Commit b9239fb2 authored by Chuck Lever's avatar Chuck Lever Committed by Linus Torvalds

[PATCH] stricter type checking for rpc auth flavors

This implements stricter type checking for rpc auth flavors.  it is a
prerequisite for RPC GSSAPI and its authentication pseudoflavors.
please apply it.
parent 1e04f496
...@@ -245,7 +245,7 @@ int nfs_fill_super(struct super_block *sb, struct nfs_mount_data *data, int sile ...@@ -245,7 +245,7 @@ int nfs_fill_super(struct super_block *sb, struct nfs_mount_data *data, int sile
struct rpc_xprt *xprt = NULL; struct rpc_xprt *xprt = NULL;
struct rpc_clnt *clnt = NULL; struct rpc_clnt *clnt = NULL;
struct inode *root_inode = NULL; struct inode *root_inode = NULL;
unsigned int authflavor; rpc_authflavor_t authflavor;
struct rpc_timeout timeparms; struct rpc_timeout timeparms;
struct nfs_fsinfo fsinfo; struct nfs_fsinfo fsinfo;
int tcp, version, maxlen; int tcp, version, maxlen;
......
...@@ -42,8 +42,8 @@ struct nlm_host { ...@@ -42,8 +42,8 @@ struct nlm_host {
struct rpc_clnt * h_rpcclnt; /* RPC client to talk to peer */ struct rpc_clnt * h_rpcclnt; /* RPC client to talk to peer */
char h_name[20]; /* remote hostname */ char h_name[20]; /* remote hostname */
u32 h_version; /* interface version */ u32 h_version; /* interface version */
rpc_authflavor_t h_authflavor; /* RPC authentication type */
unsigned short h_proto; /* transport proto */ unsigned short h_proto; /* transport proto */
unsigned short h_authflavor; /* RPC authentication type */
unsigned short h_reclaiming : 1, unsigned short h_reclaiming : 1,
h_server : 1, /* server side, not client side */ h_server : 1, /* server side, not client side */
h_inuse : 1, h_inuse : 1,
......
/* /*
* linux/include/linux/auth.h * linux/include/linux/sunrpc/auth.h
* *
* Declarations for the RPC authentication machinery. * Declarations for the RPC client authentication machinery.
* *
* Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de> * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
*/ */
...@@ -67,7 +67,7 @@ struct rpc_auth { ...@@ -67,7 +67,7 @@ struct rpc_auth {
* Client authentication ops * Client authentication ops
*/ */
struct rpc_authops { struct rpc_authops {
unsigned int au_flavor; /* flavor (RPC_AUTH_*) */ rpc_authflavor_t au_flavor; /* flavor (RPC_AUTH_*) */
#ifdef RPC_DEBUG #ifdef RPC_DEBUG
char * au_name; char * au_name;
#endif #endif
...@@ -94,7 +94,7 @@ extern struct rpc_authops authdes_ops; ...@@ -94,7 +94,7 @@ extern struct rpc_authops authdes_ops;
int rpcauth_register(struct rpc_authops *); int rpcauth_register(struct rpc_authops *);
int rpcauth_unregister(struct rpc_authops *); int rpcauth_unregister(struct rpc_authops *);
struct rpc_auth * rpcauth_create(unsigned int, struct rpc_clnt *); struct rpc_auth * rpcauth_create(rpc_authflavor_t, struct rpc_clnt *);
void rpcauth_destroy(struct rpc_auth *); void rpcauth_destroy(struct rpc_auth *);
struct rpc_cred * rpcauth_lookupcred(struct rpc_auth *, int); struct rpc_cred * rpcauth_lookupcred(struct rpc_auth *, int);
struct rpc_cred * rpcauth_bindcred(struct rpc_task *); struct rpc_cred * rpcauth_bindcred(struct rpc_task *);
......
...@@ -111,7 +111,7 @@ struct rpc_procinfo { ...@@ -111,7 +111,7 @@ struct rpc_procinfo {
struct rpc_clnt *rpc_create_client(struct rpc_xprt *xprt, char *servname, struct rpc_clnt *rpc_create_client(struct rpc_xprt *xprt, char *servname,
struct rpc_program *info, struct rpc_program *info,
u32 version, int authflavor); u32 version, rpc_authflavor_t authflavor);
int rpc_shutdown_client(struct rpc_clnt *); int rpc_shutdown_client(struct rpc_clnt *);
int rpc_destroy_client(struct rpc_clnt *); int rpc_destroy_client(struct rpc_clnt *);
void rpc_release_client(struct rpc_clnt *); void rpc_release_client(struct rpc_clnt *);
......
