nfsd4: backchannel should use client-provided security flavor
For now this only adds support for AUTH_NULL. (Previously we assumed AUTH_UNIX.) We'll also need AUTH_GSS, which is trickier. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This commit is contained in:
parent
57725155dc
commit
12fc3e92d4
3 changed files with 13 additions and 5 deletions
|
@ -692,7 +692,7 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c
|
|||
args.bc_xprt = conn->cb_xprt;
|
||||
args.prognumber = clp->cl_cb_session->se_cb_prog;
|
||||
args.protocol = XPRT_TRANSPORT_BC_TCP;
|
||||
args.authflavor = RPC_AUTH_UNIX;
|
||||
args.authflavor = ses->se_cb_sec.flavor;
|
||||
}
|
||||
/* Create RPC client */
|
||||
client = rpc_create(&args);
|
||||
|
@ -709,7 +709,6 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c
|
|||
clp->cl_cb_client = client;
|
||||
clp->cl_cb_cred = cred;
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
static void warn_no_callback_path(struct nfs4_client *clp, int reason)
|
||||
|
|
|
@ -425,7 +425,7 @@ nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access
|
|||
static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
|
||||
{
|
||||
DECODE_HEAD;
|
||||
u32 dummy;
|
||||
u32 dummy, uid, gid;
|
||||
char *machine_name;
|
||||
int i;
|
||||
int nr_secflavs;
|
||||
|
@ -433,12 +433,15 @@ static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_
|
|||
/* callback_sec_params4 */
|
||||
READ_BUF(4);
|
||||
READ32(nr_secflavs);
|
||||
cbs->flavor = (u32)(-1);
|
||||
for (i = 0; i < nr_secflavs; ++i) {
|
||||
READ_BUF(4);
|
||||
READ32(dummy);
|
||||
switch (dummy) {
|
||||
case RPC_AUTH_NULL:
|
||||
/* Nothing to read */
|
||||
if (cbs->flavor == (u32)(-1))
|
||||
cbs->flavor = RPC_AUTH_NULL;
|
||||
break;
|
||||
case RPC_AUTH_UNIX:
|
||||
READ_BUF(8);
|
||||
|
@ -452,13 +455,18 @@ static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_
|
|||
|
||||
/* uid, gid */
|
||||
READ_BUF(8);
|
||||
READ32(cbs->uid);
|
||||
READ32(cbs->gid);
|
||||
READ32(uid);
|
||||
READ32(gid);
|
||||
|
||||
/* more gids */
|
||||
READ_BUF(4);
|
||||
READ32(dummy);
|
||||
READ_BUF(dummy * 4);
|
||||
if (cbs->flavor == (u32)(-1)) {
|
||||
cbs->uid = uid;
|
||||
cbs->gid = gid;
|
||||
cbs->flavor = RPC_AUTH_UNIX;
|
||||
}
|
||||
break;
|
||||
case RPC_AUTH_GSS:
|
||||
dprintk("RPC_AUTH_GSS callback secflavor "
|
||||
|
|
|
@ -151,6 +151,7 @@ struct nfsd4_channel_attrs {
|
|||
};
|
||||
|
||||
struct nfsd4_cb_sec {
|
||||
u32 flavor; /* (u32)(-1) used to mean "no valid flavor" */
|
||||
u32 uid;
|
||||
u32 gid;
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue