提交 dc5ddce9 编写于 作者: J Jeff Layton 提交者: Trond Myklebust

sunrpc: parse and return errors reported by gssd

The kernel currently ignores any error code sent by gssd and always
considers it to be -EACCES. In order to better handle the situation of
an expired KRB5 TGT, the kernel needs to be able to parse and deal with
the errors that gssd sends. Aside from -EACCES the only error we care
about is -EKEYEXPIRED, which we're using to indicate that the upper
layers should retry the call a little later.

To maintain backward compatibility with older gssd's, any error other
than -EKEYEXPIRED is interpreted as -EACCES.
Signed-off-by: NJeff Layton <jlayton@redhat.com>
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
上级 ac73fddf
...@@ -206,8 +206,14 @@ gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct ...@@ -206,8 +206,14 @@ gss_fill_context(const void *p, const void *end, struct gss_cl_ctx *ctx, struct
ctx->gc_win = window_size; ctx->gc_win = window_size;
/* gssd signals an error by passing ctx->gc_win = 0: */ /* gssd signals an error by passing ctx->gc_win = 0: */
if (ctx->gc_win == 0) { if (ctx->gc_win == 0) {
/* in which case, p points to an error code which we ignore */ /*
p = ERR_PTR(-EACCES); * in which case, p points to an error code. Anything other
* than -EKEYEXPIRED gets converted to -EACCES.
*/
p = simple_get_bytes(p, end, &ret, sizeof(ret));
if (!IS_ERR(p))
p = (ret == -EKEYEXPIRED) ? ERR_PTR(-EKEYEXPIRED) :
ERR_PTR(-EACCES);
goto err; goto err;
} }
/* copy the opaque wire context */ /* copy the opaque wire context */
...@@ -646,6 +652,7 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen) ...@@ -646,6 +652,7 @@ gss_pipe_downcall(struct file *filp, const char __user *src, size_t mlen)
err = PTR_ERR(p); err = PTR_ERR(p);
switch (err) { switch (err) {
case -EACCES: case -EACCES:
case -EKEYEXPIRED:
gss_msg->msg.errno = err; gss_msg->msg.errno = err;
err = mlen; err = mlen;
break; break;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册