* [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS
@ 2008-02-19 9:19 Harshula
[not found] ` <1203412781.10159.95.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: Harshula @ 2008-02-19 9:19 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: linux-nfs
Hi,
In function svcauth_gss_accept() (net/sunrpc/auth_gss/svcauth_gss.c) the
code that handles GSS integrity and decryption failures should be
returning GARBAGE_ARGS as specified in RFC 2203. Is there a reason why
this is not the case? If not, here's a patch.
http://www.ietf.org/rfc/rfc2203.txt
----------------------------------------------------------
5.3.3.4.2. GSS_VerifyMIC() Failure
When GSS_VerifyMIC() is called to verify the verifier in request, a
failure results in an RPC response with a reply status of MSG_DENIED,
reject status of AUTH_ERROR and an auth status of
RPCSEC_GSS_CREDPROBLEM.
When GSS_VerifyMIC() is called to verify the call arguments (service
is rpc_gss_svc_integrity), a failure results in an RPC response with
a reply status of MSG_ACCEPTED, and an acceptance status of
GARBAGE_ARGS.
5.3.3.4.3. GSS_Unwrap() Failure
When GSS_Unwrap() is called to decrypt the call arguments (service is
rpc_gss_svc_privacy), a failure results in an RPC response with a
reply status of MSG_ACCEPTED, and an acceptance status of
GARBAGE_ARGS.
----------------------------------------------------------
This patch is against:
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Reviewed-by: Greg Banks <gnb@sgi.com>
Signed-off-by: Harshula Jayasuriya <harshula@sgi.com>
---
net/sunrpc/auth_gss/svcauth_gss.c | 9 +++++++--
net/sunrpc/svc.c | 3 +--
2 files changed, 8 insertions(+), 4 deletions(-)
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1146,7 +1146,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32
*authp)
case RPC_GSS_SVC_INTEGRITY:
if (unwrap_integ_data(&rqstp->rq_arg,
gc->gc_seq, rsci->mechctx))
- goto auth_err;
+ goto garbage_args;
/* placeholders for length and seq. number: */
svc_putnl(resv, 0);
svc_putnl(resv, 0);
@@ -1154,7 +1154,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32
*authp)
case RPC_GSS_SVC_PRIVACY:
if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
gc->gc_seq, rsci->mechctx))
- goto auth_err;
+ goto garbage_args;
/* placeholders for length and seq. number: */
svc_putnl(resv, 0);
svc_putnl(resv, 0);
@@ -1169,6 +1169,11 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32
*authp)
ret = SVC_OK;
goto out;
}
+garbage_args:
+ /* Restore write pointer to its original value: */
+ xdr_ressize_check(rqstp, reject_stat);
+ ret = SVC_GARBAGE;
+ goto out;
auth_err:
/* Restore write pointer to its original value: */
xdr_ressize_check(rqstp, reject_stat);
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index a290e15..a6c74fe 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -915,8 +915,7 @@ svc_process(struct svc_rqst *rqstp)
case SVC_OK:
break;
case SVC_GARBAGE:
- rpc_stat = rpc_garbage_args;
- goto err_bad;
+ goto err_garbage;
case SVC_SYSERR:
rpc_stat = rpc_system_err;
goto err_bad;
cya,
#
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS
[not found] ` <1203412781.10159.95.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>
@ 2008-02-19 17:44 ` J. Bruce Fields
2008-02-19 23:56 ` Harshula
0 siblings, 1 reply; 4+ messages in thread
From: J. Bruce Fields @ 2008-02-19 17:44 UTC (permalink / raw)
To: Harshula; +Cc: linux-nfs
On Tue, Feb 19, 2008 at 08:19:41PM +1100, Harshula wrote:
> Hi,
>
> In function svcauth_gss_accept() (net/sunrpc/auth_gss/svcauth_gss.c) the
> code that handles GSS integrity and decryption failures should be
> returning GARBAGE_ARGS as specified in RFC 2203. Is there a reason why
> this is not the case?
Nope!
> If not, here's a patch.
Thanks for the patch and the rfc citation!
However:
> --- a/net/sunrpc/auth_gss/svcauth_gss.c
> +++ b/net/sunrpc/auth_gss/svcauth_gss.c
> @@ -1146,7 +1146,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32
> *authp)
Your mailer seems to be wrapping long lines? This makes the patch not
apply.
> case RPC_GSS_SVC_INTEGRITY:
> if (unwrap_integ_data(&rqstp->rq_arg,
> gc->gc_seq, rsci->mechctx))
> - goto auth_err;
> + goto garbage_args;
And tabs are getting changed to spaces everywhere too....
Would it be possible to fix those problems and resend?
--b.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS
2008-02-19 17:44 ` J. Bruce Fields
@ 2008-02-19 23:56 ` Harshula
[not found] ` <1203465416.10159.110.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: Harshula @ 2008-02-19 23:56 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: linux-nfs
Hi Bruce,
On Tue, 2008-02-19 at 12:44 -0500, J. Bruce Fields wrote:
> Your mailer seems to be wrapping long lines? This makes the patch not
> apply.
> And tabs are getting changed to spaces everywhere too....
>
> Would it be possible to fix those problems and resend?
Sorry about that, here it is again ...
cya,
#
In function svcauth_gss_accept() (net/sunrpc/auth_gss/svcauth_gss.c) the
code that handles GSS integrity and decryption failures should be
returning GARBAGE_ARGS as specified in RFC 2203. Is there a reason why
this is not the case? If not, here's a patch.
http://www.ietf.org/rfc/rfc2203.txt
----------------------------------------------------------
5.3.3.4.2. GSS_VerifyMIC() Failure
When GSS_VerifyMIC() is called to verify the verifier in request, a
failure results in an RPC response with a reply status of MSG_DENIED,
reject status of AUTH_ERROR and an auth status of
RPCSEC_GSS_CREDPROBLEM.
When GSS_VerifyMIC() is called to verify the call arguments (service
is rpc_gss_svc_integrity), a failure results in an RPC response with
a reply status of MSG_ACCEPTED, and an acceptance status of
GARBAGE_ARGS.
5.3.3.4.3. GSS_Unwrap() Failure
When GSS_Unwrap() is called to decrypt the call arguments (service is
rpc_gss_svc_privacy), a failure results in an RPC response with a
reply status of MSG_ACCEPTED, and an acceptance status of
GARBAGE_ARGS.
----------------------------------------------------------
This patch is against:
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Reviewed-by: Greg Banks <gnb@sgi.com>
Signed-off-by: Harshula Jayasuriya <harshula@sgi.com>
---
net/sunrpc/auth_gss/svcauth_gss.c | 9 +++++++--
net/sunrpc/svc.c | 3 +--
2 files changed, 8 insertions(+), 4 deletions(-)
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1146,7 +1146,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
case RPC_GSS_SVC_INTEGRITY:
if (unwrap_integ_data(&rqstp->rq_arg,
gc->gc_seq, rsci->mechctx))
- goto auth_err;
+ goto garbage_args;
/* placeholders for length and seq. number: */
svc_putnl(resv, 0);
svc_putnl(resv, 0);
@@ -1154,7 +1154,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
case RPC_GSS_SVC_PRIVACY:
if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
gc->gc_seq, rsci->mechctx))
- goto auth_err;
+ goto garbage_args;
/* placeholders for length and seq. number: */
svc_putnl(resv, 0);
svc_putnl(resv, 0);
@@ -1169,6 +1169,11 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
ret = SVC_OK;
goto out;
}
+garbage_args:
+ /* Restore write pointer to its original value: */
+ xdr_ressize_check(rqstp, reject_stat);
+ ret = SVC_GARBAGE;
+ goto out;
auth_err:
/* Restore write pointer to its original value: */
xdr_ressize_check(rqstp, reject_stat);
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index a290e15..a6c74fe 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -915,8 +915,7 @@ svc_process(struct svc_rqst *rqstp)
case SVC_OK:
break;
case SVC_GARBAGE:
- rpc_stat = rpc_garbage_args;
- goto err_bad;
+ goto err_garbage;
case SVC_SYSERR:
rpc_stat = rpc_system_err;
goto err_bad;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS
[not found] ` <1203465416.10159.110.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>
@ 2008-02-20 15:38 ` J. Bruce Fields
0 siblings, 0 replies; 4+ messages in thread
From: J. Bruce Fields @ 2008-02-20 15:38 UTC (permalink / raw)
To: Harshula; +Cc: linux-nfs
On Wed, Feb 20, 2008 at 10:56:56AM +1100, Harshula wrote:
> Hi Bruce,
>
> On Tue, 2008-02-19 at 12:44 -0500, J. Bruce Fields wrote:
>
> > Your mailer seems to be wrapping long lines? This makes the patch not
> > apply.
>
> > And tabs are getting changed to spaces everywhere too....
> >
> > Would it be possible to fix those problems and resend?
>
> Sorry about that, here it is again ...
Thanks! Applied.--b.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-02-20 15:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-19 9:19 [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS Harshula
[not found] ` <1203412781.10159.95.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>
2008-02-19 17:44 ` J. Bruce Fields
2008-02-19 23:56 ` Harshula
[not found] ` <1203465416.10159.110.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>
2008-02-20 15:38 ` J. Bruce Fields
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.