NFS4: Report callback authentication errors
authorChuck Lever <chuck.lever@oracle.com>
Mon, 23 Dec 2019 15:28:38 +0000 (10:28 -0500)
committerAnna Schumaker <Anna.Schumaker@Netapp.com>
Wed, 15 Jan 2020 15:54:31 +0000 (10:54 -0500)
This seems to be a somewhat common issue with Kerberos NFSv4.0
set-ups.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
fs/nfs/callback_xdr.c
fs/nfs/nfs4trace.h

index 03a20f5716c7a39b23ac97f218f6d1ea9bbff689..79ff172eb1c81ac0bc2b89740157b6163ca6aa8b 100644 (file)
@@ -18,6 +18,7 @@
 #include "callback.h"
 #include "internal.h"
 #include "nfs4session.h"
+#include "nfs4trace.h"
 
 #define CB_OP_TAGLEN_MAXSZ             (512)
 #define CB_OP_HDR_RES_MAXSZ            (2 * 4) // opcode, status
@@ -946,9 +947,13 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp)
 
        if (hdr_arg.minorversion == 0) {
                cps.clp = nfs4_find_client_ident(SVC_NET(rqstp), hdr_arg.cb_ident);
-               if (!cps.clp || !check_gss_callback_principal(cps.clp, rqstp)) {
-                       if (cps.clp)
-                               nfs_put_client(cps.clp);
+               if (!cps.clp) {
+                       trace_nfs_cb_no_clp(rqstp->rq_xid, hdr_arg.cb_ident);
+                       goto out_invalidcred;
+               }
+               if (!check_gss_callback_principal(cps.clp, rqstp)) {
+                       trace_nfs_cb_badprinc(rqstp->rq_xid, hdr_arg.cb_ident);
+                       nfs_put_client(cps.clp);
                        goto out_invalidcred;
                }
        }
index e60b6fbd5ada1c6b18b2aba07e4aaee2cf4b8591..e3586c16ef5924c189b40b12ec73b54618fae3ee 100644 (file)
@@ -691,6 +691,41 @@ TRACE_EVENT(nfs4_xdr_status,
                )
 );
 
+DECLARE_EVENT_CLASS(nfs4_cb_error_class,
+               TP_PROTO(
+                       __be32 xid,
+                       u32 cb_ident
+               ),
+
+               TP_ARGS(xid, cb_ident),
+
+               TP_STRUCT__entry(
+                       __field(u32, xid)
+                       __field(u32, cbident)
+               ),
+
+               TP_fast_assign(
+                       __entry->xid = be32_to_cpu(xid);
+                       __entry->cbident = cb_ident;
+               ),
+
+               TP_printk(
+                       "xid=0x%08x cb_ident=0x%08x",
+                       __entry->xid, __entry->cbident
+               )
+);
+
+#define DEFINE_CB_ERROR_EVENT(name) \
+       DEFINE_EVENT(nfs4_cb_error_class, nfs_cb_##name, \
+                       TP_PROTO( \
+                               __be32 xid, \
+                               u32 cb_ident \
+                       ), \
+                       TP_ARGS(xid, cb_ident))
+
+DEFINE_CB_ERROR_EVENT(no_clp);
+DEFINE_CB_ERROR_EVENT(badprinc);
+
 DECLARE_EVENT_CLASS(nfs4_open_event,
                TP_PROTO(
                        const struct nfs_open_context *ctx,