From patchwork Wed Sep  6 16:00:27 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chuck Lever <cel@kernel.org>
X-Patchwork-Id: 13375767
Return-Path: <linux-nfs-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0EFEEEE14A8
	for <linux-nfs@archiver.kernel.org>; Wed,  6 Sep 2023 16:00:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242809AbjIFQAr (ORCPT <rfc822;linux-nfs@archiver.kernel.org>);
        Wed, 6 Sep 2023 12:00:47 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44604 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242836AbjIFQAq (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Wed, 6 Sep 2023 12:00:46 -0400
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9C3E8198A
        for <linux-nfs@vger.kernel.org>; Wed,  6 Sep 2023 09:00:39 -0700 (PDT)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C35C6C433C7;
        Wed,  6 Sep 2023 16:00:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1694016039;
        bh=Go4UhdhrtUSyUeqypwCBGK0KdpEllZ5xD+SbZKmz+sA=;
        h=Subject:From:To:Cc:Date:From;
        b=PNAYuSWIrMBMqtnKixlOVdYR66LT07tzoWTUT2cCTGcfa3eqaTIOvoGwjxnOwF7Fo
         4XbooM1VzidiweI0yVgS34+oURSQDhGOSRFyT73aYjG4kxXihwyiChtPOsCV4CNeVd
         XQEHUT9XnvbiK/lbrakajFCcE2fFrS7mOd5uPIXAx382l7xzj4hXG32N6cnIEU0azx
         YlaExUiNcD091vtIUflLK91qaN7bBwMpfmQFbUHgKgw4LC2tZmRoH5tSAZT0fUXbUr
         UrM0Ml3k14Yfqq2rPVItwsrNsk1QxtxJAqYuzxHltJq35zYo7lUDwWQqNeS/x748lv
         cBdy9tUVI2EXA==
Subject: [PATCH RFC] SUNRPC: Fail quickly when server does not recognize TLS
From: Chuck Lever <cel@kernel.org>
To: linux-nfs@vger.kernel.org
Cc: Trond Myklebust <trondmy@hammerspace.com>,
        Chuck Lever <chuck.lever@oracle.com>
Date: Wed, 06 Sep 2023 12:00:27 -0400
Message-ID: 
 <169401596693.12580.9797071688010387133.stgit@oracle-102.nfsv4bat.org>
User-Agent: StGit/1.5
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

From: Chuck Lever <chuck.lever@oracle.com>

rpcauth_checkverf() should return a distinct error code when the
server does not recognize the AUTH_TLS probe so that the client's
header decoder can respond appropriately.

Suggested-by: Trond Myklebust <trondmy@hammerspace.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 net/sunrpc/auth.c     |   11 ++++++++---
 net/sunrpc/auth_tls.c |    2 +-
 net/sunrpc/clnt.c     |   10 +++++++++-
 3 files changed, 18 insertions(+), 5 deletions(-)

Compile-tested only, but something like this should be adequate.

diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index 2f16f9d17966..814b0169f972 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -769,9 +769,14 @@ int rpcauth_wrap_req(struct rpc_task *task, struct xdr_stream *xdr)
  * @task: controlling RPC task
  * @xdr: xdr_stream containing RPC Reply header
  *
- * On success, @xdr is updated to point past the verifier and
- * zero is returned. Otherwise, @xdr is in an undefined state
- * and a negative errno is returned.
+ * Return values:
+ *   %0: Verifier is valid. @xdr now points past the verifier.
+ *   %-EIO: Verifier is corrupted or message ended early.
+ *   %-EACCES: Verifier is intact but not valid.
+ *   %-EPROTONOSUPPORT: Server does not support the requested auth type.
+ *
+ * When a negative errno is returned, @xdr is left in an undefined
+ * state.
  */
 int
 rpcauth_checkverf(struct rpc_task *task, struct xdr_stream *xdr)
diff --git a/net/sunrpc/auth_tls.c b/net/sunrpc/auth_tls.c
index de7678f8a23d..751b3f418f3b 100644
--- a/net/sunrpc/auth_tls.c
+++ b/net/sunrpc/auth_tls.c
@@ -131,7 +131,7 @@ static int tls_validate(struct rpc_task *task, struct xdr_stream *xdr)
 	if (xdr_stream_decode_opaque_inline(xdr, &str, starttls_len) != starttls_len)
 		return -EIO;
 	if (memcmp(str, starttls_token, starttls_len))
-		return -EIO;
+		return -EPROTONOSUPPORT;
 	return 0;
 }
 
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 315bd59dea05..80ee97fb0bf2 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -2722,7 +2722,15 @@ rpc_decode_header(struct rpc_task *task, struct xdr_stream *xdr)
 
 out_verifier:
 	trace_rpc_bad_verifier(task);
-	goto out_garbage;
+	switch (error) {
+	case -EPROTONOSUPPORT:
+		goto out_err;
+	case -EACCES:
+		/* Re-encode with a fresh cred */
+		fallthrough;
+	default:
+		goto out_garbage;
+	}
 
 out_msg_denied:
 	error = -EACCES;