> On Sep 6, 2023, at 4:05 PM, Chuck Lever <[email protected]> wrote:
>
> From: Chuck Lever <[email protected]>
>
> rpcauth_checkverf() should return a distinct error code when a
> server recognizes the AUTH_TLS probe but does not support TLS so
> that the client's header decoder can respond appropriately and
> quickly. No retries are necessary is in this case, since the server
> has already affirmatively answered "TLS is unsupported".
>
> Suggested-by: Trond Myklebust <[email protected]>
> Signed-off-by: Chuck Lever <[email protected]>
> ---
> net/sunrpc/auth.c | 11 ++++++++---
> net/sunrpc/auth_tls.c | 4 ++--
> net/sunrpc/clnt.c | 10 +++++++++-
> 3 files changed, 19 insertions(+), 6 deletions(-)
>
> This must be applied after 'Revert "SUNRPC: Fail faster on bad verifier"'
>
> Changes since RFC:
> - Basic testing has been done
> - Added an explicit check for a zero-length verifier string
Hi Anna, was this patch rejected?
> diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
> index 2f16f9d17966..814b0169f972 100644
> --- a/net/sunrpc/auth.c
> +++ b/net/sunrpc/auth.c
> @@ -769,9 +769,14 @@ int rpcauth_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
> * @task: controlling RPC task
> * @xdr: xdr_stream containing RPC Reply header
> *
> - * On success, @xdr is updated to point past the verifier and
> - * zero is returned. Otherwise, @xdr is in an undefined state
> - * and a negative errno is returned.
> + * Return values:
> + * %0: Verifier is valid. @xdr now points past the verifier.
> + * %-EIO: Verifier is corrupted or message ended early.
> + * %-EACCES: Verifier is intact but not valid.
> + * %-EPROTONOSUPPORT: Server does not support the requested auth type.
> + *
> + * When a negative errno is returned, @xdr is left in an undefined
> + * state.
> */
> int
> rpcauth_checkverf(struct rpc_task *task, struct xdr_stream *xdr)
> diff --git a/net/sunrpc/auth_tls.c b/net/sunrpc/auth_tls.c
> index de7678f8a23d..87f570fd3b00 100644
> --- a/net/sunrpc/auth_tls.c
> +++ b/net/sunrpc/auth_tls.c
> @@ -129,9 +129,9 @@ static int tls_validate(struct rpc_task *task, struct xdr_stream *xdr)
> if (*p != rpc_auth_null)
> return -EIO;
> if (xdr_stream_decode_opaque_inline(xdr, &str, starttls_len) != starttls_len)
> - return -EIO;
> + return -EPROTONOSUPPORT;
> if (memcmp(str, starttls_token, starttls_len))
> - return -EIO;
> + return -EPROTONOSUPPORT;
> return 0;
> }
>
> diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
> index 315bd59dea05..80ee97fb0bf2 100644
> --- a/net/sunrpc/clnt.c
> +++ b/net/sunrpc/clnt.c
> @@ -2722,7 +2722,15 @@ rpc_decode_header(struct rpc_task *task, struct xdr_stream *xdr)
>
> out_verifier:
> trace_rpc_bad_verifier(task);
> - goto out_garbage;
> + switch (error) {
> + case -EPROTONOSUPPORT:
> + goto out_err;
> + case -EACCES:
> + /* Re-encode with a fresh cred */
> + fallthrough;
> + default:
> + goto out_garbage;
> + }
>
> out_msg_denied:
> error = -EACCES;
>
>
--
Chuck Lever
On Mon, Sep 18, 2023 at 2:37 PM Chuck Lever III <[email protected]> wrote:
>
>
>
> > On Sep 6, 2023, at 4:05 PM, Chuck Lever <[email protected]> wrote:
> >
> > From: Chuck Lever <[email protected]>
> >
> > rpcauth_checkverf() should return a distinct error code when a
> > server recognizes the AUTH_TLS probe but does not support TLS so
> > that the client's header decoder can respond appropriately and
> > quickly. No retries are necessary is in this case, since the server
> > has already affirmatively answered "TLS is unsupported".
> >
> > Suggested-by: Trond Myklebust <[email protected]>
> > Signed-off-by: Chuck Lever <[email protected]>
> > ---
> > net/sunrpc/auth.c | 11 ++++++++---
> > net/sunrpc/auth_tls.c | 4 ++--
> > net/sunrpc/clnt.c | 10 +++++++++-
> > 3 files changed, 19 insertions(+), 6 deletions(-)
> >
> > This must be applied after 'Revert "SUNRPC: Fail faster on bad verifier"'
> >
> > Changes since RFC:
> > - Basic testing has been done
> > - Added an explicit check for a zero-length verifier string
>
> Hi Anna, was this patch rejected?
Nope! I was under the impression Trond would be taking it for 6.7, but
if you think it's needed earlier I can include it in the next bugfixes
pull request.
Thanks,
Anna
>
>
> > diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
> > index 2f16f9d17966..814b0169f972 100644
> > --- a/net/sunrpc/auth.c
> > +++ b/net/sunrpc/auth.c
> > @@ -769,9 +769,14 @@ int rpcauth_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
> > * @task: controlling RPC task
> > * @xdr: xdr_stream containing RPC Reply header
> > *
> > - * On success, @xdr is updated to point past the verifier and
> > - * zero is returned. Otherwise, @xdr is in an undefined state
> > - * and a negative errno is returned.
> > + * Return values:
> > + * %0: Verifier is valid. @xdr now points past the verifier.
> > + * %-EIO: Verifier is corrupted or message ended early.
> > + * %-EACCES: Verifier is intact but not valid.
> > + * %-EPROTONOSUPPORT: Server does not support the requested auth type.
> > + *
> > + * When a negative errno is returned, @xdr is left in an undefined
> > + * state.
> > */
> > int
> > rpcauth_checkverf(struct rpc_task *task, struct xdr_stream *xdr)
> > diff --git a/net/sunrpc/auth_tls.c b/net/sunrpc/auth_tls.c
> > index de7678f8a23d..87f570fd3b00 100644
> > --- a/net/sunrpc/auth_tls.c
> > +++ b/net/sunrpc/auth_tls.c
> > @@ -129,9 +129,9 @@ static int tls_validate(struct rpc_task *task, struct xdr_stream *xdr)
> > if (*p != rpc_auth_null)
> > return -EIO;
> > if (xdr_stream_decode_opaque_inline(xdr, &str, starttls_len) != starttls_len)
> > - return -EIO;
> > + return -EPROTONOSUPPORT;
> > if (memcmp(str, starttls_token, starttls_len))
> > - return -EIO;
> > + return -EPROTONOSUPPORT;
> > return 0;
> > }
> >
> > diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
> > index 315bd59dea05..80ee97fb0bf2 100644
> > --- a/net/sunrpc/clnt.c
> > +++ b/net/sunrpc/clnt.c
> > @@ -2722,7 +2722,15 @@ rpc_decode_header(struct rpc_task *task, struct xdr_stream *xdr)
> >
> > out_verifier:
> > trace_rpc_bad_verifier(task);
> > - goto out_garbage;
> > + switch (error) {
> > + case -EPROTONOSUPPORT:
> > + goto out_err;
> > + case -EACCES:
> > + /* Re-encode with a fresh cred */
> > + fallthrough;
> > + default:
> > + goto out_garbage;
> > + }
> >
> > out_msg_denied:
> > error = -EACCES;
> >
> >
>
> --
> Chuck Lever
>
>