mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-01 10:42:11 +00:00
SUNRPC: Fail quickly when server does not recognize TLS
rpcauth_checkverf() should return a distinct error code when a server recognizes the AUTH_TLS probe but does not support TLS so that the client's header decoder can respond appropriately and quickly. No retries are necessary is in this case, since the server has already affirmatively answered "TLS is unsupported". Suggested-by: Trond Myklebust <trondmy@hammerspace.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
This commit is contained in:
parent
6465e260f4
commit
5623ecfcbe
@ -769,9 +769,14 @@ int rpcauth_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
|
|||||||
* @task: controlling RPC task
|
* @task: controlling RPC task
|
||||||
* @xdr: xdr_stream containing RPC Reply header
|
* @xdr: xdr_stream containing RPC Reply header
|
||||||
*
|
*
|
||||||
* On success, @xdr is updated to point past the verifier and
|
* Return values:
|
||||||
* zero is returned. Otherwise, @xdr is in an undefined state
|
* %0: Verifier is valid. @xdr now points past the verifier.
|
||||||
* and a negative errno is returned.
|
* %-EIO: Verifier is corrupted or message ended early.
|
||||||
|
* %-EACCES: Verifier is intact but not valid.
|
||||||
|
* %-EPROTONOSUPPORT: Server does not support the requested auth type.
|
||||||
|
*
|
||||||
|
* When a negative errno is returned, @xdr is left in an undefined
|
||||||
|
* state.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
rpcauth_checkverf(struct rpc_task *task, struct xdr_stream *xdr)
|
rpcauth_checkverf(struct rpc_task *task, struct xdr_stream *xdr)
|
||||||
|
@ -129,9 +129,9 @@ static int tls_validate(struct rpc_task *task, struct xdr_stream *xdr)
|
|||||||
if (*p != rpc_auth_null)
|
if (*p != rpc_auth_null)
|
||||||
return -EIO;
|
return -EIO;
|
||||||
if (xdr_stream_decode_opaque_inline(xdr, &str, starttls_len) != starttls_len)
|
if (xdr_stream_decode_opaque_inline(xdr, &str, starttls_len) != starttls_len)
|
||||||
return -EIO;
|
return -EPROTONOSUPPORT;
|
||||||
if (memcmp(str, starttls_token, starttls_len))
|
if (memcmp(str, starttls_token, starttls_len))
|
||||||
return -EIO;
|
return -EPROTONOSUPPORT;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2725,7 +2725,15 @@ rpc_decode_header(struct rpc_task *task, struct xdr_stream *xdr)
|
|||||||
|
|
||||||
out_verifier:
|
out_verifier:
|
||||||
trace_rpc_bad_verifier(task);
|
trace_rpc_bad_verifier(task);
|
||||||
|
switch (error) {
|
||||||
|
case -EPROTONOSUPPORT:
|
||||||
|
goto out_err;
|
||||||
|
case -EACCES:
|
||||||
|
/* Re-encode with a fresh cred */
|
||||||
|
fallthrough;
|
||||||
|
default:
|
||||||
goto out_garbage;
|
goto out_garbage;
|
||||||
|
}
|
||||||
|
|
||||||
out_msg_denied:
|
out_msg_denied:
|
||||||
error = -EACCES;
|
error = -EACCES;
|
||||||
|
Loading…
Reference in New Issue
Block a user