From: "J. Bruce Fields" <bfields@fieldses.org>
To: Neil Brown <neilb@cse.unsw.edu.au>
Cc: nfs@lists.sourceforge.net, Trond Myklebust <trond.myklebust@fys.uio.no>
Subject: [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication
Date: Thu, 16 Sep 2004 19:16:34 -0400 [thread overview]
Message-ID: <1095375544.839c1c96.4@fieldses.org> (raw)
In-Reply-To: <1095375544.839c1c96.3@fieldses.org>
Use new pg_set_client method to simplify nfs4 callback authentication.
This also has the effect of changing the error return from rejectedcred to
badcred. I believe the change is correct.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
---
linux-2.6.9-rc2-bfields/fs/nfs/callback.c | 155 +-----------------------------
1 files changed, 8 insertions(+), 147 deletions(-)
diff -puN fs/nfs/callback.c~nfs4_simplify_callback_auth fs/nfs/callback.c
--- linux-2.6.9-rc2/fs/nfs/callback.c~nfs4_simplify_callback_auth 2004-09-16 16:18:54.000000000 -0400
+++ linux-2.6.9-rc2-bfields/fs/nfs/callback.c 2004-09-16 16:23:21.000000000 -0400
@@ -139,133 +139,10 @@ out:
return ret;
}
-/*
- * AUTH_NULL authentication
- */
-static int nfs_callback_null_accept(struct svc_rqst *rqstp, u32 *authp)
-{
- struct kvec *argv = &rqstp->rq_arg.head[0];
- struct kvec *resv = &rqstp->rq_res.head[0];
-
- if (argv->iov_len < 3*4)
- return SVC_GARBAGE;
-
- if (svc_getu32(argv) != 0) {
- dprintk("svc: bad null cred\n");
- *authp = rpc_autherr_badcred;
- return SVC_DENIED;
- }
- if (svc_getu32(argv) != RPC_AUTH_NULL || svc_getu32(argv) != 0) {
- dprintk("svc: bad null verf\n");
- *authp = rpc_autherr_badverf;
- return SVC_DENIED;
- }
-
- /* Signal that mapping to nobody uid/gid is required */
- rqstp->rq_cred.cr_uid = (uid_t) -1;
- rqstp->rq_cred.cr_gid = (gid_t) -1;
- rqstp->rq_cred.cr_group_info = groups_alloc(0);
- if (rqstp->rq_cred.cr_group_info == NULL)
- return SVC_DROP; /* kmalloc failure - client must retry */
-
- /* Put NULL verifier */
- svc_putu32(resv, RPC_AUTH_NULL);
- svc_putu32(resv, 0);
- dprintk("%s: success, returning %d!\n", __FUNCTION__, SVC_OK);
- return SVC_OK;
-}
-
-static int nfs_callback_null_release(struct svc_rqst *rqstp)
-{
- if (rqstp->rq_cred.cr_group_info)
- put_group_info(rqstp->rq_cred.cr_group_info);
- rqstp->rq_cred.cr_group_info = NULL;
- return 0; /* don't drop */
-}
-
-static struct auth_ops nfs_callback_auth_null = {
- .name = "null",
- .flavour = RPC_AUTH_NULL,
- .accept = nfs_callback_null_accept,
- .release = nfs_callback_null_release,
-};
-
-/*
- * AUTH_SYS authentication
- */
-static int nfs_callback_unix_accept(struct svc_rqst *rqstp, u32 *authp)
-{
- struct kvec *argv = &rqstp->rq_arg.head[0];
- struct kvec *resv = &rqstp->rq_res.head[0];
- struct svc_cred *cred = &rqstp->rq_cred;
- u32 slen, i;
- int len = argv->iov_len;
-
- dprintk("%s: start\n", __FUNCTION__);
- cred->cr_group_info = NULL;
- rqstp->rq_client = NULL;
- if ((len -= 3*4) < 0)
- return SVC_GARBAGE;
-
- /* Get length, time stamp and machine name */
- svc_getu32(argv);
- svc_getu32(argv);
- slen = XDR_QUADLEN(ntohl(svc_getu32(argv)));
- if (slen > 64 || (len -= (slen + 3)*4) < 0)
- goto badcred;
- argv->iov_base = (void*)((u32*)argv->iov_base + slen);
- argv->iov_len -= slen*4;
-
- cred->cr_uid = ntohl(svc_getu32(argv));
- cred->cr_gid = ntohl(svc_getu32(argv));
- slen = ntohl(svc_getu32(argv));
- if (slen > 16 || (len -= (slen + 2)*4) < 0)
- goto badcred;
- cred->cr_group_info = groups_alloc(slen);
- if (cred->cr_group_info == NULL)
- return SVC_DROP;
- for (i = 0; i < slen; i++)
- GROUP_AT(cred->cr_group_info, i) = ntohl(svc_getu32(argv));
-
- if (svc_getu32(argv) != RPC_AUTH_NULL || svc_getu32(argv) != 0) {
- *authp = rpc_autherr_badverf;
- return SVC_DENIED;
- }
- /* Put NULL verifier */
- svc_putu32(resv, RPC_AUTH_NULL);
- svc_putu32(resv, 0);
- dprintk("%s: success, returning %d!\n", __FUNCTION__, SVC_OK);
- return SVC_OK;
-badcred:
- *authp = rpc_autherr_badcred;
- return SVC_DENIED;
-}
-
-static int nfs_callback_unix_release(struct svc_rqst *rqstp)
-{
- if (rqstp->rq_cred.cr_group_info)
- put_group_info(rqstp->rq_cred.cr_group_info);
- rqstp->rq_cred.cr_group_info = NULL;
- return 0;
-}
-
-static struct auth_ops nfs_callback_auth_unix = {
- .name = "unix",
- .flavour = RPC_AUTH_UNIX,
- .accept = nfs_callback_unix_accept,
- .release = nfs_callback_unix_release,
-};
-
-/*
- * Hook the authentication protocol
- */
-static int nfs_callback_auth(struct svc_rqst *rqstp, u32 *authp)
+static int nfs_callback_set_client(struct svc_rqst *rqstp)
{
struct in_addr *addr = &rqstp->rq_addr.sin_addr;
struct nfs4_client *clp;
- struct kvec *argv = &rqstp->rq_arg.head[0];
- int flavour;
- int retval;
/* Don't talk to strangers */
clp = nfs4_find_client(addr);
@@ -273,34 +150,18 @@ static int nfs_callback_auth(struct svc_
return SVC_DROP;
dprintk("%s: %u.%u.%u.%u NFSv4 callback!\n", __FUNCTION__, NIPQUAD(addr));
nfs4_put_client(clp);
- flavour = ntohl(svc_getu32(argv));
- switch(flavour) {
+ switch (rqstp->rq_authop->flavour) {
case RPC_AUTH_NULL:
- if (rqstp->rq_proc != CB_NULL) {
- *authp = rpc_autherr_tooweak;
- retval = SVC_DENIED;
- break;
- }
- rqstp->rq_authop = &nfs_callback_auth_null;
- retval = nfs_callback_null_accept(rqstp, authp);
+ if (rqstp->rq_proc != CB_NULL)
+ return SVC_DENIED;
break;
case RPC_AUTH_UNIX:
- /* Eat the authentication flavour */
- rqstp->rq_authop = &nfs_callback_auth_unix;
- retval = nfs_callback_unix_accept(rqstp, authp);
break;
default:
- /* FIXME: need to add RPCSEC_GSS upcalls */
-#if 0
- svc_ungetu32(argv);
- retval = svc_authenticate(rqstp, authp);
-#else
- *authp = rpc_autherr_rejectedcred;
- retval = SVC_DENIED;
-#endif
+ /* FIXME: RPCSEC_GSS handling? */
+ return SVC_DENIED;
}
- dprintk("%s: flavour %d returning error %d\n", __FUNCTION__, flavour, retval);
- return retval;
+ return SVC_OK;
}
/*
@@ -321,5 +182,5 @@ static struct svc_program nfs4_callback_
.pg_name = "NFSv4 callback", /* service name */
.pg_class = "nfs", /* authentication class */
.pg_stats = &nfs4_callback_stats,
- .pg_authenticate = nfs_callback_auth,
+ .pg_set_client = nfs_callback_set_client,
};
_
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2004-09-16 23:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20040916230555.GA13415@fieldses.org>
2004-09-16 23:07 ` 6 svcauth_unix patches to make export table lookups optional J. Bruce Fields
2004-09-16 23:16 ` [PATCH 1 of 6] svcrpc: auth_null fixes J. Bruce Fields
2004-09-16 23:16 ` [PATCH 2 of 6] svcrpc: share code duplicated between auth_unix and auth_null J. Bruce Fields
2004-09-16 23:16 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2004-09-16 23:16 ` J. Bruce Fields [this message]
2004-09-16 23:16 ` [PATCH 5 of 6] lockd: don't try to match callback requests against export table J. Bruce Fields
2004-09-16 23:16 ` [PATCH 6 of 6] nfsd: remove pg_authenticate field J. Bruce Fields
2004-09-16 23:34 ` [PATCH 5 of 6] lockd: don't try to match callback requests against export table Trond Myklebust
2004-09-24 3:55 ` Neil Brown
2004-09-16 23:38 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method Trond Myklebust
2004-09-17 1:11 ` J. Bruce Fields
2004-09-17 1:18 ` Trond Myklebust
2004-09-17 2:20 ` J. Bruce Fields
2004-09-22 6:54 ` Neil Brown
2004-09-22 10:10 ` Olaf Kirch
2004-09-23 21:46 ` J. Bruce Fields
2004-09-24 4:04 ` Neil Brown
2004-09-24 7:42 ` Olaf Kirch
2004-09-24 20:58 ` J. Bruce Fields
2004-09-28 22:00 ` J. Bruce Fields
2004-09-28 22:11 ` Trond Myklebust
2004-09-28 22:37 ` Trond Myklebust
2004-12-09 22:28 J. Bruce Fields
2004-12-09 22:28 ` [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2005-01-18 18:06 [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2005-01-18 18:06 ` [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1095375544.839c1c96.4@fieldses.org \
--to=bfields@fieldses.org \
--cc=neilb@cse.unsw.edu.au \
--cc=nfs@lists.sourceforge.net \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.