Commit 822f1005 authored by Andy Adamson's avatar Andy Adamson Committed by Linus Torvalds

[PATCH] svcrpc: gss: handle the GSS_S_CONTINUE

Kerberos context initiation is handled in a single round trip, but other
mechanisms (including spkm3) may require more, so we need to handle the
GSS_S_CONTINUE case in svcauth_gss_accept.  Send a null verifier.
Signed-off-by: default avatarAndy Adamson <andros@citi.umich.edu>
Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: default avatarNeil Brown <neilb@suse.de>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent fd445277
......@@ -585,6 +585,20 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci,
return SVC_OK;
}
static int
gss_write_null_verf(struct svc_rqst *rqstp)
{
u32 *p;
svc_putu32(rqstp->rq_res.head, htonl(RPC_AUTH_NULL));
p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len;
/* don't really need to check if head->iov_len > PAGE_SIZE ... */
*p++ = 0;
if (!xdr_ressize_check(rqstp, p))
return -1;
return 0;
}
static int
gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq)
{
......@@ -876,12 +890,18 @@ svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp)
case -ENOENT:
goto drop;
case 0:
rsci = gss_svc_searchbyctx(&rsip->out_handle);
if (!rsci) {
goto drop;
if (rsip->major_status == GSS_S_COMPLETE) {
rsci = gss_svc_searchbyctx(&rsip->out_handle);
if (!rsci) {
goto drop;
}
if (gss_write_verf(rqstp, rsci->mechctx,
GSS_SEQ_WIN))
goto drop;
} else {
if (gss_write_null_verf(rqstp))
goto drop;
}
if (gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN))
goto drop;
if (resv->iov_len + 4 > PAGE_SIZE)
goto drop;
svc_putu32(resv, rpc_success);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment