Skip to content

L
linux
Commit a0c54707 authored by Trond Myklebust's avatar Trond Myklebust
Browse files
Options

RPCSEC_GSS: cleanup gss_cred. 

 gc_flavor is used only for looking up the security service, which is an
 integer value that never changes. Store the latter instead of the former.

 Fix up a couple of dodgy casts between gss_cred and rpc_cred. Replace them
 with the appropriate container_of().
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 8af92f28
Show whitespace changes
Inline Side-by-side
Showing with 23 additions and 36 deletions
include/linux/sunrpc/auth_gss.h
View file @ a0c54707
......@@ -78,7 +78,7 @@ struct gss_cl_ctx {
struct gss_cred {
struct rpc_cred gc_base;
u32 gc_flavor;
enum rpc_gss_svc gc_service;
struct gss_cl_ctx *gc_ctx;
};
......
net/sunrpc/auth_gss/auth_gss.c
View file @ a0c54707
......@@ -85,6 +85,7 @@ static DEFINE_RWLOCK(gss_ctx_lock);
struct gss_auth {
struct rpc_auth rpc_auth;
struct gss_api_mech *mech;
enum rpc_gss_svc service;
struct list_head upcalls;
struct dentry *dentry;
char path[48];
......@@ -581,6 +582,10 @@ gss_create(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
__FUNCTION__, flavor);
goto err_free;
}
gss_auth->service = gss_pseudoflavor_to_service(gss_auth->mech, flavor);
/* FIXME: Will go away once privacy support is merged in */
if (gss_auth->service == RPC_GSS_SVC_PRIVACY)
gss_auth->service = RPC_GSS_SVC_INTEGRITY;
INIT_LIST_HEAD(&gss_auth->upcalls);
spin_lock_init(&gss_auth->lock);
auth = &gss_auth->rpc_auth;
......@@ -645,7 +650,7 @@ gss_destroy_ctx(struct gss_cl_ctx *ctx)
static void
gss_destroy_cred(struct rpc_cred *rc)
{
struct gss_cred *cred = (struct gss_cred *)rc;
struct gss_cred *cred = container_of(rc, struct gss_cred, gc_base);
dprintk("RPC: gss_destroy_cred \n");
......@@ -666,6 +671,7 @@ gss_lookup_cred(struct rpc_auth *auth, struct auth_cred *acred, int taskflags)
static struct rpc_cred *
gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int taskflags)
{
struct gss_auth *gss_auth = container_of(auth, struct gss_auth, rpc_auth);
struct gss_cred *cred = NULL;
dprintk("RPC: gss_create_cred for uid %d, flavor %d\n",
......@@ -683,13 +689,13 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int taskflags)
*/
cred->gc_flags = 0;
cred->gc_base.cr_ops = &gss_credops;
cred->gc_flavor = auth->au_flavor;
cred->gc_service = gss_auth->service;
return (struct rpc_cred *) cred;
return &cred->gc_base;
out_err:
dprintk("RPC: gss_create_cred failed\n");
if (cred) gss_destroy_cred((struct rpc_cred *)cred);
if (cred) gss_destroy_cred(&cred->gc_base);
return NULL;
}
......@@ -716,20 +722,12 @@ gss_marshal(struct rpc_task *task, u32 *p, int ruid)
struct xdr_netobj mic;
struct kvec iov;
struct xdr_buf verf_buf;
u32 service;
dprintk("RPC: %4u gss_marshal\n", task->tk_pid);
*p++ = htonl(RPC_AUTH_GSS);
cred_len = p++;
service = gss_pseudoflavor_to_service(ctx->gc_gss_ctx->mech_type,
gss_cred->gc_flavor);
if (service == 0) {
dprintk("RPC: %4u Bad pseudoflavor %d in gss_marshal\n",
task->tk_pid, gss_cred->gc_flavor);
goto out_put_ctx;
}
spin_lock(&ctx->gc_seq_lock);
req->rq_seqno = ctx->gc_seq++;
spin_unlock(&ctx->gc_seq_lock);
......@@ -737,7 +735,7 @@ gss_marshal(struct rpc_task *task, u32 *p, int ruid)
*p++ = htonl((u32) RPC_GSS_VERSION);
*p++ = htonl((u32) ctx->gc_proc);
*p++ = htonl((u32) req->rq_seqno);
*p++ = htonl((u32) service);
*p++ = htonl((u32) gss_cred->gc_service);
p = xdr_encode_netobj(p, &ctx->gc_wire_ctx);
*cred_len = htonl((p - (cred_len + 1)) << 2);
......@@ -797,7 +795,6 @@ gss_validate(struct rpc_task *task, u32 *p)
struct xdr_buf verf_buf;
struct xdr_netobj mic;
u32 flav,len;
u32 service;
u32 maj_stat;
dprintk("RPC: %4u gss_validate\n", task->tk_pid);
......@@ -819,9 +816,7 @@ gss_validate(struct rpc_task *task, u32 *p)
cred->cr_flags &= ~RPCAUTH_CRED_UPTODATE;
if (maj_stat)
goto out_bad;
service = gss_pseudoflavor_to_service(ctx->gc_gss_ctx->mech_type,
gss_cred->gc_flavor);
switch (service) {
switch (gss_cred->gc_service) {
case RPC_GSS_SVC_NONE:
/* verifier data, flavor, length: */
task->tk_auth->au_rslack = XDR_QUADLEN(len) + 2;
......@@ -830,7 +825,7 @@ gss_validate(struct rpc_task *task, u32 *p)
/* verifier data, flavor, length, length, sequence number: */
task->tk_auth->au_rslack = XDR_QUADLEN(len) + 4;
break;
default:
case RPC_GSS_SVC_PRIVACY:
goto out_bad;
}
gss_put_ctx(ctx);
......@@ -901,7 +896,6 @@ gss_wrap_req(struct rpc_task *task,
gc_base);
struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
int status = -EIO;
u32 service;
dprintk("RPC: %4u gss_wrap_req\n", task->tk_pid);
if (ctx->gc_proc != RPC_GSS_PROC_DATA) {
......@@ -911,19 +905,16 @@ gss_wrap_req(struct rpc_task *task,
status = encode(rqstp, p, obj);
goto out;
}
service = gss_pseudoflavor_to_service(ctx->gc_gss_ctx->mech_type,
gss_cred->gc_flavor);
switch (service) {
switch (gss_cred->gc_service) {
case RPC_GSS_SVC_NONE:
status = encode(rqstp, p, obj);
goto out;
break;
case RPC_GSS_SVC_INTEGRITY:
status = gss_wrap_req_integ(cred, ctx, encode,
rqstp, p, obj);
goto out;
break;
case RPC_GSS_SVC_PRIVACY:
default:
goto out;
break;
}
out:
gss_put_ctx(ctx);
......@@ -978,23 +969,19 @@ gss_unwrap_resp(struct rpc_task *task,
gc_base);
struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
int status = -EIO;
u32 service;
if (ctx->gc_proc != RPC_GSS_PROC_DATA)
goto out_decode;
service = gss_pseudoflavor_to_service(ctx->gc_gss_ctx->mech_type,
gss_cred->gc_flavor);
switch (service) {
switch (gss_cred->gc_service) {
case RPC_GSS_SVC_NONE:
goto out_decode;
break;
case RPC_GSS_SVC_INTEGRITY:
status = gss_unwrap_resp_integ(cred, ctx, rqstp, &p);
if (status)
goto out;
break;
case RPC_GSS_SVC_PRIVACY:
default:
goto out;
break;
}
out_decode:
status = decode(rqstp, p, obj);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7