From 822f1005ae1f3a4a8b136f38a6933d3f719f4c4a Mon Sep 17 00:00:00 2001 From: Andy Adamson Date: Wed, 18 Jan 2006 17:43:24 -0800 Subject: [PATCH] svcrpc: gss: handle the GSS_S_CONTINUE Kerberos context initiation is handled in a single round trip, but other mechanisms (including spkm3) may require more, so we need to handle the GSS_S_CONTINUE case in svcauth_gss_accept. Send a null verifier. Signed-off-by: Andy Adamson Signed-off-by: J. Bruce Fields Signed-off-by: Neil Brown Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- net/sunrpc/auth_gss/svcauth_gss.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index e4ada15ed85..d2ccc7e8faa 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -585,6 +585,20 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci, return SVC_OK; } +static int +gss_write_null_verf(struct svc_rqst *rqstp) +{ + u32 *p; + + svc_putu32(rqstp->rq_res.head, htonl(RPC_AUTH_NULL)); + p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; + /* don't really need to check if head->iov_len > PAGE_SIZE ... */ + *p++ = 0; + if (!xdr_ressize_check(rqstp, p)) + return -1; + return 0; +} + static int gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq) { @@ -876,12 +890,18 @@ svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp) case -ENOENT: goto drop; case 0: - rsci = gss_svc_searchbyctx(&rsip->out_handle); - if (!rsci) { - goto drop; + if (rsip->major_status == GSS_S_COMPLETE) { + rsci = gss_svc_searchbyctx(&rsip->out_handle); + if (!rsci) { + goto drop; + } + if (gss_write_verf(rqstp, rsci->mechctx, + GSS_SEQ_WIN)) + goto drop; + } else { + if (gss_write_null_verf(rqstp)) + goto drop; } - if (gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN)) - goto drop; if (resv->iov_len + 4 > PAGE_SIZE) goto drop; svc_putu32(resv, rpc_success); -- cgit v1.2.3-70-g09d2