* [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS
@ 2008-02-19 9:19 Harshula
[not found] ` <1203412781.10159.95.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: Harshula @ 2008-02-19 9:19 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: linux-nfs
Hi,
In function svcauth_gss_accept() (net/sunrpc/auth_gss/svcauth_gss.c) the
code that handles GSS integrity and decryption failures should be
returning GARBAGE_ARGS as specified in RFC 2203. Is there a reason why
this is not the case? If not, here's a patch.
http://www.ietf.org/rfc/rfc2203.txt
----------------------------------------------------------
5.3.3.4.2. GSS_VerifyMIC() Failure
When GSS_VerifyMIC() is called to verify the verifier in request, a
failure results in an RPC response with a reply status of MSG_DENIED,
reject status of AUTH_ERROR and an auth status of
RPCSEC_GSS_CREDPROBLEM.
When GSS_VerifyMIC() is called to verify the call arguments (service
is rpc_gss_svc_integrity), a failure results in an RPC response with
a reply status of MSG_ACCEPTED, and an acceptance status of
GARBAGE_ARGS.
5.3.3.4.3. GSS_Unwrap() Failure
When GSS_Unwrap() is called to decrypt the call arguments (service is
rpc_gss_svc_privacy), a failure results in an RPC response with a
reply status of MSG_ACCEPTED, and an acceptance status of
GARBAGE_ARGS.
----------------------------------------------------------
This patch is against:
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Reviewed-by: Greg Banks <gnb@sgi.com>
Signed-off-by: Harshula Jayasuriya <harshula@sgi.com>
---
net/sunrpc/auth_gss/svcauth_gss.c | 9 +++++++--
net/sunrpc/svc.c | 3 +--
2 files changed, 8 insertions(+), 4 deletions(-)
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1146,7 +1146,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32
*authp)
case RPC_GSS_SVC_INTEGRITY:
if (unwrap_integ_data(&rqstp->rq_arg,
gc->gc_seq, rsci->mechctx))
- goto auth_err;
+ goto garbage_args;
/* placeholders for length and seq. number: */
svc_putnl(resv, 0);
svc_putnl(resv, 0);
@@ -1154,7 +1154,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32
*authp)
case RPC_GSS_SVC_PRIVACY:
if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
gc->gc_seq, rsci->mechctx))
- goto auth_err;
+ goto garbage_args;
/* placeholders for length and seq. number: */
svc_putnl(resv, 0);
svc_putnl(resv, 0);
@@ -1169,6 +1169,11 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32
*authp)
ret = SVC_OK;
goto out;
}
+garbage_args:
+ /* Restore write pointer to its original value: */
+ xdr_ressize_check(rqstp, reject_stat);
+ ret = SVC_GARBAGE;
+ goto out;
auth_err:
/* Restore write pointer to its original value: */
xdr_ressize_check(rqstp, reject_stat);
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index a290e15..a6c74fe 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -915,8 +915,7 @@ svc_process(struct svc_rqst *rqstp)
case SVC_OK:
break;
case SVC_GARBAGE:
- rpc_stat = rpc_garbage_args;
- goto err_bad;
+ goto err_garbage;
case SVC_SYSERR:
rpc_stat = rpc_system_err;
goto err_bad;
cya,
#
^ permalink raw reply related [flat|nested] 4+ messages in thread[parent not found: <1203412781.10159.95.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>]
* Re: [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS [not found] ` <1203412781.10159.95.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org> @ 2008-02-19 17:44 ` J. Bruce Fields 2008-02-19 23:56 ` Harshula 0 siblings, 1 reply; 4+ messages in thread From: J. Bruce Fields @ 2008-02-19 17:44 UTC (permalink / raw) To: Harshula; +Cc: linux-nfs On Tue, Feb 19, 2008 at 08:19:41PM +1100, Harshula wrote: > Hi, > > In function svcauth_gss_accept() (net/sunrpc/auth_gss/svcauth_gss.c) the > code that handles GSS integrity and decryption failures should be > returning GARBAGE_ARGS as specified in RFC 2203. Is there a reason why > this is not the case? Nope! > If not, here's a patch. Thanks for the patch and the rfc citation! However: > --- a/net/sunrpc/auth_gss/svcauth_gss.c > +++ b/net/sunrpc/auth_gss/svcauth_gss.c > @@ -1146,7 +1146,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 > *authp) Your mailer seems to be wrapping long lines? This makes the patch not apply. > case RPC_GSS_SVC_INTEGRITY: > if (unwrap_integ_data(&rqstp->rq_arg, > gc->gc_seq, rsci->mechctx)) > - goto auth_err; > + goto garbage_args; And tabs are getting changed to spaces everywhere too.... Would it be possible to fix those problems and resend? --b. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS 2008-02-19 17:44 ` J. Bruce Fields @ 2008-02-19 23:56 ` Harshula [not found] ` <1203465416.10159.110.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org> 0 siblings, 1 reply; 4+ messages in thread From: Harshula @ 2008-02-19 23:56 UTC (permalink / raw) To: J. Bruce Fields; +Cc: linux-nfs Hi Bruce, On Tue, 2008-02-19 at 12:44 -0500, J. Bruce Fields wrote: > Your mailer seems to be wrapping long lines? This makes the patch not > apply. > And tabs are getting changed to spaces everywhere too.... > > Would it be possible to fix those problems and resend? Sorry about that, here it is again ... cya, # In function svcauth_gss_accept() (net/sunrpc/auth_gss/svcauth_gss.c) the code that handles GSS integrity and decryption failures should be returning GARBAGE_ARGS as specified in RFC 2203. Is there a reason why this is not the case? If not, here's a patch. http://www.ietf.org/rfc/rfc2203.txt ---------------------------------------------------------- 5.3.3.4.2. GSS_VerifyMIC() Failure When GSS_VerifyMIC() is called to verify the verifier in request, a failure results in an RPC response with a reply status of MSG_DENIED, reject status of AUTH_ERROR and an auth status of RPCSEC_GSS_CREDPROBLEM. When GSS_VerifyMIC() is called to verify the call arguments (service is rpc_gss_svc_integrity), a failure results in an RPC response with a reply status of MSG_ACCEPTED, and an acceptance status of GARBAGE_ARGS. 5.3.3.4.3. GSS_Unwrap() Failure When GSS_Unwrap() is called to decrypt the call arguments (service is rpc_gss_svc_privacy), a failure results in an RPC response with a reply status of MSG_ACCEPTED, and an acceptance status of GARBAGE_ARGS. ---------------------------------------------------------- This patch is against: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 Reviewed-by: Greg Banks <gnb@sgi.com> Signed-off-by: Harshula Jayasuriya <harshula@sgi.com> --- net/sunrpc/auth_gss/svcauth_gss.c | 9 +++++++-- net/sunrpc/svc.c | 3 +-- 2 files changed, 8 insertions(+), 4 deletions(-) --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -1146,7 +1146,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) case RPC_GSS_SVC_INTEGRITY: if (unwrap_integ_data(&rqstp->rq_arg, gc->gc_seq, rsci->mechctx)) - goto auth_err; + goto garbage_args; /* placeholders for length and seq. number: */ svc_putnl(resv, 0); svc_putnl(resv, 0); @@ -1154,7 +1154,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) case RPC_GSS_SVC_PRIVACY: if (unwrap_priv_data(rqstp, &rqstp->rq_arg, gc->gc_seq, rsci->mechctx)) - goto auth_err; + goto garbage_args; /* placeholders for length and seq. number: */ svc_putnl(resv, 0); svc_putnl(resv, 0); @@ -1169,6 +1169,11 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) ret = SVC_OK; goto out; } +garbage_args: + /* Restore write pointer to its original value: */ + xdr_ressize_check(rqstp, reject_stat); + ret = SVC_GARBAGE; + goto out; auth_err: /* Restore write pointer to its original value: */ xdr_ressize_check(rqstp, reject_stat); diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index a290e15..a6c74fe 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -915,8 +915,7 @@ svc_process(struct svc_rqst *rqstp) case SVC_OK: break; case SVC_GARBAGE: - rpc_stat = rpc_garbage_args; - goto err_bad; + goto err_garbage; case SVC_SYSERR: rpc_stat = rpc_system_err; goto err_bad; ^ permalink raw reply related [flat|nested] 4+ messages in thread
[parent not found: <1203465416.10159.110.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>]
* Re: [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS [not found] ` <1203465416.10159.110.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org> @ 2008-02-20 15:38 ` J. Bruce Fields 0 siblings, 0 replies; 4+ messages in thread From: J. Bruce Fields @ 2008-02-20 15:38 UTC (permalink / raw) To: Harshula; +Cc: linux-nfs On Wed, Feb 20, 2008 at 10:56:56AM +1100, Harshula wrote: > Hi Bruce, > > On Tue, 2008-02-19 at 12:44 -0500, J. Bruce Fields wrote: > > > Your mailer seems to be wrapping long lines? This makes the patch not > > apply. > > > And tabs are getting changed to spaces everywhere too.... > > > > Would it be possible to fix those problems and resend? > > Sorry about that, here it is again ... Thanks! Applied.--b. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-02-20 15:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-19 9:19 [PATCH] sunrpc: GSS integrity and decryption failures should return GARBAGE_ARGS Harshula
[not found] ` <1203412781.10159.95.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>
2008-02-19 17:44 ` J. Bruce Fields
2008-02-19 23:56 ` Harshula
[not found] ` <1203465416.10159.110.camel-2WabGjdRN2LRvmHwrWB8BmjR7Gm6iKkz0E9HWUfgJXw@public.gmane.org>
2008-02-20 15:38 ` J. Bruce Fields
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.