7 files changed, 58 insertions, 9 deletions
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index aa55d0a03e6f..29a8ecc60928 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -543,17 +543,18 @@ rpcauth_uptodatecred(struct rpc_task *task)
                test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0;
 }
+static struct shrinker rpc_cred_shrinker = {
-static struct shrinker *rpc_cred_shrinker;
+        .shrink = rpcauth_cache_shrinker,
+        .seeks = DEFAULT_SEEKS,
+};
 void __init rpcauth_init_module(void)
 {
        rpc_init_authunix();
-        rpc_cred_shrinker = set_shrinker(DEFAULT_SEEKS, rpcauth_cache_shrinker);
+        register_shrinker(&rpc_cred_shrinker);
 }
 void __exit rpcauth_remove_module(void)
 {
-        if (rpc_cred_shrinker != NULL)
+        unregister_shrinker(&rpc_cred_shrinker);
-                remove_shrinker(rpc_cred_shrinker);
 }
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index baf4096d52d4..abfda33bac64 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -43,6 +43,7 @@
 #include <linux/types.h>
 #include <linux/slab.h>
 #include <linux/sched.h>
+#include <linux/smp_lock.h>
 #include <linux/pagemap.h>
 #include <linux/sunrpc/clnt.h>
 #include <linux/sunrpc/auth.h>
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 71b9daefdff3..9843eacef11d 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -231,6 +231,7 @@ static struct pf_desc gss_kerberos_pfs[] = {
 static struct gss_api_mech gss_kerberos_mech = {
        .gm_name        = "krb5",
        .gm_owner       = THIS_MODULE,
+        .gm_oid         = {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"},
        .gm_ops         = &gss_kerberos_ops,
        .gm_pf_num      = ARRAY_SIZE(gss_kerberos_pfs),
        .gm_pfs         = gss_kerberos_pfs,
diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c
index 26872517ccf3..61801a069ff0 100644
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -194,6 +194,20 @@ gss_mech_get_by_pseudoflavor(u32 pseudoflavor)
 EXPORT_SYMBOL(gss_mech_get_by_pseudoflavor);
 u32
+gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 service)
+{
+        int i;
+        for (i = 0; i < gm->gm_pf_num; i++) {
+                if (gm->gm_pfs[i].service == service) {
+                        return gm->gm_pfs[i].pseudoflavor;
+                }
+        }
+        return RPC_AUTH_MAXFLAVOR; /* illegal value */
+}
+EXPORT_SYMBOL(gss_svc_to_pseudoflavor);
+u32
 gss_pseudoflavor_to_service(struct gss_api_mech *gm, u32 pseudoflavor)
 {
        int i;
diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c
index 577d590e755f..5deb4b6e4514 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_mech.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c
@@ -217,6 +217,7 @@ static struct pf_desc gss_spkm3_pfs[] = {
 static struct gss_api_mech gss_spkm3_mech = {
        .gm_name        = "spkm3",
        .gm_owner       = THIS_MODULE,
+        .gm_oid         = {7, "\053\006\001\005\005\001\003"},
        .gm_ops         = &gss_spkm3_ops,
        .gm_pf_num      = ARRAY_SIZE(gss_spkm3_pfs),
        .gm_pfs         = gss_spkm3_pfs,
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index c094583386fd..490697542fc2 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -743,6 +743,15 @@ find_gss_auth_domain(struct gss_ctx *ctx, u32 svc)
 static struct auth_ops svcauthops_gss;
+u32 svcauth_gss_flavor(struct auth_domain *dom)
+{
+        struct gss_domain *gd = container_of(dom, struct gss_domain, h);
+        return gd->pseudoflavor;
+}
+EXPORT_SYMBOL(svcauth_gss_flavor);
 int
 svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
 {
@@ -913,10 +922,23 @@ svcauth_gss_set_client(struct svc_rqst *rqstp)
        struct gss_svc_data *svcdata = rqstp->rq_auth_data;
        struct rsc *rsci = svcdata->rsci;
        struct rpc_gss_wire_cred *gc = &svcdata->clcred;
+        int stat;
-        rqstp->rq_client = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);
+        /*
-        if (rqstp->rq_client == NULL)
+         * A gss export can be specified either by:
+         *      export  *(sec=krb5,rw)
+         * or by
+         *      export gss/krb5(rw)
+         * The latter is deprecated; but for backwards compatibility reasons
+         * the nfsd code will still fall back on trying it if the former
+         * doesn't work; so we try to make both available to nfsd, below.
+         */
+        rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);
+        if (rqstp->rq_gssclient == NULL)
                return SVC_DENIED;
+        stat = svcauth_unix_set_client(rqstp);
+        if (stat == SVC_DROP)
+                return stat;
        return SVC_OK;
 }
@@ -1088,7 +1110,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
                        svc_putnl(resv, GSS_SEQ_WIN);
                        if (svc_safe_putnetobj(resv, &rsip->out_token))
                                goto drop;
-                        rqstp->rq_client = NULL;
                }
                goto complete;
        case RPC_GSS_PROC_DESTROY:
@@ -1131,6 +1152,8 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
                }
                svcdata->rsci = rsci;
                cache_get(&rsci->h);
+                rqstp->rq_flavor = gss_svc_to_pseudoflavor(
+                                        rsci->mechctx->mech_type, gc->gc_svc);
                ret = SVC_OK;
                goto out;
        }
@@ -1317,6 +1340,9 @@ out_err:
        if (rqstp->rq_client)
                auth_domain_put(rqstp->rq_client);
        rqstp->rq_client = NULL;
+        if (rqstp->rq_gssclient)
+                auth_domain_put(rqstp->rq_gssclient);
+        rqstp->rq_gssclient = NULL;
        if (rqstp->rq_cred.cr_group_info)
                put_group_info(rqstp->rq_cred.cr_group_info);
        rqstp->rq_cred.cr_group_info = NULL;
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index 07dcd20cbee4..411479411b21 100644
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -5,6 +5,7 @@
 #include <linux/sunrpc/xdr.h>
 #include <linux/sunrpc/svcsock.h>
 #include <linux/sunrpc/svcauth.h>
+#include <linux/sunrpc/gss_api.h>
 #include <linux/err.h>
 #include <linux/seq_file.h>
 #include <linux/hash.h>
@@ -637,7 +638,7 @@ static int unix_gid_find(uid_t uid, struct group_info **gip,
        }
 }
-static int
+int
 svcauth_unix_set_client(struct svc_rqst *rqstp)
 {
        struct sockaddr_in *sin = svc_addr_in(rqstp);
@@ -672,6 +673,8 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)
        return SVC_OK;
 }
+EXPORT_SYMBOL(svcauth_unix_set_client);
 static int
 svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp)
 {
@@ -707,6 +710,7 @@ svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp)
        svc_putnl(resv, RPC_AUTH_NULL);
        svc_putnl(resv, 0);
+        rqstp->rq_flavor = RPC_AUTH_NULL;
        return SVC_OK;
 }
@@ -784,6 +788,7 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
        svc_putnl(resv, RPC_AUTH_NULL);
        svc_putnl(resv, 0);
+        rqstp->rq_flavor = RPC_AUTH_UNIX;
        return SVC_OK;
 badcred:

diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c index aa55d0a03e6f..29a8ecc60928 100644 --- a/net/sunrpc/auth.c +++ b/net/sunrpc/auth.c
@@ -543,17 +543,18 @@ rpcauth_uptodatecred(struct rpc_task *task)
543	test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0;	543	test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0;
544	}	544	}
545		545
546		546	static struct shrinker rpc_cred_shrinker = {
547	static struct shrinker *rpc_cred_shrinker;	547	.shrink = rpcauth_cache_shrinker,
		548	.seeks = DEFAULT_SEEKS,
		549	};
548		550
549	void __init rpcauth_init_module(void)	551	void __init rpcauth_init_module(void)
550	{	552	{
551	rpc_init_authunix();	553	rpc_init_authunix();
552	rpc_cred_shrinker = set_shrinker(DEFAULT_SEEKS, rpcauth_cache_shrinker);	554	register_shrinker(&rpc_cred_shrinker);
553	}	555	}
554		556
555	void __exit rpcauth_remove_module(void)	557	void __exit rpcauth_remove_module(void)
556	{	558	{
557	if (rpc_cred_shrinker != NULL)	559	unregister_shrinker(&rpc_cred_shrinker);
558	remove_shrinker(rpc_cred_shrinker);
559	}	560	}


diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index baf4096d52d4..abfda33bac64 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -43,6 +43,7 @@
43	#include <linux/types.h>	43	#include <linux/types.h>
44	#include <linux/slab.h>	44	#include <linux/slab.h>
45	#include <linux/sched.h>	45	#include <linux/sched.h>
		46	#include <linux/smp_lock.h>
46	#include <linux/pagemap.h>	47	#include <linux/pagemap.h>
47	#include <linux/sunrpc/clnt.h>	48	#include <linux/sunrpc/clnt.h>
48	#include <linux/sunrpc/auth.h>	49	#include <linux/sunrpc/auth.h>


diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 71b9daefdff3..9843eacef11d 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -231,6 +231,7 @@ static struct pf_desc gss_kerberos_pfs[] = {
231	static struct gss_api_mech gss_kerberos_mech = {	231	static struct gss_api_mech gss_kerberos_mech = {
232	.gm_name = "krb5",	232	.gm_name = "krb5",
233	.gm_owner = THIS_MODULE,	233	.gm_owner = THIS_MODULE,
		234	.gm_oid = {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"},
234	.gm_ops = &gss_kerberos_ops,	235	.gm_ops = &gss_kerberos_ops,
235	.gm_pf_num = ARRAY_SIZE(gss_kerberos_pfs),	236	.gm_pf_num = ARRAY_SIZE(gss_kerberos_pfs),
236	.gm_pfs = gss_kerberos_pfs,	237	.gm_pfs = gss_kerberos_pfs,


diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c index 26872517ccf3..61801a069ff0 100644 --- a/net/sunrpc/auth_gss/gss_mech_switch.c +++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -194,6 +194,20 @@ gss_mech_get_by_pseudoflavor(u32 pseudoflavor)
194	EXPORT_SYMBOL(gss_mech_get_by_pseudoflavor);	194	EXPORT_SYMBOL(gss_mech_get_by_pseudoflavor);
195		195
196	u32	196	u32
		197	gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 service)
		198	{
		199	int i;
		200
		201	for (i = 0; i < gm->gm_pf_num; i++) {
		202	if (gm->gm_pfs[i].service == service) {
		203	return gm->gm_pfs[i].pseudoflavor;
		204	}
		205	}
		206	return RPC_AUTH_MAXFLAVOR; /* illegal value */
		207	}
		208	EXPORT_SYMBOL(gss_svc_to_pseudoflavor);
		209
		210	u32
197	gss_pseudoflavor_to_service(struct gss_api_mech *gm, u32 pseudoflavor)	211	gss_pseudoflavor_to_service(struct gss_api_mech *gm, u32 pseudoflavor)
198	{	212	{
199	int i;	213	int i;


diff --git a/net/sunrpc/auth_gss/gss_spkm3_mech.c b/net/sunrpc/auth_gss/gss_spkm3_mech.c index 577d590e755f..5deb4b6e4514 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_mech.c +++ b/net/sunrpc/auth_gss/gss_spkm3_mech.c
@@ -217,6 +217,7 @@ static struct pf_desc gss_spkm3_pfs[] = {
217	static struct gss_api_mech gss_spkm3_mech = {	217	static struct gss_api_mech gss_spkm3_mech = {
218	.gm_name = "spkm3",	218	.gm_name = "spkm3",
219	.gm_owner = THIS_MODULE,	219	.gm_owner = THIS_MODULE,
		220	.gm_oid = {7, "\053\006\001\005\005\001\003"},
220	.gm_ops = &gss_spkm3_ops,	221	.gm_ops = &gss_spkm3_ops,
221	.gm_pf_num = ARRAY_SIZE(gss_spkm3_pfs),	222	.gm_pf_num = ARRAY_SIZE(gss_spkm3_pfs),
222	.gm_pfs = gss_spkm3_pfs,	223	.gm_pfs = gss_spkm3_pfs,


diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index c094583386fd..490697542fc2 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -743,6 +743,15 @@ find_gss_auth_domain(struct gss_ctx *ctx, u32 svc)
743		743
744	static struct auth_ops svcauthops_gss;	744	static struct auth_ops svcauthops_gss;
745		745
		746	u32 svcauth_gss_flavor(struct auth_domain *dom)
		747	{
		748	struct gss_domain *gd = container_of(dom, struct gss_domain, h);
		749
		750	return gd->pseudoflavor;
		751	}
		752
		753	EXPORT_SYMBOL(svcauth_gss_flavor);
		754
746	int	755	int
747	svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)	756	svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
748	{	757	{
@@ -913,10 +922,23 @@ svcauth_gss_set_client(struct svc_rqst *rqstp)
913	struct gss_svc_data *svcdata = rqstp->rq_auth_data;	922	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
914	struct rsc *rsci = svcdata->rsci;	923	struct rsc *rsci = svcdata->rsci;
915	struct rpc_gss_wire_cred *gc = &svcdata->clcred;	924	struct rpc_gss_wire_cred *gc = &svcdata->clcred;
		925	int stat;
916		926
917	rqstp->rq_client = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);	927	/*
918	if (rqstp->rq_client == NULL)	928	* A gss export can be specified either by:
		929	* export *(sec=krb5,rw)
		930	* or by
		931	* export gss/krb5(rw)
		932	* The latter is deprecated; but for backwards compatibility reasons
		933	* the nfsd code will still fall back on trying it if the former
		934	* doesn't work; so we try to make both available to nfsd, below.
		935	*/
		936	rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);
		937	if (rqstp->rq_gssclient == NULL)
919	return SVC_DENIED;	938	return SVC_DENIED;
		939	stat = svcauth_unix_set_client(rqstp);
		940	if (stat == SVC_DROP)
		941	return stat;
920	return SVC_OK;	942	return SVC_OK;
921	}	943	}
922		944
@@ -1088,7 +1110,6 @@ svcauth_gss_accept(struct svc_rqst rqstp, __be32 authp)
1088	svc_putnl(resv, GSS_SEQ_WIN);	1110	svc_putnl(resv, GSS_SEQ_WIN);
1089	if (svc_safe_putnetobj(resv, &rsip->out_token))	1111	if (svc_safe_putnetobj(resv, &rsip->out_token))
1090	goto drop;	1112	goto drop;
1091	rqstp->rq_client = NULL;
1092	}	1113	}
1093	goto complete;	1114	goto complete;
1094	case RPC_GSS_PROC_DESTROY:	1115	case RPC_GSS_PROC_DESTROY:
@@ -1131,6 +1152,8 @@ svcauth_gss_accept(struct svc_rqst rqstp, __be32 authp)
1131	}	1152	}
1132	svcdata->rsci = rsci;	1153	svcdata->rsci = rsci;
1133	cache_get(&rsci->h);	1154	cache_get(&rsci->h);
		1155	rqstp->rq_flavor = gss_svc_to_pseudoflavor(
		1156	rsci->mechctx->mech_type, gc->gc_svc);
1134	ret = SVC_OK;	1157	ret = SVC_OK;
1135	goto out;	1158	goto out;
1136	}	1159	}
@@ -1317,6 +1340,9 @@ out_err:
1317	if (rqstp->rq_client)	1340	if (rqstp->rq_client)
1318	auth_domain_put(rqstp->rq_client);	1341	auth_domain_put(rqstp->rq_client);
1319	rqstp->rq_client = NULL;	1342	rqstp->rq_client = NULL;
		1343	if (rqstp->rq_gssclient)
		1344	auth_domain_put(rqstp->rq_gssclient);
		1345	rqstp->rq_gssclient = NULL;
1320	if (rqstp->rq_cred.cr_group_info)	1346	if (rqstp->rq_cred.cr_group_info)
1321	put_group_info(rqstp->rq_cred.cr_group_info);	1347	put_group_info(rqstp->rq_cred.cr_group_info);
1322	rqstp->rq_cred.cr_group_info = NULL;	1348	rqstp->rq_cred.cr_group_info = NULL;


diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index 07dcd20cbee4..411479411b21 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c
@@ -5,6 +5,7 @@
5	#include <linux/sunrpc/xdr.h>	5	#include <linux/sunrpc/xdr.h>
6	#include <linux/sunrpc/svcsock.h>	6	#include <linux/sunrpc/svcsock.h>
7	#include <linux/sunrpc/svcauth.h>	7	#include <linux/sunrpc/svcauth.h>
		8	#include <linux/sunrpc/gss_api.h>
8	#include <linux/err.h>	9	#include <linux/err.h>
9	#include <linux/seq_file.h>	10	#include <linux/seq_file.h>
10	#include <linux/hash.h>	11	#include <linux/hash.h>
@@ -637,7 +638,7 @@ static int unix_gid_find(uid_t uid, struct group_info **gip,
637	}	638	}
638	}	639	}
639		640
640	static int	641	int
641	svcauth_unix_set_client(struct svc_rqst *rqstp)	642	svcauth_unix_set_client(struct svc_rqst *rqstp)
642	{	643	{
643	struct sockaddr_in *sin = svc_addr_in(rqstp);	644	struct sockaddr_in *sin = svc_addr_in(rqstp);
@@ -672,6 +673,8 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)
672	return SVC_OK;	673	return SVC_OK;
673	}	674	}
674		675
		676	EXPORT_SYMBOL(svcauth_unix_set_client);
		677
675	static int	678	static int
676	svcauth_null_accept(struct svc_rqst rqstp, __be32 authp)	679	svcauth_null_accept(struct svc_rqst rqstp, __be32 authp)
677	{	680	{
@@ -707,6 +710,7 @@ svcauth_null_accept(struct svc_rqst rqstp, __be32 authp)
707	svc_putnl(resv, RPC_AUTH_NULL);	710	svc_putnl(resv, RPC_AUTH_NULL);
708	svc_putnl(resv, 0);	711	svc_putnl(resv, 0);
709		712
		713	rqstp->rq_flavor = RPC_AUTH_NULL;
710	return SVC_OK;	714	return SVC_OK;
711	}	715	}
712		716
@@ -784,6 +788,7 @@ svcauth_unix_accept(struct svc_rqst rqstp, __be32 authp)
784	svc_putnl(resv, RPC_AUTH_NULL);	788	svc_putnl(resv, RPC_AUTH_NULL);
785	svc_putnl(resv, 0);	789	svc_putnl(resv, 0);
786		790
		791	rqstp->rq_flavor = RPC_AUTH_UNIX;
787	return SVC_OK;	792	return SVC_OK;
788		793
789	badcred:	794	badcred: