Commit 68c97153 authored by Trond Myklebust's avatar Trond Myklebust

SUNRPC: Clean up the RPCSEC_GSS service ticket requests

Instead of hacking specific service names into gss_encode_v1_msg, we should
just allow the caller to specify the service name explicitly.
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 805a6af8
...@@ -185,7 +185,7 @@ static struct nfs_client *nfs_alloc_client(const struct nfs_client_initdata *cl_ ...@@ -185,7 +185,7 @@ static struct nfs_client *nfs_alloc_client(const struct nfs_client_initdata *cl_
clp->cl_minorversion = cl_init->minorversion; clp->cl_minorversion = cl_init->minorversion;
clp->cl_mvops = nfs_v4_minor_ops[cl_init->minorversion]; clp->cl_mvops = nfs_v4_minor_ops[cl_init->minorversion];
#endif #endif
cred = rpc_lookup_machine_cred(); cred = rpc_lookup_machine_cred("*");
if (!IS_ERR(cred)) if (!IS_ERR(cred))
clp->cl_machine_cred = cred; clp->cl_machine_cred = cred;
nfs_fscache_get_client_cookie(clp); nfs_fscache_get_client_cookie(clp);
......
...@@ -718,7 +718,7 @@ int set_callback_cred(void) ...@@ -718,7 +718,7 @@ int set_callback_cred(void)
{ {
if (callback_cred) if (callback_cred)
return 0; return 0;
callback_cred = rpc_lookup_machine_cred(); callback_cred = rpc_lookup_machine_cred("nfs");
if (!callback_cred) if (!callback_cred)
return -ENOMEM; return -ENOMEM;
return 0; return 0;
......
...@@ -26,6 +26,7 @@ struct auth_cred { ...@@ -26,6 +26,7 @@ struct auth_cred {
uid_t uid; uid_t uid;
gid_t gid; gid_t gid;
struct group_info *group_info; struct group_info *group_info;
const char *principal;
unsigned char machine_cred : 1; unsigned char machine_cred : 1;
}; };
...@@ -127,7 +128,7 @@ void rpc_destroy_generic_auth(void); ...@@ -127,7 +128,7 @@ void rpc_destroy_generic_auth(void);
void rpc_destroy_authunix(void); void rpc_destroy_authunix(void);
struct rpc_cred * rpc_lookup_cred(void); struct rpc_cred * rpc_lookup_cred(void);
struct rpc_cred * rpc_lookup_machine_cred(void); struct rpc_cred * rpc_lookup_machine_cred(const char *service_name);
int rpcauth_register(const struct rpc_authops *); int rpcauth_register(const struct rpc_authops *);
int rpcauth_unregister(const struct rpc_authops *); int rpcauth_unregister(const struct rpc_authops *);
struct rpc_auth * rpcauth_create(rpc_authflavor_t, struct rpc_clnt *); struct rpc_auth * rpcauth_create(rpc_authflavor_t, struct rpc_clnt *);
......
...@@ -82,8 +82,8 @@ struct gss_cred { ...@@ -82,8 +82,8 @@ struct gss_cred {
enum rpc_gss_svc gc_service; enum rpc_gss_svc gc_service;
struct gss_cl_ctx __rcu *gc_ctx; struct gss_cl_ctx __rcu *gc_ctx;
struct gss_upcall_msg *gc_upcall; struct gss_upcall_msg *gc_upcall;
const char *gc_principal;
unsigned long gc_upcall_timestamp; unsigned long gc_upcall_timestamp;
unsigned char gc_machine_cred : 1;
}; };
#endif /* __KERNEL__ */ #endif /* __KERNEL__ */
......
...@@ -41,15 +41,17 @@ EXPORT_SYMBOL_GPL(rpc_lookup_cred); ...@@ -41,15 +41,17 @@ EXPORT_SYMBOL_GPL(rpc_lookup_cred);
/* /*
* Public call interface for looking up machine creds. * Public call interface for looking up machine creds.
*/ */
struct rpc_cred *rpc_lookup_machine_cred(void) struct rpc_cred *rpc_lookup_machine_cred(const char *service_name)
{ {
struct auth_cred acred = { struct auth_cred acred = {
.uid = RPC_MACHINE_CRED_USERID, .uid = RPC_MACHINE_CRED_USERID,
.gid = RPC_MACHINE_CRED_GROUPID, .gid = RPC_MACHINE_CRED_GROUPID,
.principal = service_name,
.machine_cred = 1, .machine_cred = 1,
}; };
dprintk("RPC: looking up machine cred\n"); dprintk("RPC: looking up machine cred for service %s\n",
service_name);
return generic_auth.au_ops->lookup_cred(&generic_auth, &acred, 0); return generic_auth.au_ops->lookup_cred(&generic_auth, &acred, 0);
} }
EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred); EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred);
......
...@@ -392,7 +392,8 @@ static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg) ...@@ -392,7 +392,8 @@ static void gss_encode_v0_msg(struct gss_upcall_msg *gss_msg)
} }
static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
struct rpc_clnt *clnt, int machine_cred) struct rpc_clnt *clnt,
const char *service_name)
{ {
struct gss_api_mech *mech = gss_msg->auth->mech; struct gss_api_mech *mech = gss_msg->auth->mech;
char *p = gss_msg->databuf; char *p = gss_msg->databuf;
...@@ -407,12 +408,8 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, ...@@ -407,12 +408,8 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
p += len; p += len;
gss_msg->msg.len += len; gss_msg->msg.len += len;
} }
if (machine_cred) { if (service_name != NULL) {
len = sprintf(p, "service=* "); len = sprintf(p, "service=%s ", service_name);
p += len;
gss_msg->msg.len += len;
} else if (!strcmp(clnt->cl_program->name, "nfs4_cb")) {
len = sprintf(p, "service=nfs ");
p += len; p += len;
gss_msg->msg.len += len; gss_msg->msg.len += len;
} }
...@@ -429,17 +426,18 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg, ...@@ -429,17 +426,18 @@ static void gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
} }
static void gss_encode_msg(struct gss_upcall_msg *gss_msg, static void gss_encode_msg(struct gss_upcall_msg *gss_msg,
struct rpc_clnt *clnt, int machine_cred) struct rpc_clnt *clnt,
const char *service_name)
{ {
if (pipe_version == 0) if (pipe_version == 0)
gss_encode_v0_msg(gss_msg); gss_encode_v0_msg(gss_msg);
else /* pipe_version == 1 */ else /* pipe_version == 1 */
gss_encode_v1_msg(gss_msg, clnt, machine_cred); gss_encode_v1_msg(gss_msg, clnt, service_name);
} }
static inline struct gss_upcall_msg * static struct gss_upcall_msg *
gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt, gss_alloc_msg(struct gss_auth *gss_auth, struct rpc_clnt *clnt,
int machine_cred) uid_t uid, const char *service_name)
{ {
struct gss_upcall_msg *gss_msg; struct gss_upcall_msg *gss_msg;
int vers; int vers;
...@@ -459,7 +457,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt, ...@@ -459,7 +457,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, uid_t uid, struct rpc_clnt *clnt,
atomic_set(&gss_msg->count, 1); atomic_set(&gss_msg->count, 1);
gss_msg->uid = uid; gss_msg->uid = uid;
gss_msg->auth = gss_auth; gss_msg->auth = gss_auth;
gss_encode_msg(gss_msg, clnt, machine_cred); gss_encode_msg(gss_msg, clnt, service_name);
return gss_msg; return gss_msg;
} }
...@@ -471,7 +469,7 @@ gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cr ...@@ -471,7 +469,7 @@ gss_setup_upcall(struct rpc_clnt *clnt, struct gss_auth *gss_auth, struct rpc_cr
struct gss_upcall_msg *gss_new, *gss_msg; struct gss_upcall_msg *gss_new, *gss_msg;
uid_t uid = cred->cr_uid; uid_t uid = cred->cr_uid;
gss_new = gss_alloc_msg(gss_auth, uid, clnt, gss_cred->gc_machine_cred); gss_new = gss_alloc_msg(gss_auth, clnt, uid, gss_cred->gc_principal);
if (IS_ERR(gss_new)) if (IS_ERR(gss_new))
return gss_new; return gss_new;
gss_msg = gss_add_msg(gss_new); gss_msg = gss_add_msg(gss_new);
...@@ -995,7 +993,9 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags) ...@@ -995,7 +993,9 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
*/ */
cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW; cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
cred->gc_service = gss_auth->service; cred->gc_service = gss_auth->service;
cred->gc_machine_cred = acred->machine_cred; cred->gc_principal = NULL;
if (acred->machine_cred)
cred->gc_principal = acred->principal;
kref_get(&gss_auth->kref); kref_get(&gss_auth->kref);
return &cred->gc_base; return &cred->gc_base;
...@@ -1030,7 +1030,12 @@ gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags) ...@@ -1030,7 +1030,12 @@ gss_match(struct auth_cred *acred, struct rpc_cred *rc, int flags)
if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags)) if (!test_bit(RPCAUTH_CRED_UPTODATE, &rc->cr_flags))
return 0; return 0;
out: out:
if (acred->machine_cred != gss_cred->gc_machine_cred) if (acred->principal != NULL) {
if (gss_cred->gc_principal == NULL)
return 0;
return strcmp(acred->principal, gss_cred->gc_principal) == 0;
}
if (gss_cred->gc_principal != NULL)
return 0; return 0;
return rc->cr_uid == acred->uid; return rc->cr_uid == acred->uid;
} }
...@@ -1104,7 +1109,8 @@ static int gss_renew_cred(struct rpc_task *task) ...@@ -1104,7 +1109,8 @@ static int gss_renew_cred(struct rpc_task *task)
struct rpc_auth *auth = oldcred->cr_auth; struct rpc_auth *auth = oldcred->cr_auth;
struct auth_cred acred = { struct auth_cred acred = {
.uid = oldcred->cr_uid, .uid = oldcred->cr_uid,
.machine_cred = gss_cred->gc_machine_cred, .principal = gss_cred->gc_principal,
.machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0),
}; };
struct rpc_cred *new; struct rpc_cred *new;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment