diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/sunrpc/auth_gss/svcauth_gss.c | 21 | ||||
-rw-r--r-- | net/sunrpc/svcauth_unix.c | 4 |
2 files changed, 21 insertions, 4 deletions
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 7a3e1758bea1..e4b3de08b040 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c | |||
@@ -913,10 +913,23 @@ svcauth_gss_set_client(struct svc_rqst *rqstp) | |||
913 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; | 913 | struct gss_svc_data *svcdata = rqstp->rq_auth_data; |
914 | struct rsc *rsci = svcdata->rsci; | 914 | struct rsc *rsci = svcdata->rsci; |
915 | struct rpc_gss_wire_cred *gc = &svcdata->clcred; | 915 | struct rpc_gss_wire_cred *gc = &svcdata->clcred; |
916 | int stat; | ||
916 | 917 | ||
917 | rqstp->rq_client = find_gss_auth_domain(rsci->mechctx, gc->gc_svc); | 918 | /* |
918 | if (rqstp->rq_client == NULL) | 919 | * A gss export can be specified either by: |
920 | * export *(sec=krb5,rw) | ||
921 | * or by | ||
922 | * export gss/krb5(rw) | ||
923 | * The latter is deprecated; but for backwards compatibility reasons | ||
924 | * the nfsd code will still fall back on trying it if the former | ||
925 | * doesn't work; so we try to make both available to nfsd, below. | ||
926 | */ | ||
927 | rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc); | ||
928 | if (rqstp->rq_gssclient == NULL) | ||
919 | return SVC_DENIED; | 929 | return SVC_DENIED; |
930 | stat = svcauth_unix_set_client(rqstp); | ||
931 | if (stat == SVC_DROP) | ||
932 | return stat; | ||
920 | return SVC_OK; | 933 | return SVC_OK; |
921 | } | 934 | } |
922 | 935 | ||
@@ -1088,7 +1101,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
1088 | svc_putnl(resv, GSS_SEQ_WIN); | 1101 | svc_putnl(resv, GSS_SEQ_WIN); |
1089 | if (svc_safe_putnetobj(resv, &rsip->out_token)) | 1102 | if (svc_safe_putnetobj(resv, &rsip->out_token)) |
1090 | goto drop; | 1103 | goto drop; |
1091 | rqstp->rq_client = NULL; | ||
1092 | } | 1104 | } |
1093 | goto complete; | 1105 | goto complete; |
1094 | case RPC_GSS_PROC_DESTROY: | 1106 | case RPC_GSS_PROC_DESTROY: |
@@ -1319,6 +1331,9 @@ out_err: | |||
1319 | if (rqstp->rq_client) | 1331 | if (rqstp->rq_client) |
1320 | auth_domain_put(rqstp->rq_client); | 1332 | auth_domain_put(rqstp->rq_client); |
1321 | rqstp->rq_client = NULL; | 1333 | rqstp->rq_client = NULL; |
1334 | if (rqstp->rq_gssclient) | ||
1335 | auth_domain_put(rqstp->rq_gssclient); | ||
1336 | rqstp->rq_gssclient = NULL; | ||
1322 | if (rqstp->rq_cred.cr_group_info) | 1337 | if (rqstp->rq_cred.cr_group_info) |
1323 | put_group_info(rqstp->rq_cred.cr_group_info); | 1338 | put_group_info(rqstp->rq_cred.cr_group_info); |
1324 | rqstp->rq_cred.cr_group_info = NULL; | 1339 | rqstp->rq_cred.cr_group_info = NULL; |
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index d9fdf2e4d242..411479411b21 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c | |||
@@ -638,7 +638,7 @@ static int unix_gid_find(uid_t uid, struct group_info **gip, | |||
638 | } | 638 | } |
639 | } | 639 | } |
640 | 640 | ||
641 | static int | 641 | int |
642 | svcauth_unix_set_client(struct svc_rqst *rqstp) | 642 | svcauth_unix_set_client(struct svc_rqst *rqstp) |
643 | { | 643 | { |
644 | struct sockaddr_in *sin = svc_addr_in(rqstp); | 644 | struct sockaddr_in *sin = svc_addr_in(rqstp); |
@@ -673,6 +673,8 @@ svcauth_unix_set_client(struct svc_rqst *rqstp) | |||
673 | return SVC_OK; | 673 | return SVC_OK; |
674 | } | 674 | } |
675 | 675 | ||
676 | EXPORT_SYMBOL(svcauth_unix_set_client); | ||
677 | |||
676 | static int | 678 | static int |
677 | svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp) | 679 | svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp) |
678 | { | 680 | { |