From: "J. Bruce Fields" <bfields@fieldses.org>
To: Neil Brown <neilb@cse.unsw.edu.au>
Cc: nfs@lists.sourceforge.net
Subject: [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication
Date: Tue, 18 Jan 2005 13:06:30 -0500 [thread overview]
Message-ID: <1106070956.b175e53d.4@fieldses.org> (raw)
In-Reply-To: <1106070956.b175e53d.3@fieldses.org>
Use new pg_authenticate method to simplify nfs4 callback authentication.
This also has the effect of changing the error return from rejectedcred to
badcred. I believe the change is correct.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
---
linux-2.6.10-rc3-bfields/fs/nfs/callback.c | 156 +----------------------------
1 files changed, 9 insertions(+), 147 deletions(-)
diff -puN fs/nfs/callback.c~nfs4_simplify_callback_auth fs/nfs/callback.c
--- linux-2.6.10-rc3/fs/nfs/callback.c~nfs4_simplify_callback_auth 2004-12-08 15:12:12.000000000 -0500
+++ linux-2.6.10-rc3-bfields/fs/nfs/callback.c 2004-12-08 15:12:12.000000000 -0500
@@ -139,133 +139,10 @@ out:
return ret;
}
-/*
- * AUTH_NULL authentication
- */
-static int nfs_callback_null_accept(struct svc_rqst *rqstp, u32 *authp)
-{
- struct kvec *argv = &rqstp->rq_arg.head[0];
- struct kvec *resv = &rqstp->rq_res.head[0];
-
- if (argv->iov_len < 3*4)
- return SVC_GARBAGE;
-
- if (svc_getu32(argv) != 0) {
- dprintk("svc: bad null cred\n");
- *authp = rpc_autherr_badcred;
- return SVC_DENIED;
- }
- if (svc_getu32(argv) != RPC_AUTH_NULL || svc_getu32(argv) != 0) {
- dprintk("svc: bad null verf\n");
- *authp = rpc_autherr_badverf;
- return SVC_DENIED;
- }
-
- /* Signal that mapping to nobody uid/gid is required */
- rqstp->rq_cred.cr_uid = (uid_t) -1;
- rqstp->rq_cred.cr_gid = (gid_t) -1;
- rqstp->rq_cred.cr_group_info = groups_alloc(0);
- if (rqstp->rq_cred.cr_group_info == NULL)
- return SVC_DROP; /* kmalloc failure - client must retry */
-
- /* Put NULL verifier */
- svc_putu32(resv, RPC_AUTH_NULL);
- svc_putu32(resv, 0);
- dprintk("%s: success, returning %d!\n", __FUNCTION__, SVC_OK);
- return SVC_OK;
-}
-
-static int nfs_callback_null_release(struct svc_rqst *rqstp)
-{
- if (rqstp->rq_cred.cr_group_info)
- put_group_info(rqstp->rq_cred.cr_group_info);
- rqstp->rq_cred.cr_group_info = NULL;
- return 0; /* don't drop */
-}
-
-static struct auth_ops nfs_callback_auth_null = {
- .name = "null",
- .flavour = RPC_AUTH_NULL,
- .accept = nfs_callback_null_accept,
- .release = nfs_callback_null_release,
-};
-
-/*
- * AUTH_SYS authentication
- */
-static int nfs_callback_unix_accept(struct svc_rqst *rqstp, u32 *authp)
-{
- struct kvec *argv = &rqstp->rq_arg.head[0];
- struct kvec *resv = &rqstp->rq_res.head[0];
- struct svc_cred *cred = &rqstp->rq_cred;
- u32 slen, i;
- int len = argv->iov_len;
-
- dprintk("%s: start\n", __FUNCTION__);
- cred->cr_group_info = NULL;
- rqstp->rq_client = NULL;
- if ((len -= 3*4) < 0)
- return SVC_GARBAGE;
-
- /* Get length, time stamp and machine name */
- svc_getu32(argv);
- svc_getu32(argv);
- slen = XDR_QUADLEN(ntohl(svc_getu32(argv)));
- if (slen > 64 || (len -= (slen + 3)*4) < 0)
- goto badcred;
- argv->iov_base = (void*)((u32*)argv->iov_base + slen);
- argv->iov_len -= slen*4;
-
- cred->cr_uid = ntohl(svc_getu32(argv));
- cred->cr_gid = ntohl(svc_getu32(argv));
- slen = ntohl(svc_getu32(argv));
- if (slen > 16 || (len -= (slen + 2)*4) < 0)
- goto badcred;
- cred->cr_group_info = groups_alloc(slen);
- if (cred->cr_group_info == NULL)
- return SVC_DROP;
- for (i = 0; i < slen; i++)
- GROUP_AT(cred->cr_group_info, i) = ntohl(svc_getu32(argv));
-
- if (svc_getu32(argv) != RPC_AUTH_NULL || svc_getu32(argv) != 0) {
- *authp = rpc_autherr_badverf;
- return SVC_DENIED;
- }
- /* Put NULL verifier */
- svc_putu32(resv, RPC_AUTH_NULL);
- svc_putu32(resv, 0);
- dprintk("%s: success, returning %d!\n", __FUNCTION__, SVC_OK);
- return SVC_OK;
-badcred:
- *authp = rpc_autherr_badcred;
- return SVC_DENIED;
-}
-
-static int nfs_callback_unix_release(struct svc_rqst *rqstp)
-{
- if (rqstp->rq_cred.cr_group_info)
- put_group_info(rqstp->rq_cred.cr_group_info);
- rqstp->rq_cred.cr_group_info = NULL;
- return 0;
-}
-
-static struct auth_ops nfs_callback_auth_unix = {
- .name = "unix",
- .flavour = RPC_AUTH_UNIX,
- .accept = nfs_callback_unix_accept,
- .release = nfs_callback_unix_release,
-};
-
-/*
- * Hook the authentication protocol
- */
-static int nfs_callback_auth(struct svc_rqst *rqstp, u32 *authp)
+static int nfs_callback_authenticate(struct svc_rqst *rqstp)
{
struct in_addr *addr = &rqstp->rq_addr.sin_addr;
struct nfs4_client *clp;
- struct kvec *argv = &rqstp->rq_arg.head[0];
- int flavour;
- int retval;
/* Don't talk to strangers */
clp = nfs4_find_client(addr);
@@ -273,34 +150,19 @@ static int nfs_callback_auth(struct svc_
return SVC_DROP;
dprintk("%s: %u.%u.%u.%u NFSv4 callback!\n", __FUNCTION__, NIPQUAD(addr));
nfs4_put_client(clp);
- flavour = ntohl(svc_getu32(argv));
- switch(flavour) {
+ switch (rqstp->rq_authop->flavour) {
case RPC_AUTH_NULL:
- if (rqstp->rq_proc != CB_NULL) {
- *authp = rpc_autherr_tooweak;
- retval = SVC_DENIED;
- break;
- }
- rqstp->rq_authop = &nfs_callback_auth_null;
- retval = nfs_callback_null_accept(rqstp, authp);
+ if (rqstp->rq_proc != CB_NULL)
+ return SVC_DENIED;
break;
case RPC_AUTH_UNIX:
- /* Eat the authentication flavour */
- rqstp->rq_authop = &nfs_callback_auth_unix;
- retval = nfs_callback_unix_accept(rqstp, authp);
break;
+ case RPC_AUTH_GSS:
+ /* FIXME: RPCSEC_GSS handling? */
default:
- /* FIXME: need to add RPCSEC_GSS upcalls */
-#if 0
- svc_ungetu32(argv);
- retval = svc_authenticate(rqstp, authp);
-#else
- *authp = rpc_autherr_rejectedcred;
- retval = SVC_DENIED;
-#endif
+ return SVC_DENIED;
}
- dprintk("%s: flavour %d returning error %d\n", __FUNCTION__, flavour, retval);
- return retval;
+ return SVC_OK;
}
/*
@@ -321,5 +183,5 @@ static struct svc_program nfs4_callback_
.pg_name = "NFSv4 callback", /* service name */
.pg_class = "nfs", /* authentication class */
.pg_stats = &nfs4_callback_stats,
- .pg_authenticate_obsolete = nfs_callback_auth,
+ .pg_authenticate = nfs_callback_authenticate,
};
_
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2005-01-18 18:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-18 18:06 6 patches J. Bruce Fields
2005-01-18 18:06 ` [PATCH 1 of 6] svcrpc: add a per-flavor set_client method J. Bruce Fields
2005-01-18 18:06 ` [PATCH 2 of 6] svcrpc: rename pg_authenticate J. Bruce Fields
2005-01-18 18:06 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2005-01-18 18:06 ` J. Bruce Fields [this message]
2005-01-18 18:06 ` [PATCH 5 of 6] lockd: don't try to match callback requests against export table J. Bruce Fields
2005-01-18 18:06 ` [PATCH 6 of 6] nfsd: remove pg_authenticate field J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2004-12-09 22:28 [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2004-12-09 22:28 ` [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication J. Bruce Fields
2004-09-16 23:16 [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2004-09-16 23:16 ` [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1106070956.b175e53d.4@fieldses.org \
--to=bfields@fieldses.org \
--cc=neilb@cse.unsw.edu.au \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.