> On Sep 19, 2023, at 2:27 PM, Anna Schumaker <[email protected]> wrote:
>
> On Mon, Sep 18, 2023 at 2:37 PM Chuck Lever III <[email protected]> wrote:
>>
>>
>>
>>> On Sep 6, 2023, at 4:05 PM, Chuck Lever <[email protected]> wrote:
>>>
>>> From: Chuck Lever <[email protected]>
>>>
>>> rpcauth_checkverf() should return a distinct error code when a
>>> server recognizes the AUTH_TLS probe but does not support TLS so
>>> that the client's header decoder can respond appropriately and
>>> quickly. No retries are necessary is in this case, since the server
>>> has already affirmatively answered "TLS is unsupported".
>>>
>>> Suggested-by: Trond Myklebust <[email protected]>
>>> Signed-off-by: Chuck Lever <[email protected]>
>>> ---
>>> net/sunrpc/auth.c | 11 ++++++++---
>>> net/sunrpc/auth_tls.c | 4 ++--
>>> net/sunrpc/clnt.c | 10 +++++++++-
>>> 3 files changed, 19 insertions(+), 6 deletions(-)
>>>
>>> This must be applied after 'Revert "SUNRPC: Fail faster on bad verifier"'
>>>
>>> Changes since RFC:
>>> - Basic testing has been done
>>> - Added an explicit check for a zero-length verifier string
>>
>> Hi Anna, was this patch rejected?
>
> Nope! I was under the impression Trond would be taking it for 6.7, but
> if you think it's needed earlier I can include it in the next bugfixes
> pull request.
Well, it goes with 'Revert "SUNRPC: Fail faster on bad verifier" '.
Otherwise that revert will cause a behavior regression for TLS
in some corner cases. If you and Trond are OK with that, it can be
left for v6.7.
> Thanks,
> Anna
>
>>
>>
>>> diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
>>> index 2f16f9d17966..814b0169f972 100644
>>> --- a/net/sunrpc/auth.c
>>> +++ b/net/sunrpc/auth.c
>>> @@ -769,9 +769,14 @@ int rpcauth_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
>>> * @task: controlling RPC task
>>> * @xdr: xdr_stream containing RPC Reply header
>>> *
>>> - * On success, @xdr is updated to point past the verifier and
>>> - * zero is returned. Otherwise, @xdr is in an undefined state
>>> - * and a negative errno is returned.
>>> + * Return values:
>>> + * %0: Verifier is valid. @xdr now points past the verifier.
>>> + * %-EIO: Verifier is corrupted or message ended early.
>>> + * %-EACCES: Verifier is intact but not valid.
>>> + * %-EPROTONOSUPPORT: Server does not support the requested auth type.
>>> + *
>>> + * When a negative errno is returned, @xdr is left in an undefined
>>> + * state.
>>> */
>>> int
>>> rpcauth_checkverf(struct rpc_task *task, struct xdr_stream *xdr)
>>> diff --git a/net/sunrpc/auth_tls.c b/net/sunrpc/auth_tls.c
>>> index de7678f8a23d..87f570fd3b00 100644
>>> --- a/net/sunrpc/auth_tls.c
>>> +++ b/net/sunrpc/auth_tls.c
>>> @@ -129,9 +129,9 @@ static int tls_validate(struct rpc_task *task, struct xdr_stream *xdr)
>>> if (*p != rpc_auth_null)
>>> return -EIO;
>>> if (xdr_stream_decode_opaque_inline(xdr, &str, starttls_len) != starttls_len)
>>> - return -EIO;
>>> + return -EPROTONOSUPPORT;
>>> if (memcmp(str, starttls_token, starttls_len))
>>> - return -EIO;
>>> + return -EPROTONOSUPPORT;
>>> return 0;
>>> }
>>>
>>> diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
>>> index 315bd59dea05..80ee97fb0bf2 100644
>>> --- a/net/sunrpc/clnt.c
>>> +++ b/net/sunrpc/clnt.c
>>> @@ -2722,7 +2722,15 @@ rpc_decode_header(struct rpc_task *task, struct xdr_stream *xdr)
>>>
>>> out_verifier:
>>> trace_rpc_bad_verifier(task);
>>> - goto out_garbage;
>>> + switch (error) {
>>> + case -EPROTONOSUPPORT:
>>> + goto out_err;
>>> + case -EACCES:
>>> + /* Re-encode with a fresh cred */
>>> + fallthrough;
>>> + default:
>>> + goto out_garbage;
>>> + }
>>>
>>> out_msg_denied:
>>> error = -EACCES;
>>>
>>>
>>
>> --
>> Chuck Lever
--
Chuck Lever