Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.7.4 2016-05-28T19:42:50+00:00 2016-05-28T19:42:50+00:00 George Spelvin linux@sciencehorizons.net 2016-05-20T17:31:33+00:00 urn:sha1:917ea166f4672ec085f2cccc135c7c0eec72282c Finally, the first use of previous two patches: eliminate the separate ad-hoc string hash functions in the sunrpc code. Now hash_str() is a wrapper around hash_string(), and hash_mem() is likewise a wrapper around full_name_hash(). Note that sunrpc code *does* call hash_mem() with a zero length, which is why the previous patch needed to handle that in full_name_hash(). (Thanks, Bruce, for finding that!) This also eliminates the only caller of hash_long which asks for more than 32 bits of output. The comment about the quality of hashlen_string() and full_name_hash() is jumping the gun by a few patches; they aren't very impressive now, but will be improved greatly later in the series. Signed-off-by: George Spelvin <linux@sciencehorizons.net> Tested-by: J. Bruce Fields <bfields@redhat.com> Acked-by: J. Bruce Fields <bfields@redhat.com> Cc: Jeff Layton <jlayton@poochiereds.net> Cc: linux-nfs@vger.kernel.org 2015-11-24T18:36:31+00:00 J. Bruce Fields bfields@redhat.com 2015-11-20T15:48:02+00:00 urn:sha1:414ca017a54d26c3a58ed1504884e51448d22ae1 The principal name on a gss cred is used to setup the NFSv4.0 callback, which has to have a client principal name to authenticate to. That code wants the name to be in the form servicetype@hostname. rpc.svcgssd passes down such names (and passes down no principal name at all in the case the principal isn't a service principal). gss-proxy always passes down the principal name, and passes it down in the form servicetype/hostname@REALM. So we've been munging the name gss-proxy passes down into the format the NFSv4.0 callback code expects, or throwing away the name if we can't. Since the introduction of the MACH_CRED enforcement in NFSv4.1, we've also been using the principal name to verify that certain operations are done as the same principal as was used on the original EXCHANGE_ID call. For that application, the original name passed down by gss-proxy is also useful. Lack of that name in some cases was causing some kerberized NFSv4.1 mount failures in an Active Directory environment. This fix only works in the gss-proxy case. The fix for legacy rpc.svcgssd would be more involved, and rpc.svcgssd already has other problems in the AD case. Reported-and-tested-by: James Ralston <ralston@pobox.com> Acked-by: Simo Sorce <simo@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> 2013-07-01T21:23:06+00:00 J. Bruce Fields bfields@redhat.com 2013-05-14T20:07:13+00:00 urn:sha1:0dc1531aca7fd1440918bd55844a054e9c29acad Store a pointer to the gss mechanism used in the rq_cred and cl_cred. This will make it easier to enforce SP4_MACH_CRED, which needs to compare the mechanism used on the exchange_id with that used on protected operations. Signed-off-by: J. Bruce Fields <bfields@redhat.com> 2013-07-01T21:23:06+00:00 J. Bruce Fields bfields@redhat.com 2013-05-14T20:53:40+00:00 urn:sha1:442340639194762df7e61e8aabae44a18896eca1 Common helper to zero out fields of the svc_cred. Signed-off-by: J. Bruce Fields <bfields@redhat.com> 2013-02-13T14:15:16+00:00 Eric W. Biederman ebiederm@xmission.com 2013-02-02T00:31:17+00:00 urn:sha1:7eaf040b720bc8c0ce5cd49151ca194ca2d56842 Convert variables that store uids and gids to be of type kuid_t and kgid_t instead of type uid_t and gid_t. Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> 2012-06-01T00:29:58+00:00 J. Bruce Fields bfields@redhat.com 2012-05-15T02:06:49+00:00 urn:sha1:d5497fc693a446ce9100fcf4117c3f795ddfd0d2 Move the rq_flavor into struct svc_cred, and use it in setclientid and exchange_id comparisons as well. Signed-off-by: J. Bruce Fields <bfields@redhat.com> 2012-06-01T00:29:55+00:00 J. Bruce Fields bfields@redhat.com 2012-05-14T23:55:22+00:00 urn:sha1:03a4e1f6ddf25f48848e1bddcffc0ad489648331 Instead of keeping the principal name associated with a request in a structure that's private to auth_gss and using an accessor function, move it to svc_cred. Signed-off-by: J. Bruce Fields <bfields@redhat.com> 2012-04-12T13:11:46+00:00 Stanislav Kinsbursky skinsbursky@parallels.com 2012-04-11T11:13:28+00:00 urn:sha1:e5f06f720eff24e32f1cc08ec03bcc8c4b2d2934 This patch also changes svcauth_unix_purge() function: added network namespace as a parameter and thus loop over all networks was replaced by only one call for ip map cache purge. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> 2012-04-11T21:54:59+00:00 Simo Sorce simo@redhat.com 2012-03-29T23:18:19+00:00 urn:sha1:a9aa53df6e6c768fc0f25a7c80ba586b0290720a Signed-off-by: Simo Sorce <simo@redhat.com> 2012-03-11T23:30:02+00:00 Trond Myklebust Trond.Myklebust@netapp.com 2012-03-11T19:22:54+00:00 urn:sha1:09acfea5d8de419ebe84be43b08f7b79c965215f net/sunrpc/svcsock.c:412:22: warning: incorrect type in assignment (different address spaces) - svc_partial_recvfrom now takes a struct kvec, so the variable save_iovbase needs to be an ordinary (void *) Make a bunch of variables in net/sunrpc/xprtsock.c static Fix a couple of "warning: symbol 'foo' was not declared. Should it be static?" reports. Fix a couple of conflicting function declarations. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>