Commit 12fc3e92d4b18b4e99af624586e1696479ff36ce
1 parent
57725155dc
Exists in
master
and in
20 other branches
nfsd4: backchannel should use client-provided security flavor
For now this only adds support for AUTH_NULL. (Previously we assumed AUTH_UNIX.) We'll also need AUTH_GSS, which is trickier. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Showing 3 changed files with 13 additions and 5 deletions Side-by-side Diff
fs/nfsd/nfs4callback.c
... | ... | @@ -692,7 +692,7 @@ |
692 | 692 | args.bc_xprt = conn->cb_xprt; |
693 | 693 | args.prognumber = clp->cl_cb_session->se_cb_prog; |
694 | 694 | args.protocol = XPRT_TRANSPORT_BC_TCP; |
695 | - args.authflavor = RPC_AUTH_UNIX; | |
695 | + args.authflavor = ses->se_cb_sec.flavor; | |
696 | 696 | } |
697 | 697 | /* Create RPC client */ |
698 | 698 | client = rpc_create(&args); |
... | ... | @@ -709,7 +709,6 @@ |
709 | 709 | clp->cl_cb_client = client; |
710 | 710 | clp->cl_cb_cred = cred; |
711 | 711 | return 0; |
712 | - | |
713 | 712 | } |
714 | 713 | |
715 | 714 | static void warn_no_callback_path(struct nfs4_client *clp, int reason) |
fs/nfsd/nfs4xdr.c
... | ... | @@ -425,7 +425,7 @@ |
425 | 425 | static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs) |
426 | 426 | { |
427 | 427 | DECODE_HEAD; |
428 | - u32 dummy; | |
428 | + u32 dummy, uid, gid; | |
429 | 429 | char *machine_name; |
430 | 430 | int i; |
431 | 431 | int nr_secflavs; |
432 | 432 | |
... | ... | @@ -433,12 +433,15 @@ |
433 | 433 | /* callback_sec_params4 */ |
434 | 434 | READ_BUF(4); |
435 | 435 | READ32(nr_secflavs); |
436 | + cbs->flavor = (u32)(-1); | |
436 | 437 | for (i = 0; i < nr_secflavs; ++i) { |
437 | 438 | READ_BUF(4); |
438 | 439 | READ32(dummy); |
439 | 440 | switch (dummy) { |
440 | 441 | case RPC_AUTH_NULL: |
441 | 442 | /* Nothing to read */ |
443 | + if (cbs->flavor == (u32)(-1)) | |
444 | + cbs->flavor = RPC_AUTH_NULL; | |
442 | 445 | break; |
443 | 446 | case RPC_AUTH_UNIX: |
444 | 447 | READ_BUF(8); |
445 | 448 | |
... | ... | @@ -452,13 +455,18 @@ |
452 | 455 | |
453 | 456 | /* uid, gid */ |
454 | 457 | READ_BUF(8); |
455 | - READ32(cbs->uid); | |
456 | - READ32(cbs->gid); | |
458 | + READ32(uid); | |
459 | + READ32(gid); | |
457 | 460 | |
458 | 461 | /* more gids */ |
459 | 462 | READ_BUF(4); |
460 | 463 | READ32(dummy); |
461 | 464 | READ_BUF(dummy * 4); |
465 | + if (cbs->flavor == (u32)(-1)) { | |
466 | + cbs->uid = uid; | |
467 | + cbs->gid = gid; | |
468 | + cbs->flavor = RPC_AUTH_UNIX; | |
469 | + } | |
462 | 470 | break; |
463 | 471 | case RPC_AUTH_GSS: |
464 | 472 | dprintk("RPC_AUTH_GSS callback secflavor " |