From: "J. Bruce Fields" <bfields@fieldses.org>
To: Neil Brown <neilb@cse.unsw.edu.au>
Cc: nfs@lists.sourceforge.net, Trond Myklebust <trond.myklebust@fys.uio.no>
Subject: 6 patches fixing server rpc callback authentication
Date: Thu, 09 Dec 2004 17:28:36 -0500 [thread overview]
Message-ID: <1102628809.16c39937.0@fieldses.org> (raw)
This is my second attempt; sorry for the delay.
To summarize the problem: The server insists on checking incoming rpc calls
against the list of clients that nfsd exports to, for all rpc services. The
most visible bug caused by this is unnecessary delays granting locks, caused by
the client's lockd incorrectly rejecting GRANTED callbacks.
The following patches replace the client checks in svcauth_unix.c by a
program-specific pg_authenticate() callback. In the case of nfsd,
pg_authenticate just does the usual client checks.
Changes since the previous version of these patches:
* Move the call to the pg_authenticate() callback into svc_process()
and out of the flavor-specific code.
* Add a flavor-specific callback to the server's rpc auth_ops to map
an incoming request to the "client" it is thought to be from, for
pg_authenticate to use in the case where it wants a client for
later checking against the export list.
I've tested that this does at least solve the problem with lockd callbacks.
--b.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next reply other threads:[~2004-12-09 22:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-09 22:28 J. Bruce Fields [this message]
2004-12-09 22:28 ` [PATCH 1 of 6] svcrpc: add a per-flavor set_client method J. Bruce Fields
2004-12-09 22:28 ` [PATCH 2 of 6] svcrpc: rename pg_authenticate J. Bruce Fields
2004-12-09 22:28 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2004-12-09 22:28 ` [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication J. Bruce Fields
2004-12-09 22:28 ` [PATCH 5 of 6] lockd: don't try to match callback requests against export table J. Bruce Fields
2004-12-09 22:28 ` [PATCH 6 of 6] nfsd: remove pg_authenticate field J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1102628809.16c39937.0@fieldses.org \
--to=bfields@fieldses.org \
--cc=neilb@cse.unsw.edu.au \
--cc=nfs@lists.sourceforge.net \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.