sunrpc: fix handling of unknown auth status codes

In the case of an unknown error code from svc_authenticate or
pg_authenticate, return AUTH_ERROR with a status of AUTH_FAILED. Also
add the other auth_stat value from RFC 5531, and document all the status
codes.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/include/linux/sunrpc/msg_prot.h b/include/linux/sunrpc/msg_prot.h
index c4b0eb2b2f040887d05b3951c9322c7175dd9329..ada17b57ca44ab65d0e4efc4cc1f71b03f47412d 100644 (file)
--- a/include/linux/sunrpc/msg_prot.h
+++ b/include/linux/sunrpc/msg_prot.h
@@ -69,15 +69,17 @@ enum rpc_reject_stat {
 };
 
 enum rpc_auth_stat {
-       RPC_AUTH_OK = 0,
-       RPC_AUTH_BADCRED = 1,
-       RPC_AUTH_REJECTEDCRED = 2,
-       RPC_AUTH_BADVERF = 3,
-       RPC_AUTH_REJECTEDVERF = 4,
-       RPC_AUTH_TOOWEAK = 5,
+       RPC_AUTH_OK = 0,                /* success */
+       RPC_AUTH_BADCRED = 1,           /* bad credential (seal broken) */
+       RPC_AUTH_REJECTEDCRED = 2,      /* client must begin new session */
+       RPC_AUTH_BADVERF = 3,           /* bad verifier (seal broken) */
+       RPC_AUTH_REJECTEDVERF = 4,      /* verifier expired or replayed */
+       RPC_AUTH_TOOWEAK = 5,           /* rejected for security reasons */
+       RPC_AUTH_INVALIDRESP = 6,       /* bogus response verifier */
+       RPC_AUTH_FAILED = 7,            /* reason unknown */
        /* RPCSEC_GSS errors */
-       RPCSEC_GSS_CREDPROBLEM = 13,
-       RPCSEC_GSS_CTXPROBLEM = 14
+       RPCSEC_GSS_CREDPROBLEM = 13,    /* no credentials for user */
+       RPCSEC_GSS_CTXPROBLEM = 14      /* problem with context */
 };
 
 #define RPC_MAXNETNAMELEN      256

diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
index 29d3a7659727dacc0f7cc2f4f18c589a524323c4..e3358c630ba18b0af13bc5ff8e1ab2f884125da7 100644 (file)
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -119,6 +119,8 @@ xdr_buf_init(struct xdr_buf *buf, void *start, size_t len)
 #define        rpc_autherr_badverf     cpu_to_be32(RPC_AUTH_BADVERF)
 #define        rpc_autherr_rejectedverf cpu_to_be32(RPC_AUTH_REJECTEDVERF)
 #define        rpc_autherr_tooweak     cpu_to_be32(RPC_AUTH_TOOWEAK)
+#define        rpc_autherr_invalidresp cpu_to_be32(RPC_AUTH_INVALIDRESP)
+#define        rpc_autherr_failed      cpu_to_be32(RPC_AUTH_FAILED)
 #define        rpcsec_gsserr_credproblem       cpu_to_be32(RPCSEC_GSS_CREDPROBLEM)
 #define        rpcsec_gsserr_ctxproblem        cpu_to_be32(RPCSEC_GSS_CTXPROBLEM)
 

diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index 9abdbcbf247323207cba13546173b8fd28a15e24..195fb0bea841451ad48717d7936992e0a850f703 100644 (file)
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -1387,7 +1387,8 @@ svc_process_common(struct svc_rqst *rqstp)
                goto sendit;
        default:
                pr_warn_once("Unexpected svc_auth_status (%d)\n", auth_res);
-               goto err_system_err;
+               rqstp->rq_auth_stat = rpc_autherr_failed;
+               goto err_bad_auth;
        }
 
        if (progp == NULL)