nfsd4: implement minimal SP4_MACH_CRED

	return 0 == strcmp(cr1->cr_principal, cr2->cr_principal);

}

static bool svc_rqst_integrity_protected(struct svc_rqst *rqstp)

{

	struct svc_cred *cr = &rqstp->rq_cred;

	u32 service;

	service = gss_pseudoflavor_to_service(cr->cr_gss_mech, cr->cr_flavor);

	return service == RPC_GSS_SVC_INTEGRITY ||

	       service == RPC_GSS_SVC_PRIVACY;

}

static bool mach_creds_match(struct nfs4_client *cl, struct svc_rqst *rqstp)

{

	struct svc_cred *cr = &rqstp->rq_cred;

	if (!cl->cl_mach_cred)

		return true;

	if (cl->cl_cred.cr_gss_mech != cr->cr_gss_mech)

		return false;

	if (!svc_rqst_integrity_protected(rqstp))

		return false;

	if (!cr->cr_principal)

		return false;

	return 0 == strcmp(cl->cl_cred.cr_principal, cr->cr_principal);

}

static void gen_clid(struct nfs4_client *clp, struct nfsd_net *nn)

{

	static u32 current_clientid = 1;

	if (exid->flags & ~EXCHGID4_FLAG_MASK_A)

		return nfserr_inval;

	/* Currently only support SP4_NONE */

	switch (exid->spa_how) {

	case SP4_MACH_CRED:

		if (!svc_rqst_integrity_protected(rqstp))

			return nfserr_inval;

	case SP4_NONE:

		break;

	default:				/* checked by xdr code */

		WARN_ON_ONCE(1);

	case SP4_SSV:

		return nfserr_encr_alg_unsupp;

	case SP4_MACH_CRED:

		return nfserr_serverfault;	/* no excuse :-/ */

	}

	/* Cases below refer to rfc 5661 section 18.35.4: */

				status = nfserr_inval;

				goto out;

			}

			if (!mach_creds_match(conf, rqstp)) {

				status = nfserr_wrong_cred;

				goto out;

			}

			if (!creds_match) { /* case 9 */

				status = nfserr_perm;

				goto out;

		goto out;

	}

	new->cl_minorversion = cstate->minorversion;

	new->cl_mach_cred = (exid->spa_how == SP4_MACH_CRED);

	gen_clid(new, nn);

	add_to_unconfirmed(new);

	WARN_ON_ONCE(conf && unconf);

	if (conf) {

		status = nfserr_wrong_cred;

		if (!mach_creds_match(conf, rqstp))

			goto out_free_conn;

		cs_slot = &conf->cl_cs_slot;

		status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);

		if (status == nfserr_replay_cache) {

			status = nfserr_clid_inuse;

			goto out_free_conn;

		}

		status = nfserr_wrong_cred;

		if (!mach_creds_match(unconf, rqstp))

			goto out_free_conn;

		cs_slot = &unconf->cl_cs_slot;

		status = check_slot_seqid(cr_ses->seqid, cs_slot->sl_seqid, 0);

		if (status) {

	status = nfserr_badsession;

	if (!session)

		goto out;

	status = nfserr_wrong_cred;

	if (!mach_creds_match(session->se_client, rqstp))

		goto out;

	status = nfsd4_map_bcts_dir(&bcts->dir);

	if (status)

		goto out;

	status = nfserr_badsession;

	if (!ses)

		goto out_client_lock;

	status = nfserr_wrong_cred;

	if (!mach_creds_match(ses->se_client, r))

		goto out_client_lock;

	status = mark_session_dead_locked(ses);

	if (status)

		goto out_client_lock;

	return NULL;

}

static void nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)

static __be32 nfsd4_sequence_check_conn(struct nfsd4_conn *new, struct nfsd4_session *ses)

{

	struct nfs4_client *clp = ses->se_client;

	struct nfsd4_conn *c;

	__be32 status = nfs_ok;

	int ret;

	spin_lock(&clp->cl_lock);

	c = __nfsd4_find_conn(new->cn_xprt, ses);

	if (c) {

		spin_unlock(&clp->cl_lock);

		free_conn(new);

		return;

	}

	if (c)

		goto out_free;

	status = nfserr_conn_not_bound_to_session;

	if (clp->cl_mach_cred)

		goto out_free;

	__nfsd4_hash_conn(new, ses);

	spin_unlock(&clp->cl_lock);

	ret = nfsd4_register_conn(new);

	if (ret)

		/* oops; xprt is already down: */

		nfsd4_conn_lost(&new->cn_xpt_user);

	return;

	return nfs_ok;

out_free:

	spin_unlock(&clp->cl_lock);

	free_conn(new);

	return status;

}

static bool nfsd4_session_too_many_ops(struct svc_rqst *rqstp, struct nfsd4_session *session)

	if (status)

		goto out_put_session;

	nfsd4_sequence_check_conn(conn, session);

	status = nfsd4_sequence_check_conn(conn, session);

	conn = NULL;

	if (status)

		goto out_put_session;

	/* Success! bump slot seqid */

	slot->sl_seqid = seq->seqid;

		status = nfserr_stale_clientid;

		goto out;

	}

	if (!mach_creds_match(clp, rqstp)) {

		status = nfserr_wrong_cred;

		goto out;

	}

	expire_client(clp);

out:

	nfs4_unlock_state();

	return nfserr;

}

static const u32 nfs4_minimal_spo_must_enforce[2] = {

	[1] = 1 << (OP_BIND_CONN_TO_SESSION - 32) |

	      1 << (OP_EXCHANGE_ID - 32) |

	      1 << (OP_CREATE_SESSION - 32) |

	      1 << (OP_DESTROY_SESSION - 32) |

	      1 << (OP_DESTROY_CLIENTID - 32)

};

static __be32

nfsd4_encode_exchange_id(struct nfsd4_compoundres *resp, __be32 nfserr,

			 struct nfsd4_exchange_id *exid)

	/* state_protect4_r. Currently only support SP4_NONE */

	BUG_ON(exid->spa_how != SP4_NONE);

	WRITE32(exid->spa_how);

	switch (exid->spa_how) {

	case SP4_NONE:

		break;

	case SP4_MACH_CRED:

		/* spo_must_enforce bitmap: */

		WRITE32(2);

		WRITE32(nfs4_minimal_spo_must_enforce[0]);

		WRITE32(nfs4_minimal_spo_must_enforce[1]);

		/* empty spo_must_allow bitmap: */

		WRITE32(0);

		break;

	default:

		WARN_ON_ONCE(1);

	}

	/* The server_owner struct */

	WRITE64(minor_id);      /* Minor id */

	nfs4_verifier		cl_verifier; 	/* generated by client */

	time_t                  cl_time;        /* time of last lease renewal */

	struct sockaddr_storage	cl_addr; 	/* client ipaddress */

	bool			cl_mach_cred;	/* SP4_MACH_CRED in force */

	struct svc_cred		cl_cred; 	/* setclientid principal */

	clientid_t		cl_clientid;	/* generated by server */

	nfs4_verifier		cl_confirm;	/* generated by server */