diff options
author | Olga Kornievskaia <aglo@citi.umich.edu> | 2008-12-23 16:17:15 -0500 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-12-23 16:17:15 -0500 |
commit | 68e76ad0baf8f5d5060377c2423ee6eed5c63057 (patch) | |
tree | baab3e30cc3b50bc49a553ee884885189ce85a8e /net | |
parent | 34769fc488b463cb753fc632f8f5ba56c918b7cb (diff) |
nfsd: pass client principal name in rsc downcall
Two principals are involved in krb5 authentication: the target, who we
authenticate *to* (normally the name of the server, like
nfs/server.citi.umich.edu@CITI.UMICH.EDU), and the source, we we
authenticate *as* (normally a user, like bfields@UMICH.EDU)
In the case of NFSv4 callbacks, the target of the callback should be the
source of the client's setclientid call, and the source should be the
nfs server's own principal.
Therefore we allow svcgssd to pass down the name of the principal that
just authenticated, so that on setclientid we can store that principal
name with the new client, to be used later on callbacks.
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 12803da95dc4..e9baa6ebb1dd 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c | |||
@@ -332,6 +332,7 @@ struct rsc { | |||
332 | struct svc_cred cred; | 332 | struct svc_cred cred; |
333 | struct gss_svc_seq_data seqdata; | 333 | struct gss_svc_seq_data seqdata; |
334 | struct gss_ctx *mechctx; | 334 | struct gss_ctx *mechctx; |
335 | char *client_name; | ||
335 | }; | 336 | }; |
336 | 337 | ||
337 | static struct cache_head *rsc_table[RSC_HASHMAX]; | 338 | static struct cache_head *rsc_table[RSC_HASHMAX]; |
@@ -346,6 +347,7 @@ static void rsc_free(struct rsc *rsci) | |||
346 | gss_delete_sec_context(&rsci->mechctx); | 347 | gss_delete_sec_context(&rsci->mechctx); |
347 | if (rsci->cred.cr_group_info) | 348 | if (rsci->cred.cr_group_info) |
348 | put_group_info(rsci->cred.cr_group_info); | 349 | put_group_info(rsci->cred.cr_group_info); |
350 | kfree(rsci->client_name); | ||
349 | } | 351 | } |
350 | 352 | ||
351 | static void rsc_put(struct kref *ref) | 353 | static void rsc_put(struct kref *ref) |
@@ -383,6 +385,7 @@ rsc_init(struct cache_head *cnew, struct cache_head *ctmp) | |||
383 | tmp->handle.data = NULL; | 385 | tmp->handle.data = NULL; |
384 | new->mechctx = NULL; | 386 | new->mechctx = NULL; |
385 | new->cred.cr_group_info = NULL; | 387 | new->cred.cr_group_info = NULL; |
388 | new->client_name = NULL; | ||
386 | } | 389 | } |
387 | 390 | ||
388 | static void | 391 | static void |
@@ -397,6 +400,8 @@ update_rsc(struct cache_head *cnew, struct cache_head *ctmp) | |||
397 | spin_lock_init(&new->seqdata.sd_lock); | 400 | spin_lock_init(&new->seqdata.sd_lock); |
398 | new->cred = tmp->cred; | 401 | new->cred = tmp->cred; |
399 | tmp->cred.cr_group_info = NULL; | 402 | tmp->cred.cr_group_info = NULL; |
403 | new->client_name = tmp->client_name; | ||
404 | tmp->client_name = NULL; | ||
400 | } | 405 | } |
401 | 406 | ||
402 | static struct cache_head * | 407 | static struct cache_head * |
@@ -486,6 +491,15 @@ static int rsc_parse(struct cache_detail *cd, | |||
486 | status = gss_import_sec_context(buf, len, gm, &rsci.mechctx); | 491 | status = gss_import_sec_context(buf, len, gm, &rsci.mechctx); |
487 | if (status) | 492 | if (status) |
488 | goto out; | 493 | goto out; |
494 | |||
495 | /* get client name */ | ||
496 | len = qword_get(&mesg, buf, mlen); | ||
497 | if (len > 0) { | ||
498 | rsci.client_name = kstrdup(buf, GFP_KERNEL); | ||
499 | if (!rsci.client_name) | ||
500 | goto out; | ||
501 | } | ||
502 | |||
489 | } | 503 | } |
490 | rsci.h.expiry_time = expiry; | 504 | rsci.h.expiry_time = expiry; |
491 | rscp = rsc_update(&rsci, rscp); | 505 | rscp = rsc_update(&rsci, rscp); |
@@ -913,6 +927,15 @@ struct gss_svc_data { | |||
913 | struct rsc *rsci; | 927 | struct rsc *rsci; |
914 | }; | 928 | }; |
915 | 929 | ||
930 | char *svc_gss_principal(struct svc_rqst *rqstp) | ||
931 | { | ||
932 | struct gss_svc_data *gd = (struct gss_svc_data *)rqstp->rq_auth_data; | ||
933 | |||
934 | if (gd && gd->rsci) | ||
935 | return gd->rsci->client_name; | ||
936 | return NULL; | ||
937 | } | ||
938 | |||
916 | static int | 939 | static int |
917 | svcauth_gss_set_client(struct svc_rqst *rqstp) | 940 | svcauth_gss_set_client(struct svc_rqst *rqstp) |
918 | { | 941 | { |