diff options
-rw-r--r-- | fs/nfsd/nfs4state.c | 11 | ||||
-rw-r--r-- | include/linux/nfsd/state.h | 1 | ||||
-rw-r--r-- | include/linux/sunrpc/svcauth_gss.h | 1 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 23 |
4 files changed, 36 insertions, 0 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 1a052ac2bde..f3b9a8d064f 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c | |||
@@ -54,6 +54,7 @@ | |||
54 | #include <linux/mutex.h> | 54 | #include <linux/mutex.h> |
55 | #include <linux/lockd/bind.h> | 55 | #include <linux/lockd/bind.h> |
56 | #include <linux/module.h> | 56 | #include <linux/module.h> |
57 | #include <linux/sunrpc/svcauth_gss.h> | ||
57 | 58 | ||
58 | #define NFSDDBG_FACILITY NFSDDBG_PROC | 59 | #define NFSDDBG_FACILITY NFSDDBG_PROC |
59 | 60 | ||
@@ -377,6 +378,7 @@ free_client(struct nfs4_client *clp) | |||
377 | shutdown_callback_client(clp); | 378 | shutdown_callback_client(clp); |
378 | if (clp->cl_cred.cr_group_info) | 379 | if (clp->cl_cred.cr_group_info) |
379 | put_group_info(clp->cl_cred.cr_group_info); | 380 | put_group_info(clp->cl_cred.cr_group_info); |
381 | kfree(clp->cl_principal); | ||
380 | kfree(clp->cl_name.data); | 382 | kfree(clp->cl_name.data); |
381 | kfree(clp); | 383 | kfree(clp); |
382 | } | 384 | } |
@@ -696,6 +698,7 @@ nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, | |||
696 | unsigned int strhashval; | 698 | unsigned int strhashval; |
697 | struct nfs4_client *conf, *unconf, *new; | 699 | struct nfs4_client *conf, *unconf, *new; |
698 | __be32 status; | 700 | __be32 status; |
701 | char *princ; | ||
699 | char dname[HEXDIR_LEN]; | 702 | char dname[HEXDIR_LEN]; |
700 | 703 | ||
701 | if (!check_name(clname)) | 704 | if (!check_name(clname)) |
@@ -783,6 +786,14 @@ nfsd4_setclientid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, | |||
783 | } | 786 | } |
784 | copy_verf(new, &clverifier); | 787 | copy_verf(new, &clverifier); |
785 | new->cl_addr = sin->sin_addr.s_addr; | 788 | new->cl_addr = sin->sin_addr.s_addr; |
789 | princ = svc_gss_principal(rqstp); | ||
790 | if (princ) { | ||
791 | new->cl_principal = kstrdup(princ, GFP_KERNEL); | ||
792 | if (new->cl_principal == NULL) { | ||
793 | free_client(new); | ||
794 | goto out; | ||
795 | } | ||
796 | } | ||
786 | copy_cred(&new->cl_cred, &rqstp->rq_cred); | 797 | copy_cred(&new->cl_cred, &rqstp->rq_cred); |
787 | gen_confirm(new); | 798 | gen_confirm(new); |
788 | gen_callback(new, setclid); | 799 | gen_callback(new, setclid); |
diff --git a/include/linux/nfsd/state.h b/include/linux/nfsd/state.h index d0fe2e37845..ce7cbf4b7c9 100644 --- a/include/linux/nfsd/state.h +++ b/include/linux/nfsd/state.h | |||
@@ -124,6 +124,7 @@ struct nfs4_client { | |||
124 | nfs4_verifier cl_verifier; /* generated by client */ | 124 | nfs4_verifier cl_verifier; /* generated by client */ |
125 | time_t cl_time; /* time of last lease renewal */ | 125 | time_t cl_time; /* time of last lease renewal */ |
126 | __be32 cl_addr; /* client ipaddress */ | 126 | __be32 cl_addr; /* client ipaddress */ |
127 | char *cl_principal; /* setclientid principal name */ | ||
127 | struct svc_cred cl_cred; /* setclientid principal */ | 128 | struct svc_cred cl_cred; /* setclientid principal */ |
128 | clientid_t cl_clientid; /* generated by server */ | 129 | clientid_t cl_clientid; /* generated by server */ |
129 | nfs4_verifier cl_confirm; /* generated by server */ | 130 | nfs4_verifier cl_confirm; /* generated by server */ |
diff --git a/include/linux/sunrpc/svcauth_gss.h b/include/linux/sunrpc/svcauth_gss.h index c9165d9771a..ca7d725861f 100644 --- a/include/linux/sunrpc/svcauth_gss.h +++ b/include/linux/sunrpc/svcauth_gss.h | |||
@@ -20,6 +20,7 @@ int gss_svc_init(void); | |||
20 | void gss_svc_shutdown(void); | 20 | void gss_svc_shutdown(void); |
21 | int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name); | 21 | int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name); |
22 | u32 svcauth_gss_flavor(struct auth_domain *dom); | 22 | u32 svcauth_gss_flavor(struct auth_domain *dom); |
23 | char *svc_gss_principal(struct svc_rqst *); | ||
23 | 24 | ||
24 | #endif /* __KERNEL__ */ | 25 | #endif /* __KERNEL__ */ |
25 | #endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */ | 26 | #endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */ |
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 12803da95dc..e9baa6ebb1d 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c | |||
@@ -332,6 +332,7 @@ struct rsc { | |||
332 | struct svc_cred cred; | 332 | struct svc_cred cred; |
333 | struct gss_svc_seq_data seqdata; | 333 | struct gss_svc_seq_data seqdata; |
334 | struct gss_ctx *mechctx; | 334 | struct gss_ctx *mechctx; |
335 | char *client_name; | ||
335 | }; | 336 | }; |
336 | 337 | ||
337 | static struct cache_head *rsc_table[RSC_HASHMAX]; | 338 | static struct cache_head *rsc_table[RSC_HASHMAX]; |
@@ -346,6 +347,7 @@ static void rsc_free(struct rsc *rsci) | |||
346 | gss_delete_sec_context(&rsci->mechctx); | 347 | gss_delete_sec_context(&rsci->mechctx); |
347 | if (rsci->cred.cr_group_info) | 348 | if (rsci->cred.cr_group_info) |
348 | put_group_info(rsci->cred.cr_group_info); | 349 | put_group_info(rsci->cred.cr_group_info); |
350 | kfree(rsci->client_name); | ||
349 | } | 351 | } |
350 | 352 | ||
351 | static void rsc_put(struct kref *ref) | 353 | static void rsc_put(struct kref *ref) |
@@ -383,6 +385,7 @@ rsc_init(struct cache_head *cnew, struct cache_head *ctmp) | |||
383 | tmp->handle.data = NULL; | 385 | tmp->handle.data = NULL; |
384 | new->mechctx = NULL; | 386 | new->mechctx = NULL; |
385 | new->cred.cr_group_info = NULL; | 387 | new->cred.cr_group_info = NULL; |
388 | new->client_name = NULL; | ||
386 | } | 389 | } |
387 | 390 | ||
388 | static void | 391 | static void |
@@ -397,6 +400,8 @@ update_rsc(struct cache_head *cnew, struct cache_head *ctmp) | |||
397 | spin_lock_init(&new->seqdata.sd_lock); | 400 | spin_lock_init(&new->seqdata.sd_lock); |
398 | new->cred = tmp->cred; | 401 | new->cred = tmp->cred; |
399 | tmp->cred.cr_group_info = NULL; | 402 | tmp->cred.cr_group_info = NULL; |
403 | new->client_name = tmp->client_name; | ||
404 | tmp->client_name = NULL; | ||
400 | } | 405 | } |
401 | 406 | ||
402 | static struct cache_head * | 407 | static struct cache_head * |
@@ -486,6 +491,15 @@ static int rsc_parse(struct cache_detail *cd, | |||
486 | status = gss_import_sec_context(buf, len, gm, &rsci.mechctx); | 491 | status = gss_import_sec_context(buf, len, gm, &rsci.mechctx); |
487 | if (status) | 492 | if (status) |
488 | goto out; | 493 | goto out; |
494 | |||
495 | /* get client name */ | ||
496 | len = qword_get(&mesg, buf, mlen); | ||
497 | if (len > 0) { | ||
498 | rsci.client_name = kstrdup(buf, GFP_KERNEL); | ||
499 | if (!rsci.client_name) | ||
500 | goto out; | ||
501 | } | ||
502 | |||
489 | } | 503 | } |
490 | rsci.h.expiry_time = expiry; | 504 | rsci.h.expiry_time = expiry; |
491 | rscp = rsc_update(&rsci, rscp); | 505 | rscp = rsc_update(&rsci, rscp); |
@@ -913,6 +927,15 @@ struct gss_svc_data { | |||
913 | struct rsc *rsci; | 927 | struct rsc *rsci; |
914 | }; | 928 | }; |
915 | 929 | ||
930 | char *svc_gss_principal(struct svc_rqst *rqstp) | ||
931 | { | ||
932 | struct gss_svc_data *gd = (struct gss_svc_data *)rqstp->rq_auth_data; | ||
933 | |||
934 | if (gd && gd->rsci) | ||
935 | return gd->rsci->client_name; | ||
936 | return NULL; | ||
937 | } | ||
938 | |||
916 | static int | 939 | static int |
917 | svcauth_gss_set_client(struct svc_rqst *rqstp) | 940 | svcauth_gss_set_client(struct svc_rqst *rqstp) |
918 | { | 941 | { |