summaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss
Commit message (Collapse)AuthorAgeFilesLines
* [PATCH] net/sunrpc/auth_gss/svcauth_gss.c endianness regressionAl Viro2006-10-101-2/+3
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: svcrpc: gss: fix failure on SVC_DENIED in integrity caseJ.Bruce Fields2006-10-041-12/+18
| | | | | | | | | | | | | If the request is denied after gss_accept was called, we shouldn't try to wrap the reply. We were checking the accept_stat but not the reply_stat. To check the reply_stat in _release, we need a pointer to before (rather than after) the verifier, so modify body_start appropriately. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: svcrpc: gss: factor out some common wrapping codeJ.Bruce Fields2006-10-041-20/+23
| | | | | | | | | Factor out some common code from the integrity and privacy cases. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Replace two page lists in struct svc_rqst with oneNeilBrown2006-10-041-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are planning to increase RPCSVC_MAXPAGES from about 8 to about 256. This means we need to be a bit careful about arrays of size RPCSVC_MAXPAGES. struct svc_rqst contains two such arrays. However the there are never more that RPCSVC_MAXPAGES pages in the two arrays together, so only one array is needed. The two arrays are for the pages holding the request, and the pages holding the reply. Instead of two arrays, we can simply keep an index into where the first reply page is. This patch also removes a number of small inline functions that probably server to obscure what is going on rather than clarify it, and opencode the needed functionality. Also remove the 'rq_restailpage' variable as it is *always* 0. i.e. if the response 'xdr' structure has a non-empty tail it is always in the same pages as the head. check counters are initilised and incr properly check for consistant usage of ++ etc maybe extra some inlines for common approach general review Signed-off-by: Neil Brown <neilb@suse.de> Cc: Magnus Maatta <novell@kiruna.se> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* fix file specification in commentsUwe Zeisberger2006-10-031-1/+1
| | | | | | | Many files include the filename at the beginning, serveral used a wrong one. Signed-off-by: Uwe Zeisberger <Uwe_Zeisberger@digi.com> Signed-off-by: Adrian Bunk <bunk@stusta.de>
* [SUNRPC]: more sunrpc endianness annotationsAl Viro2006-09-281-4/+4
| | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SUNRPC]: trivial endianness annotationsAlexey Dobriyan2006-09-284-31/+32
| | | | | | | | | | pure s/u32/__be32/ [AV: large part based on Alexey's patches] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SUNRPC]: svc_{get,put}nl()Alexey Dobriyan2006-09-281-26/+26
| | | | | | | | | | | | | | | | | * add svc_getnl(): Take network-endian value from buffer, convert to host-endian and return it. * add svc_putnl(): Take host-endian value, convert to network-endian and put it into a buffer. * annotate svc_getu32()/svc_putu32() as dealing with network-endian. * convert to svc_getnl(), svc_putnl(). [AV: in large part it's a carved-up Alexey's patch] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* SUNRPC: Make rpc_mkpipe() take the parent dentry as an argumentTrond Myklebust2006-09-221-5/+2
| | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [CRYPTO] users: Use crypto_hash interface instead of crypto_digestHerbert Xu2006-09-211-14/+24
| | | | | | | This patch converts all remaining crypto_digest users to use the new crypto_hash interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [SUNRPC] GSS: Use block ciphers where applicableHerbert Xu2006-09-215-54/+64
| | | | | | | This patch converts SUNRPC/GSS to use the new block cipher type where applicable. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* SUNRPC: Fix dentry refcounting issues with users of rpc_pipefsTrond Myklebust2006-08-241-1/+0
| | | | | | | rpc_unlink() and rpc_rmdir() will dput the dentry reference for you. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> (cherry picked from a05a57effa71a1f67ccbfc52335c10c8b85f3f6a commit)
* SUNRPC: make rpc_unlink() take a dentry argument instead of a pathTrond Myklebust2006-08-241-1/+1
| | | | | Signe-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> (cherry picked from 88bf6d811b01a4be7fd507d18bf5f1c527989089 commit)
* [NET]: Conversions from kmalloc+memset to k(z|c)alloc.Panagiotis Issaris2006-07-215-14/+7
| | | | | | Signed-off-by: Panagiotis Issaris <takis@issaris.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] knfsd: svcrpc: gss: server-side implementation of rpcsec_gss privacyJ. Bruce Fields2006-06-301-7/+147
| | | | | | | | | | Server-side implementation of rpcsec_gss privacy, which enables encryption of the payload of every rpc request and response. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: svcrpc: Simplify nfsd rpcsec_gss integrity codeJ. Bruce Fields2006-06-301-51/+64
| | | | | | | | | | | Pull out some of the integrity code into its own function, otherwise svcauth_gss_release() is going to become very ungainly after the addition of privacy code. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: svcrpc: gss: simplify rsc_parse()J. Bruce Fields2006-06-302-11/+7
| | | | | | | | | Adopt a simpler convention for gss_mech_put(), to simplify rsc_parse(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] spin/rwlock init cleanupsIngo Molnar2006-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | locking init cleanups: - convert " = SPIN_LOCK_UNLOCKED" to spin_lock_init() or DEFINE_SPINLOCK() - convert rwlocks in a similar manner this patch was generated automatically. Motivation: - cleanliness - lockdep needs control of lock initialization, which the open-coded variants do not give - it's also useful for -rt and for lock debugging in general Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* spelling fixesAndreas Mohr2006-06-262-2/+2
| | | | | | | | | | | | acquired (aquired) contiguous (contigious) successful (succesful, succesfull) surprise (suprise) whether (weather) some other misspellings Signed-off-by: Andreas Mohr <andi@lisas.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
* SUNRPC: Dead code in net/sunrpc/auth_gss/auth_gss.cEric Sesterhenn2006-04-191-1/+0
| | | | | | | | | | | | Hi, the coverity checker spotted that cred is always NULL when we jump to out_err ( there is just one case, when we fail to allocate the memory for cred ) This is Coverity ID #79 Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* RPCSEC_GSS: fix leak in krb5 code caused by superfluous kmallocJ. Bruce Fields2006-04-191-8/+3
| | | | | | | | | | | I was sloppy when generating a previous patch; I modified the callers of krb5_make_checksum() to allocate memory for the buffer where the result is returned, then forgot to modify krb5_make_checksum to stop allocating that memory itself. The result is a per-packet memory leak. This fixes the problem by removing the now-superfluous kmalloc(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [PATCH] knfsd: svcrpc: gss: don't call svc_take_page unnecessarilyNeilBrown2006-04-111-6/+8
| | | | | | | | | | | | | | We're using svc_take_page here to get another page for the tail in case one wasn't already allocated. But there isn't always guaranteed to be another page available. Also fix a typo that made us check the tail buffer for space when we meant to be checking the head buffer. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Convert sunrpc_cache to use krefsNeilBrown2006-03-271-16/+12
| | | | | | | | .. it makes some of the code nicer. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Use new cache code for rsc cacheNeilBrown2006-03-271-10/+64
| | | | | | Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Use new sunrpc cache for rsi cacheNeilBrown2006-03-271-7/+59
| | | | | | Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Get rid of 'inplace' sunrpc cachesNeilBrown2006-03-271-2/+2
| | | | | | | | | These were an unnecessary wart. Also only have one 'DefineSimpleCache..' instead of two. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] knfsd: Change the store of auth_domains to not be a 'cache'NeilBrown2006-03-271-7/+7
| | | | | | | | | | The 'auth_domain's are simply handles on internal data structures. They do not cache information from user-space, and forcing them into the mold of a 'cache' misrepresents their true nature and causes confusion. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* SUNRPC,RPCSEC_GSS: spkm3: import contexts using NID_cast5_cbcJ. Bruce Fields2006-03-201-0/+6
| | | | | | | | Import the NID_cast5_cbc from the userland context. Not used. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC,RPCSEC_GSS: fix krb5 sequence numbers.J. Bruce Fields2006-03-202-6/+14
| | | | | | | Use a spinlock to ensure unique sequence numbers when creating krb5 gss tokens. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC,RPCSEC_GSS: remove unnecessary kmalloc of a checksumJ. Bruce Fields2006-03-205-17/+12
| | | | | | | | | | | | | | Remove unnecessary kmalloc of temporary space to hold the md5 result; it's small enough to just put on the stack. This code may be called to process rpc's necessary to perform writes, so there's a potential deadlock whenever we kmalloc() here. After this a couple kmalloc()'s still remain, to be removed soon. This also fixes a rare double-free on error noticed by coverity. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Ensure that rpc_mkpipe returns a refcounted dentryTrond Myklebust2006-03-201-0/+2
| | | | | | | If not, we cannot guarantee that idmap->idmap_dentry, gss_auth->dentry and clnt->cl_dentry are valid dentries. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Move upcall out of auth->au_ops->crcreate()Trond Myklebust2006-02-011-9/+14
| | | | | | | | | This fixes a bug whereby if two processes try to look up the same auth_gss credential, they may end up creating two creds, and triggering two upcalls because the upcall is performed before the credential is added to the credcache. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Fix a lock recursion in the auth_gss downcallTrond Myklebust2006-02-011-6/+19
| | | | | | | | | | | | When we look up a new cred in the auth_gss downcall so that we can stuff the credcache, we do not want that lookup to queue up an upcall in order to initialise it. To do an upcall here not only redundant, but since we are already holding the inode->i_mutex, it will trigger a lock recursion. This patch allows rpcauth cache searches to indicate that they can cope with uninitialised credentials. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [PATCH] svcrpc: gss: svc context creation error handlingJ. Bruce Fields2006-01-181-1/+2
| | | | | | | | | | Allow mechanisms to return more varied errors on the context creation downcall. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] svcrpc: gss: server context init failure handlingKevin Coffman2006-01-181-12/+17
| | | | | | | | | | | | | | | | | We require the server's gssd to create a completed context before asking the kernel to send a final context init reply. However, gssd could be buggy, or under some bizarre circumstances we might purge the context from our cache before we get the chance to use it here. Handle this case by returning GSS_S_NO_CONTEXT to the client. Also move the relevant code here to a separate function rather than nesting excessively. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] svcrpc: gss: handle the GSS_S_CONTINUEAndy Adamson2006-01-181-5/+25
| | | | | | | | | | | | Kerberos context initiation is handled in a single round trip, but other mechanisms (including spkm3) may require more, so we need to handle the GSS_S_CONTINUE case in svcauth_gss_accept. Send a null verifier. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* SUNRPC: Make krb5 report unsupported encryption typesJ. Bruce Fields2006-01-061-3/+7
| | | | | | | | | Print messages when an unsupported encrytion algorthm is requested or there is an error locating a supported algorthm. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Make spkm3 report unsupported encryption typesJ. Bruce Fields2006-01-061-3/+7
| | | | | | | | | Print messages when an unsupported encrytion algorthm is requested or there is an error locating a supported algorthm. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Update the spkm3 code to use the make_checksum interfaceJ. Bruce Fields2006-01-063-8/+8
| | | | | | | | Also update the tokenlen calculations to accomodate g_token_size(). Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* SUNRPC: Fix "EPIPE" error on mount of rpcsec_gss-protected partitionsTrond Myklebust2005-12-191-2/+4
| | | | | | | | gss_create_upcall() should not error just because rpc.gssd closed the pipe on its end. Instead, it should requeue the pending requests and then retry. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [NET]: kfree cleanupJesper Juhl2005-11-086-12/+7
| | | | | | | | | | | | | | | From: Jesper Juhl <jesper.juhl@gmail.com> This is the net/ part of the big kfree cleanup patch. Remove pointless checks for NULL prior to calling kfree() in net/. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Arnaldo Carvalho de Melo <acme@conectiva.com.br> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Andrew Morton <akpm@osdl.org>
* [CRYPTO] Simplify one-member scatterlist expressionsHerbert Xu2005-10-301-2/+2
| | | | | | | This patch rewrites various occurences of &sg[0] where sg is an array of length one to simply sg. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [PATCH] Use sg_set_buf/sg_init_one where applicableDavid Hardeman2005-10-301-17/+6
| | | | | | | | | | | | | This patch uses sg_set_buf/sg_init_one in some places where it was duplicated. Signed-off-by: David Hardeman <david@2gen.com> Cc: James Bottomley <James.Bottomley@steeleye.com> Cc: Greg KH <greg@kroah.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jeff Garzik <jgarzik@pobox.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* RPCSEC_GSS: krb5 cleanupJ. Bruce Fields2005-10-183-33/+6
| | | | | | | Remove some senseless wrappers. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* RPCSEC_GSS remove all qop parametersJ. Bruce Fields2005-10-1810-70/+33
| | | | | | | | | Not only are the qop parameters that are passed around throughout the gssapi unused by any currently implemented mechanism, but there appears to be some doubt as to whether they will ever be used. Let's just kill them off for now. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* RPCSEC_GSS: Add support for privacy to krb5 rpcsec_gss mechanism.J. Bruce Fields2005-10-186-6/+535
| | | | | | | Add support for privacy to the krb5 rpcsec_gss mechanism. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* RPCSEC_GSS: krb5 pre-privacy cleanupJ. Bruce Fields2005-10-183-59/+14
| | | | | | | | | | | | | The code this was originally derived from processed wrap and mic tokens using the same functions. This required some contortions, and more would be required with the addition of xdr_buf's, so it's better to separate out the two code paths. In preparation for adding privacy support, remove the last vestiges of the old wrap token code. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* RPCSEC_GSS: Simplify rpcsec_gss crypto codeJ. Bruce Fields2005-10-181-29/+77
| | | | | | | Factor out some code that will be shared by privacy crypto routines Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* RPCSEC_GSS: client-side privacy supportJ. Bruce Fields2005-10-181-1/+148
| | | | | | | | Add the code to the client side to handle privacy. This is dead code until we actually add privacy support to krb5. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* RPCSEC_GSS: cleanup au_rslack calculationJ. Bruce Fields2005-10-181-14/+6
| | | | | | | | | | | | | | | | Various xdr encode routines use au_rslack to guess where the reply argument will end up, so we can set up the xdr_buf to recieve data into the right place for zero copy. Currently we calculate the au_rslack estimate when we check the verifier. Normally this only depends on the verifier size. In the integrity case we add a few bytes to allow for a length and sequence number. It's a bit simpler to calculate only the verifier size when we check the verifier, and delay the full calculation till we unwrap. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
OpenPOWER on IntegriCloud