diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-01-03 13:22:46 -0500 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-01-05 10:42:38 -0500 |
commit | 68c97153fb7f2877f98aa6c29546381d9cad2fed (patch) | |
tree | 6c233c15758788758c819248a9d821d0083f4ca6 /net/sunrpc/auth_gss | |
parent | 805a6af8dba5dfdd35ec35dc52ec0122400b2610 (diff) |
SUNRPC: Clean up the RPCSEC_GSS service ticket requests
Instead of hacking specific service names into gss_encode_v1_msg, we should
just allow the caller to specify the service name explicitly.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r-- | net/sunrpc/auth_gss/auth_gss.c | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index afb56553dfe7..28d72d298735 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c | |||
@@ -392,7 +392,8 @@ static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg) | |||
392 | } | 392 | } |
393 | 393 | ||
394 | static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, | 394 | static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, |
395 | struct rpc_clnt *clnt, int machine_cred) | 395 | struct rpc_clnt *clnt, |
396 | const char *service_name) | ||
396 | { | 397 | { |
397 | struct gss_api_mech *mech = gss_msg->auth->mech; | 398 | struct gss_api_mech *mech = gss_msg->auth->mech; |
398 | char *p = gss_msg->databuf; | 399 | char *p = gss_msg->databuf; |
@@ -407,12 +408,8 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, | |||
407 | p += len; | 408 | p += len; |
408 | gss_msg->msg.len += len; | 409 | gss_msg->msg.len += len; |
409 | } | 410 | } |
410 | if (machine_cred) { | 411 | if (service_name != NULL) { |
411 | len = sprintf(p, "service=* "); | 412 | len = sprintf(p, "service=%s ", service_name); |
412 | p += len; | ||
413 | gss_msg->msg.len += len; | ||
414 | } else if (!strcmp(clnt->cl_program->name, "nfs4_cb")) { | ||
415 | len = sprintf(p, "service=nfs "); | ||
416 | p += len; | 413 | p += len; |
417 | gss_msg->msg.len += len; | 414 | gss_msg->msg.len += len; |
418 | } | 415 | } |
@@ -429,17 +426,18 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, | |||
429 | } | 426 | } |
430 | 427 | ||
431 | static void gss_encode_msg(struct gss_upcall_msg *gss_msg, | 428 | static void gss_encode_msg(struct gss_upcall_msg *gss_msg, |
432 | struct rpc_clnt *clnt, int machine_cred) | 429 | struct rpc_clnt *clnt, |
430 | const char *service_name) | ||
433 | { | 431 | { |
434 | if (pipe_version == 0) | 432 | if (pipe_version == 0) |
435 | gss_encode_v0_msg(gss_msg); | 433 | gss_encode_v0_msg(gss_msg); |
436 | else /* pipe_version == 1 */ | 434 | else /* pipe_version == 1 */ |
437 | gss_encode_v1_msg(gss_msg, clnt, machine_cred); | 435 | gss_encode_v1_msg(gss_msg, clnt, service_name); |
438 | } | 436 | } |
439 | 437 | ||
440 | static inline struct gss_upcall_msg * | 438 | static struct gss_upcall_msg * |
441 | gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt, | 439 | gss_alloc_msg(struct gss_auth *gss_auth, struct rpc_clnt *clnt, |
442 | int machine_cred) | 440 | uid_t uid, const char *service_name) |
443 | { | 441 | { |
444 | struct gss_upcall_msg *gss_msg; | 442 | struct gss_upcall_msg *gss_msg; |
445 | int vers; | 443 | int vers; |
@@ -459,7 +457,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt, | |||
459 | atomic_set(&gss_msg->count, 1); | 457 | atomic_set(&gss_msg->count, 1); |
460 | gss_msg->uid = uid; | 458 | gss_msg->uid = uid; |
461 | gss_msg->auth = gss_auth; | 459 | gss_msg->auth = gss_auth; |
462 | gss_encode_msg(gss_msg, clnt, machine_cred); | 460 | gss_encode_msg(gss_msg, clnt, service_name); |
463 | return gss_msg; | 461 | return gss_msg; |
464 | } | 462 | } |
465 | 463 | ||
@@ -471,7 +469,7 @@ gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cr | |||
471 | struct gss_upcall_msg *gss_new, *gss_msg; | 469 | struct gss_upcall_msg *gss_new, *gss_msg; |
472 | uid_t uid = cred->cr_uid; | 470 | uid_t uid = cred->cr_uid; |
473 | 471 | ||
474 | gss_new = gss_alloc_msg(gss_auth, uid, clnt, gss_cred->gc_machine_cred); | 472 | gss_new = gss_alloc_msg(gss_auth, clnt, uid, gss_cred->gc_principal); |
475 | if (IS_ERR(gss_new)) | 473 | if (IS_ERR(gss_new)) |
476 | return gss_new; | 474 | return gss_new; |
477 | gss_msg = gss_add_msg(gss_new); | 475 | gss_msg = gss_add_msg(gss_new); |
@@ -995,7 +993,9 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) | |||
995 | */ | 993 | */ |
996 | cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW; | 994 | cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW; |
997 | cred->gc_service = gss_auth->service; | 995 | cred->gc_service = gss_auth->service; |
998 | cred->gc_machine_cred = acred->machine_cred; | 996 | cred->gc_principal = NULL; |
997 | if (acred->machine_cred) | ||
998 | cred->gc_principal = acred->principal; | ||
999 | kref_get(&gss_auth->kref); | 999 | kref_get(&gss_auth->kref); |
1000 | return &cred->gc_base; | 1000 | return &cred->gc_base; |
1001 | 1001 | ||
@@ -1030,7 +1030,12 @@ gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags) | |||
1030 | if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags)) | 1030 | if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags)) |
1031 | return 0; | 1031 | return 0; |
1032 | out: | 1032 | out: |
1033 | if (acred->machine_cred != gss_cred->gc_machine_cred) | 1033 | if (acred->principal != NULL) { |
1034 | if (gss_cred->gc_principal == NULL) | ||
1035 | return 0; | ||
1036 | return strcmp(acred->principal, gss_cred->gc_principal) == 0; | ||
1037 | } | ||
1038 | if (gss_cred->gc_principal != NULL) | ||
1034 | return 0; | 1039 | return 0; |
1035 | return rc->cr_uid == acred->uid; | 1040 | return rc->cr_uid == acred->uid; |
1036 | } | 1041 | } |
@@ -1104,7 +1109,8 @@ static int gss_renew_cred(struct rpc_task *task) | |||
1104 | struct rpc_auth *auth = oldcred->cr_auth; | 1109 | struct rpc_auth *auth = oldcred->cr_auth; |
1105 | struct auth_cred acred = { | 1110 | struct auth_cred acred = { |
1106 | .uid = oldcred->cr_uid, | 1111 | .uid = oldcred->cr_uid, |
1107 | .machine_cred = gss_cred->gc_machine_cred, | 1112 | .principal = gss_cred->gc_principal, |
1113 | .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0), | ||
1108 | }; | 1114 | }; |
1109 | struct rpc_cred *new; | 1115 | struct rpc_cred *new; |
1110 | 1116 | ||