nfsd4: backchannel should use client-provided security flavor

For now this only adds support for AUTH_NULL.  (Previously we assumed
AUTH_UNIX.)  We'll also need AUTH_GSS, which is trickier.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index a1aa18db08fba280f8b8304d745fafacbb418cd1..7bb187ac149228d49cdc000d29c26bfca7437e9f 100644 (file)
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -692,7 +692,7 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c
                args.bc_xprt = conn->cb_xprt;
                args.prognumber = clp->cl_cb_session->se_cb_prog;
                args.protocol = XPRT_TRANSPORT_BC_TCP;
-               args.authflavor = RPC_AUTH_UNIX;
+               args.authflavor = ses->se_cb_sec.flavor;
        }
        /* Create RPC client */
        client = rpc_create(&args);
@@ -709,7 +709,6 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c
        clp->cl_cb_client = client;
        clp->cl_cb_cred = cred;
        return 0;
-
 }
 
 static void warn_no_callback_path(struct nfs4_client *clp, int reason)

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index d7e7c110246ef281db12f039fb60314111a43c8f..406d0c4620f61afb69030446804ec90186135935 100644 (file)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -425,7 +425,7 @@ nfsd4_decode_access(struct nfsd4_compoundargs *argp, struct nfsd4_access *access
 static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_cb_sec *cbs)
 {
        DECODE_HEAD;
-       u32 dummy;
+       u32 dummy, uid, gid;
        char *machine_name;
        int i;
        int nr_secflavs;
@@ -433,12 +433,15 @@ static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_
        /* callback_sec_params4 */
        READ_BUF(4);
        READ32(nr_secflavs);
+       cbs->flavor = (u32)(-1);
        for (i = 0; i < nr_secflavs; ++i) {
                READ_BUF(4);
                READ32(dummy);
                switch (dummy) {
                case RPC_AUTH_NULL:
                        /* Nothing to read */
+                       if (cbs->flavor == (u32)(-1))
+                               cbs->flavor = RPC_AUTH_NULL;
                        break;
                case RPC_AUTH_UNIX:
                        READ_BUF(8);
@@ -452,13 +455,18 @@ static __be32 nfsd4_decode_cb_sec(struct nfsd4_compoundargs *argp, struct nfsd4_
 
                        /* uid, gid */
                        READ_BUF(8);
-                       READ32(cbs->uid);
-                       READ32(cbs->gid);
+                       READ32(uid);
+                       READ32(gid);
 
                        /* more gids */
                        READ_BUF(4);
                        READ32(dummy);
                        READ_BUF(dummy * 4);
+                       if (cbs->flavor == (u32)(-1)) {
+                               cbs->uid = uid;
+                               cbs->gid = gid;
+                               cbs->flavor = RPC_AUTH_UNIX;
+                       }
                        break;
                case RPC_AUTH_GSS:
                        dprintk("RPC_AUTH_GSS callback secflavor "

diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h
index 0fd342a2174e28277e48cea25e220a157da8a78d..0498053b8f0edd6668aed8c76f080ac59e8ea6eb 100644 (file)
--- a/fs/nfsd/state.h
+++ b/fs/nfsd/state.h
@@ -151,6 +151,7 @@ struct nfsd4_channel_attrs {
 };
 
 struct nfsd4_cb_sec {
+       u32     flavor; /* (u32)(-1) used to mean "no valid flavor" */
        u32     uid;
        u32     gid;
 };