Merge branch 'nfsd-next' of git://linux-nfs.org/~bfields/linux
Pull nfsd changes from Bruce Fields: "This includes miscellaneous bugfixes and cleanup and a performance fix for write-heavy NFSv4 workloads. (The most significant nfsd-relevant change this time is actually in the delegation patches that went through Viro, fixing a long-standing bug that can cause NFSv4 clients to miss updates made by non-nfs users of the filesystem. Those enable some followup nfsd patches which I have queued locally, but those can wait till 3.14)" * 'nfsd-next' of git://linux-nfs.org/~bfields/linux: (24 commits) nfsd: export proper maximum file size to the client nfsd4: improve write performance with better sendspace reservations svcrpc: remove an unnecessary assignment sunrpc: comment typo fix Revert "nfsd: remove_stid can be incorporated into nfs4_put_delegation" nfsd4: fix discarded security labels on setattr NFSD: Add support for NFS v4.2 operation checking nfsd4: nfsd_shutdown_net needs state lock NFSD: Combine decode operations for v4 and v4.1 nfsd: -EINVAL on invalid anonuid/gid instead of silent failure nfsd: return better errors to exportfs nfsd: fh_update should error out in unexpected cases nfsd4: need to destroy revoked delegations in destroy_client nfsd: no need to unhash_stid before free nfsd: remove_stid can be incorporated into nfs4_put_delegation nfsd: nfs4_open_delegation needs to remove_stid rather than unhash_stid nfsd: nfs4_free_stid nfsd: fix Kconfig syntax sunrpc: trim off EC bytes in GSSAPI v2 unwrap gss_krb5: document that we ignore sequence number ...
This commit is contained in:
Linus Torvalds
@@ -150,7 +150,6 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
|
||||
struct xdr_netobj cksumobj = {.len = sizeof(cksumdata),
|
||||
.data = cksumdata};
|
||||
s32 now;
|
||||
u64 seqnum;
|
||||
u8 *ptr = read_token->data;
|
||||
u8 *cksumkey;
|
||||
u8 flags;
|
||||
@@ -197,9 +196,10 @@ gss_verify_mic_v2(struct krb5_ctx *ctx,
|
||||
if (now > ctx->endtime)
|
||||
return GSS_S_CONTEXT_EXPIRED;
|
||||
|
||||
/* do sequencing checks */
|
||||
|
||||
seqnum = be64_to_cpup((__be64 *)ptr + 8);
|
||||
/*
|
||||
* NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
|
||||
* doesn't want it checked; see page 6 of rfc 2203.
|
||||
*/
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
@@ -489,7 +489,6 @@ static u32
|
||||
gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
|
||||
{
|
||||
s32 now;
|
||||
u64 seqnum;
|
||||
u8 *ptr;
|
||||
u8 flags = 0x00;
|
||||
u16 ec, rrc;
|
||||
@@ -525,7 +524,10 @@ gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
|
||||
ec = be16_to_cpup((__be16 *)(ptr + 4));
|
||||
rrc = be16_to_cpup((__be16 *)(ptr + 6));
|
||||
|
||||
seqnum = be64_to_cpup((__be64 *)(ptr + 8));
|
||||
/*
|
||||
* NOTE: the sequence number at ptr + 8 is skipped, rpcsec_gss
|
||||
* doesn't want it checked; see page 6 of rfc 2203.
|
||||
*/
|
||||
|
||||
if (rrc != 0)
|
||||
rotate_left(offset + 16, buf, rrc);
|
||||
@@ -574,8 +576,8 @@ gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
|
||||
buf->head[0].iov_len -= GSS_KRB5_TOK_HDR_LEN + headskip;
|
||||
buf->len -= GSS_KRB5_TOK_HDR_LEN + headskip;
|
||||
|
||||
/* Trim off the checksum blob */
|
||||
xdr_buf_trim(buf, GSS_KRB5_TOK_HDR_LEN + tailskip);
|
||||
/* Trim off the trailing "extra count" and checksum blob */
|
||||
xdr_buf_trim(buf, ec + GSS_KRB5_TOK_HDR_LEN + tailskip);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
|
||||
@@ -298,7 +298,8 @@ int gssp_accept_sec_context_upcall(struct net *net,
|
||||
if (res.context_handle) {
|
||||
data->out_handle = rctxh.exported_context_token;
|
||||
data->mech_oid.len = rctxh.mech.len;
|
||||
memcpy(data->mech_oid.data, rctxh.mech.data,
|
||||
if (rctxh.mech.data)
|
||||
memcpy(data->mech_oid.data, rctxh.mech.data,
|
||||
data->mech_oid.len);
|
||||
client_name = rctxh.src_name.display_name;
|
||||
}
|
||||
|
||||
@@ -559,6 +559,8 @@ static int gssx_enc_cred(struct xdr_stream *xdr,
|
||||
|
||||
/* cred->elements */
|
||||
err = dummy_enc_credel_array(xdr, &cred->elements);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
/* cred->cred_handle_reference */
|
||||
err = gssx_enc_buffer(xdr, &cred->cred_handle_reference);
|
||||
@@ -740,22 +742,20 @@ void gssx_enc_accept_sec_context(struct rpc_rqst *req,
|
||||
goto done;
|
||||
|
||||
/* arg->context_handle */
|
||||
if (arg->context_handle) {
|
||||
if (arg->context_handle)
|
||||
err = gssx_enc_ctx(xdr, arg->context_handle);
|
||||
if (err)
|
||||
goto done;
|
||||
} else {
|
||||
else
|
||||
err = gssx_enc_bool(xdr, 0);
|
||||
}
|
||||
if (err)
|
||||
goto done;
|
||||
|
||||
/* arg->cred_handle */
|
||||
if (arg->cred_handle) {
|
||||
if (arg->cred_handle)
|
||||
err = gssx_enc_cred(xdr, arg->cred_handle);
|
||||
if (err)
|
||||
goto done;
|
||||
} else {
|
||||
else
|
||||
err = gssx_enc_bool(xdr, 0);
|
||||
}
|
||||
if (err)
|
||||
goto done;
|
||||
|
||||
/* arg->input_token */
|
||||
err = gssx_enc_in_token(xdr, &arg->input_token);
|
||||
@@ -763,13 +763,12 @@ void gssx_enc_accept_sec_context(struct rpc_rqst *req,
|
||||
goto done;
|
||||
|
||||
/* arg->input_cb */
|
||||
if (arg->input_cb) {
|
||||
if (arg->input_cb)
|
||||
err = gssx_enc_cb(xdr, arg->input_cb);
|
||||
if (err)
|
||||
goto done;
|
||||
} else {
|
||||
else
|
||||
err = gssx_enc_bool(xdr, 0);
|
||||
}
|
||||
if (err)
|
||||
goto done;
|
||||
|
||||
err = gssx_enc_bool(xdr, arg->ret_deleg_cred);
|
||||
if (err)
|
||||
|
||||
@@ -1167,8 +1167,8 @@ static int gss_proxy_save_rsc(struct cache_detail *cd,
|
||||
if (!ud->found_creds) {
|
||||
/* userspace seem buggy, we should always get at least a
|
||||
* mapping to nobody */
|
||||
dprintk("RPC: No creds found, marking Negative!\n");
|
||||
set_bit(CACHE_NEGATIVE, &rsci.h.flags);
|
||||
dprintk("RPC: No creds found!\n");
|
||||
goto out;
|
||||
} else {
|
||||
|
||||
/* steal creds */
|
||||
|
||||
Reference in New Issue
Block a user