Commit 5c2465df authored by Chuck Lever's avatar Chuck Lever Committed by Anna Schumaker
Browse files

SUNRPC: Set rq_auth_stat in the pg_authenticate() callout 



In a few moments, rq_auth_stat will need to be explicitly set to
rpc_auth_ok before execution gets to the dispatcher.

svc_authenticate() already sets it, but it often gets reset to
rpc_autherr_badcred right after that call, even when authentication
is successful. Let's ensure that the pg_authenticate callout and
svc_set_client() set it properly in every case.

Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
parent 438623a0

fs/lockd/svc.c

+2 −0
Original line number Diff line number Diff line
@@ -649,6 +649,7 @@ static int lockd_authenticate(struct svc_rqst *rqstp) 
	switch (rqstp->rq_authop->flavour) {

		case RPC_AUTH_NULL:

		case RPC_AUTH_UNIX:

			rqstp->rq_auth_stat = rpc_auth_ok;

			if (rqstp->rq_proc == 0)

				return SVC_OK;

			if (is_callback(rqstp->rq_proc)) {
@@ -659,6 +660,7 @@ static int lockd_authenticate(struct svc_rqst *rqstp) 
			}

			return svc_set_client(rqstp);

	}

	rqstp->rq_auth_stat = rpc_autherr_badcred;

	return SVC_DENIED;

}

fs/nfs/callback.c

+4 −0
Original line number Diff line number Diff line
@@ -429,6 +429,8 @@ check_gss_callback_principal(struct nfs_client *clp, struct svc_rqst *rqstp) 
 */

static int nfs_callback_authenticate(struct svc_rqst *rqstp)

{

	rqstp->rq_auth_stat = rpc_autherr_badcred;



	switch (rqstp->rq_authop->flavour) {

	case RPC_AUTH_NULL:

		if (rqstp->rq_proc != CB_NULL)
@@ -439,6 +441,8 @@ static int nfs_callback_authenticate(struct svc_rqst *rqstp) 
		 if (svc_is_backchannel(rqstp))

			return SVC_DENIED;

	}



	rqstp->rq_auth_stat = rpc_auth_ok;

	return SVC_OK;

}

net/sunrpc/auth_gss/svcauth_gss.c

+4 −0
Original line number Diff line number Diff line
@@ -1038,6 +1038,8 @@ svcauth_gss_set_client(struct svc_rqst *rqstp) 
	struct rpc_gss_wire_cred *gc = &svcdata->clcred;

	int stat;



	rqstp->rq_auth_stat = rpc_autherr_badcred;



	/*

	 * A gss export can be specified either by:

	 * 	export	*(sec=krb5,rw)
@@ -1053,6 +1055,8 @@ svcauth_gss_set_client(struct svc_rqst *rqstp) 
	stat = svcauth_unix_set_client(rqstp);

	if (stat == SVC_DROP || stat == SVC_CLOSE)

		return stat;



	rqstp->rq_auth_stat = rpc_auth_ok;

	return SVC_OK;

}

net/sunrpc/svc.c

+1 −3
Original line number Diff line number Diff line
@@ -1328,10 +1328,8 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv) 
	 */

	auth_res = svc_authenticate(rqstp);

	/* Also give the program a chance to reject this call: */

	if (auth_res == SVC_OK && progp) {

		rqstp->rq_auth_stat = rpc_autherr_badcred;

	if (auth_res == SVC_OK && progp)

		auth_res = progp->pg_authenticate(rqstp);

	}

	if (auth_res != SVC_OK)

		trace_svc_authenticate(rqstp, auth_res);

	switch (auth_res) {

net/sunrpc/svcauth_unix.c

+5 −1
Original line number Diff line number Diff line
@@ -681,8 +681,9 @@ svcauth_unix_set_client(struct svc_rqst *rqstp) 


	rqstp->rq_client = NULL;

	if (rqstp->rq_proc == 0)

		return SVC_OK;

		goto out;



	rqstp->rq_auth_stat = rpc_autherr_badcred;

	ipm = ip_map_cached_get(xprt);

	if (ipm == NULL)

		ipm = __ip_map_lookup(sn->ip_map_cache, rqstp->rq_server->sv_program->pg_class,
@@ -719,6 +720,9 @@ svcauth_unix_set_client(struct svc_rqst *rqstp) 
		put_group_info(cred->cr_group_info);

		cred->cr_group_info = gi;

	}



out:

	rqstp->rq_auth_stat = rpc_auth_ok;

	return SVC_OK;

}