Skip to content

Commit 5623ecf

Browse files
chuckleveramschuma-ntap
authored andcommitted
SUNRPC: Fail quickly when server does not recognize TLS
rpcauth_checkverf() should return a distinct error code when a server recognizes the AUTH_TLS probe but does not support TLS so that the client's header decoder can respond appropriately and quickly. No retries are necessary is in this case, since the server has already affirmatively answered "TLS is unsupported". Suggested-by: Trond Myklebust <[email protected]> Signed-off-by: Chuck Lever <[email protected]> Signed-off-by: Anna Schumaker <[email protected]>
1 parent 6465e26 commit 5623ecf

File tree

3 files changed

+19
-6
lines changed

3 files changed

+19
-6
lines changed

net/sunrpc/auth.c

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -769,9 +769,14 @@ int rpcauth_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
769769
* @task: controlling RPC task
770770
* @xdr: xdr_stream containing RPC Reply header
771771
*
772-
* On success, @xdr is updated to point past the verifier and
773-
* zero is returned. Otherwise, @xdr is in an undefined state
774-
* and a negative errno is returned.
772+
* Return values:
773+
* %0: Verifier is valid. @xdr now points past the verifier.
774+
* %-EIO: Verifier is corrupted or message ended early.
775+
* %-EACCES: Verifier is intact but not valid.
776+
* %-EPROTONOSUPPORT: Server does not support the requested auth type.
777+
*
778+
* When a negative errno is returned, @xdr is left in an undefined
779+
* state.
775780
*/
776781
int
777782
rpcauth_checkverf(struct rpc_task *task, struct xdr_stream *xdr)

net/sunrpc/auth_tls.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -129,9 +129,9 @@ static int tls_validate(struct rpc_task *task, struct xdr_stream *xdr)
129129
if (*p != rpc_auth_null)
130130
return -EIO;
131131
if (xdr_stream_decode_opaque_inline(xdr, &str, starttls_len) != starttls_len)
132-
return -EIO;
132+
return -EPROTONOSUPPORT;
133133
if (memcmp(str, starttls_token, starttls_len))
134-
return -EIO;
134+
return -EPROTONOSUPPORT;
135135
return 0;
136136
}
137137

net/sunrpc/clnt.c

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2725,7 +2725,15 @@ rpc_decode_header(struct rpc_task *task, struct xdr_stream *xdr)
27252725

27262726
out_verifier:
27272727
trace_rpc_bad_verifier(task);
2728-
goto out_garbage;
2728+
switch (error) {
2729+
case -EPROTONOSUPPORT:
2730+
goto out_err;
2731+
case -EACCES:
2732+
/* Re-encode with a fresh cred */
2733+
fallthrough;
2734+
default:
2735+
goto out_garbage;
2736+
}
27292737

27302738
out_msg_denied:
27312739
error = -EACCES;

0 commit comments

Comments
 (0)