diff options
author | Olga Kornievskaia <aglo@citi.umich.edu> | 2008-12-23 16:17:15 -0500 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-12-23 16:17:15 -0500 |
commit | 68e76ad0baf8f5d5060377c2423ee6eed5c63057 (patch) | |
tree | baab3e30cc3b50bc49a553ee884885189ce85a8e /include/linux | |
parent | 34769fc488b463cb753fc632f8f5ba56c918b7cb (diff) |
nfsd: pass client principal name in rsc downcall
Two principals are involved in krb5 authentication: the target, who we
authenticate *to* (normally the name of the server, like
nfs/server.citi.umich.edu@CITI.UMICH.EDU), and the source, we we
authenticate *as* (normally a user, like bfields@UMICH.EDU)
In the case of NFSv4 callbacks, the target of the callback should be the
source of the client's setclientid call, and the source should be the
nfs server's own principal.
Therefore we allow svcgssd to pass down the name of the principal that
just authenticated, so that on setclientid we can store that principal
name with the new client, to be used later on callbacks.
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/nfsd/state.h | 1 | ||||
-rw-r--r-- | include/linux/sunrpc/svcauth_gss.h | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/nfsd/state.h b/include/linux/nfsd/state.h index d0fe2e378452..ce7cbf4b7c93 100644 --- a/include/linux/nfsd/state.h +++ b/include/linux/nfsd/state.h | |||
@@ -124,6 +124,7 @@ struct nfs4_client { | |||
124 | nfs4_verifier cl_verifier; /* generated by client */ | 124 | nfs4_verifier cl_verifier; /* generated by client */ |
125 | time_t cl_time; /* time of last lease renewal */ | 125 | time_t cl_time; /* time of last lease renewal */ |
126 | __be32 cl_addr; /* client ipaddress */ | 126 | __be32 cl_addr; /* client ipaddress */ |
127 | char *cl_principal; /* setclientid principal name */ | ||
127 | struct svc_cred cl_cred; /* setclientid principal */ | 128 | struct svc_cred cl_cred; /* setclientid principal */ |
128 | clientid_t cl_clientid; /* generated by server */ | 129 | clientid_t cl_clientid; /* generated by server */ |
129 | nfs4_verifier cl_confirm; /* generated by server */ | 130 | nfs4_verifier cl_confirm; /* generated by server */ |
diff --git a/include/linux/sunrpc/svcauth_gss.h b/include/linux/sunrpc/svcauth_gss.h index c9165d9771a8..ca7d725861fc 100644 --- a/include/linux/sunrpc/svcauth_gss.h +++ b/include/linux/sunrpc/svcauth_gss.h | |||
@@ -20,6 +20,7 @@ int gss_svc_init(void); | |||
20 | void gss_svc_shutdown(void); | 20 | void gss_svc_shutdown(void); |
21 | int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name); | 21 | int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name); |
22 | u32 svcauth_gss_flavor(struct auth_domain *dom); | 22 | u32 svcauth_gss_flavor(struct auth_domain *dom); |
23 | char *svc_gss_principal(struct svc_rqst *); | ||
23 | 24 | ||
24 | #endif /* __KERNEL__ */ | 25 | #endif /* __KERNEL__ */ |
25 | #endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */ | 26 | #endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */ |