forked from Minki/linux
SUNRPC: Set rq_auth_stat in the pg_authenticate() callout
In a few moments, rq_auth_stat will need to be explicitly set to rpc_auth_ok before execution gets to the dispatcher. svc_authenticate() already sets it, but it often gets reset to rpc_autherr_badcred right after that call, even when authentication is successful. Let's ensure that the pg_authenticate callout and svc_set_client() set it properly in every case. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
This commit is contained in:
parent
438623a06b
commit
5c2465dfd4
@ -649,6 +649,7 @@ static int lockd_authenticate(struct svc_rqst *rqstp)
|
||||
switch (rqstp->rq_authop->flavour) {
|
||||
case RPC_AUTH_NULL:
|
||||
case RPC_AUTH_UNIX:
|
||||
rqstp->rq_auth_stat = rpc_auth_ok;
|
||||
if (rqstp->rq_proc == 0)
|
||||
return SVC_OK;
|
||||
if (is_callback(rqstp->rq_proc)) {
|
||||
@ -659,6 +660,7 @@ static int lockd_authenticate(struct svc_rqst *rqstp)
|
||||
}
|
||||
return svc_set_client(rqstp);
|
||||
}
|
||||
rqstp->rq_auth_stat = rpc_autherr_badcred;
|
||||
return SVC_DENIED;
|
||||
}
|
||||
|
||||
|
@ -429,6 +429,8 @@ check_gss_callback_principal(struct nfs_client *clp, struct svc_rqst *rqstp)
|
||||
*/
|
||||
static int nfs_callback_authenticate(struct svc_rqst *rqstp)
|
||||
{
|
||||
rqstp->rq_auth_stat = rpc_autherr_badcred;
|
||||
|
||||
switch (rqstp->rq_authop->flavour) {
|
||||
case RPC_AUTH_NULL:
|
||||
if (rqstp->rq_proc != CB_NULL)
|
||||
@ -439,6 +441,8 @@ static int nfs_callback_authenticate(struct svc_rqst *rqstp)
|
||||
if (svc_is_backchannel(rqstp))
|
||||
return SVC_DENIED;
|
||||
}
|
||||
|
||||
rqstp->rq_auth_stat = rpc_auth_ok;
|
||||
return SVC_OK;
|
||||
}
|
||||
|
||||
|
@ -1038,6 +1038,8 @@ svcauth_gss_set_client(struct svc_rqst *rqstp)
|
||||
struct rpc_gss_wire_cred *gc = &svcdata->clcred;
|
||||
int stat;
|
||||
|
||||
rqstp->rq_auth_stat = rpc_autherr_badcred;
|
||||
|
||||
/*
|
||||
* A gss export can be specified either by:
|
||||
* export *(sec=krb5,rw)
|
||||
@ -1053,6 +1055,8 @@ svcauth_gss_set_client(struct svc_rqst *rqstp)
|
||||
stat = svcauth_unix_set_client(rqstp);
|
||||
if (stat == SVC_DROP || stat == SVC_CLOSE)
|
||||
return stat;
|
||||
|
||||
rqstp->rq_auth_stat = rpc_auth_ok;
|
||||
return SVC_OK;
|
||||
}
|
||||
|
||||
|
@ -1328,10 +1328,8 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
|
||||
*/
|
||||
auth_res = svc_authenticate(rqstp);
|
||||
/* Also give the program a chance to reject this call: */
|
||||
if (auth_res == SVC_OK && progp) {
|
||||
rqstp->rq_auth_stat = rpc_autherr_badcred;
|
||||
if (auth_res == SVC_OK && progp)
|
||||
auth_res = progp->pg_authenticate(rqstp);
|
||||
}
|
||||
if (auth_res != SVC_OK)
|
||||
trace_svc_authenticate(rqstp, auth_res);
|
||||
switch (auth_res) {
|
||||
|
@ -681,8 +681,9 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)
|
||||
|
||||
rqstp->rq_client = NULL;
|
||||
if (rqstp->rq_proc == 0)
|
||||
return SVC_OK;
|
||||
goto out;
|
||||
|
||||
rqstp->rq_auth_stat = rpc_autherr_badcred;
|
||||
ipm = ip_map_cached_get(xprt);
|
||||
if (ipm == NULL)
|
||||
ipm = __ip_map_lookup(sn->ip_map_cache, rqstp->rq_server->sv_program->pg_class,
|
||||
@ -719,6 +720,9 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)
|
||||
put_group_info(cred->cr_group_info);
|
||||
cred->cr_group_info = gi;
|
||||
}
|
||||
|
||||
out:
|
||||
rqstp->rq_auth_stat = rpc_auth_ok;
|
||||
return SVC_OK;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user