...@@ -11,12 +11,16 @@ ...@@ -11,12 +11,16 @@
#define RPC_VERSION 2 #define RPC_VERSION 2
enum rpc_auth_flavor { /* spec defines authentication flavor as an unsigned 32 bit integer */
typedef u32 rpc_authflavor_t;
enum rpc_auth_flavors {
RPC_AUTH_NULL = 0, RPC_AUTH_NULL = 0,
RPC_AUTH_UNIX = 1, RPC_AUTH_UNIX = 1,
RPC_AUTH_SHORT = 2, RPC_AUTH_SHORT = 2,
RPC_AUTH_DES = 3, RPC_AUTH_DES = 3,
RPC_AUTH_KRB = 4, RPC_AUTH_KRB = 4,
RPC_AUTH_MAXFLAVOR = 8,
}; };
enum rpc_msg_type { enum rpc_msg_type {
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
#include <linux/sunrpc/msg_prot.h> #include <linux/sunrpc/msg_prot.h>
struct svc_cred { struct svc_cred {
u32 cr_flavor; rpc_authflavor_t cr_flavor;
uid_t cr_uid; uid_t cr_uid;
gid_t cr_gid; gid_t cr_gid;
gid_t cr_groups[NGROUPS]; gid_t cr_groups[NGROUPS];
...@@ -23,8 +23,9 @@ struct svc_cred { ...@@ -23,8 +23,9 @@ struct svc_cred {
struct svc_rqst; /* forward decl */ struct svc_rqst; /* forward decl */
void svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp); void svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp);
int svc_auth_register(u32 flavor, void (*)(struct svc_rqst *,u32 *,u32 *)); int svc_auth_register(rpc_authflavor_t flavor,
void svc_auth_unregister(u32 flavor); void (*)(struct svc_rqst *,u32 *,u32 *));
void svc_auth_unregister(rpc_authflavor_t flavor);
#if 0 #if 0
/* /*
...@@ -39,7 +40,7 @@ struct authunix_parms { ...@@ -39,7 +40,7 @@ struct authunix_parms {
u32 aup_gids[NGRPS]; u32 aup_gids[NGRPS];
}; };
struct svc_authops * auth_getops(u32 flavor); struct svc_authops * auth_getops(rpc_authflavor_t flavor);
#endif #endif
......
/* /*
* linux/fs/nfs/rpcauth.c * linux/net/sunrpc/auth.c
* *
* Generic RPC authentication API. * Generic RPC client authentication API.
* *
* Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de> * Copyright (C) 1996, Olaf Kirch <okir@monad.swb.de>
*/ */
...@@ -18,9 +18,7 @@ ...@@ -18,9 +18,7 @@
# define RPCDBG_FACILITY RPCDBG_AUTH # define RPCDBG_FACILITY RPCDBG_AUTH
#endif #endif
#define RPC_MAXFLAVOR 8 static struct rpc_authops * auth_flavors[RPC_AUTH_MAXFLAVOR] = {
static struct rpc_authops * auth_flavors[RPC_MAXFLAVOR] = {
&authnull_ops, /* AUTH_NULL */ &authnull_ops, /* AUTH_NULL */
&authunix_ops, /* AUTH_UNIX */ &authunix_ops, /* AUTH_UNIX */
NULL, /* others can be loadable modules */ NULL, /* others can be loadable modules */
...@@ -29,9 +27,9 @@ static struct rpc_authops * auth_flavors[RPC_MAXFLAVOR] = { ...@@ -29,9 +27,9 @@ static struct rpc_authops * auth_flavors[RPC_MAXFLAVOR] = {
int int
rpcauth_register(struct rpc_authops *ops) rpcauth_register(struct rpc_authops *ops)
{ {
unsigned int flavor; rpc_authflavor_t flavor;
if ((flavor = ops->au_flavor) >= RPC_MAXFLAVOR) if ((flavor = ops->au_flavor) >= RPC_AUTH_MAXFLAVOR)
return -EINVAL; return -EINVAL;
if (auth_flavors[flavor] != NULL) if (auth_flavors[flavor] != NULL)
return -EPERM; /* what else? */ return -EPERM; /* what else? */
...@@ -42,9 +40,9 @@ rpcauth_register(struct rpc_authops *ops) ...@@ -42,9 +40,9 @@ rpcauth_register(struct rpc_authops *ops)
int int
rpcauth_unregister(struct rpc_authops *ops) rpcauth_unregister(struct rpc_authops *ops)
{ {
unsigned int flavor; rpc_authflavor_t flavor;
if ((flavor = ops->au_flavor) >= RPC_MAXFLAVOR) if ((flavor = ops->au_flavor) >= RPC_AUTH_MAXFLAVOR)
return -EINVAL; return -EINVAL;
if (auth_flavors[flavor] != ops) if (auth_flavors[flavor] != ops)
return -EPERM; /* what else? */ return -EPERM; /* what else? */
...@@ -53,11 +51,11 @@ rpcauth_unregister(struct rpc_authops *ops) ...@@ -53,11 +51,11 @@ rpcauth_unregister(struct rpc_authops *ops)
} }
struct rpc_auth * struct rpc_auth *
rpcauth_create(unsigned int flavor, struct rpc_clnt *clnt) rpcauth_create(rpc_authflavor_t flavor, struct rpc_clnt *clnt)
{ {
struct rpc_authops *ops; struct rpc_authops *ops;
if (flavor >= RPC_MAXFLAVOR || !(ops = auth_flavors[flavor])) if (flavor >= RPC_AUTH_MAXFLAVOR || !(ops = auth_flavors[flavor]))
return NULL; return NULL;
clnt->cl_auth = ops->create(clnt); clnt->cl_auth = ops->create(clnt);
return clnt->cl_auth; return clnt->cl_auth;
......
/* /*
* linux/net/sunrpc/rpcauth_null.c * linux/net/sunrpc/auth_null.c
* *
* AUTH_NULL authentication. Really :-) * AUTH_NULL authentication. Really :-)
* *
...@@ -106,14 +106,18 @@ nul_refresh(struct rpc_task *task) ...@@ -106,14 +106,18 @@ nul_refresh(struct rpc_task *task)
static u32 * static u32 *
nul_validate(struct rpc_task *task, u32 *p) nul_validate(struct rpc_task *task, u32 *p)
{ {
u32 n = ntohl(*p++); rpc_authflavor_t flavor;
u32 size;
if (n != RPC_AUTH_NULL) { flavor = ntohl(*p++);
printk("RPC: bad verf flavor: %ld\n", (unsigned long) n); if (flavor != RPC_AUTH_NULL) {
printk("RPC: bad verf flavor: %u\n", flavor);
return NULL; return NULL;
} }
if ((n = ntohl(*p++)) != 0) {
printk("RPC: bad verf size: %ld\n", (unsigned long) n); size = ntohl(*p++);
if (size != 0) {
printk("RPC: bad verf size: %u\n", size);
return NULL; return NULL;
} }
......
/* /*
* linux/net/sunrpc/rpcauth_unix.c * linux/net/sunrpc/auth_unix.c
* *
* UNIX-style authentication; no AUTH_SHORT support * UNIX-style authentication; no AUTH_SHORT support
* *
...@@ -216,18 +216,24 @@ unx_refresh(struct rpc_task *task) ...@@ -216,18 +216,24 @@ unx_refresh(struct rpc_task *task)
static u32 * static u32 *
unx_validate(struct rpc_task *task, u32 *p) unx_validate(struct rpc_task *task, u32 *p)
{ {
u32 n = ntohl(*p++); rpc_authflavor_t flavor;
u32 size;
if (n != RPC_AUTH_NULL && n != RPC_AUTH_UNIX && n != RPC_AUTH_SHORT) {
printk("RPC: bad verf flavor: %ld\n", (unsigned long) n); flavor = ntohl(*p++);
if (flavor != RPC_AUTH_NULL &&
flavor != RPC_AUTH_UNIX &&
flavor != RPC_AUTH_SHORT) {
printk("RPC: bad verf flavor: %u\n", flavor);
return NULL; return NULL;
} }
if ((n = ntohl(*p++)) > 400) {
printk("RPC: giant verf size: %ld\n", (unsigned long) n); size = ntohl(*p++);
if (size > 400) {
printk("RPC: giant verf size: %u\n", size);
return NULL; return NULL;
} }
task->tk_auth->au_rslack = (n >> 2) + 2; task->tk_auth->au_rslack = (size >> 2) + 2;
p += (n >> 2); p += (size >> 2);
return p; return p;
} }
......
...@@ -71,7 +71,8 @@ static u32 * call_verify(struct rpc_task *task); ...@@ -71,7 +71,8 @@ static u32 * call_verify(struct rpc_task *task);
*/ */
struct rpc_clnt * struct rpc_clnt *
rpc_create_client(struct rpc_xprt *xprt, char *servname, rpc_create_client(struct rpc_xprt *xprt, char *servname,
struct rpc_program *program, u32 vers, int flavor) struct rpc_program *program, u32 vers,
rpc_authflavor_t flavor)
{ {
struct rpc_version *version; struct rpc_version *version;
struct rpc_clnt *clnt = NULL; struct rpc_clnt *clnt = NULL;
...@@ -122,7 +123,7 @@ rpc_create_client(struct rpc_xprt *xprt, char *servname, ...@@ -122,7 +123,7 @@ rpc_create_client(struct rpc_xprt *xprt, char *servname,
printk(KERN_INFO "RPC: out of memory in rpc_create_client\n"); printk(KERN_INFO "RPC: out of memory in rpc_create_client\n");
goto out; goto out;
out_no_auth: out_no_auth:
printk(KERN_INFO "RPC: Couldn't create auth handle (flavor %d)\n", printk(KERN_INFO "RPC: Couldn't create auth handle (flavor %u)\n",
flavor); flavor);
rpc_free(clnt); rpc_free(clnt);
clnt = NULL; clnt = NULL;
......
...@@ -30,15 +30,10 @@ typedef void (*auth_fn_t)(struct svc_rqst *rqstp, u32 *statp, u32 *authp); ...@@ -30,15 +30,10 @@ typedef void (*auth_fn_t)(struct svc_rqst *rqstp, u32 *statp, u32 *authp);
static void svcauth_null(struct svc_rqst *rqstp, u32 *statp, u32 *authp); static void svcauth_null(struct svc_rqst *rqstp, u32 *statp, u32 *authp);
static void svcauth_unix(struct svc_rqst *rqstp, u32 *statp, u32 *authp); static void svcauth_unix(struct svc_rqst *rqstp, u32 *statp, u32 *authp);
/*
* Max number of authentication flavors we support
*/
#define RPC_SVCAUTH_MAX 8
/* /*
* Table of authenticators * Table of authenticators
*/ */
static auth_fn_t authtab[RPC_SVCAUTH_MAX] = { static auth_fn_t authtab[RPC_AUTH_MAXFLAVOR] = {
svcauth_null, svcauth_null,
svcauth_unix, svcauth_unix,
NULL, NULL,
...@@ -47,8 +42,8 @@ static auth_fn_t authtab[RPC_SVCAUTH_MAX] = { ...@@ -47,8 +42,8 @@ static auth_fn_t authtab[RPC_SVCAUTH_MAX] = {
void void
svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp) svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp)
{ {
u32 flavor; rpc_authflavor_t flavor;
auth_fn_t func; auth_fn_t func;
*statp = rpc_success; *statp = rpc_success;
*authp = rpc_auth_ok; *authp = rpc_auth_ok;
...@@ -57,7 +52,7 @@ svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp) ...@@ -57,7 +52,7 @@ svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp)
flavor = ntohl(flavor); flavor = ntohl(flavor);
dprintk("svc: svc_authenticate (%d)\n", flavor); dprintk("svc: svc_authenticate (%d)\n", flavor);
if (flavor >= RPC_SVCAUTH_MAX || !(func = authtab[flavor])) { if (flavor >= RPC_AUTH_MAXFLAVOR || !(func = authtab[flavor])) {
*authp = rpc_autherr_badcred; *authp = rpc_autherr_badcred;
return; return;
} }
...@@ -67,18 +62,18 @@ svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp) ...@@ -67,18 +62,18 @@ svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp)
} }
int int
svc_auth_register(u32 flavor, auth_fn_t func) svc_auth_register(rpc_authflavor_t flavor, auth_fn_t func)
{ {
if (flavor >= RPC_SVCAUTH_MAX || authtab[flavor]) if (flavor >= RPC_AUTH_MAXFLAVOR || authtab[flavor])
return -EINVAL; return -EINVAL;
authtab[flavor] = func; authtab[flavor] = func;
return 0; return 0;
} }
void void
svc_auth_unregister(u32 flavor) svc_auth_unregister(rpc_authflavor_t flavor)
{ {
if (flavor < RPC_SVCAUTH_MAX) if (flavor < RPC_AUTH_MAXFLAVOR)
authtab[flavor] = NULL; authtab[flavor] = NULL;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment