X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fsunrpc%2Fauth_gss%2Fsvcauth_gss.c;h=d51e316c5821022690a88d93eadcf28b9ea31597;hb=43bc926fffd92024b46cafaf7350d669ba9ca884;hp=dae18e9792a69ee723b7da0b2b508beccdfbe6cd;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index dae18e979..d51e316c5 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -78,7 +78,8 @@ struct rsi { static struct cache_head *rsi_table[RSI_HASHMAX]; static struct cache_detail rsi_cache; -static struct rsi *rsi_lookup(struct rsi *item, int set); +static struct rsi *rsi_update(struct rsi *new, struct rsi *old); +static struct rsi *rsi_lookup(struct rsi *item); static void rsi_free(struct rsi *rsii) { @@ -88,13 +89,11 @@ static void rsi_free(struct rsi *rsii) kfree(rsii->out_token.data); } -static void rsi_put(struct cache_head *item, struct cache_detail *cd) +static void rsi_put(struct kref *ref) { - struct rsi *rsii = container_of(item, struct rsi, h); - if (cache_put(item, cd)) { - rsi_free(rsii); - kfree(rsii); - } + struct rsi *rsii = container_of(ref, struct rsi, h.ref); + rsi_free(rsii); + kfree(rsii); } static inline int rsi_hash(struct rsi *item) @@ -103,8 +102,10 @@ static inline int rsi_hash(struct rsi *item) ^ hash_mem(item->in_token.data, item->in_token.len, RSI_HASHBITS); } -static inline int rsi_match(struct rsi *item, struct rsi *tmp) +static int rsi_match(struct cache_head *a, struct cache_head *b) { + struct rsi *item = container_of(a, struct rsi, h); + struct rsi *tmp = container_of(b, struct rsi, h); return netobj_equal(&item->in_handle, &tmp->in_handle) && netobj_equal(&item->in_token, &tmp->in_token); } @@ -125,8 +126,11 @@ static inline int dup_netobj(struct xdr_netobj *dst, struct xdr_netobj *src) return dup_to_netobj(dst, src->data, src->len); } -static inline void rsi_init(struct rsi *new, struct rsi *item) +static void rsi_init(struct cache_head *cnew, struct cache_head *citem) { + struct rsi *new = container_of(cnew, struct rsi, h); + struct rsi *item = container_of(citem, struct rsi, h); + new->out_handle.data = NULL; new->out_handle.len = 0; new->out_token.data = NULL; @@ -141,8 +145,11 @@ static inline void rsi_init(struct rsi *new, struct rsi *item) item->in_token.data = NULL; } -static inline void rsi_update(struct rsi *new, struct rsi *item) +static void update_rsi(struct cache_head *cnew, struct cache_head *citem) { + struct rsi *new = container_of(cnew, struct rsi, h); + struct rsi *item = container_of(citem, struct rsi, h); + BUG_ON(new->out_handle.data || new->out_token.data); new->out_handle.len = item->out_handle.len; item->out_handle.len = 0; @@ -157,6 +164,15 @@ static inline void rsi_update(struct rsi *new, struct rsi *item) new->minor_status = item->minor_status; } +static struct cache_head *rsi_alloc(void) +{ + struct rsi *rsii = kmalloc(sizeof(*rsii), GFP_KERNEL); + if (rsii) + return &rsii->h; + else + return NULL; +} + static void rsi_request(struct cache_detail *cd, struct cache_head *h, char **bpp, int *blen) @@ -198,6 +214,10 @@ static int rsi_parse(struct cache_detail *cd, if (dup_to_netobj(&rsii.in_token, buf, len)) goto out; + rsip = rsi_lookup(&rsii); + if (!rsip) + goto out; + rsii.h.flags = 0; /* expiry */ expiry = get_expiry(&mesg); @@ -240,25 +260,56 @@ static int rsi_parse(struct cache_detail *cd, goto out; } rsii.h.expiry_time = expiry; - rsip = rsi_lookup(&rsii, 1); + rsip = rsi_update(&rsii, rsip); status = 0; out: rsi_free(&rsii); if (rsip) - rsi_put(&rsip->h, &rsi_cache); + cache_put(&rsip->h, &rsi_cache); + else + status = -ENOMEM; return status; } static struct cache_detail rsi_cache = { + .owner = THIS_MODULE, .hash_size = RSI_HASHMAX, .hash_table = rsi_table, .name = "auth.rpcsec.init", .cache_put = rsi_put, .cache_request = rsi_request, .cache_parse = rsi_parse, + .match = rsi_match, + .init = rsi_init, + .update = update_rsi, + .alloc = rsi_alloc, }; -static DefineSimpleCacheLookup(rsi, 0) +static struct rsi *rsi_lookup(struct rsi *item) +{ + struct cache_head *ch; + int hash = rsi_hash(item); + + ch = sunrpc_cache_lookup(&rsi_cache, &item->h, hash); + if (ch) + return container_of(ch, struct rsi, h); + else + return NULL; +} + +static struct rsi *rsi_update(struct rsi *new, struct rsi *old) +{ + struct cache_head *ch; + int hash = rsi_hash(new); + + ch = sunrpc_cache_update(&rsi_cache, &new->h, + &old->h, hash); + if (ch) + return container_of(ch, struct rsi, h); + else + return NULL; +} + /* * The rpcsec_context cache is used to store a context that is @@ -292,7 +343,8 @@ struct rsc { static struct cache_head *rsc_table[RSC_HASHMAX]; static struct cache_detail rsc_cache; -static struct rsc *rsc_lookup(struct rsc *item, int set); +static struct rsc *rsc_update(struct rsc *new, struct rsc *old); +static struct rsc *rsc_lookup(struct rsc *item); static void rsc_free(struct rsc *rsci) { @@ -303,14 +355,12 @@ static void rsc_free(struct rsc *rsci) put_group_info(rsci->cred.cr_group_info); } -static void rsc_put(struct cache_head *item, struct cache_detail *cd) +static void rsc_put(struct kref *ref) { - struct rsc *rsci = container_of(item, struct rsc, h); + struct rsc *rsci = container_of(ref, struct rsc, h.ref); - if (cache_put(item, cd)) { - rsc_free(rsci); - kfree(rsci); - } + rsc_free(rsci); + kfree(rsci); } static inline int @@ -319,25 +369,35 @@ rsc_hash(struct rsc *rsci) return hash_mem(rsci->handle.data, rsci->handle.len, RSC_HASHBITS); } -static inline int -rsc_match(struct rsc *new, struct rsc *tmp) +static int +rsc_match(struct cache_head *a, struct cache_head *b) { + struct rsc *new = container_of(a, struct rsc, h); + struct rsc *tmp = container_of(b, struct rsc, h); + return netobj_equal(&new->handle, &tmp->handle); } -static inline void -rsc_init(struct rsc *new, struct rsc *tmp) +static void +rsc_init(struct cache_head *cnew, struct cache_head *ctmp) { + struct rsc *new = container_of(cnew, struct rsc, h); + struct rsc *tmp = container_of(ctmp, struct rsc, h); + new->handle.len = tmp->handle.len; tmp->handle.len = 0; new->handle.data = tmp->handle.data; tmp->handle.data = NULL; new->mechctx = NULL; + new->cred.cr_group_info = NULL; } -static inline void -rsc_update(struct rsc *new, struct rsc *tmp) +static void +update_rsc(struct cache_head *cnew, struct cache_head *ctmp) { + struct rsc *new = container_of(cnew, struct rsc, h); + struct rsc *tmp = container_of(ctmp, struct rsc, h); + new->mechctx = tmp->mechctx; tmp->mechctx = NULL; memset(&new->seqdata, 0, sizeof(new->seqdata)); @@ -346,6 +406,16 @@ rsc_update(struct rsc *new, struct rsc *tmp) tmp->cred.cr_group_info = NULL; } +static struct cache_head * +rsc_alloc(void) +{ + struct rsc *rsci = kmalloc(sizeof(*rsci), GFP_KERNEL); + if (rsci) + return &rsci->h; + else + return NULL; +} + static int rsc_parse(struct cache_detail *cd, char *mesg, int mlen) { @@ -371,6 +441,10 @@ static int rsc_parse(struct cache_detail *cd, if (expiry == 0) goto out; + rscp = rsc_lookup(&rsci); + if (!rscp) + goto out; + /* uid, or NEGATIVE */ rv = get_int(&mesg, &rsci.cred.cr_uid); if (rv == -EINVAL) @@ -380,7 +454,6 @@ static int rsc_parse(struct cache_detail *cd, else { int N, i; struct gss_api_mech *gm; - struct xdr_netobj tmp_buf; /* gid */ if (get_int(&mesg, &rsci.cred.cr_gid)) @@ -419,42 +492,75 @@ static int rsc_parse(struct cache_detail *cd, gss_mech_put(gm); goto out; } - tmp_buf.len = len; - tmp_buf.data = buf; - if (gss_import_sec_context(&tmp_buf, gm, &rsci.mechctx)) { + status = gss_import_sec_context(buf, len, gm, &rsci.mechctx); + if (status) { gss_mech_put(gm); goto out; } gss_mech_put(gm); } rsci.h.expiry_time = expiry; - rscp = rsc_lookup(&rsci, 1); + rscp = rsc_update(&rsci, rscp); status = 0; out: rsc_free(&rsci); if (rscp) - rsc_put(&rscp->h, &rsc_cache); + cache_put(&rscp->h, &rsc_cache); + else + status = -ENOMEM; return status; } static struct cache_detail rsc_cache = { + .owner = THIS_MODULE, .hash_size = RSC_HASHMAX, .hash_table = rsc_table, .name = "auth.rpcsec.context", .cache_put = rsc_put, .cache_parse = rsc_parse, + .match = rsc_match, + .init = rsc_init, + .update = update_rsc, + .alloc = rsc_alloc, }; -static DefineSimpleCacheLookup(rsc, 0); +static struct rsc *rsc_lookup(struct rsc *item) +{ + struct cache_head *ch; + int hash = rsc_hash(item); -struct rsc * + ch = sunrpc_cache_lookup(&rsc_cache, &item->h, hash); + if (ch) + return container_of(ch, struct rsc, h); + else + return NULL; +} + +static struct rsc *rsc_update(struct rsc *new, struct rsc *old) +{ + struct cache_head *ch; + int hash = rsc_hash(new); + + ch = sunrpc_cache_update(&rsc_cache, &new->h, + &old->h, hash); + if (ch) + return container_of(ch, struct rsc, h); + else + return NULL; +} + + +static struct rsc * gss_svc_searchbyctx(struct xdr_netobj *handle) { struct rsc rsci; struct rsc *found; - rsci.handle = *handle; - found = rsc_lookup(&rsci, 0); + memset(&rsci, 0, sizeof(rsci)); + if (dup_to_netobj(&rsci.handle, handle->data, handle->len)) + return NULL; + found = rsc_lookup(&rsci); + rsc_free(&rsci); if (!found) return NULL; if (cache_check(&rsc_cache, &found->h, NULL)) @@ -499,7 +605,7 @@ static inline u32 round_up_to_quad(u32 i) } static inline int -svc_safe_getnetobj(struct iovec *argv, struct xdr_netobj *o) +svc_safe_getnetobj(struct kvec *argv, struct xdr_netobj *o) { int l; @@ -516,7 +622,7 @@ svc_safe_getnetobj(struct iovec *argv, struct xdr_netobj *o) } static inline int -svc_safe_putnetobj(struct iovec *resv, struct xdr_netobj *o) +svc_safe_putnetobj(struct kvec *resv, struct xdr_netobj *o) { u32 *p; @@ -544,8 +650,8 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci, struct xdr_buf rpchdr; struct xdr_netobj checksum; u32 flavor = 0; - struct iovec *argv = &rqstp->rq_arg.head[0]; - struct iovec iov; + struct kvec *argv = &rqstp->rq_arg.head[0]; + struct kvec iov; /* data to compute the checksum over: */ iov.iov_base = rpcstart; @@ -563,26 +669,39 @@ gss_verify_header(struct svc_rqst *rqstp, struct rsc *rsci, if (rqstp->rq_deferred) /* skip verification of revisited request */ return SVC_OK; - if (gss_verify_mic(ctx_id, &rpchdr, &checksum, NULL) - != GSS_S_COMPLETE) { + if (gss_verify_mic(ctx_id, &rpchdr, &checksum) != GSS_S_COMPLETE) { *authp = rpcsec_gsserr_credproblem; return SVC_DENIED; } if (gc->gc_seq > MAXSEQ) { - dprintk("svcauth_gss: discarding request with large" - " sequence number %d\n", gc->gc_seq); + dprintk("RPC: svcauth_gss: discarding request with large sequence number %d\n", + gc->gc_seq); *authp = rpcsec_gsserr_ctxproblem; return SVC_DENIED; } if (!gss_check_seq_num(rsci, gc->gc_seq)) { - dprintk("svcauth_gss: discarding request with old" - " sequence number %d\n", gc->gc_seq); + dprintk("RPC: svcauth_gss: discarding request with old sequence number %d\n", + gc->gc_seq); return SVC_DROP; } return SVC_OK; } +static int +gss_write_null_verf(struct svc_rqst *rqstp) +{ + u32 *p; + + svc_putu32(rqstp->rq_res.head, htonl(RPC_AUTH_NULL)); + p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; + /* don't really need to check if head->iov_len > PAGE_SIZE ... */ + *p++ = 0; + if (!xdr_ressize_check(rqstp, p)) + return -1; + return 0; +} + static int gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq) { @@ -591,7 +710,7 @@ gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq) struct xdr_buf verf_data; struct xdr_netobj mic; u32 *p; - struct iovec iov; + struct kvec iov; svc_putu32(rqstp->rq_res.head, htonl(RPC_AUTH_GSS)); xdr_seq = htonl(seq); @@ -601,7 +720,7 @@ gss_write_verf(struct svc_rqst *rqstp, struct gss_ctx *ctx_id, u32 seq) xdr_buf_from_iov(&iov, &verf_data); p = rqstp->rq_res.head->iov_base + rqstp->rq_res.head->iov_len; mic.data = (u8 *)(p + 1); - maj_stat = gss_get_mic(ctx_id, 0, &verf_data, &mic); + maj_stat = gss_get_mic(ctx_id, &verf_data, &mic); if (maj_stat != GSS_S_COMPLETE) return -1; *p++ = htonl(mic.len); @@ -617,49 +736,41 @@ struct gss_domain { u32 pseudoflavor; }; -/* XXX this should be done in gss_pseudoflavors, and shouldn't be hardcoded: */ static struct auth_domain * find_gss_auth_domain(struct gss_ctx *ctx, u32 svc) { - switch(gss_get_pseudoflavor(ctx, 0, svc)) { - case RPC_AUTH_GSS_KRB5: - return auth_domain_find("gss/krb5"); - case RPC_AUTH_GSS_KRB5I: - return auth_domain_find("gss/krb5i"); - case RPC_AUTH_GSS_KRB5P: - return auth_domain_find("gss/krb5p"); - } - return NULL; + char *name; + + name = gss_service_to_auth_domain_name(ctx->mech_type, svc); + if (!name) + return NULL; + return auth_domain_find(name); } +static struct auth_ops svcauthops_gss; + int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name) { struct gss_domain *new; struct auth_domain *test; - static char *prefix = "gss/"; - int stat = -1; + int stat = -ENOMEM; new = kmalloc(sizeof(*new), GFP_KERNEL); if (!new) goto out; - cache_init(&new->h.h); - atomic_inc(&new->h.h.refcnt); - new->h.name = kmalloc(strlen(name) + strlen(prefix) + 1, GFP_KERNEL); + kref_init(&new->h.ref); + new->h.name = kmalloc(strlen(name) + 1, GFP_KERNEL); if (!new->h.name) goto out_free_dom; - strcpy(new->h.name, prefix); - strcat(new->h.name, name); - new->h.flavour = RPC_AUTH_GSS; + strcpy(new->h.name, name); + new->h.flavour = &svcauthops_gss; new->pseudoflavor = pseudoflavor; - new->h.h.expiry_time = NEVER; - new->h.h.flags = 0; - test = auth_domain_lookup(&new->h, 1); - if (test == &new->h) { - BUG_ON(atomic_dec_and_test(&new->h.h.refcnt)); - } else { /* XXX Duplicate registration? */ + test = auth_domain_lookup(name, &new->h); + if (test != &new->h) { /* XXX Duplicate registration? */ auth_domain_put(&new->h); + /* dangling ref-count... */ goto out; } return 0; @@ -670,6 +781,8 @@ out: return stat; } +EXPORT_SYMBOL(svcauth_gss_register_pseudoflavor); + static inline int read_u32_from_xdr_buf(struct xdr_buf *buf, int base, u32 *obj) { @@ -713,7 +826,7 @@ unwrap_integ_data(struct xdr_buf *buf, u32 seq, struct gss_ctx *ctx) goto out; if (read_bytes_from_xdr_buf(buf, integ_len + 4, mic.data, mic.len)) goto out; - maj_stat = gss_verify_mic(ctx, &integ_buf, &mic, NULL); + maj_stat = gss_verify_mic(ctx, &integ_buf, &mic); if (maj_stat != GSS_S_COMPLETE) goto out; if (ntohl(svc_getu32(&buf->head[0])) != seq) @@ -732,6 +845,34 @@ struct gss_svc_data { struct rsc *rsci; }; +static int +svcauth_gss_set_client(struct svc_rqst *rqstp) +{ + struct gss_svc_data *svcdata = rqstp->rq_auth_data; + struct rsc *rsci = svcdata->rsci; + struct rpc_gss_wire_cred *gc = &svcdata->clcred; + + rqstp->rq_client = find_gss_auth_domain(rsci->mechctx, gc->gc_svc); + if (rqstp->rq_client == NULL) + return SVC_DENIED; + return SVC_OK; +} + +static inline int +gss_write_init_verf(struct svc_rqst *rqstp, struct rsi *rsip) +{ + struct rsc *rsci; + + if (rsip->major_status != GSS_S_COMPLETE) + return gss_write_null_verf(rqstp); + rsci = gss_svc_searchbyctx(&rsip->out_handle); + if (rsci == NULL) { + rsip->major_status = GSS_S_NO_CONTEXT; + return gss_write_null_verf(rqstp); + } + return gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN); +} + /* * Accept an rpcsec packet. * If context establishment, punt to user space @@ -743,8 +884,8 @@ struct gss_svc_data { static int svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp) { - struct iovec *argv = &rqstp->rq_arg.head[0]; - struct iovec *resv = &rqstp->rq_res.head[0]; + struct kvec *argv = &rqstp->rq_arg.head[0]; + struct kvec *resv = &rqstp->rq_res.head[0]; u32 crlen; struct xdr_netobj tmpobj; struct gss_svc_data *svcdata = rqstp->rq_auth_data; @@ -755,7 +896,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp) u32 *reject_stat = resv->iov_base + resv->iov_len; int ret; - dprintk("RPC: svcauth_gss: argv->iov_len = %zd\n",argv->iov_len); + dprintk("RPC: svcauth_gss: argv->iov_len = %zd\n",argv->iov_len); *authp = rpc_autherr_badcred; if (!svcdata) @@ -763,7 +904,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp) if (!svcdata) goto auth_err; rqstp->rq_auth_data = svcdata; - svcdata->body_start = 0; + svcdata->body_start = NULL; svcdata->rsci = NULL; gc = &svcdata->clcred; @@ -856,7 +997,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp) goto drop; } - rsip = rsi_lookup(&rsikey, 0); + rsip = rsi_lookup(&rsikey); rsi_free(&rsikey); if (!rsip) { goto drop; @@ -867,11 +1008,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp) case -ENOENT: goto drop; case 0: - rsci = gss_svc_searchbyctx(&rsip->out_handle); - if (!rsci) { - goto drop; - } - if (gss_write_verf(rqstp, rsci->mechctx, GSS_SEQ_WIN)) + if (gss_write_init_verf(rqstp, rsip)) goto drop; if (resv->iov_len + 4 > PAGE_SIZE) goto drop; @@ -895,11 +1032,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp) svc_putu32(resv, rpc_success); goto complete; case RPC_GSS_PROC_DATA: - *authp = rpc_autherr_badcred; - rqstp->rq_client = - find_gss_auth_domain(rsci->mechctx, gc->gc_svc); - if (rqstp->rq_client == NULL) - goto auth_err; *authp = rpcsec_gsserr_ctxproblem; if (gss_write_verf(rqstp, rsci->mechctx, gc->gc_seq)) goto auth_err; @@ -913,8 +1045,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp) if (unwrap_integ_data(&rqstp->rq_arg, gc->gc_seq, rsci->mechctx)) goto auth_err; - svcdata->rsci = rsci; - cache_get(&rsci->h); /* placeholders for length and seq. number: */ svcdata->body_start = resv->iov_base + resv->iov_len; svc_putu32(resv, 0); @@ -925,6 +1055,8 @@ svcauth_gss_accept(struct svc_rqst *rqstp, u32 *authp) default: goto auth_err; } + svcdata->rsci = rsci; + cache_get(&rsci->h); ret = SVC_OK; goto out; } @@ -940,7 +1072,7 @@ drop: ret = SVC_DROP; out: if (rsci) - rsc_put(&rsci->h, &rsc_cache); + cache_put(&rsci->h, &rsc_cache); return ret; } @@ -952,7 +1084,7 @@ svcauth_gss_release(struct svc_rqst *rqstp) struct xdr_buf *resbuf = &rqstp->rq_res; struct xdr_buf integ_buf; struct xdr_netobj mic; - struct iovec *resv; + struct kvec *resv; u32 *p; int integ_offset, integ_len; int stat = -EINVAL; @@ -960,7 +1092,7 @@ svcauth_gss_release(struct svc_rqst *rqstp) if (gc->gc_proc != RPC_GSS_PROC_DATA) goto out; /* Release can be called twice, but we only wrap once. */ - if (gsd->body_start == 0) + if (gsd->body_start == NULL) goto out; /* normally not set till svc_send, but we need it here: */ resbuf->len = resbuf->head[0].iov_len @@ -970,7 +1102,7 @@ svcauth_gss_release(struct svc_rqst *rqstp) break; case RPC_GSS_SVC_INTEGRITY: p = gsd->body_start; - gsd->body_start = 0; + gsd->body_start = NULL; /* move accept_stat to right place: */ memcpy(p, p + 2, 4); /* don't wrap in failure case: */ @@ -990,24 +1122,26 @@ svcauth_gss_release(struct svc_rqst *rqstp) integ_len)) BUG(); if (resbuf->page_len == 0 - && resbuf->tail[0].iov_len + RPC_MAX_AUTH_SIZE + && resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE < PAGE_SIZE) { BUG_ON(resbuf->tail[0].iov_len); /* Use head for everything */ resv = &resbuf->head[0]; } else if (resbuf->tail[0].iov_base == NULL) { - /* copied from nfsd4_encode_read */ - svc_take_page(rqstp); - resbuf->tail[0].iov_base = page_address(rqstp - ->rq_respages[rqstp->rq_resused-1]); - rqstp->rq_restailpage = rqstp->rq_resused-1; + if (resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE + > PAGE_SIZE) + goto out_err; + resbuf->tail[0].iov_base = + resbuf->head[0].iov_base + + resbuf->head[0].iov_len; resbuf->tail[0].iov_len = 0; + rqstp->rq_restailpage = 0; resv = &resbuf->tail[0]; } else { resv = &resbuf->tail[0]; } mic.data = (u8 *)resv->iov_base + resv->iov_len + 4; - if (gss_get_mic(gsd->rsci->mechctx, 0, &integ_buf, &mic)) + if (gss_get_mic(gsd->rsci->mechctx, &integ_buf, &mic)) goto out_err; svc_putu32(resv, htonl(mic.len)); memset(mic.data + mic.len, 0, @@ -1032,7 +1166,7 @@ out_err: put_group_info(rqstp->rq_cred.cr_group_info); rqstp->rq_cred.cr_group_info = NULL; if (gsd->rsci) - rsc_put(&gsd->rsci->h, &rsc_cache); + cache_put(&gsd->rsci->h, &rsc_cache); gsd->rsci = NULL; return stat; @@ -1047,26 +1181,33 @@ svcauth_gss_domain_release(struct auth_domain *dom) kfree(gd); } -struct auth_ops svcauthops_gss = { +static struct auth_ops svcauthops_gss = { .name = "rpcsec_gss", + .owner = THIS_MODULE, .flavour = RPC_AUTH_GSS, .accept = svcauth_gss_accept, .release = svcauth_gss_release, .domain_release = svcauth_gss_domain_release, + .set_client = svcauth_gss_set_client, }; int gss_svc_init(void) { - cache_register(&rsc_cache); - cache_register(&rsi_cache); - svc_auth_register(RPC_AUTH_GSS, &svcauthops_gss); - return 0; + int rv = svc_auth_register(RPC_AUTH_GSS, &svcauthops_gss); + if (rv == 0) { + cache_register(&rsc_cache); + cache_register(&rsi_cache); + } + return rv; } void gss_svc_shutdown(void) { - cache_unregister(&rsc_cache); - cache_unregister(&rsi_cache); + if (cache_unregister(&rsc_cache)) + printk(KERN_ERR "auth_rpcgss: failed to unregister rsc cache\n"); + if (cache_unregister(&rsi_cache)) + printk(KERN_ERR "auth_rpcgss: failed to unregister rsi cache\n"); + svc_auth_unregister(RPC_AUTH_GSS); }