Commit 6ee95d1c authored by Scott Mayhew's avatar Scott Mayhew Committed by J. Bruce Fields

nfsd: add support for upcall version 2

Version 2 upcalls will allow the nfsd to include a hash of the kerberos
principal string in the Cld_Create upcall.  If a principal is present in
the svc_cred, then the hash will be included in the Cld_Create upcall.
We attempt to use the svc_cred.cr_raw_principal (which is returned by
gssproxy) first, and then fall back to using the svc_cred.cr_principal
(which is returned by both gssproxy and rpc.svcgssd).  Upon a subsequent
restart, the hash will be returned in the Cld_Gracestart downcall and
stored in the reclaim_str_hashtbl so it can be used when handling
reclaim opens.
Signed-off-by: default avatarScott Mayhew <smayhew@redhat.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 11a60d15
This diff is collapsed.
...@@ -6887,7 +6887,8 @@ nfs4_has_reclaimed_state(struct xdr_netobj name, struct nfsd_net *nn) ...@@ -6887,7 +6887,8 @@ nfs4_has_reclaimed_state(struct xdr_netobj name, struct nfsd_net *nn)
* will be freed in nfs4_remove_reclaim_record in the normal case). * will be freed in nfs4_remove_reclaim_record in the normal case).
*/ */
struct nfs4_client_reclaim * struct nfs4_client_reclaim *
nfs4_client_to_reclaim(struct xdr_netobj name, struct nfsd_net *nn) nfs4_client_to_reclaim(struct xdr_netobj name, struct xdr_netobj princhash,
struct nfsd_net *nn)
{ {
unsigned int strhashval; unsigned int strhashval;
struct nfs4_client_reclaim *crp; struct nfs4_client_reclaim *crp;
...@@ -6900,6 +6901,8 @@ nfs4_client_to_reclaim(struct xdr_netobj name, struct nfsd_net *nn) ...@@ -6900,6 +6901,8 @@ nfs4_client_to_reclaim(struct xdr_netobj name, struct nfsd_net *nn)
list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]); list_add(&crp->cr_strhash, &nn->reclaim_str_hashtbl[strhashval]);
crp->cr_name.data = name.data; crp->cr_name.data = name.data;
crp->cr_name.len = name.len; crp->cr_name.len = name.len;
crp->cr_princhash.data = princhash.data;
crp->cr_princhash.len = princhash.len;
crp->cr_clp = NULL; crp->cr_clp = NULL;
nn->reclaim_str_hashtbl_size++; nn->reclaim_str_hashtbl_size++;
} }
...@@ -6911,6 +6914,7 @@ nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn) ...@@ -6911,6 +6914,7 @@ nfs4_remove_reclaim_record(struct nfs4_client_reclaim *crp, struct nfsd_net *nn)
{ {
list_del(&crp->cr_strhash); list_del(&crp->cr_strhash);
kfree(crp->cr_name.data); kfree(crp->cr_name.data);
kfree(crp->cr_princhash.data);
kfree(crp); kfree(crp);
nn->reclaim_str_hashtbl_size--; nn->reclaim_str_hashtbl_size--;
} }
......
...@@ -378,6 +378,7 @@ struct nfs4_client_reclaim { ...@@ -378,6 +378,7 @@ struct nfs4_client_reclaim {
struct list_head cr_strhash; /* hash by cr_name */ struct list_head cr_strhash; /* hash by cr_name */
struct nfs4_client *cr_clp; /* pointer to associated clp */ struct nfs4_client *cr_clp; /* pointer to associated clp */
struct xdr_netobj cr_name; /* recovery dir name */ struct xdr_netobj cr_name; /* recovery dir name */
struct xdr_netobj cr_princhash;
}; };
/* A reasonable value for REPLAY_ISIZE was estimated as follows: /* A reasonable value for REPLAY_ISIZE was estimated as follows:
...@@ -645,7 +646,7 @@ extern void nfsd4_shutdown_callback(struct nfs4_client *); ...@@ -645,7 +646,7 @@ extern void nfsd4_shutdown_callback(struct nfs4_client *);
extern void nfsd4_shutdown_copy(struct nfs4_client *clp); extern void nfsd4_shutdown_copy(struct nfs4_client *clp);
extern void nfsd4_prepare_cb_recall(struct nfs4_delegation *dp); extern void nfsd4_prepare_cb_recall(struct nfs4_delegation *dp);
extern struct nfs4_client_reclaim *nfs4_client_to_reclaim(struct xdr_netobj name, extern struct nfs4_client_reclaim *nfs4_client_to_reclaim(struct xdr_netobj name,
struct nfsd_net *nn); struct xdr_netobj princhash, struct nfsd_net *nn);
extern bool nfs4_has_reclaimed_state(struct xdr_netobj name, struct nfsd_net *nn); extern bool nfs4_has_reclaimed_state(struct xdr_netobj name, struct nfsd_net *nn);
struct nfs4_file *find_file(struct knfsd_fh *fh); struct nfs4_file *find_file(struct knfsd_fh *fh);
......
...@@ -26,11 +26,15 @@ ...@@ -26,11 +26,15 @@
#include <linux/types.h> #include <linux/types.h>
/* latest upcall version available */ /* latest upcall version available */
#define CLD_UPCALL_VERSION 1 #define CLD_UPCALL_VERSION 2
/* defined by RFC3530 */ /* defined by RFC3530 */
#define NFS4_OPAQUE_LIMIT 1024 #define NFS4_OPAQUE_LIMIT 1024
#ifndef SHA256_DIGEST_SIZE
#define SHA256_DIGEST_SIZE 32
#endif
enum cld_command { enum cld_command {
Cld_Create, /* create a record for this cm_id */ Cld_Create, /* create a record for this cm_id */
Cld_Remove, /* remove record of this cm_id */ Cld_Remove, /* remove record of this cm_id */
...@@ -46,6 +50,17 @@ struct cld_name { ...@@ -46,6 +50,17 @@ struct cld_name {
unsigned char cn_id[NFS4_OPAQUE_LIMIT]; /* client-provided */ unsigned char cn_id[NFS4_OPAQUE_LIMIT]; /* client-provided */
} __attribute__((packed)); } __attribute__((packed));
/* sha256 hash of the kerberos principal */
struct cld_princhash {
__u8 cp_len; /* length of cp_data */
unsigned char cp_data[SHA256_DIGEST_SIZE]; /* hash of principal */
} __attribute__((packed));
struct cld_clntinfo {
struct cld_name cc_name;
struct cld_princhash cc_princhash;
} __attribute__((packed));
/* message struct for communication with userspace */ /* message struct for communication with userspace */
struct cld_msg { struct cld_msg {
__u8 cm_vers; /* upcall version */ __u8 cm_vers; /* upcall version */
...@@ -59,6 +74,19 @@ struct cld_msg { ...@@ -59,6 +74,19 @@ struct cld_msg {
} __attribute__((packed)) cm_u; } __attribute__((packed)) cm_u;
} __attribute__((packed)); } __attribute__((packed));
/* version 2 message can include hash of kerberos principal */
struct cld_msg_v2 {
__u8 cm_vers; /* upcall version */
__u8 cm_cmd; /* upcall command */
__s16 cm_status; /* return code */
__u32 cm_xid; /* transaction id */
union {
struct cld_name cm_name;
__u8 cm_version; /* for getting max version */
struct cld_clntinfo cm_clntinfo; /* name & princ hash */
} __attribute__((packed)) cm_u;
} __attribute__((packed));
struct cld_msg_hdr { struct cld_msg_hdr {
__u8 cm_vers; /* upcall version */ __u8 cm_vers; /* upcall version */
__u8 cm_cmd; /* upcall command */ __u8 cm_cmd; /* upcall command */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment