From: Scott Mayhew <smayhew@redhat.com>
To: bfields@fieldses.org, chuck.lever@oracle.com
Cc: simo@redhat.com, linux-nfs@vger.kernel.org
Subject: [PATCH v2 0/2] add hash of the kerberos principal to the data being tracked by nfsdcld
Date: Mon, 9 Sep 2019 16:10:29 -0400 [thread overview]
Message-ID: <20190909201031.12323-1-smayhew@redhat.com> (raw)
At the spring bakeathon, Chuck suggested that we should store the
kerberos principal in addition to the client id string in nfsdcld. The
idea is to prevent an illegitimate client from reclaiming another
client's opens by supplying that client's id string.
The first patch lays some groundwork for supporting multiple message
versions for the nfsdcld upcalls, adding fields for version and message
length to the nfsd4_client_tracking_ops (these fields are only used for
the nfsdcld upcalls and ignored for the other tracking methods), as well
as an upcall to get the maximum version supported by the userspace
daemon.
The second patch actually adds the v2 message, which adds the sha256 hash
of the kerberos principal to the Cld_Create upcall and to the Cld_GraceStart
downcall (which is what loads the data in the reclaim_str_hashtbl).
Changes since v1:
- use the sha256 hash of a principal instead of the principal itself
- prefer the cr_raw_principal (returned by gssproxy) if it exists, then
fall back to cr_principal (returned by both gssproxy and rpc.svcgssd)
Scott Mayhew (2):
nfsd: add a "GetVersion" upcall for nfsdcld
nfsd: add support for upcall version 2
fs/nfsd/nfs4recover.c | 388 ++++++++++++++++++++++++++++------
fs/nfsd/nfs4state.c | 6 +-
fs/nfsd/state.h | 3 +-
include/uapi/linux/nfsd/cld.h | 41 +++-
4 files changed, 371 insertions(+), 67 deletions(-)
--
2.17.2
next reply other threads:[~2019-09-09 20:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-09 20:10 Scott Mayhew [this message]
2019-09-09 20:10 ` [PATCH v2 1/2] nfsd: add a "GetVersion" upcall for nfsdcld Scott Mayhew
2019-09-09 20:10 ` [PATCH v2 2/2] nfsd: add support for upcall version 2 Scott Mayhew
2019-09-10 13:28 ` [PATCH v2 0/2] add hash of the kerberos principal to the data being tracked by nfsdcld J. Bruce Fields
2019-09-10 14:46 ` Simo Sorce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190909201031.12323-1-smayhew@redhat.com \
--to=smayhew@redhat.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox