sunrpc: fix handling of unknown auth status codes

In the case of an unknown error code from svc_authenticate or
pg_authenticate, return AUTH_ERROR with a status of AUTH_FAILED. Also
add the other auth_stat value from RFC 5531, and document all the status
codes.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
This commit is contained in:
Jeff Layton
2025-06-20 08:16:01 -04:00
committed by Chuck Lever
parent 03963793c8
commit d49afc90a3
3 changed files with 14 additions and 9 deletions

View File

@@ -69,15 +69,17 @@ enum rpc_reject_stat {
};
enum rpc_auth_stat {
RPC_AUTH_OK = 0,
RPC_AUTH_BADCRED = 1,
RPC_AUTH_REJECTEDCRED = 2,
RPC_AUTH_BADVERF = 3,
RPC_AUTH_REJECTEDVERF = 4,
RPC_AUTH_TOOWEAK = 5,
RPC_AUTH_OK = 0, /* success */
RPC_AUTH_BADCRED = 1, /* bad credential (seal broken) */
RPC_AUTH_REJECTEDCRED = 2, /* client must begin new session */
RPC_AUTH_BADVERF = 3, /* bad verifier (seal broken) */
RPC_AUTH_REJECTEDVERF = 4, /* verifier expired or replayed */
RPC_AUTH_TOOWEAK = 5, /* rejected for security reasons */
RPC_AUTH_INVALIDRESP = 6, /* bogus response verifier */
RPC_AUTH_FAILED = 7, /* reason unknown */
/* RPCSEC_GSS errors */
RPCSEC_GSS_CREDPROBLEM = 13,
RPCSEC_GSS_CTXPROBLEM = 14
RPCSEC_GSS_CREDPROBLEM = 13, /* no credentials for user */
RPCSEC_GSS_CTXPROBLEM = 14 /* problem with context */
};
#define RPC_MAXNETNAMELEN 256

View File

@@ -119,6 +119,8 @@ xdr_buf_init(struct xdr_buf *buf, void *start, size_t len)
#define rpc_autherr_badverf cpu_to_be32(RPC_AUTH_BADVERF)
#define rpc_autherr_rejectedverf cpu_to_be32(RPC_AUTH_REJECTEDVERF)
#define rpc_autherr_tooweak cpu_to_be32(RPC_AUTH_TOOWEAK)
#define rpc_autherr_invalidresp cpu_to_be32(RPC_AUTH_INVALIDRESP)
#define rpc_autherr_failed cpu_to_be32(RPC_AUTH_FAILED)
#define rpcsec_gsserr_credproblem cpu_to_be32(RPCSEC_GSS_CREDPROBLEM)
#define rpcsec_gsserr_ctxproblem cpu_to_be32(RPCSEC_GSS_CTXPROBLEM)

View File

@@ -1387,7 +1387,8 @@ svc_process_common(struct svc_rqst *rqstp)
goto sendit;
default:
pr_warn_once("Unexpected svc_auth_status (%d)\n", auth_res);
goto err_system_err;
rqstp->rq_auth_stat = rpc_autherr_failed;
goto err_bad_auth;
}
if (progp == NULL)