Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7c67db3a authored by Trond Myklebust's avatar Trond Myklebust
Browse files

NFSv4: Reintroduce machine creds



We need to try to ensure that we always use the same credentials whenever
we re-establish the clientid on the server. If not, the server won't
recognise that we're the same client, and so may not allow us to recover
state.

Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 78ea323b
Loading
Loading
Loading
Loading
+7 −0
Original line number Diff line number Diff line
@@ -112,6 +112,7 @@ struct nfs_client_initdata {
static struct nfs_client *nfs_alloc_client(const struct nfs_client_initdata *cl_init)
{
	struct nfs_client *clp;
	struct rpc_cred *cred;

	if ((clp = kzalloc(sizeof(*clp), GFP_KERNEL)) == NULL)
		goto error_0;
@@ -150,6 +151,9 @@ static struct nfs_client *nfs_alloc_client(const struct nfs_client_initdata *cl_
	clp->cl_boot_time = CURRENT_TIME;
	clp->cl_state = 1 << NFS4CLNT_LEASE_EXPIRED;
#endif
	cred = rpc_lookup_machine_cred();
	if (!IS_ERR(cred))
		clp->cl_machine_cred = cred;

	return clp;

@@ -191,6 +195,9 @@ static void nfs_free_client(struct nfs_client *clp)
	if (__test_and_clear_bit(NFS_CS_CALLBACK, &clp->cl_res_state))
		nfs_callback_down();

	if (clp->cl_machine_cred != NULL)
		put_rpccred(clp->cl_machine_cred);

	kfree(clp->cl_hostname);
	kfree(clp);

+2 −0
Original line number Diff line number Diff line
@@ -32,6 +32,8 @@ struct nfs_client {
	const struct nfs_rpc_ops *rpc_ops;	/* NFS protocol vector */
	int			cl_proto;	/* Network transport protocol */

	struct rpc_cred		*cl_machine_cred;

#ifdef CONFIG_NFS_V4
	u64			cl_clientid;	/* constant */
	nfs4_verifier		cl_confirm;
+2 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ struct auth_cred {
	uid_t	uid;
	gid_t	gid;
	struct group_info *group_info;
	unsigned char machine_cred : 1;
};

/*
@@ -130,6 +131,7 @@ void __exit rpcauth_remove_module(void);
void __exit		rpc_destroy_generic_auth(void);

struct rpc_cred *	rpc_lookup_cred(void);
struct rpc_cred *	rpc_lookup_machine_cred(void);
int			rpcauth_register(const struct rpc_authops *);
int			rpcauth_unregister(const struct rpc_authops *);
struct rpc_auth *	rpcauth_create(rpc_authflavor_t, struct rpc_clnt *);
+1 −0
Original line number Diff line number Diff line
@@ -84,6 +84,7 @@ struct gss_cred {
	enum rpc_gss_svc	gc_service;
	struct gss_cl_ctx	*gc_ctx;
	struct gss_upcall_msg	*gc_upcall;
	unsigned char		gc_machine_cred : 1;
};

#endif /* __KERNEL__ */
+24 −2
Original line number Diff line number Diff line
@@ -17,6 +17,9 @@
# define RPCDBG_FACILITY	RPCDBG_AUTH
#endif

#define RPC_ANONYMOUS_USERID	((uid_t)-2)
#define RPC_ANONYMOUS_GROUPID	((gid_t)-2)

struct generic_cred {
	struct rpc_cred gc_base;
	struct auth_cred acred;
@@ -35,6 +38,22 @@ struct rpc_cred *rpc_lookup_cred(void)
}
EXPORT_SYMBOL_GPL(rpc_lookup_cred);

/*
 * Public call interface for looking up machine creds.
 */
struct rpc_cred *rpc_lookup_machine_cred(void)
{
	struct auth_cred acred = {
		.uid = RPC_ANONYMOUS_USERID,
		.gid = RPC_ANONYMOUS_GROUPID,
		.machine_cred = 1,
	};

	dprintk("RPC:       looking up machine cred\n");
	return generic_auth.au_ops->lookup_cred(&generic_auth, &acred, 0);
}
EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred);

static void
generic_bind_cred(struct rpc_task *task, struct rpc_cred *cred)
{
@@ -75,8 +94,10 @@ generic_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
	gcred->acred.group_info = acred->group_info;
	if (gcred->acred.group_info != NULL)
		get_group_info(gcred->acred.group_info);
	gcred->acred.machine_cred = acred->machine_cred;

	dprintk("RPC:       allocated generic cred %p for uid %d gid %d\n",
	dprintk("RPC:       allocated %s cred %p for uid %d gid %d\n",
			gcred->acred.machine_cred ? "machine" : "generic",
			gcred, acred->uid, acred->gid);
	return &gcred->gc_base;
}
@@ -115,7 +136,8 @@ generic_match(struct auth_cred *acred, struct rpc_cred *cred, int flags)

	if (gcred->acred.uid != acred->uid ||
	    gcred->acred.gid != acred->gid ||
	    gcred->acred.group_info != acred->group_info)
	    gcred->acred.group_info != acred->group_info ||
	    gcred->acred.machine_cred != acred->machine_cred)
		return 0;
	return 1;
}
Loading