aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c21
-rw-r--r--net/sunrpc/svcauth_unix.c4
2 files changed, 21 insertions, 4 deletions
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 7a3e1758bea1..e4b3de08b040 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -913,10 +913,23 @@ svcauth_gss_set_client(struct svc_rqst *rqstp)
913 struct gss_svc_data *svcdata = rqstp->rq_auth_data; 913 struct gss_svc_data *svcdata = rqstp->rq_auth_data;
914 struct rsc *rsci = svcdata->rsci; 914 struct rsc *rsci = svcdata->rsci;
915 struct rpc_gss_wire_cred *gc = &svcdata->clcred; 915 struct rpc_gss_wire_cred *gc = &svcdata->clcred;
916 int stat;
916 917
917 rqstp->rq_client = find_gss_auth_domain(rsci->mechctx, gc->gc_svc); 918 /*
918 if (rqstp->rq_client == NULL) 919 * A gss export can be specified either by:
920 * export *(sec=krb5,rw)
921 * or by
922 * export gss/krb5(rw)
923 * The latter is deprecated; but for backwards compatibility reasons
924 * the nfsd code will still fall back on trying it if the former
925 * doesn't work; so we try to make both available to nfsd, below.
926 */
927 rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);
928 if (rqstp->rq_gssclient == NULL)
919 return SVC_DENIED; 929 return SVC_DENIED;
930 stat = svcauth_unix_set_client(rqstp);
931 if (stat == SVC_DROP)
932 return stat;
920 return SVC_OK; 933 return SVC_OK;
921} 934}
922 935
@@ -1088,7 +1101,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
1088 svc_putnl(resv, GSS_SEQ_WIN); 1101 svc_putnl(resv, GSS_SEQ_WIN);
1089 if (svc_safe_putnetobj(resv, &rsip->out_token)) 1102 if (svc_safe_putnetobj(resv, &rsip->out_token))
1090 goto drop; 1103 goto drop;
1091 rqstp->rq_client = NULL;
1092 } 1104 }
1093 goto complete; 1105 goto complete;
1094 case RPC_GSS_PROC_DESTROY: 1106 case RPC_GSS_PROC_DESTROY:
@@ -1319,6 +1331,9 @@ out_err:
1319 if (rqstp->rq_client) 1331 if (rqstp->rq_client)
1320 auth_domain_put(rqstp->rq_client); 1332 auth_domain_put(rqstp->rq_client);
1321 rqstp->rq_client = NULL; 1333 rqstp->rq_client = NULL;
1334 if (rqstp->rq_gssclient)
1335 auth_domain_put(rqstp->rq_gssclient);
1336 rqstp->rq_gssclient = NULL;
1322 if (rqstp->rq_cred.cr_group_info) 1337 if (rqstp->rq_cred.cr_group_info)
1323 put_group_info(rqstp->rq_cred.cr_group_info); 1338 put_group_info(rqstp->rq_cred.cr_group_info);
1324 rqstp->rq_cred.cr_group_info = NULL; 1339 rqstp->rq_cred.cr_group_info = NULL;
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index d9fdf2e4d242..411479411b21 100644
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -638,7 +638,7 @@ static int unix_gid_find(uid_t uid, struct group_info **gip,
638 } 638 }
639} 639}
640 640
641static int 641int
642svcauth_unix_set_client(struct svc_rqst *rqstp) 642svcauth_unix_set_client(struct svc_rqst *rqstp)
643{ 643{
644 struct sockaddr_in *sin = svc_addr_in(rqstp); 644 struct sockaddr_in *sin = svc_addr_in(rqstp);
@@ -673,6 +673,8 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)
673 return SVC_OK; 673 return SVC_OK;
674} 674}
675 675
676EXPORT_SYMBOL(svcauth_unix_set_client);
677
676static int 678static int
677svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp) 679svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp)
678{ 680{