aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorOlga Kornievskaia <aglo@citi.umich.edu>2008-12-23 16:17:15 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2008-12-23 16:17:15 -0500
commit68e76ad0baf8f5d5060377c2423ee6eed5c63057 (patch)
treebaab3e30cc3b50bc49a553ee884885189ce85a8e /include
parent34769fc488b463cb753fc632f8f5ba56c918b7cb (diff)
nfsd: pass client principal name in rsc downcall
Two principals are involved in krb5 authentication: the target, who we authenticate *to* (normally the name of the server, like nfs/server.citi.umich.edu@CITI.UMICH.EDU), and the source, we we authenticate *as* (normally a user, like bfields@UMICH.EDU) In the case of NFSv4 callbacks, the target of the callback should be the source of the client's setclientid call, and the source should be the nfs server's own principal. Therefore we allow svcgssd to pass down the name of the principal that just authenticated, so that on setclientid we can store that principal name with the new client, to be used later on callbacks. Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'include')
-rw-r--r--include/linux/nfsd/state.h1
-rw-r--r--include/linux/sunrpc/svcauth_gss.h1
2 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/nfsd/state.h b/include/linux/nfsd/state.h
index d0fe2e378452..ce7cbf4b7c93 100644
--- a/include/linux/nfsd/state.h
+++ b/include/linux/nfsd/state.h
@@ -124,6 +124,7 @@ struct nfs4_client {
124 nfs4_verifier cl_verifier; /* generated by client */ 124 nfs4_verifier cl_verifier; /* generated by client */
125 time_t cl_time; /* time of last lease renewal */ 125 time_t cl_time; /* time of last lease renewal */
126 __be32 cl_addr; /* client ipaddress */ 126 __be32 cl_addr; /* client ipaddress */
127 char *cl_principal; /* setclientid principal name */
127 struct svc_cred cl_cred; /* setclientid principal */ 128 struct svc_cred cl_cred; /* setclientid principal */
128 clientid_t cl_clientid; /* generated by server */ 129 clientid_t cl_clientid; /* generated by server */
129 nfs4_verifier cl_confirm; /* generated by server */ 130 nfs4_verifier cl_confirm; /* generated by server */
diff --git a/include/linux/sunrpc/svcauth_gss.h b/include/linux/sunrpc/svcauth_gss.h
index c9165d9771a8..ca7d725861fc 100644
--- a/include/linux/sunrpc/svcauth_gss.h
+++ b/include/linux/sunrpc/svcauth_gss.h
@@ -20,6 +20,7 @@ int gss_svc_init(void);
20void gss_svc_shutdown(void); 20void gss_svc_shutdown(void);
21int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name); 21int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name);
22u32 svcauth_gss_flavor(struct auth_domain *dom); 22u32 svcauth_gss_flavor(struct auth_domain *dom);
23char *svc_gss_principal(struct svc_rqst *);
23 24
24#endif /* __KERNEL__ */ 25#endif /* __KERNEL__ */
25#endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */ 26#endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */