diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2018-08-16 12:05:54 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2018-08-22 18:32:07 -0400 |
| commit | a1a237775ec8fd2694b9f8e451821fd168e730d8 (patch) | |
| tree | 1955a598d3f33061be0d0f89e47628269b049a86 /net/sunrpc | |
| parent | 44090cc876926277329e1608bafc01b9f6da627f (diff) | |
sunrpc: Enable the kernel to specify the hostname part of service principals
A multi-homed NFS server may have more than one "nfs" key in its
keytab. Enable the kernel to pick the key it wants as a machine
credential when establishing a GSS context.
This is useful for GSS-protected NFSv4.0 callbacks, which are
required by RFC 7530 S3.3.3 to use the same principal as the service
principal the client used when establishing its lease.
A complementary modification to rpc.gssd is required to fully enable
this feature.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'net/sunrpc')
| -rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index be8f103d22fd..1943e1198804 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
| @@ -284,7 +284,12 @@ err: | |||
| 284 | return p; | 284 | return p; |
| 285 | } | 285 | } |
| 286 | 286 | ||
| 287 | #define UPCALL_BUF_LEN 128 | 287 | /* XXX: Need some documentation about why UPCALL_BUF_LEN is so small. |
| 288 | * Is user space expecting no more than UPCALL_BUF_LEN bytes? | ||
| 289 | * Note that there are now _two_ NI_MAXHOST sized data items | ||
| 290 | * being passed in this string. | ||
| 291 | */ | ||
| 292 | #define UPCALL_BUF_LEN 256 | ||
| 288 | 293 | ||
| 289 | struct gss_upcall_msg { | 294 | struct gss_upcall_msg { |
| 290 | refcount_t count; | 295 | refcount_t count; |
| @@ -462,8 +467,17 @@ static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, | |||
| 462 | p += len; | 467 | p += len; |
| 463 | gss_msg->msg.len += len; | 468 | gss_msg->msg.len += len; |
| 464 | } | 469 | } |
| 465 | if (service_name != NULL) { | 470 | if (service_name) { |
| 466 | len = scnprintf(p, buflen, "service=%s ", service_name); | 471 | char *c = strchr(service_name, '@'); |
| 472 | |||
| 473 | if (!c) | ||
| 474 | len = scnprintf(p, buflen, "service=%s ", | ||
| 475 | service_name); | ||
| 476 | else | ||
| 477 | len = scnprintf(p, buflen, | ||
| 478 | "service=%.*s srchost=%s ", | ||
| 479 | (int)(c - service_name), | ||
| 480 | service_name, c + 1); | ||
| 467 | buflen -= len; | 481 | buflen -= len; |
| 468 | p += len; | 482 | p += len; |
| 469 | gss_msg->msg.len += len; | 483 | gss_msg->msg.len += len; |