SUNRPC: Set rq_auth_stat in the pg_authenticate() callout

In a few moments, rq_auth_stat will need to be explicitly set to
rpc_auth_ok before execution gets to the dispatcher.

svc_authenticate() already sets it, but it often gets reset to
rpc_autherr_badcred right after that call, even when authentication
is successful. Let's ensure that the pg_authenticate callout and
svc_set_client() set it properly in every case.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>

diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
index 2de048f80eb8c3b310b71740bf99009f29f432aa..8e936999216c2842d8ac8916deb677cc96d11e12 100644 (file)
--- a/fs/lockd/svc.c
+++ b/fs/lockd/svc.c
@@ -649,6 +649,7 @@ static int lockd_authenticate(struct svc_rqst *rqstp)
        switch (rqstp->rq_authop->flavour) {
                case RPC_AUTH_NULL:
                case RPC_AUTH_UNIX:
+                       rqstp->rq_auth_stat = rpc_auth_ok;
                        if (rqstp->rq_proc == 0)
                                return SVC_OK;
                        if (is_callback(rqstp->rq_proc)) {
@@ -659,6 +660,7 @@ static int lockd_authenticate(struct svc_rqst *rqstp)
                        }
                        return svc_set_client(rqstp);
        }
+       rqstp->rq_auth_stat = rpc_autherr_badcred;
        return SVC_DENIED;
 }
 

diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
index 7817ad94a6bae5417b3aa7dcfe631b61870b32f8..86d856de1389b18583f5db9842be133c6a19a6a0 100644 (file)
--- a/fs/nfs/callback.c
+++ b/fs/nfs/callback.c
@@ -429,6 +429,8 @@ check_gss_callback_principal(struct nfs_client *clp, struct svc_rqst *rqstp)
  */
 static int nfs_callback_authenticate(struct svc_rqst *rqstp)
 {
+       rqstp->rq_auth_stat = rpc_autherr_badcred;
+
        switch (rqstp->rq_authop->flavour) {
        case RPC_AUTH_NULL:
                if (rqstp->rq_proc != CB_NULL)
@@ -439,6 +441,8 @@ static int nfs_callback_authenticate(struct svc_rqst *rqstp)
                 if (svc_is_backchannel(rqstp))
                        return SVC_DENIED;
        }
+
+       rqstp->rq_auth_stat = rpc_auth_ok;
        return SVC_OK;
 }
 

diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 635449ed7af692fda9607e83db8796f4b4a445fd..f89075070fb026674524ab26c9d8198b4e3cca7e 100644 (file)
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1038,6 +1038,8 @@ svcauth_gss_set_client(struct svc_rqst *rqstp)
        struct rpc_gss_wire_cred *gc = &svcdata->clcred;
        int stat;
 
+       rqstp->rq_auth_stat = rpc_autherr_badcred;
+
        /*
         * A gss export can be specified either by:
         *      export  *(sec=krb5,rw)
@@ -1053,6 +1055,8 @@ svcauth_gss_set_client(struct svc_rqst *rqstp)
        stat = svcauth_unix_set_client(rqstp);
        if (stat == SVC_DROP || stat == SVC_CLOSE)
                return stat;
+
+       rqstp->rq_auth_stat = rpc_auth_ok;
        return SVC_OK;
 }
 

diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
index 360dab62b6b4fccc7e825f14bb409bc6349d9a9f..2019d120364178c52bb2ce8a003ba7287ba5c17b 100644 (file)
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
@@ -1328,10 +1328,8 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
         */
        auth_res = svc_authenticate(rqstp);
        /* Also give the program a chance to reject this call: */
-       if (auth_res == SVC_OK && progp) {
-               rqstp->rq_auth_stat = rpc_autherr_badcred;
+       if (auth_res == SVC_OK && progp)
                auth_res = progp->pg_authenticate(rqstp);
-       }
        if (auth_res != SVC_OK)
                trace_svc_authenticate(rqstp, auth_res);
        switch (auth_res) {

diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index eacfebf326dde28d68bd83adca1f8bdb5d1e5bb6..d7ed7d49115ac607cf4677bdd60bb03dd5b4f9e3 100644 (file)
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -681,8 +681,9 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)
 
        rqstp->rq_client = NULL;
        if (rqstp->rq_proc == 0)
-               return SVC_OK;
+               goto out;
 
+       rqstp->rq_auth_stat = rpc_autherr_badcred;
        ipm = ip_map_cached_get(xprt);
        if (ipm == NULL)
                ipm = __ip_map_lookup(sn->ip_map_cache, rqstp->rq_server->sv_program->pg_class,
@@ -719,6 +720,9 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)
                put_group_info(cred->cr_group_info);
                cred->cr_group_info = gi;
        }
+
+out:
+       rqstp->rq_auth_stat = rpc_auth_ok;
        return SVC_OK;
 }