From: "J. Bruce Fields" <bfields@fieldses.org>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Neil Brown <neilb@cse.unsw.edu.au>, nfs@lists.sourceforge.net
Subject: Re: [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method
Date: Thu, 16 Sep 2004 22:20:15 -0400 [thread overview]
Message-ID: <20040917022015.GA15212@fieldses.org> (raw)
In-Reply-To: <1095383919.10216.142.camel@lade.trondhjem.org>
On Thu, Sep 16, 2004 at 09:18:39PM -0400, Trond Myklebust wrote:
> You are making a special method that is really very specific to
> svcauth_unix and svcauth_null, yet the pg_set_client() appears as a
> generic method in the generic svc_program object.
>
> Firstly, I'd strongly suggest that we call this callback pg_set_domain
> so that there is no confusion about what it does.
After considering that, I decided that "client" (which is used in
rq_client, in the nfsctl's (add_client), etc., in the exportfs
documentation, etc.) makes more sense than "domain" (used only in the
type struct auth_domain).
> Secondly, please explain why we're leaving RPCSEC_GSS as a special case
> here? Isn't the current implementation also calling up to "rpc.mountd"
> in order to check "/etc/exports"?
Yes, but that doesn't happen till later--we have to have a filehandle
for that. The mistake was probably referring to "the export table" in
the patch comments--we're not really looking at that yet, we're only
looking up the name of this client--it's not much more than a reverse
dns lookup. (So in the worst case, in auth_unix, there are *two*
upcalls--one here, to get the name of the client, then one later to
actually see whether something's exported to that client.)
So this upcall really is auth_unix/auth_null-specific.
But still there's some odd asymmetry here, I agree--I need to think
about the auth_gss case.
> Ideally, all the *_accept() methods
> should be calling the same function to set the domain (or not to set it
> as the case may be). Better still: could we defer calling
> pg_set_domain() until after the call to svc_authenticate?
That would be nice.
> Finally, please could we move the domain_release() method out of struct
> auth_ops and into struct auth_domain itself?
Yeah, that's probably a good idea.
Thanks for the comments.
--b.
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2004-09-17 2:20 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20040916230555.GA13415@fieldses.org>
2004-09-16 23:07 ` 6 svcauth_unix patches to make export table lookups optional J. Bruce Fields
2004-09-16 23:16 ` [PATCH 1 of 6] svcrpc: auth_null fixes J. Bruce Fields
2004-09-16 23:16 ` [PATCH 2 of 6] svcrpc: share code duplicated between auth_unix and auth_null J. Bruce Fields
2004-09-16 23:16 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2004-09-16 23:16 ` [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication J. Bruce Fields
2004-09-16 23:16 ` [PATCH 5 of 6] lockd: don't try to match callback requests against export table J. Bruce Fields
2004-09-16 23:16 ` [PATCH 6 of 6] nfsd: remove pg_authenticate field J. Bruce Fields
2004-09-16 23:34 ` [PATCH 5 of 6] lockd: don't try to match callback requests against export table Trond Myklebust
2004-09-24 3:55 ` Neil Brown
2004-09-16 23:38 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method Trond Myklebust
2004-09-17 1:11 ` J. Bruce Fields
2004-09-17 1:18 ` Trond Myklebust
2004-09-17 2:20 ` J. Bruce Fields [this message]
2004-09-22 6:54 ` Neil Brown
2004-09-22 10:10 ` Olaf Kirch
2004-09-23 21:46 ` J. Bruce Fields
2004-09-24 4:04 ` Neil Brown
2004-09-24 7:42 ` Olaf Kirch
2004-09-24 20:58 ` J. Bruce Fields
2004-09-28 22:00 ` J. Bruce Fields
2004-09-28 22:11 ` Trond Myklebust
2004-09-28 22:37 ` Trond Myklebust
2004-12-09 22:28 [PATCH 2 of 6] svcrpc: rename pg_authenticate J. Bruce Fields
2004-12-09 22:28 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2005-01-18 18:06 [PATCH 2 of 6] svcrpc: rename pg_authenticate J. Bruce Fields
2005-01-18 18:06 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040917022015.GA15212@fieldses.org \
--to=bfields@fieldses.org \
--cc=neilb@cse.unsw.edu.au \
--cc=nfs@lists.sourceforge.net \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.