From: "J. Bruce Fields" <bfields@fieldses.org>
To: Neil Brown <neilb@cse.unsw.edu.au>
Cc: nfs@lists.sourceforge.net
Subject: [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication
Date: Tue, 18 Jan 2005 13:06:30 -0500 [thread overview]
Message-ID: <1106070956.b175e53d.4@fieldses.org> (raw)
In-Reply-To: <1106070956.b175e53d.3@fieldses.org>
Use new pg_authenticate method to simplify nfs4 callback authentication.
This also has the effect of changing the error return from rejectedcred to
badcred. I believe the change is correct.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
---
linux-2.6.10-rc3-bfields/fs/nfs/callback.c | 156 +----------------------------
1 files changed, 9 insertions(+), 147 deletions(-)
diff -puN fs/nfs/callback.c~nfs4_simplify_callback_auth fs/nfs/callback.c
--- linux-2.6.10-rc3/fs/nfs/callback.c~nfs4_simplify_callback_auth 2004-12-08 15:12:12.000000000 -0500
+++ linux-2.6.10-rc3-bfields/fs/nfs/callback.c 2004-12-08 15:12:12.000000000 -0500
@@ -139,133 +139,10 @@ out:
return ret;
}
-/*
- * AUTH_NULL authentication
- */
-static int nfs_callback_null_accept(struct svc_rqst *rqstp, u32 *authp)
-{
- struct kvec *argv = &rqstp->rq_arg.head[0];
- struct kvec *resv = &rqstp->rq_res.head[0];
-
- if (argv->iov_len < 3*4)
- return SVC_GARBAGE;
-
- if (svc_getu32(argv) != 0) {
- dprintk("svc: bad null cred\n");
- *authp = rpc_autherr_badcred;
- return SVC_DENIED;
- }
- if (svc_getu32(argv) != RPC_AUTH_NULL || svc_getu32(argv) != 0) {
- dprintk("svc: bad null verf\n");
- *authp = rpc_autherr_badverf;
- return SVC_DENIED;
- }
-
- /* Signal that mapping to nobody uid/gid is required */
- rqstp->rq_cred.cr_uid = (uid_t) -1;
- rqstp->rq_cred.cr_gid = (gid_t) -1;
- rqstp->rq_cred.cr_group_info = groups_alloc(0);
- if (rqstp->rq_cred.cr_group_info == NULL)
- return SVC_DROP; /* kmalloc failure - client must retry */
-
- /* Put NULL verifier */
- svc_putu32(resv, RPC_AUTH_NULL);
- svc_putu32(resv, 0);
- dprintk("%s: success, returning %d!\n", __FUNCTION__, SVC_OK);
- return SVC_OK;
-}
-
-static int nfs_callback_null_release(struct svc_rqst *rqstp)
-{
- if (rqstp->rq_cred.cr_group_info)
- put_group_info(rqstp->rq_cred.cr_group_info);
- rqstp->rq_cred.cr_group_info = NULL;
- return 0; /* don't drop */
-}
-
-static struct auth_ops nfs_callback_auth_null = {
- .name = "null",
- .flavour = RPC_AUTH_NULL,
- .accept = nfs_callback_null_accept,
- .release = nfs_callback_null_release,
-};
-
-/*
- * AUTH_SYS authentication
- */
-static int nfs_callback_unix_accept(struct svc_rqst *rqstp, u32 *authp)
-{
- struct kvec *argv = &rqstp->rq_arg.head[0];
- struct kvec *resv = &rqstp->rq_res.head[0];
- struct svc_cred *cred = &rqstp->rq_cred;
- u32 slen, i;
- int len = argv->iov_len;
-
- dprintk("%s: start\n", __FUNCTION__);
- cred->cr_group_info = NULL;
- rqstp->rq_client = NULL;
- if ((len -= 3*4) < 0)
- return SVC_GARBAGE;
-
- /* Get length, time stamp and machine name */
- svc_getu32(argv);
- svc_getu32(argv);
- slen = XDR_QUADLEN(ntohl(svc_getu32(argv)));
- if (slen > 64 || (len -= (slen + 3)*4) < 0)
- goto badcred;
- argv->iov_base = (void*)((u32*)argv->iov_base + slen);
- argv->iov_len -= slen*4;
-
- cred->cr_uid = ntohl(svc_getu32(argv));
- cred->cr_gid = ntohl(svc_getu32(argv));
- slen = ntohl(svc_getu32(argv));
- if (slen > 16 || (len -= (slen + 2)*4) < 0)
- goto badcred;
- cred->cr_group_info = groups_alloc(slen);
- if (cred->cr_group_info == NULL)
- return SVC_DROP;
- for (i = 0; i < slen; i++)
- GROUP_AT(cred->cr_group_info, i) = ntohl(svc_getu32(argv));
-
- if (svc_getu32(argv) != RPC_AUTH_NULL || svc_getu32(argv) != 0) {
- *authp = rpc_autherr_badverf;
- return SVC_DENIED;
- }
- /* Put NULL verifier */
- svc_putu32(resv, RPC_AUTH_NULL);
- svc_putu32(resv, 0);
- dprintk("%s: success, returning %d!\n", __FUNCTION__, SVC_OK);
- return SVC_OK;
-badcred:
- *authp = rpc_autherr_badcred;
- return SVC_DENIED;
-}
-
-static int nfs_callback_unix_release(struct svc_rqst *rqstp)
-{
- if (rqstp->rq_cred.cr_group_info)
- put_group_info(rqstp->rq_cred.cr_group_info);
- rqstp->rq_cred.cr_group_info = NULL;
- return 0;
-}
-
-static struct auth_ops nfs_callback_auth_unix = {
- .name = "unix",
- .flavour = RPC_AUTH_UNIX,
- .accept = nfs_callback_unix_accept,
- .release = nfs_callback_unix_release,
-};
-
-/*
- * Hook the authentication protocol
- */
-static int nfs_callback_auth(struct svc_rqst *rqstp, u32 *authp)
+static int nfs_callback_authenticate(struct svc_rqst *rqstp)
{
struct in_addr *addr = &rqstp->rq_addr.sin_addr;
struct nfs4_client *clp;
- struct kvec *argv = &rqstp->rq_arg.head[0];
- int flavour;
- int retval;
/* Don't talk to strangers */
clp = nfs4_find_client(addr);
@@ -273,34 +150,19 @@ static int nfs_callback_auth(struct svc_
return SVC_DROP;
dprintk("%s: %u.%u.%u.%u NFSv4 callback!\n", __FUNCTION__, NIPQUAD(addr));
nfs4_put_client(clp);
- flavour = ntohl(svc_getu32(argv));
- switch(flavour) {
+ switch (rqstp->rq_authop->flavour) {
case RPC_AUTH_NULL:
- if (rqstp->rq_proc != CB_NULL) {
- *authp = rpc_autherr_tooweak;
- retval = SVC_DENIED;
- break;
- }
- rqstp->rq_authop = &nfs_callback_auth_null;
- retval = nfs_callback_null_accept(rqstp, authp);
+ if (rqstp->rq_proc != CB_NULL)
+ return SVC_DENIED;
break;
case RPC_AUTH_UNIX:
- /* Eat the authentication flavour */
- rqstp->rq_authop = &nfs_callback_auth_unix;
- retval = nfs_callback_unix_accept(rqstp, authp);
break;
+ case RPC_AUTH_GSS:
+ /* FIXME: RPCSEC_GSS handling? */
default:
- /* FIXME: need to add RPCSEC_GSS upcalls */
-#if 0
- svc_ungetu32(argv);
- retval = svc_authenticate(rqstp, authp);
-#else
- *authp = rpc_autherr_rejectedcred;
- retval = SVC_DENIED;
-#endif
+ return SVC_DENIED;
}
- dprintk("%s: flavour %d returning error %d\n", __FUNCTION__, flavour, retval);
- return retval;
+ return SVC_OK;
}
/*
@@ -321,5 +183,5 @@ static struct svc_program nfs4_callback_
.pg_name = "NFSv4 callback", /* service name */
.pg_class = "nfs", /* authentication class */
.pg_stats = &nfs4_callback_stats,
- .pg_authenticate_obsolete = nfs_callback_auth,
+ .pg_authenticate = nfs_callback_authenticate,
};
_
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2005-01-18 18:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-18 18:06 6 patches J. Bruce Fields
2005-01-18 18:06 ` [PATCH 1 of 6] svcrpc: add a per-flavor set_client method J. Bruce Fields
2005-01-18 18:06 ` [PATCH 2 of 6] svcrpc: rename pg_authenticate J. Bruce Fields
2005-01-18 18:06 ` [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2005-01-18 18:06 ` J. Bruce Fields [this message]
2005-01-18 18:06 ` [PATCH 5 of 6] lockd: don't try to match callback requests against export table J. Bruce Fields
2005-01-18 18:06 ` [PATCH 6 of 6] nfsd: remove pg_authenticate field J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2004-12-09 22:28 [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2004-12-09 22:28 ` [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication J. Bruce Fields
2004-09-16 23:16 [PATCH 3 of 6] svcrpc: move export table checks to a per-program pg_add_client method J. Bruce Fields
2004-09-16 23:16 ` [PATCH 4 of 6] nfs4: use new pg_set_client method to simplify nfs4 callback authentication J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1106070956.b175e53d.4@fieldses.org \
--to=bfields@fieldses.org \
--cc=neilb@cse.unsw.edu.au \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox