aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorOlga Kornievskaia <aglo@citi.umich.edu>2008-12-23 16:17:15 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2008-12-23 16:17:15 -0500
commit68e76ad0baf8f5d5060377c2423ee6eed5c63057 (patch)
treebaab3e30cc3b50bc49a553ee884885189ce85a8e /net
parent34769fc488b463cb753fc632f8f5ba56c918b7cb (diff)
nfsd: pass client principal name in rsc downcall
Two principals are involved in krb5 authentication: the target, who we authenticate *to* (normally the name of the server, like nfs/server.citi.umich.edu@CITI.UMICH.EDU), and the source, we we authenticate *as* (normally a user, like bfields@UMICH.EDU) In the case of NFSv4 callbacks, the target of the callback should be the source of the client's setclientid call, and the source should be the nfs server's own principal. Therefore we allow svcgssd to pass down the name of the principal that just authenticated, so that on setclientid we can store that principal name with the new client, to be used later on callbacks. Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net')
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 12803da95dc4..e9baa6ebb1dd 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -332,6 +332,7 @@ struct rsc {
332 struct svc_cred cred; 332 struct svc_cred cred;
333 struct gss_svc_seq_data seqdata; 333 struct gss_svc_seq_data seqdata;
334 struct gss_ctx *mechctx; 334 struct gss_ctx *mechctx;
335 char *client_name;
335}; 336};
336 337
337static struct cache_head *rsc_table[RSC_HASHMAX]; 338static struct cache_head *rsc_table[RSC_HASHMAX];
@@ -346,6 +347,7 @@ static void rsc_free(struct rsc *rsci)
346 gss_delete_sec_context(&rsci->mechctx); 347 gss_delete_sec_context(&rsci->mechctx);
347 if (rsci->cred.cr_group_info) 348 if (rsci->cred.cr_group_info)
348 put_group_info(rsci->cred.cr_group_info); 349 put_group_info(rsci->cred.cr_group_info);
350 kfree(rsci->client_name);
349} 351}
350 352
351static void rsc_put(struct kref *ref) 353static void rsc_put(struct kref *ref)
@@ -383,6 +385,7 @@ rsc_init(struct cache_head *cnew, struct cache_head *ctmp)
383 tmp->handle.data = NULL; 385 tmp->handle.data = NULL;
384 new->mechctx = NULL; 386 new->mechctx = NULL;
385 new->cred.cr_group_info = NULL; 387 new->cred.cr_group_info = NULL;
388 new->client_name = NULL;
386} 389}
387 390
388static void 391static void
@@ -397,6 +400,8 @@ update_rsc(struct cache_head *cnew, struct cache_head *ctmp)
397 spin_lock_init(&new->seqdata.sd_lock); 400 spin_lock_init(&new->seqdata.sd_lock);
398 new->cred = tmp->cred; 401 new->cred = tmp->cred;
399 tmp->cred.cr_group_info = NULL; 402 tmp->cred.cr_group_info = NULL;
403 new->client_name = tmp->client_name;
404 tmp->client_name = NULL;
400} 405}
401 406
402static struct cache_head * 407static struct cache_head *
@@ -486,6 +491,15 @@ static int rsc_parse(struct cache_detail *cd,
486 status = gss_import_sec_context(buf, len, gm, &rsci.mechctx); 491 status = gss_import_sec_context(buf, len, gm, &rsci.mechctx);
487 if (status) 492 if (status)
488 goto out; 493 goto out;
494
495 /* get client name */
496 len = qword_get(&mesg, buf, mlen);
497 if (len > 0) {
498 rsci.client_name = kstrdup(buf, GFP_KERNEL);
499 if (!rsci.client_name)
500 goto out;
501 }
502
489 } 503 }
490 rsci.h.expiry_time = expiry; 504 rsci.h.expiry_time = expiry;
491 rscp = rsc_update(&rsci, rscp); 505 rscp = rsc_update(&rsci, rscp);
@@ -913,6 +927,15 @@ struct gss_svc_data {
913 struct rsc *rsci; 927 struct rsc *rsci;
914}; 928};
915 929
930char *svc_gss_principal(struct svc_rqst *rqstp)
931{
932 struct gss_svc_data *gd = (struct gss_svc_data *)rqstp->rq_auth_data;
933
934 if (gd && gd->rsci)
935 return gd->rsci->client_name;
936 return NULL;
937}
938
916static int 939static int
917svcauth_gss_set_client(struct svc_rqst *rqstp) 940svcauth_gss_set_client(struct svc_rqst *rqstp)
918{ 941{