diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-04-02 14:44:05 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-04-19 16:54:43 -0400 |
commit | d11d10cc05c94a32632d6928d15a1034200dd9a5 (patch) | |
tree | 8d6aec826f4673cf0aea98dda2c5ce39185a5d0b /fs/lockd | |
parent | c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc (diff) |
NLM/lockd: Ensure client locking calls use correct credentials
Now that we've added the 'generic' credentials (that are independent of the
rpc_client) to the nfs_open_context, we can use those in the NLM client to
ensure that the lock/unlock requests are authenticated to whoever
originally opened the file.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/lockd')
-rw-r--r-- | fs/lockd/clntproc.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c index 37d1aa20a607..40b16f23e49a 100644 --- a/fs/lockd/clntproc.c +++ b/fs/lockd/clntproc.c | |||
@@ -247,7 +247,7 @@ static int nlm_wait_on_grace(wait_queue_head_t *queue) | |||
247 | * Generic NLM call | 247 | * Generic NLM call |
248 | */ | 248 | */ |
249 | static int | 249 | static int |
250 | nlmclnt_call(struct nlm_rqst *req, u32 proc) | 250 | nlmclnt_call(struct rpc_cred *cred, struct nlm_rqst *req, u32 proc) |
251 | { | 251 | { |
252 | struct nlm_host *host = req->a_host; | 252 | struct nlm_host *host = req->a_host; |
253 | struct rpc_clnt *clnt; | 253 | struct rpc_clnt *clnt; |
@@ -256,6 +256,7 @@ nlmclnt_call(struct nlm_rqst *req, u32 proc) | |||
256 | struct rpc_message msg = { | 256 | struct rpc_message msg = { |
257 | .rpc_argp = argp, | 257 | .rpc_argp = argp, |
258 | .rpc_resp = resp, | 258 | .rpc_resp = resp, |
259 | .rpc_cred = cred, | ||
259 | }; | 260 | }; |
260 | int status; | 261 | int status; |
261 | 262 | ||
@@ -390,11 +391,12 @@ int nlm_async_reply(struct nlm_rqst *req, u32 proc, const struct rpc_call_ops *t | |||
390 | * completion in order to be able to correctly track the lock | 391 | * completion in order to be able to correctly track the lock |
391 | * state. | 392 | * state. |
392 | */ | 393 | */ |
393 | static int nlmclnt_async_call(struct nlm_rqst *req, u32 proc, const struct rpc_call_ops *tk_ops) | 394 | static int nlmclnt_async_call(struct rpc_cred *cred, struct nlm_rqst *req, u32 proc, const struct rpc_call_ops *tk_ops) |
394 | { | 395 | { |
395 | struct rpc_message msg = { | 396 | struct rpc_message msg = { |
396 | .rpc_argp = &req->a_args, | 397 | .rpc_argp = &req->a_args, |
397 | .rpc_resp = &req->a_res, | 398 | .rpc_resp = &req->a_res, |
399 | .rpc_cred = cred, | ||
398 | }; | 400 | }; |
399 | struct rpc_task *task; | 401 | struct rpc_task *task; |
400 | int err; | 402 | int err; |
@@ -415,7 +417,7 @@ nlmclnt_test(struct nlm_rqst *req, struct file_lock *fl) | |||
415 | { | 417 | { |
416 | int status; | 418 | int status; |
417 | 419 | ||
418 | status = nlmclnt_call(req, NLMPROC_TEST); | 420 | status = nlmclnt_call(nfs_file_cred(fl->fl_file), req, NLMPROC_TEST); |
419 | if (status < 0) | 421 | if (status < 0) |
420 | goto out; | 422 | goto out; |
421 | 423 | ||
@@ -506,6 +508,7 @@ static int do_vfs_lock(struct file_lock *fl) | |||
506 | static int | 508 | static int |
507 | nlmclnt_lock(struct nlm_rqst *req, struct file_lock *fl) | 509 | nlmclnt_lock(struct nlm_rqst *req, struct file_lock *fl) |
508 | { | 510 | { |
511 | struct rpc_cred *cred = nfs_file_cred(fl->fl_file); | ||
509 | struct nlm_host *host = req->a_host; | 512 | struct nlm_host *host = req->a_host; |
510 | struct nlm_res *resp = &req->a_res; | 513 | struct nlm_res *resp = &req->a_res; |
511 | struct nlm_wait *block = NULL; | 514 | struct nlm_wait *block = NULL; |
@@ -534,7 +537,7 @@ again: | |||
534 | for(;;) { | 537 | for(;;) { |
535 | /* Reboot protection */ | 538 | /* Reboot protection */ |
536 | fl->fl_u.nfs_fl.state = host->h_state; | 539 | fl->fl_u.nfs_fl.state = host->h_state; |
537 | status = nlmclnt_call(req, NLMPROC_LOCK); | 540 | status = nlmclnt_call(cred, req, NLMPROC_LOCK); |
538 | if (status < 0) | 541 | if (status < 0) |
539 | break; | 542 | break; |
540 | /* Did a reclaimer thread notify us of a server reboot? */ | 543 | /* Did a reclaimer thread notify us of a server reboot? */ |
@@ -595,7 +598,7 @@ out_unlock: | |||
595 | up_read(&host->h_rwsem); | 598 | up_read(&host->h_rwsem); |
596 | fl->fl_type = fl_type; | 599 | fl->fl_type = fl_type; |
597 | fl->fl_flags = fl_flags; | 600 | fl->fl_flags = fl_flags; |
598 | nlmclnt_async_call(req, NLMPROC_UNLOCK, &nlmclnt_unlock_ops); | 601 | nlmclnt_async_call(cred, req, NLMPROC_UNLOCK, &nlmclnt_unlock_ops); |
599 | return status; | 602 | return status; |
600 | } | 603 | } |
601 | 604 | ||
@@ -619,8 +622,8 @@ nlmclnt_reclaim(struct nlm_host *host, struct file_lock *fl) | |||
619 | nlmclnt_setlockargs(req, fl); | 622 | nlmclnt_setlockargs(req, fl); |
620 | req->a_args.reclaim = 1; | 623 | req->a_args.reclaim = 1; |
621 | 624 | ||
622 | if ((status = nlmclnt_call(req, NLMPROC_LOCK)) >= 0 | 625 | status = nlmclnt_call(nfs_file_cred(fl->fl_file), req, NLMPROC_LOCK); |
623 | && req->a_res.status == nlm_granted) | 626 | if (status >= 0 && req->a_res.status == nlm_granted) |
624 | return 0; | 627 | return 0; |
625 | 628 | ||
626 | printk(KERN_WARNING "lockd: failed to reclaim lock for pid %d " | 629 | printk(KERN_WARNING "lockd: failed to reclaim lock for pid %d " |
@@ -669,7 +672,8 @@ nlmclnt_unlock(struct nlm_rqst *req, struct file_lock *fl) | |||
669 | } | 672 | } |
670 | 673 | ||
671 | atomic_inc(&req->a_count); | 674 | atomic_inc(&req->a_count); |
672 | status = nlmclnt_async_call(req, NLMPROC_UNLOCK, &nlmclnt_unlock_ops); | 675 | status = nlmclnt_async_call(nfs_file_cred(fl->fl_file), req, |
676 | NLMPROC_UNLOCK, &nlmclnt_unlock_ops); | ||
673 | if (status < 0) | 677 | if (status < 0) |
674 | goto out; | 678 | goto out; |
675 | 679 | ||
@@ -738,7 +742,8 @@ static int nlmclnt_cancel(struct nlm_host *host, int block, struct file_lock *fl | |||
738 | req->a_args.block = block; | 742 | req->a_args.block = block; |
739 | 743 | ||
740 | atomic_inc(&req->a_count); | 744 | atomic_inc(&req->a_count); |
741 | status = nlmclnt_async_call(req, NLMPROC_CANCEL, &nlmclnt_cancel_ops); | 745 | status = nlmclnt_async_call(nfs_file_cred(fl->fl_file), req, |
746 | NLMPROC_CANCEL, &nlmclnt_cancel_ops); | ||
742 | if (status == 0 && req->a_res.status == nlm_lck_denied) | 747 | if (status == 0 && req->a_res.status == nlm_lck_denied) |
743 | status = -ENOLCK; | 748 | status = -ENOLCK; |
744 | nlm_release_call(req); | 749 | nlm_release_call(req); |