From: NeilBrown <neilb@suse.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Neil Brown <neilb@suse.de>,
"J . Bruce Fields" <bfields@citi.umich.edu>,
nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Subject: [PATCH 018 of 20] knfsd: nfsd4: secinfo handling without secinfo= option
Date: Tue, 10 Jul 2007 12:28:10 +1000 [thread overview]
Message-ID: <1070710022810.13598@suse.de> (raw)
In-Reply-To: 20070710121949.12548.patches@notabene
From: J. Bruce Fields <bfields@citi.umich.edu>
We could return some sort of error in the case where someone asks for
secinfo on an export without the secinfo= option set--that'd be no worse
than what we've been doing. But it's not really correct. So, hack up
an approximate secinfo response in that case--it may not be complete,
but it'll tell the client at least one acceptable security flavor.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
### Diffstat output
./fs/nfsd/nfs4xdr.c | 30 +++++++++++++++++++++++++++---
./include/linux/sunrpc/svcauth_gss.h | 1 +
./net/sunrpc/auth_gss/svcauth_gss.c | 9 +++++++++
3 files changed, 37 insertions(+), 3 deletions(-)
diff .prev/fs/nfsd/nfs4xdr.c ./fs/nfsd/nfs4xdr.c
--- .prev/fs/nfsd/nfs4xdr.c 2007-07-10 11:52:23.000000000 +1000
+++ ./fs/nfsd/nfs4xdr.c 2007-07-10 12:18:53.000000000 +1000
@@ -57,6 +57,7 @@
#include <linux/nfs4.h>
#include <linux/nfs4_acl.h>
#include <linux/sunrpc/gss_api.h>
+#include <linux/sunrpc/svcauth_gss.h>
#define NFSDDBG_FACILITY NFSDDBG_XDR
@@ -2454,15 +2455,38 @@ nfsd4_encode_secinfo(struct nfsd4_compou
{
int i = 0;
struct svc_export *exp = secinfo->si_exp;
+ u32 nflavs;
+ struct exp_flavor_info *flavs;
+ struct exp_flavor_info def_flavs[2];
ENCODE_HEAD;
if (nfserr)
goto out;
+ if (exp->ex_nflavors) {
+ flavs = exp->ex_flavors;
+ nflavs = exp->ex_nflavors;
+ } else { /* Handling of some defaults in absence of real secinfo: */
+ flavs = def_flavs;
+ if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
+ nflavs = 2;
+ flavs[0].pseudoflavor = RPC_AUTH_UNIX;
+ flavs[1].pseudoflavor = RPC_AUTH_NULL;
+ } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
+ nflavs = 1;
+ flavs[0].pseudoflavor
+ = svcauth_gss_flavor(exp->ex_client);
+ } else {
+ nflavs = 1;
+ flavs[0].pseudoflavor
+ = exp->ex_client->flavour->flavour;
+ }
+ }
+
RESERVE_SPACE(4);
- WRITE32(exp->ex_nflavors);
+ WRITE32(nflavs);
ADJUST_ARGS();
- for (i = 0; i < exp->ex_nflavors; i++) {
- u32 flav = exp->ex_flavors[i].pseudoflavor;
+ for (i = 0; i < nflavs; i++) {
+ u32 flav = flavs[i].pseudoflavor;
struct gss_api_mech *gm = gss_mech_get_by_pseudoflavor(flav);
if (gm) {
diff .prev/include/linux/sunrpc/svcauth_gss.h ./include/linux/sunrpc/svcauth_gss.h
--- .prev/include/linux/sunrpc/svcauth_gss.h 2007-07-10 11:19:39.000000000 +1000
+++ ./include/linux/sunrpc/svcauth_gss.h 2007-07-10 12:19:19.000000000 +1000
@@ -23,6 +23,7 @@ int gss_svc_init(void);
void gss_svc_shutdown(void);
int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name);
void svcauth_gss_unregister_pseudoflavor(char *name);
+u32 svcauth_gss_flavor(struct auth_domain *dom);
#endif /* __KERNEL__ */
#endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */
diff .prev/net/sunrpc/auth_gss/svcauth_gss.c ./net/sunrpc/auth_gss/svcauth_gss.c
--- .prev/net/sunrpc/auth_gss/svcauth_gss.c 2007-07-10 11:35:37.000000000 +1000
+++ ./net/sunrpc/auth_gss/svcauth_gss.c 2007-07-10 12:18:53.000000000 +1000
@@ -743,6 +743,15 @@ find_gss_auth_domain(struct gss_ctx *ctx
static struct auth_ops svcauthops_gss;
+u32 svcauth_gss_flavor(struct auth_domain *dom)
+{
+ struct gss_domain *gd = container_of(dom, struct gss_domain, h);
+
+ return gd->pseudoflavor;
+}
+
+EXPORT_SYMBOL(svcauth_gss_flavor);
+
int
svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
{
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
WARNING: multiple messages have this Message-ID (diff)
From: NeilBrown <neilb@suse.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Cc: "J. Bruce Fields" <bfields@citi.umich.edu>
Cc: J "." Bruce Fields <bfields@citi.umich.edu>
Cc: Neil Brown <neilb@suse.de>
Subject: [PATCH 018 of 20] knfsd: nfsd4: secinfo handling without secinfo= option
Date: Tue, 10 Jul 2007 12:28:10 +1000 [thread overview]
Message-ID: <1070710022810.13598@suse.de> (raw)
In-Reply-To: 20070710121949.12548.patches@notabene
From: J. Bruce Fields <bfields@citi.umich.edu>
We could return some sort of error in the case where someone asks for
secinfo on an export without the secinfo= option set--that'd be no worse
than what we've been doing. But it's not really correct. So, hack up
an approximate secinfo response in that case--it may not be complete,
but it'll tell the client at least one acceptable security flavor.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
### Diffstat output
./fs/nfsd/nfs4xdr.c | 30 +++++++++++++++++++++++++++---
./include/linux/sunrpc/svcauth_gss.h | 1 +
./net/sunrpc/auth_gss/svcauth_gss.c | 9 +++++++++
3 files changed, 37 insertions(+), 3 deletions(-)
diff .prev/fs/nfsd/nfs4xdr.c ./fs/nfsd/nfs4xdr.c
--- .prev/fs/nfsd/nfs4xdr.c 2007-07-10 11:52:23.000000000 +1000
+++ ./fs/nfsd/nfs4xdr.c 2007-07-10 12:18:53.000000000 +1000
@@ -57,6 +57,7 @@
#include <linux/nfs4.h>
#include <linux/nfs4_acl.h>
#include <linux/sunrpc/gss_api.h>
+#include <linux/sunrpc/svcauth_gss.h>
#define NFSDDBG_FACILITY NFSDDBG_XDR
@@ -2454,15 +2455,38 @@ nfsd4_encode_secinfo(struct nfsd4_compou
{
int i = 0;
struct svc_export *exp = secinfo->si_exp;
+ u32 nflavs;
+ struct exp_flavor_info *flavs;
+ struct exp_flavor_info def_flavs[2];
ENCODE_HEAD;
if (nfserr)
goto out;
+ if (exp->ex_nflavors) {
+ flavs = exp->ex_flavors;
+ nflavs = exp->ex_nflavors;
+ } else { /* Handling of some defaults in absence of real secinfo: */
+ flavs = def_flavs;
+ if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
+ nflavs = 2;
+ flavs[0].pseudoflavor = RPC_AUTH_UNIX;
+ flavs[1].pseudoflavor = RPC_AUTH_NULL;
+ } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
+ nflavs = 1;
+ flavs[0].pseudoflavor
+ = svcauth_gss_flavor(exp->ex_client);
+ } else {
+ nflavs = 1;
+ flavs[0].pseudoflavor
+ = exp->ex_client->flavour->flavour;
+ }
+ }
+
RESERVE_SPACE(4);
- WRITE32(exp->ex_nflavors);
+ WRITE32(nflavs);
ADJUST_ARGS();
