holding the request, and the pages holding the reply. Instead of two arrays, we can simply keep an index into where the first reply page is. This patch also removes a number of small inline functions that probably server to obscure what is going on rather than clarify it, and opencode the needed functionality. Also remove the 'rq_restailpage' variable as it is *always* 0. i.e. if the response 'xdr' structure has a non-empty tail it is always in the same pages as the head. check counters are initilised and incr properly check for consistant usage of ++ etc maybe extra some inlines for common approach general review Signed-off-by: Neil Brown <neilb@suse.de> Cc: Magnus Maatta <novell@kiruna.se> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* fix file specification in commentsUwe Zeisberger2006-10-031-1/+1
| | | | | | | Many files include the filename at the beginning, serveral used a wrong one. Signed-off-by: Uwe Zeisberger <Uwe_Zeisberger@digi.com> Signed-off-by: Adrian Bunk <bunk@stusta.de>
* [SUNRPC]: more sunrpc endianness annotationsAl Viro2006-09-281-4/+4
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SUNRPC]: trivial endianness annotationsAlexey Dobriyan2006-09-284-31/+32
| | | | | | | | | | pure s/u32/__be32/ [AV: large part based on Alexey's patches] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SUNRPC]: svc_{get,put}nl()Alexey Dobriyan2006-09-281-26/+26
| | | | | | | | | | | | | | | | | * add svc_getnl(): Take network-endian value from buffer, convert to host-endian and return it. * add svc_putnl(): Take host-endian value, convert to network-endian and put it into a buffer. * annotate svc_getu32()/svc_putu32() as dealing with network-endian. * convert to svc_getnl(), svc_putnl(). [AV: in large part it's a carved-up Alexey's patch] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* SUNRPC: Make rpc_mkpipe() take the parent dentry as an argumentTrond Myklebust2006-09-221-5/+2
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [CRYPTO] users: Use crypto_hash interface instead of crypto_digestHerbert Xu2006-09-211-14/+24
| | | | | | | This patch converts all remaining crypto_digest users to use the new crypto_hash interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [SUNRPC] GSS: Use block ciphers where applicableHerbert Xu2006-09-215-54/+64
| | | | | | | This patch converts SUNRPC/GSS to use the new block cipher type where applicable. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* SUNRPC: Fix dentry refcounting issues with users of rpc_pipefsTrond Myklebust2006-08-241-1/+0
| | | | | | | rpc_unlink() and rpc_rmdir() will dput the dentry reference for you. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> (cherry picked from a05a57effa71a1f67ccbfc52335c10c8b85f3f6a commit)
* SUNRPC: make rpc_unlink() take a dentry argument instead of a pathTrond Myklebust2006-08-241-1/+1
| | | | | Signe-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> (cherry picked from 88bf6d811b01a4be7fd507d18bf5f1c527989089 commit)
* [NET]: Conversions from kmalloc+memset to k(z|c)alloc.Panagiotis Issaris2006-07-215-14/+7
| | | | | | Signed-off-by: Panagiotis Issaris <takis@issaris.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] knfsd: svcrpc: gss: server-side implementation of rpcsec_gss privacyJ. Bruce Fields2006-06-301-7/+147
| | | | | | | | | | Server-side implementation of rpcsec_gss privacy, which enables encryption of the payload of every rpc request and response. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: svcrpc: Simplify nfsd rpcsec_gss integrity codeJ. Bruce Fields2006-06-301-51/+64
| | | | | | | | | | | Pull out some of the integrity code into its own function, otherwise svcauth_gss_release() is going to become very ungainly after the addition of privacy code. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: svcrpc: gss: simplify rsc_parse()J. Bruce Fields2006-06-302-11/+7
| | | | | | | | | Adopt a simpler convention for gss_mech_put(), to simplify rsc_parse(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] spin/rwlock init cleanupsIngo Molnar2006-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | locking init cleanups: - convert " = SPIN_LOCK_UNLOCKED" to spin_lock_init() or DEFINE_SPINLOCK() - convert rwlocks in a similar manner this patch was generated automatically. Motivation: - cleanliness - lockdep needs control of lock initialization, which the open-coded variants do not give - it's also useful for -rt and for lock debugging in general Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* spelling fixesAndreas Mohr2006-06-262-2/+2
| | | | | | | | | | | | acquired (aquired) contiguous (contigious) successful (succesful, succesfull) surprise (suprise) whether (weather) some other misspellings Signed-off-by: Andreas Mohr <andi@lisas.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
* SUNRPC: Dead code in net/sunrpc/auth_gss/auth_gss.cEric Sesterhenn2006-04-191-1/+0
| | | | | | | | | | | | Hi, the coverity checker spotted that cred is always NULL when we jump to out_err ( there is just one case, when we fail to allocate the memory for cred ) This is Coverity ID #79 Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* RPCSEC_GSS: fix leak in krb5 code caused by superfluous kmallocJ. Bruce Fields2006-04-191-8/+3
| | | | | | | | | | | I was sloppy when generating a previous patch; I modified the callers of krb5_make_checksum() to allocate memory for the buffer where the result is returned, then forgot to modify krb5_make_checksum to stop allocating that memory itself. The result is a per-packet memory leak. This fixes the problem by removing the now-superfluous kmalloc(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [PATCH] knfsd: svcrpc: gss: don't call svc_take_page unnecessarilyNeilBrown2006-04-111-6/+8
| | | | | | | | | | | | | | We're using svc_take_page here to get another page for the tail in case one wasn't already allocated. But there isn't always guaranteed to be another page available. Also fix a typo that made us check the tail buffer for space when we meant to be checking the head buffer. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Convert sunrpc_cache to use krefsNeilBrown2006-03-271-16/+12
| | | | | | | | .. it makes some of the code nicer. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Use new cache code for rsc cacheNeilBrown2006-03-271-10/+64
| | | | | | Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Use new sunrpc cache for rsi cacheNeilBrown2006-03-271-7/+59
| | | | | | Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Get rid of 'inplace' sunrpc cachesNeilBrown2006-03-271-2/+2
| | | | | | | | | These were an unnecessary wart. Also only have one 'DefineSimpleCache..' instead of two. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Change the store of auth_domains to not be a 'cache'NeilBrown2006-03-271-7/+7
| | | | | | | | | | The 'auth_domain's are simply handles on internal data structures. They do not cache information from user-space, and forcing them into the mold of a 'cache' misrepresents their true nature and causes confusion. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* SUNRPC,RPCSEC_GSS: spkm3: import contexts using NID_cast5_cbcJ. Bruce Fields2006-03-201-0/+6
| | | | | | | | Import the NID_cast5_cbc from the userland context. Not used. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC,RPCSEC_GSS: fix krb5 sequence numbers.J. Bruce Fields2006-03-202-6/+14
| | | | | | | Use a spinlock to ensure unique sequence numbers when creating krb5 gss tokens. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC,RPCSEC_GSS: remove unnecessary kmalloc of a checksumJ. Bruce Fields2006-03-205-17/+12
| | | | | | | | | | | | | | Remove unnecessary kmalloc of temporary space to hold the md5 result; it's small enough to just put on the stack. This code may be called to process rpc's necessary to perform writes, so there's a potential deadlock whenever we kmalloc() here. After this a couple kmalloc()'s still remain, to be removed soon. This also fixes a rare double-free on error noticed by coverity. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
OpenPOWER on IntegriCloud