tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

SUNRPC: Clean up the RPCSEC_GSS service ticket requests

Instead of hacking specific service names into gss_encode_v1_msg, we should
just allow the caller to specify the service name explicitly.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: J. Bruce Fields <bfields@redhat.com>

Trond Myklebust 68c97153 805a6af8

+32 -23
+1 -1
fs/nfs/client.c
··· 185 185 clp->cl_minorversion = cl_init->minorversion; 186 186 clp->cl_mvops = nfs_v4_minor_ops[cl_init->minorversion]; 187 187 #endif 188 - cred = rpc_lookup_machine_cred(); 188 + cred = rpc_lookup_machine_cred("*"); 189 189 if (!IS_ERR(cred)) 190 190 clp->cl_machine_cred = cred; 191 191 nfs_fscache_get_client_cookie(clp);
+1 -1
fs/nfsd/nfs4callback.c
··· 718 718 { 719 719 if (callback_cred) 720 720 return 0; 721 - callback_cred = rpc_lookup_machine_cred(); 721 + callback_cred = rpc_lookup_machine_cred("nfs"); 722 722 if (!callback_cred) 723 723 return -ENOMEM; 724 724 return 0;
+2 -1
include/linux/sunrpc/auth.h
··· 26 26 uid_t uid; 27 27 gid_t gid; 28 28 struct group_info *group_info; 29 + const char *principal; 29 30 unsigned char machine_cred : 1; 30 31 }; 31 32 ··· 128 127 void rpc_destroy_authunix(void); 129 128 130 129 struct rpc_cred * rpc_lookup_cred(void); 131 - struct rpc_cred * rpc_lookup_machine_cred(void); 130 + struct rpc_cred * rpc_lookup_machine_cred(const char *service_name); 132 131 int rpcauth_register(const struct rpc_authops *); 133 132 int rpcauth_unregister(const struct rpc_authops *); 134 133 struct rpc_auth * rpcauth_create(rpc_authflavor_t, struct rpc_clnt *);
+1 -1
include/linux/sunrpc/auth_gss.h
··· 82 82 enum rpc_gss_svc gc_service; 83 83 struct gss_cl_ctx __rcu *gc_ctx; 84 84 struct gss_upcall_msg *gc_upcall; 85 + const char *gc_principal; 85 86 unsigned long gc_upcall_timestamp; 86 - unsigned char gc_machine_cred : 1; 87 87 }; 88 88 89 89 #endif /* __KERNEL__ */
+4 -2
net/sunrpc/auth_generic.c
··· 41 41 /* 42 42 * Public call interface for looking up machine creds. 43 43 */ 44 - struct rpc_cred *rpc_lookup_machine_cred(void) 44 + struct rpc_cred *rpc_lookup_machine_cred(const char *service_name) 45 45 { 46 46 struct auth_cred acred = { 47 47 .uid = RPC_MACHINE_CRED_USERID, 48 48 .gid = RPC_MACHINE_CRED_GROUPID, 49 + .principal = service_name, 49 50 .machine_cred = 1, 50 51 }; 51 52 52 - dprintk("RPC: looking up machine cred\n"); 53 + dprintk("RPC: looking up machine cred for service %s\n", 54 + service_name); 53 55 return generic_auth.au_ops->lookup_cred(&generic_auth, &acred, 0); 54 56 } 55 57 EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred);
+23 -17
net/sunrpc/auth_gss/auth_gss.c
··· 392 392 } 393 393 394 394 static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, 395 - struct rpc_clnt *clnt, int machine_cred) 395 + struct rpc_clnt *clnt, 396 + const char *service_name) 396 397 { 397 398 struct gss_api_mech *mech = gss_msg->auth->mech; 398 399 char *p = gss_msg->databuf; ··· 408 407 p += len; 409 408 gss_msg->msg.len += len; 410 409 } 411 - if (machine_cred) { 412 - len = sprintf(p, "service=* "); 413 - p += len; 414 - gss_msg->msg.len += len; 415 - } else if (!strcmp(clnt->cl_program->name, "nfs4_cb")) { 416 - len = sprintf(p, "service=nfs "); 410 + if (service_name != NULL) { 411 + len = sprintf(p, "service=%s ", service_name); 417 412 p += len; 418 413 gss_msg->msg.len += len; 419 414 } ··· 426 429 } 427 430 428 431 static void gss_encode_msg(struct gss_upcall_msg *gss_msg, 429 - struct rpc_clnt *clnt, int machine_cred) 432 + struct rpc_clnt *clnt, 433 + const char *service_name) 430 434 { 431 435 if (pipe_version == 0) 432 436 gss_encode_v0_msg(gss_msg); 433 437 else /* pipe_version == 1 */ 434 - gss_encode_v1_msg(gss_msg, clnt, machine_cred); 438 + gss_encode_v1_msg(gss_msg, clnt, service_name); 435 439 } 436 440 437 - static inline struct gss_upcall_msg * 438 - gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt, 439 - int machine_cred) 441 + static struct gss_upcall_msg * 442 + gss_alloc_msg(struct gss_auth *gss_auth, struct rpc_clnt *clnt, 443 + uid_t uid, const char *service_name) 440 444 { 441 445 struct gss_upcall_msg *gss_msg; 442 446 int vers; ··· 457 459 atomic_set(&gss_msg->count, 1); 458 460 gss_msg->uid = uid; 459 461 gss_msg->auth = gss_auth; 460 - gss_encode_msg(gss_msg, clnt, machine_cred); 462 + gss_encode_msg(gss_msg, clnt, service_name); 461 463 return gss_msg; 462 464 } 463 465 ··· 469 471 struct gss_upcall_msg *gss_new, *gss_msg; 470 472 uid_t uid = cred->cr_uid; 471 473 472 - gss_new = gss_alloc_msg(gss_auth, uid, clnt, gss_cred->gc_machine_cred); 474 + gss_new = gss_alloc_msg(gss_auth, clnt, uid, gss_cred->gc_principal); 473 475 if (IS_ERR(gss_new)) 474 476 return gss_new; 475 477 gss_msg = gss_add_msg(gss_new); ··· 993 995 */ 994 996 cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW; 995 997 cred->gc_service = gss_auth->service; 996 - cred->gc_machine_cred = acred->machine_cred; 998 + cred->gc_principal = NULL; 999 + if (acred->machine_cred) 1000 + cred->gc_principal = acred->principal; 997 1001 kref_get(&gss_auth->kref); 998 1002 return &cred->gc_base; 999 1003 ··· 1030 1030 if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags)) 1031 1031 return 0; 1032 1032 out: 1033 - if (acred->machine_cred != gss_cred->gc_machine_cred) 1033 + if (acred->principal != NULL) { 1034 + if (gss_cred->gc_principal == NULL) 1035 + return 0; 1036 + return strcmp(acred->principal, gss_cred->gc_principal) == 0; 1037 + } 1038 + if (gss_cred->gc_principal != NULL) 1034 1039 return 0; 1035 1040 return rc->cr_uid == acred->uid; 1036 1041 } ··· 1109 1104 struct rpc_auth *auth = oldcred->cr_auth; 1110 1105 struct auth_cred acred = { 1111 1106 .uid = oldcred->cr_uid, 1112 - .machine_cred = gss_cred->gc_machine_cred, 1107 + .principal = gss_cred->gc_principal, 1108 + .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0), 1113 1109 }; 1114 1110 struct rpc_cred *new; 1115 1111