- for (i = 0; i < exp->ex_nflavors; i++) {
- u32 flav = exp->ex_flavors[i].pseudoflavor;
+ for (i = 0; i < nflavs; i++) {
+ u32 flav = flavs[i].pseudoflavor;
struct gss_api_mech *gm = gss_mech_get_by_pseudoflavor(flav);
if (gm) {
diff .prev/include/linux/sunrpc/svcauth_gss.h ./include/linux/sunrpc/svcauth_gss.h
--- .prev/include/linux/sunrpc/svcauth_gss.h 2007-07-10 11:19:39.000000000 +1000
+++ ./include/linux/sunrpc/svcauth_gss.h 2007-07-10 12:19:19.000000000 +1000
@@ -23,6 +23,7 @@ int gss_svc_init(void);
void gss_svc_shutdown(void);
int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name);
void svcauth_gss_unregister_pseudoflavor(char *name);
+u32 svcauth_gss_flavor(struct auth_domain *dom);
#endif /* __KERNEL__ */
#endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */
diff .prev/net/sunrpc/auth_gss/svcauth_gss.c ./net/sunrpc/auth_gss/svcauth_gss.c
--- .prev/net/sunrpc/auth_gss/svcauth_gss.c 2007-07-10 11:35:37.000000000 +1000
+++ ./net/sunrpc/auth_gss/svcauth_gss.c 2007-07-10 12:18:53.000000000 +1000
@@ -743,6 +743,15 @@ find_gss_auth_domain(struct gss_ctx *ctx
static struct auth_ops svcauthops_gss;
+u32 svcauth_gss_flavor(struct auth_domain *dom)
+{
+ struct gss_domain *gd = container_of(dom, struct gss_domain, h);
+
+ return gd->pseudoflavor;
+}
+
+EXPORT_SYMBOL(svcauth_gss_flavor);
+
int
svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
{
next prev parent reply other threads:[~2007-07-10 2:28 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-10 2:22 [PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups NeilBrown
2007-07-10 2:22 ` [PATCH 001 of 20] knfsd: nfsd: make all exp_finding functions return -errno's on err NeilBrown
2007-07-10 2:22 ` NeilBrown
2007-07-10 2:23 ` [PATCH 002 of 20] knfsd: nfsd4: build rpcsec_gss whenever nfsd4 is built NeilBrown
2007-07-10 2:23 ` NeilBrown
2007-07-10 2:23 ` [PATCH 003 of 20] knfsd: nfsd4: store pseudoflavor in request NeilBrown
2007-07-10 2:23 ` NeilBrown
2007-07-10 2:23 ` [PATCH 004 of 20] knfsd: nfsd4: parse secinfo information in exports downcall NeilBrown
2007-07-10 2:24 ` [PATCH 005 of 20] knfsd: nfsd4: simplify exp_pseudoroot arguments NeilBrown
2007-07-10 2:24 ` [PATCH 006 of 20] knfsd: nfsd: remove superfluous assignment from nfsd_lookup NeilBrown
2007-07-10 2:24 ` [PATCH 007 of 20] knfsd: nfsd: provide export lookup wrappers which take a svc_rqst NeilBrown
2007-07-10 2:24 ` [PATCH 008 of 20] knfsd: nfsd: set rq_client to ip-address-determined-domain NeilBrown
2007-07-10 2:24 ` NeilBrown
2007-07-10 2:25 ` [PATCH 009 of 20] knfsd: nfsd: use ip-address-based domain in secinfo case NeilBrown
2007-07-10 2:25 ` NeilBrown
2007-07-10 16:06 ` J. Bruce Fields
2007-07-10 16:06 ` J. Bruce Fields
2007-07-10 2:25 ` [PATCH 010 of 20] knfsd: nfsd: factor nfsd_lookup into 2 pieces NeilBrown
2007-07-10 2:25 ` NeilBrown
2007-07-10 2:25 ` [PATCH 011 of 20] knfsd: nfsd4: return nfserr_wrongsec NeilBrown
2007-07-10 2:25 ` NeilBrown
2007-07-10 2:26 ` [PATCH 012 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor NeilBrown
2007-07-10 2:26 ` NeilBrown
2007-07-13 7:27 ` Andrew Morton
2007-07-13 7:27 ` Andrew Morton
2007-07-13 9:54 ` Christoph Hellwig
2007-07-13 9:54 ` Christoph Hellwig
2007-07-10 2:27 ` [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags NeilBrown
2007-07-10 2:27 ` NeilBrown
2007-07-13 7:29 ` Andrew Morton
2007-07-13 7:29 ` Andrew Morton
2007-07-18 23:05 ` J. Bruce Fields
2007-07-18 23:05 ` [NFS] " J. Bruce Fields
2007-07-19 0:16 ` Neil Brown
2007-07-19 0:16 ` [NFS] " Neil Brown
2007-07-19 15:35 ` J. Bruce Fields
2007-07-20 2:21 ` Neil Brown
2007-07-20 2:21 ` [NFS] " Neil Brown
2007-07-20 4:22 ` Satyam Sharma
2007-07-20 4:22 ` [NFS] " Satyam Sharma
2007-07-20 22:18 ` [PATCH] knfsd: Fix typo in export display, print uid and gid as unsigned J. Bruce Fields
2007-07-19 0:18 ` [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags Andrew Morton
2007-07-19 0:18 ` [NFS] " Andrew Morton
2007-07-10 2:27 ` [PATCH 014 of 20] knfsd: nfsd: display export secinfo information NeilBrown
2007-07-10 2:27 ` NeilBrown
2007-07-10 2:27 ` [PATCH 015 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor NeilBrown
2007-07-10 2:27 ` NeilBrown
2007-07-13 7:12 ` Andrew Morton
2007-07-13 7:12 ` Andrew Morton
2007-07-13 8:47 ` Andrew Morton
2007-07-10 2:27 ` [PATCH 016 of 20] knfsd: rpc: add gss krb5 and spkm3 oid values NeilBrown
2007-07-10 2:27 ` NeilBrown
2007-07-10 2:28 ` [PATCH 017 of 20] knfsd: nfsd4: implement secinfo NeilBrown
2007-07-10 2:28 ` NeilBrown
2007-07-10 2:28 ` NeilBrown [this message]
2007-07-10 2:28 ` [PATCH 018 of 20] knfsd: nfsd4: secinfo handling without secinfo= option NeilBrown
2007-07-10 2:28 ` [PATCH 019 of 20] knfsd: nfsd: allow auth_sys nlm on rpcsec_gss exports NeilBrown
2007-07-10 2:28 ` NeilBrown
2007-07-10 2:28 ` [PATCH 020 of 20] knfsd: nfsd: enforce per-flavor id squashing NeilBrown
2007-07-10 2:28 ` NeilBrown
2007-07-13 7:33 ` [PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups Andrew Morton
2007-07-13 7:33 ` Andrew Morton
2007-07-13 18:10 ` J. Bruce Fields
2007-07-13 18:10 ` J. Bruce Fields
2007-07-13 18:42 ` Andrew Morton
2007-07-13 18:42 ` Andrew Morton
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` [PATCH 1/5] nfsd: fix possible read-ahead cache and export table corruption J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` [PATCH 2/5] nfsd: return errors, not NULL, from export functions J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` [PATCH 3/5] nfsd: remove unnecessary NULL checks from nfsd_cross_mnt J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` [PATCH 4/5] knfsd: move EX_RDONLY out of header J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-19 8:28 ` Christoph Hellwig
2007-07-19 8:28 ` [NFS] " Christoph Hellwig
2007-07-19 8:36 ` Andrew Morton
2007-07-18 22:57 ` [PATCH 5/5] knfsd: clean up EX_RDONLY J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-18 22:57 ` J. Bruce Fields
2007-07-19 8:29 ` Christoph Hellwig
2007-07-19 8:29 ` [NFS] " Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1070710022810.13598@suse.de \
--to=neilb@suse.de \
--cc=akpm@linux-foundation.org \
--cc=bfields@citi.umich.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.