aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@redhat.com>2013-05-14 16:07:13 -0400
committerJ. Bruce Fields <bfields@redhat.com>2013-07-01 17:23:06 -0400
commit0dc1531aca7fd1440918bd55844a054e9c29acad (patch)
tree3bed6a56a709b4781d8108f7a5b7546a6685fd09 /net
parent442340639194762df7e61e8aabae44a18896eca1 (diff)
svcrpc: store gss mech in svc_cred
Store a pointer to the gss mechanism used in the rq_cred and cl_cred. This will make it easier to enforce SP4_MACH_CRED, which needs to compare the mechanism used on the exchange_id with that used on protected operations. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'net')
-rw-r--r--net/sunrpc/auth_gss/gss_mech_switch.c5
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c4
2 files changed, 5 insertions, 4 deletions
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index defa9d33925c..27ce26240932 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -139,11 +139,12 @@ void gss_mech_unregister(struct gss_api_mech *gm)
139} 139}
140EXPORT_SYMBOL_GPL(gss_mech_unregister); 140EXPORT_SYMBOL_GPL(gss_mech_unregister);
141 141
142static struct gss_api_mech *gss_mech_get(struct gss_api_mech *gm) 142struct gss_api_mech *gss_mech_get(struct gss_api_mech *gm)
143{ 143{
144 __module_get(gm->gm_owner); 144 __module_get(gm->gm_owner);
145 return gm; 145 return gm;
146} 146}
147EXPORT_SYMBOL(gss_mech_get);
147 148
148static struct gss_api_mech * 149static struct gss_api_mech *
149_gss_mech_get_by_name(const char *name) 150_gss_mech_get_by_name(const char *name)
@@ -360,6 +361,7 @@ gss_pseudoflavor_to_service(struct gss_api_mech *gm, u32 pseudoflavor)
360 } 361 }
361 return 0; 362 return 0;
362} 363}
364EXPORT_SYMBOL(gss_pseudoflavor_to_service);
363 365
364char * 366char *
365gss_service_to_auth_domain_name(struct gss_api_mech *gm, u32 service) 367gss_service_to_auth_domain_name(struct gss_api_mech *gm, u32 service)
@@ -379,6 +381,7 @@ gss_mech_put(struct gss_api_mech * gm)
379 if (gm) 381 if (gm)
380 module_put(gm->gm_owner); 382 module_put(gm->gm_owner);
381} 383}
384EXPORT_SYMBOL(gss_mech_put);
382 385
383/* The mech could probably be determined from the token instead, but it's just 386/* The mech could probably be determined from the token instead, but it's just
384 * as easy for now to pass it in. */ 387 * as easy for now to pass it in. */
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 8d7860ee2398..0265bb3a8689 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -391,7 +391,6 @@ update_rsc(struct cache_head *cnew, struct cache_head *ctmp)
391 memset(&new->seqdata, 0, sizeof(new->seqdata)); 391 memset(&new->seqdata, 0, sizeof(new->seqdata));
392 spin_lock_init(&new->seqdata.sd_lock); 392 spin_lock_init(&new->seqdata.sd_lock);
393 new->cred = tmp->cred; 393 new->cred = tmp->cred;
394 new->cred.cr_principal = tmp->cred.cr_principal;
395 init_svc_cred(&tmp->cred); 394 init_svc_cred(&tmp->cred);
396} 395}
397 396
@@ -485,7 +484,7 @@ static int rsc_parse(struct cache_detail *cd,
485 len = qword_get(&mesg, buf, mlen); 484 len = qword_get(&mesg, buf, mlen);
486 if (len < 0) 485 if (len < 0)
487 goto out; 486 goto out;
488 gm = gss_mech_get_by_name(buf); 487 gm = rsci.cred.cr_gss_mech = gss_mech_get_by_name(buf);
489 status = -EOPNOTSUPP; 488 status = -EOPNOTSUPP;
490 if (!gm) 489 if (!gm)
491 goto out; 490 goto out;
@@ -515,7 +514,6 @@ static int rsc_parse(struct cache_detail *cd,
515 rscp = rsc_update(cd, &rsci, rscp); 514 rscp = rsc_update(cd, &rsci, rscp);
516 status = 0; 515 status = 0;
517out: 516out:
518 gss_mech_put(gm);
519 rsc_free(&rsci); 517 rsc_free(&rsci);
520 if (rscp) 518 if (rscp)
521 cache_put(&rscp->h, cd); 519 cache_put(&rscp->h, cd);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-25 14:25:19 -0500