All of lore.kernel.org
 help / color / mirror / Atom feed
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Neil Brown <neilb@cse.unsw.edu.au>
Cc: nfs@lists.sourceforge.net, Trond Myklebust <trond.myklebust@fys.uio.no>
Subject: [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method
Date: Thu, 16 Sep 2004 19:16:29 -0400	[thread overview]
Message-ID: <1095375544.839c1c96.3@fieldses.org> (raw)
In-Reply-To: <1095375544.839c1c96.2@fieldses.org>


svcauth_null_accept() and svcauth_unix_accept() are currently hard-wired to
check the source ip address on an incoming request against the export table,
which make sense for nfsd but not necessarily for other rpc-based services.

So instead we have svcauth_null_accept() and svcauth_unix_accept() call a
program-specific pg_add_client() method.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
---

 linux-2.6.9-rc2-bfields/fs/lockd/svc.c                 |   11 +++++++++++
 linux-2.6.9-rc2-bfields/fs/nfsd/nfssvc.c               |   11 +++++++++++
 linux-2.6.9-rc2-bfields/include/linux/sunrpc/svc.h     |    1 +
 linux-2.6.9-rc2-bfields/include/linux/sunrpc/svcauth.h |    2 ++
 linux-2.6.9-rc2-bfields/net/sunrpc/svcauth_unix.c      |    8 ++------
 5 files changed, 27 insertions(+), 6 deletions(-)

diff -puN net/sunrpc/svcauth_unix.c~svcrpc_unix_ip_mapping_method net/sunrpc/svcauth_unix.c
--- linux-2.6.9-rc2/net/sunrpc/svcauth_unix.c~svcrpc_unix_ip_mapping_method	2004-09-16 16:40:53.000000000 -0400
+++ linux-2.6.9-rc2-bfields/net/sunrpc/svcauth_unix.c	2004-09-16 16:40:53.000000000 -0400
@@ -334,10 +334,6 @@ svcauth_unix_set_client(struct svc_rqst 
 {
 	struct ip_map key, *ipm;
 
-	rqstp->rq_client = NULL;
-	if (rqstp->rq_proc == 0)
-		return SVC_OK;
-
 	strcpy(key.m_class, rqstp->rq_server->sv_program->pg_class);
 	key.m_addr = rqstp->rq_addr.sin_addr;
 
@@ -395,7 +391,7 @@ svcauth_null_accept(struct svc_rqst *rqs
 	if (cred->cr_group_info == NULL)
 		return SVC_DROP; /* kmalloc failure - client must retry */
 
-	rv = svcauth_unix_set_client(rqstp);
+	rv = rqstp->rq_server->sv_program->pg_set_client(rqstp);
 	if (rv == SVC_DENIED)
 		goto badcred;
 
@@ -473,7 +469,7 @@ svcauth_unix_accept(struct svc_rqst *rqs
 		return SVC_DENIED;
 	}
 
-	rv = svcauth_unix_set_client(rqstp);
+	rv = rqstp->rq_server->sv_program->pg_set_client(rqstp);
 	if (rv == SVC_DENIED)
 		goto badcred;
 
diff -puN net/sunrpc/svc.c~svcrpc_unix_ip_mapping_method net/sunrpc/svc.c
diff -puN include/linux/sunrpc/svc.h~svcrpc_unix_ip_mapping_method include/linux/sunrpc/svc.h
--- linux-2.6.9-rc2/include/linux/sunrpc/svc.h~svcrpc_unix_ip_mapping_method	2004-09-16 16:40:53.000000000 -0400
+++ linux-2.6.9-rc2-bfields/include/linux/sunrpc/svc.h	2004-09-16 16:40:53.000000000 -0400
@@ -253,6 +253,7 @@ struct svc_program {
 	struct svc_stat *	pg_stats;	/* rpc statistics */
 	/* Override authentication. NULL means use default */
 	int			(*pg_authenticate)(struct svc_rqst *, u32 *);
+	int			(*pg_set_client)(struct svc_rqst *);
 };
 
 /*
diff -L fs/nsfd/nfssvc.c -puN /dev/null /dev/null
diff -puN fs/lockd/svc.c~svcrpc_unix_ip_mapping_method fs/lockd/svc.c
--- linux-2.6.9-rc2/fs/lockd/svc.c~svcrpc_unix_ip_mapping_method	2004-09-16 16:40:53.000000000 -0400
+++ linux-2.6.9-rc2-bfields/fs/lockd/svc.c	2004-09-16 16:40:53.000000000 -0400
@@ -398,6 +398,16 @@ static int param_set_##name(const char *
 	return 0;							\
 }
 
+static int lockd_set_client(struct svc_rqst *rqstp)
+{
+	rqstp->rq_client = NULL;
+	if (rqstp->rq_proc == 0) /* XXX not quite right. */
+		return SVC_OK;
+	else
+		return svcauth_unix_set_client(rqstp);
+}
+
+
 param_set_min_max(port, int, simple_strtol, 0, 65535)
 param_set_min_max(grace_period, unsigned long, simple_strtoul,
 		  nlm_grace_period_min, nlm_grace_period_max)
@@ -478,4 +488,5 @@ struct svc_program	nlmsvc_program = {
 	.pg_name	= "lockd",		/* service name */
 	.pg_class	= "nfsd",		/* share authentication with nfsd */
 	.pg_stats	= &nlmsvc_stats,	/* stats table */
+	.pg_set_client	= &lockd_set_client	/* XXX export authentication */
 };
diff -puN include/linux/sunrpc/svcauth.h~svcrpc_unix_ip_mapping_method include/linux/sunrpc/svcauth.h
--- linux-2.6.9-rc2/include/linux/sunrpc/svcauth.h~svcrpc_unix_ip_mapping_method	2004-09-16 16:40:53.000000000 -0400
+++ linux-2.6.9-rc2-bfields/include/linux/sunrpc/svcauth.h	2004-09-16 16:40:53.000000000 -0400
@@ -119,6 +119,8 @@ extern struct auth_domain *auth_unix_loo
 extern int auth_unix_forget_old(struct auth_domain *dom);
 extern void svcauth_unix_purge(void);
 
+extern int svcauth_unix_set_client(struct svc_rqst *);
+
 static inline unsigned long hash_str(char *name, int bits)
 {
 	unsigned long hash = 0;
diff -puN fs/nfsd/nfssvc.c~svcrpc_unix_ip_mapping_method fs/nfsd/nfssvc.c
--- linux-2.6.9-rc2/fs/nfsd/nfssvc.c~svcrpc_unix_ip_mapping_method	2004-09-16 16:40:53.000000000 -0400
+++ linux-2.6.9-rc2-bfields/fs/nfsd/nfssvc.c	2004-09-16 16:40:53.000000000 -0400
@@ -359,6 +359,15 @@ nfsd_dispatch(struct svc_rqst *rqstp, u3
 	return 1;
 }
 
+static int nfsd_set_client(struct svc_rqst *rqstp)
+{
+	rqstp->rq_client = NULL;
+	if (rqstp->rq_proc == 0)
+		return SVC_OK;
+	else
+		return svcauth_unix_set_client(rqstp);
+}
+
 extern struct svc_version nfsd_version2, nfsd_version3, nfsd_version4;
 
 static struct svc_version *	nfsd_version[] = {
@@ -379,4 +388,6 @@ struct svc_program		nfsd_program = {
 	.pg_name		= "nfsd",		/* program name */
 	.pg_class		= "nfsd",		/* authentication class */
 	.pg_stats		= &nfsd_svcstats,	/* version table */
+	.pg_set_client		= nfsd_set_client,	/* export authentication */
+
 };
_


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

  reply	other threads:[~2004-09-16 23:16 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20040916230555.GA13415@fieldses.org>
2004-09-16 23:07 ` 6 svcauth_unix patches to make export table lookups optional J. Bruce Fields
2004-09-16 23:16   ` [PATCH 1 of 6] svcrpc: auth_null fixes J. Bruce Fields
2004-09-16 23:16     ` [PATCH 2 of 6] svcrpc: share code duplicated between auth_unix and auth_null J. Bruce Fields
2004-09-16 23:16       ` J. Bruce Fields [this message]
2004-09-16 23:16         ` [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication J. Bruce Fields
2004-09-16 23:16           ` [PATCH 5 of 6] lockd: don't try to match callback requests against export table J. Bruce Fields
2004-09-16 23:16             ` [PATCH 6 of 6] nfsd: remove pg_authenticate field J. Bruce Fields
2004-09-16 23:34             ` [PATCH 5 of 6] lockd: don't try to match callback requests against export table Trond Myklebust
2004-09-24  3:55               ` Neil Brown
2004-09-16 23:38         ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method Trond Myklebust
2004-09-17  1:11           ` J. Bruce Fields
2004-09-17  1:18         ` Trond Myklebust
2004-09-17  2:20           ` J. Bruce Fields
2004-09-22  6:54             ` Neil Brown
2004-09-22 10:10               ` Olaf Kirch
2004-09-23 21:46               ` J. Bruce Fields
2004-09-24  4:04                 ` Neil Brown
2004-09-24  7:42                   ` Olaf Kirch
2004-09-24 20:58                     ` J. Bruce Fields
2004-09-28 22:00                   ` J. Bruce Fields
2004-09-28 22:11                     ` Trond Myklebust
2004-09-28 22:37                       ` Trond Myklebust
2004-12-09 22:28 [PATCH 2 of 6] svcrpc: rename pg_authenticate J. Bruce Fields
2004-12-09 22:28 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
  -- strict thread matches above, loose matches on Subject: below --
2005-01-18 18:06 [PATCH 2 of 6] svcrpc: rename pg_authenticate J. Bruce Fields
2005-01-18 18:06 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1095375544.839c1c96.3@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=neilb@cse.unsw.edu.au \
    --cc=nfs@lists.sourceforge.net \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.