diff options
Diffstat (limited to 'net/sunrpc/auth_gss/svcauth_gss.c')
| -rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index c094583386fd..490697542fc2 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c | |||
| @@ -743,6 +743,15 @@ find_gss_auth_domain(struct gss_ctx *ctx, u32 svc) | |||
| 743 | 743 | ||
| 744 | static struct auth_ops svcauthops_gss; | 744 | static struct auth_ops svcauthops_gss; |
| 745 | 745 | ||
| 746 | u32 svcauth_gss_flavor(struct auth_domain *dom) | ||
| 747 | { | ||
| 748 | struct gss_domain *gd = container_of(dom, struct gss_domain, h); | ||
| 749 | |||
| 750 | return gd->pseudoflavor; | ||
| 751 | } | ||
| 752 | |||
| 753 | EXPORT_SYMBOL(svcauth_gss_flavor); | ||
| 754 | |||
| 746 | int | 755 | int |
| 747 | svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name) | 756 | svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name) |
| 748 | { | 757 | { |
| @@ -913,10 +922,23 @@ svcauth_gss_set_client(struct svc_rqst *rqstp) | |||
| 913 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; | 922 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; |
| 914 | struct rsc *rsci = svcdata->rsci; | 923 | struct rsc *rsci = svcdata->rsci; |
| 915 | struct rpc_gss_wire_cred *gc = &svcdata->clcred; | 924 | struct rpc_gss_wire_cred *gc = &svcdata->clcred; |
| 925 | int stat; | ||
| 916 | 926 | ||
| 917 | rqstp->rq_client = find_gss_auth_domain(rsci->mechctx, gc->gc_svc); | 927 | /* |
| 918 | if (rqstp->rq_client == NULL) | 928 | * A gss export can be specified either by: |
| 929 | * export *(sec=krb5,rw) | ||
| 930 | * or by | ||
| 931 | * export gss/krb5(rw) | ||
| 932 | * The latter is deprecated; but for backwards compatibility reasons | ||
| 933 | * the nfsd code will still fall back on trying it if the former | ||
| 934 | * doesn't work; so we try to make both available to nfsd, below. | ||
| 935 | */ | ||
| 936 | rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc); | ||
| 937 | if (rqstp->rq_gssclient == NULL) | ||
| 919 | return SVC_DENIED; | 938 | return SVC_DENIED; |
| 939 | stat = svcauth_unix_set_client(rqstp); | ||
| 940 | if (stat == SVC_DROP) | ||
| 941 | return stat; | ||
| 920 | return SVC_OK; | 942 | return SVC_OK; |
| 921 | } | 943 | } |
| 922 | 944 | ||
| @@ -1088,7 +1110,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
| 1088 | svc_putnl(resv, GSS_SEQ_WIN); | 1110 | svc_putnl(resv, GSS_SEQ_WIN); |
| 1089 | if (svc_safe_putnetobj(resv, &rsip->out_token)) | 1111 | if (svc_safe_putnetobj(resv, &rsip->out_token)) |
| 1090 | goto drop; | 1112 | goto drop; |
| 1091 | rqstp->rq_client = NULL; | ||
| 1092 | } | 1113 | } |
| 1093 | goto complete; | 1114 | goto complete; |
| 1094 | case RPC_GSS_PROC_DESTROY: | 1115 | case RPC_GSS_PROC_DESTROY: |
| @@ -1131,6 +1152,8 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
| 1131 | } | 1152 | } |
| 1132 | svcdata->rsci = rsci; | 1153 | svcdata->rsci = rsci; |
| 1133 | cache_get(&rsci->h); | 1154 | cache_get(&rsci->h); |
| 1155 | rqstp->rq_flavor = gss_svc_to_pseudoflavor( | ||
| 1156 | rsci->mechctx->mech_type, gc->gc_svc); | ||
| 1134 | ret = SVC_OK; | 1157 | ret = SVC_OK; |
| 1135 | goto out; | 1158 | goto out; |
| 1136 | } | 1159 | } |
| @@ -1317,6 +1340,9 @@ out_err: | |||
| 1317 | if (rqstp->rq_client) | 1340 | if (rqstp->rq_client) |
| 1318 | auth_domain_put(rqstp->rq_client); | 1341 | auth_domain_put(rqstp->rq_client); |
| 1319 | rqstp->rq_client = NULL; | 1342 | rqstp->rq_client = NULL; |
| 1343 | if (rqstp->rq_gssclient) | ||
| 1344 | auth_domain_put(rqstp->rq_gssclient); | ||
| 1345 | rqstp->rq_gssclient = NULL; | ||
| 1320 | if (rqstp->rq_cred.cr_group_info) | 1346 | if (rqstp->rq_cred.cr_group_info) |
| 1321 | put_group_info(rqstp->rq_cred.cr_group_info); | 1347 | put_group_info(rqstp->rq_cred.cr_group_info); |
| 1322 | rqstp->rq_cred.cr_group_info = NULL; | 1348 | rqstp->rq_cred.cr_group_info = NULL; |