tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
svcrpc: store gss mech in svc_cred
Store a pointer to the gss mechanism used in the rq_cred and cl_cred.
This will make it easier to enforce SP4_MACH_CRED, which needs to
compare the mechanism used on the exchange_id with that used on
protected operations.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+14
-4
+3
fs/nfsd/nfs4state.c
+3
fs/nfsd/nfs4state.c
···
1188
1188
target->cr_gid = source->cr_gid;
1189
1189
target->cr_group_info = source->cr_group_info;
1190
1190
get_group_info(target->cr_group_info);
1191
+
target->cr_gss_mech = source->cr_gss_mech;
1192
+
if (source->cr_gss_mech)
1193
+
gss_mech_get(source->cr_gss_mech);
1191
1194
return 0;
1192
1195
}
1193
1196
+2
include/linux/sunrpc/gss_api.h
+2
include/linux/sunrpc/gss_api.h
···
151
151
/* Fill in an array with a list of supported pseudoflavors */
152
152
int gss_mech_list_pseudoflavors(rpc_authflavor_t *, int);
153
153
154
+
struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
155
+
154
156
/* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
155
157
* corresponding call to gss_mech_put. */
156
158
void gss_mech_put(struct gss_api_mech *);
+4
include/linux/sunrpc/svcauth.h
+4
include/linux/sunrpc/svcauth.h
···
14
14
#include <linux/string.h>
15
15
#include <linux/sunrpc/msg_prot.h>
16
16
#include <linux/sunrpc/cache.h>
17
+
#include <linux/sunrpc/gss_api.h>
17
18
#include <linux/hash.h>
18
19
#include <linux/cred.h>
19
20
···
24
23
struct group_info *cr_group_info;
25
24
u32 cr_flavor; /* pseudoflavor */
26
25
char *cr_principal; /* for gss */
26
+
struct gss_api_mech *cr_gss_mech;
27
27
};
28
28
29
29
static inline void init_svc_cred(struct svc_cred *cred)
···
39
37
if (cred->cr_group_info)
40
38
put_group_info(cred->cr_group_info);
41
39
kfree(cred->cr_principal);
40
+
gss_mech_put(cred->cr_gss_mech);
41
+
init_svc_cred(cred);
42
42
}
43
43
44
44
struct svc_rqst; /* forward decl */
+4
-1
net/sunrpc/auth_gss/gss_mech_switch.c
+4
-1
net/sunrpc/auth_gss/gss_mech_switch.c
···
139
139
}
140
140
EXPORT_SYMBOL_GPL(gss_mech_unregister);
141
141
142
-
static struct gss_api_mech *gss_mech_get(struct gss_api_mech *gm)
142
+
struct gss_api_mech *gss_mech_get(struct gss_api_mech *gm)
143
143
{
144
144
__module_get(gm->gm_owner);
145
145
return gm;
146
146
}
147
+
EXPORT_SYMBOL(gss_mech_get);
147
148
148
149
static struct gss_api_mech *
149
150
_gss_mech_get_by_name(const char *name)
···
361
360
}
362
361
return 0;
363
362
}
363
+
EXPORT_SYMBOL(gss_pseudoflavor_to_service);
364
364
365
365
char *
366
366
gss_service_to_auth_domain_name(struct gss_api_mech *gm, u32 service)
···
381
379
if (gm)
382
380
module_put(gm->gm_owner);
383
381
}
382
+
EXPORT_SYMBOL(gss_mech_put);
384
383
385
384
/* The mech could probably be determined from the token instead, but it's just
386
385
* as easy for now to pass it in. */
+1
-3
net/sunrpc/auth_gss/svcauth_gss.c
+1
-3
net/sunrpc/auth_gss/svcauth_gss.c
···
391
391
memset(&new->seqdata, 0, sizeof(new->seqdata));
392
392
spin_lock_init(&new->seqdata.sd_lock);
393
393
new->cred = tmp->cred;
394
-
new->cred.cr_principal = tmp->cred.cr_principal;
395
394
init_svc_cred(&tmp->cred);
396
395
}
397
396
···
484
485
len = qword_get(&mesg, buf, mlen);
485
486
if (len < 0)
486
487
goto out;
487
-
gm = gss_mech_get_by_name(buf);
488
+
gm = rsci.cred.cr_gss_mech = gss_mech_get_by_name(buf);
488
489
status = -EOPNOTSUPP;
489
490
if (!gm)
490
491
goto out;
···
514
515
rscp = rsc_update(cd, &rsci, rscp);
515
516
status = 0;
516
517
out:
517
-
gss_mech_put(gm);
518
518
rsc_free(&rsci);
519
519
if (rscp)
520
520
cache_put(&rscp->h, cd);