diff options
author | J. Bruce Fields <bfields@redhat.com> | 2012-08-16 17:01:21 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2012-08-20 18:38:36 -0400 |
commit | 39307655a1effa8d913bba054c0e985bfaca808c (patch) | |
tree | 444839c0cc97415f931fbd24b4548d2c93a38d1a /fs | |
parent | d9875690d9b89a866022ff49e3fcea892345ad92 (diff) |
nfsd4: fix security flavor of NFSv4.0 callback
Commit d5497fc693a446ce9100fcf4117c3f795ddfd0d2 "nfsd4: move rq_flavor
into svc_cred" forgot to remove cl_flavor from the client, leaving two
places (cl_flavor and cl_cred.cr_flavor) for the flavor to be stored.
After that patch, the latter was the one that was updated, but the
former was the one that the callback used.
Symptoms were a long delay on utime(). This is because the utime()
generated a setattr which recalled a delegation, but the cb_recall was
ignored by the client because it had the wrong security flavor.
Cc: stable@vger.kernel.org
Tested-by: Jamie Heilman <jamie@audible.transient.net>
Reported-by: Jamie Heilman <jamie@audible.transient.net>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/nfsd/nfs4callback.c | 4 | ||||
-rw-r--r-- | fs/nfsd/state.h | 1 |
2 files changed, 2 insertions, 3 deletions
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c index cbaf4f8bb7b..4c7bd35b187 100644 --- a/fs/nfsd/nfs4callback.c +++ b/fs/nfsd/nfs4callback.c | |||
@@ -651,12 +651,12 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c | |||
651 | 651 | ||
652 | if (clp->cl_minorversion == 0) { | 652 | if (clp->cl_minorversion == 0) { |
653 | if (!clp->cl_cred.cr_principal && | 653 | if (!clp->cl_cred.cr_principal && |
654 | (clp->cl_flavor >= RPC_AUTH_GSS_KRB5)) | 654 | (clp->cl_cred.cr_flavor >= RPC_AUTH_GSS_KRB5)) |
655 | return -EINVAL; | 655 | return -EINVAL; |
656 | args.client_name = clp->cl_cred.cr_principal; | 656 | args.client_name = clp->cl_cred.cr_principal; |
657 | args.prognumber = conn->cb_prog, | 657 | args.prognumber = conn->cb_prog, |
658 | args.protocol = XPRT_TRANSPORT_TCP; | 658 | args.protocol = XPRT_TRANSPORT_TCP; |
659 | args.authflavor = clp->cl_flavor; | 659 | args.authflavor = clp->cl_cred.cr_flavor; |
660 | clp->cl_cb_ident = conn->cb_ident; | 660 | clp->cl_cb_ident = conn->cb_ident; |
661 | } else { | 661 | } else { |
662 | if (!conn->cb_xprt) | 662 | if (!conn->cb_xprt) |
diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h index e6173147f98..22bd0a66c35 100644 --- a/fs/nfsd/state.h +++ b/fs/nfsd/state.h | |||
@@ -231,7 +231,6 @@ struct nfs4_client { | |||
231 | nfs4_verifier cl_verifier; /* generated by client */ | 231 | nfs4_verifier cl_verifier; /* generated by client */ |
232 | time_t cl_time; /* time of last lease renewal */ | 232 | time_t cl_time; /* time of last lease renewal */ |
233 | struct sockaddr_storage cl_addr; /* client ipaddress */ | 233 | struct sockaddr_storage cl_addr; /* client ipaddress */ |
234 | u32 cl_flavor; /* setclientid pseudoflavor */ | ||
235 | struct svc_cred cl_cred; /* setclientid principal */ | 234 | struct svc_cred cl_cred; /* setclientid principal */ |
236 | clientid_t cl_clientid; /* generated by server */ | 235 | clientid_t cl_clientid; /* generated by server */ |
237 | nfs4_verifier cl_confirm; /* generated by server */ | 236 | nfs4_verifier cl_confirm; /* generated by server */ |