aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc
diff options
context:
space:
mode:
authorTrond Myklebust <Trond.Myklebust@netapp.com>2012-01-03 13:22:46 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2012-01-05 10:42:38 -0500
commit68c97153fb7f2877f98aa6c29546381d9cad2fed (patch)
tree6c233c15758788758c819248a9d821d0083f4ca6 /net/sunrpc
parent805a6af8dba5dfdd35ec35dc52ec0122400b2610 (diff)
SUNRPC: Clean up the RPCSEC_GSS service ticket requests
Instead of hacking specific service names into gss_encode_v1_msg, we should just allow the caller to specify the service name explicitly. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Acked-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'net/sunrpc')
-rw-r--r--net/sunrpc/auth_generic.c6
-rw-r--r--net/sunrpc/auth_gss/auth_gss.c40
2 files changed, 27 insertions, 19 deletions
diff --git a/net/sunrpc/auth_generic.c b/net/sunrpc/auth_generic.c
index e010a015d996..1426ec3d0a53 100644
--- a/net/sunrpc/auth_generic.c
+++ b/net/sunrpc/auth_generic.c
@@ -41,15 +41,17 @@ EXPORT_SYMBOL_GPL(rpc_lookup_cred);
41/* 41/*
42 * Public call interface for looking up machine creds. 42 * Public call interface for looking up machine creds.
43 */ 43 */
44struct rpc_cred *rpc_lookup_machine_cred(void) 44struct rpc_cred *rpc_lookup_machine_cred(const char *service_name)
45{ 45{
46 struct auth_cred acred = { 46 struct auth_cred acred = {
47 .uid = RPC_MACHINE_CRED_USERID, 47 .uid = RPC_MACHINE_CRED_USERID,
48 .gid = RPC_MACHINE_CRED_GROUPID, 48 .gid = RPC_MACHINE_CRED_GROUPID,
49 .principal = service_name,
49 .machine_cred = 1, 50 .machine_cred = 1,
50 }; 51 };
51 52
52 dprintk("RPC: looking up machine cred\n"); 53 dprintk("RPC: looking up machine cred for service %s\n",
54 service_name);
53 return generic_auth.au_ops->lookup_cred(&generic_auth, &acred, 0); 55 return generic_auth.au_ops->lookup_cred(&generic_auth, &acred, 0);
54} 56}
55EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred); 57EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred);
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index afb56553dfe7..28d72d298735 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -392,7 +392,8 @@ static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
392} 392}
393 393
394static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, 394static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
395 struct rpc_clnt *clnt, int machine_cred) 395 struct rpc_clnt *clnt,
396 const char *service_name)
396{ 397{
397 struct gss_api_mech *mech = gss_msg->auth->mech; 398 struct gss_api_mech *mech = gss_msg->auth->mech;
398 char *p = gss_msg->databuf; 399 char *p = gss_msg->databuf;
@@ -407,12 +408,8 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
407 p += len; 408 p += len;
408 gss_msg->msg.len += len; 409 gss_msg->msg.len += len;
409 } 410 }
410 if (machine_cred) { 411 if (service_name != NULL) {
411 len = sprintf(p, "service=* "); 412 len = sprintf(p, "service=%s ", service_name);
412 p += len;
413 gss_msg->msg.len += len;
414 } else if (!strcmp(clnt->cl_program->name, "nfs4_cb")) {
415 len = sprintf(p, "service=nfs ");
416 p += len; 413 p += len;
417 gss_msg->msg.len += len; 414 gss_msg->msg.len += len;
418 } 415 }
@@ -429,17 +426,18 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
429} 426}
430 427
431static void gss_encode_msg(struct gss_upcall_msg *gss_msg, 428static void gss_encode_msg(struct gss_upcall_msg *gss_msg,
432 struct rpc_clnt *clnt, int machine_cred) 429 struct rpc_clnt *clnt,
430 const char *service_name)
433{ 431{
434 if (pipe_version == 0) 432 if (pipe_version == 0)
435 gss_encode_v0_msg(gss_msg); 433 gss_encode_v0_msg(gss_msg);
436 else /* pipe_version == 1 */ 434 else /* pipe_version == 1 */
437 gss_encode_v1_msg(gss_msg, clnt, machine_cred); 435 gss_encode_v1_msg(gss_msg, clnt, service_name);
438} 436}
439 437
440static inline struct gss_upcall_msg * 438static struct gss_upcall_msg *
441gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt, 439gss_alloc_msg(struct gss_auth *gss_auth, struct rpc_clnt *clnt,
442 int machine_cred) 440 uid_t uid, const char *service_name)
443{ 441{
444 struct gss_upcall_msg *gss_msg; 442 struct gss_upcall_msg *gss_msg;
445 int vers; 443 int vers;
@@ -459,7 +457,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt,
459 atomic_set(&gss_msg->count, 1); 457 atomic_set(&gss_msg->count, 1);
460 gss_msg->uid = uid; 458 gss_msg->uid = uid;
461 gss_msg->auth = gss_auth; 459 gss_msg->auth = gss_auth;
462 gss_encode_msg(gss_msg, clnt, machine_cred); 460 gss_encode_msg(gss_msg, clnt, service_name);
463 return gss_msg; 461 return gss_msg;
464} 462}
465 463
@@ -471,7 +469,7 @@ gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cr
471 struct gss_upcall_msg *gss_new, *gss_msg; 469 struct gss_upcall_msg *gss_new, *gss_msg;
472 uid_t uid = cred->cr_uid; 470 uid_t uid = cred->cr_uid;
473 471
474 gss_new = gss_alloc_msg(gss_auth, uid, clnt, gss_cred->gc_machine_cred); 472 gss_new = gss_alloc_msg(gss_auth, clnt, uid, gss_cred->gc_principal);
475 if (IS_ERR(gss_new)) 473 if (IS_ERR(gss_new))
476 return gss_new; 474 return gss_new;
477 gss_msg = gss_add_msg(gss_new); 475 gss_msg = gss_add_msg(gss_new);
@@ -995,7 +993,9 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
995 */ 993 */
996 cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW; 994 cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
997 cred->gc_service = gss_auth->service; 995 cred->gc_service = gss_auth->service;
998 cred->gc_machine_cred = acred->machine_cred; 996 cred->gc_principal = NULL;
997 if (acred->machine_cred)
998 cred->gc_principal = acred->principal;
999 kref_get(&gss_auth->kref); 999 kref_get(&gss_auth->kref);
1000 return &cred->gc_base; 1000 return &cred->gc_base;
1001 1001
@@ -1030,7 +1030,12 @@ gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
1030 if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags)) 1030 if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
1031 return 0; 1031 return 0;
1032out: 1032out:
1033 if (acred->machine_cred != gss_cred->gc_machine_cred) 1033 if (acred->principal != NULL) {
1034 if (gss_cred->gc_principal == NULL)
1035 return 0;
1036 return strcmp(acred->principal, gss_cred->gc_principal) == 0;
1037 }
1038 if (gss_cred->gc_principal != NULL)
1034 return 0; 1039 return 0;
1035 return rc->cr_uid == acred->uid; 1040 return rc->cr_uid == acred->uid;
1036} 1041}
@@ -1104,7 +1109,8 @@ static int gss_renew_cred(struct rpc_task *task)
1104 struct rpc_auth *auth = oldcred->cr_auth; 1109 struct rpc_auth *auth = oldcred->cr_auth;
1105 struct auth_cred acred = { 1110 struct auth_cred acred = {
1106 .uid = oldcred->cr_uid, 1111 .uid = oldcred->cr_uid,
1107 .machine_cred = gss_cred->gc_machine_cred, 1112 .principal = gss_cred->gc_principal,
1113 .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0),
1108 }; 1114 };
1109 struct rpc_cred *new; 1115 struct rpc_cred *new;
1110 1116