From: "J. Bruce Fields" <bfields@fieldses.org>
To: Wei Yongjun <yjwei@cn.fujitsu.com>
Cc: Neil Brown <neilb@suse.de>,
linux-nfs@vger.kernel.org, nfsv4@linux-nfs.org
Subject: Re: [PATCH] svcgss: reply AUTH_BADCRED to RPCSEC_GSS with unkown services
Date: Tue, 25 Aug 2009 17:40:02 -0400 [thread overview]
Message-ID: <20090825214002.GD32708@fieldses.org> (raw)
In-Reply-To: <4A77FF18.4040804@cn.fujitsu.com>
On Tue, Aug 04, 2009 at 05:27:52PM +0800, Wei Yongjun wrote:
> When RPC messages is received with RPCSEC_GSS, and if the RPCSEC_GSS
> include unkown services (not RPC_GSS_SVC_NONE, RPC_GSS_SVC_INTEGRITY
> and RPC_GSS_SVC_PRIVACY), the response is considered as AUTH_BADCRED
> in svcauth_gss_accept(), but the response be drop by
> svcauth_gss_release(). I think response with AUTH_BADCRED is correct
> one. So this patch fixed it.
Thanks! How did you find this? (And how did you test the result?)
> diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
> index 2278a50..6dce327 100644
> --- a/net/sunrpc/auth_gss/svcauth_gss.c
> +++ b/net/sunrpc/auth_gss/svcauth_gss.c
> @@ -1370,7 +1370,7 @@ svcauth_gss_release(struct svc_rqst *rqstp)
> goto out_err;
> break;
> default:
> - goto out_err;
> + goto out;
> }
>
> out:
The goto seems redundant. How about just leaving out the default case
and providing a comment? (See below.)
--b.
commit ab3654a05aaf367b23bbb3d9229ff72a11999719
Author: Wei Yongjun <yjwei@cn.fujitsu.com>
Date: Tue Aug 4 17:27:52 2009 +0800
svcgss: reply AUTH_BADCRED to RPCSEC_GSS with unknown service
When an RPC message is received with RPCSEC_GSS with an unknown service
(not RPC_GSS_SVC_NONE, RPC_GSS_SVC_INTEGRITY, or RPC_GSS_SVC_PRIVACY),
svcauth_gss_accept() returns AUTH_BADCRED, but svcauth_gss_release()
subsequently drops the response entirely, discarding the error.
Fix that so the AUTH_BADCRED error is returned to the client.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 2e6a148..f6c51e5 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1374,8 +1374,10 @@ svcauth_gss_release(struct svc_rqst *rqstp)
if (stat)
goto out_err;
break;
- default:
- goto out_err;
+ /*
+ * For any other gc_svc value, svcauth_gss_accept() already set
+ * the auth_error appropriately; just fall through:
+ */
}
out:
next prev parent reply other threads:[~2009-08-25 21:40 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-04 9:27 [PATCH] svcgss: reply AUTH_BADCRED to RPCSEC_GSS with unkown services Wei Yongjun
2009-08-25 21:40 ` J. Bruce Fields [this message]
2009-08-26 0:34 ` Wei Yongjun
2009-08-26 20:57 ` J. Bruce Fields
2009-08-27 2:23 ` Wei Yongjun
2009-08-27 16:26 ` J. Bruce Fields
2009-08-27 21:05 ` J. Bruce Fields
2009-08-27 21:09 ` J. Bruce Fields
2009-08-28 0:53 ` Wei Yongjun
2009-08-28 16:11 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090825214002.GD32708@fieldses.org \
--to=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=nfsv4@linux-nfs.org \
--cc=yjwei@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.