| Age | Commit message (Collapse) | Author |
|---|
|
The use of auth_domains is somewhat confusing, in part because they were
originally intended to be used in a more general way than they currently are.
Update the documentation a little with an eye towards how it's currently used.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The RPC client now reports the maximum payload size supported by the chosen
transport method. This is something a little less than 64KB for RPC over
UDP, and about 2GB - 1 for RPC over TCP. The effective rsize and wsize
values are not allowed to exceed the reported maximum RPC payload size.
Signed-off-by: Chuck Lever <cel@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
Remove broken_suid mount option (retry RPC after dropping privileges
upon EACCES): no longer used and questionable w.r.t. security.
Signed-off-by: Frank van Maarseveen <frankvm@frankvm.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
Ensure that credentials that are referenced by an RPC task, but that
have been booted out of the credcache may still be refreshed.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
gc_flavor is used only for looking up the security service, which is an
integer value that never changes. Store the latter instead of the former.
Fix up a couple of dodgy casts between gss_cred and rpc_cred. Replace them
with the appropriate container_of().
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
- Document the format of the gssd downcalls
- Separate out "uid" field from rest of GSS context data struct
since it will not be needed for the keyring-based contexts.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
This will make initialization of statically allocated caches simpler.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
The cr_auth field is currently used only in order to figure out the name
of the credential's flavour in debugging printks. Replace with a dedicated
pointer in the statically allocated rpc_credops instead.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
Some RPC authentication flavours are not related to the uid (AUTH_NULL
springs to mind). This patch moves control over the caching mechanism
into the auth-specific code.
Also ensure that expired creds are removed from the cache.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
|
|
instead.
This patch should fix a problem that has been experienced on at-least one
busy NFS server, but it has not had lots of testing yet. If -mm could provide
that .....
The rpc auth cache currently differentiates between a reference due to
being in a hash chain (signalled by CACHE_HASHED flag) and any other
reference (counted in refcnt).
This is an artificial difference due to an historical accident, and it
makes cache_put unsafe.
This patch removes the distinction so now existance in a hash chain is
counted just like any other reference. Thus a race window in cache_put is
closed.
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The pg_authenticate (now pg_authenticate_obsolete) callback was only being
used by the nfs4 client callback code to circumvent the svcauth_unix code's
insistence on checking all requests against the export table. With that
problem solved, we no longer need it.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
pg_add_client method
svcauth_null_accept() and svcauth_unix_accept() are currently hard-wired to
check the source ip address on an incoming request against the export table,
which make sense for nfsd but not necessarily for other rpc-based services.
So instead we have the accept() method call a program-specific
pg_authenticate() method. We also move the call to this method into
svc_process instead of calling it from the flavor-specific accept() routines.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Later patches remove pg_authenticate and use the name for a different purpose;
so rename it to pg_authenticate_obsolete for now.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Add a set_client method to the server rpc auth_ops struct, used to set the
client (for the purposes of nfsd export authorization) using flavor-specific
information.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
know there are no pending timers.
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
unwisely revived it for use with the gss code. Having removed that use
from the gss code, it's time to remove all references to it.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
spinlocks.
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
It's not necessarily even true when cross-compiling the
kernel, and the right thing to do is check for __KERNEL__
(which we already do, one line up).
|
|
server are not allowed to be interrupted as that may result in the
client and server disagreeing.
|
|
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
|
|
The interface between the auth_domain and the cache code is messy; the
auth_domain code is the only real user of the full 11-argument
DefineCacheLookup, and does weird stuff with it (like passing in through one
of the arguments a bit of code with a conditional return).
We could further parametrize DefineCacheLookup, but I think it's already too
complicated.
My solution is to just ignore DefineCacheLookup and write the
auth_domain_lookup function from scratch. It's actually a pretty short
function (much simpler than DefineCacheLookup itself), and it's much easier to
read this short function than it is to read some special-cased
DefineCacheLookup to verify that it does what it says it does....
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
Presumably anyone creating a new cache entry is going to want a reference on
that cache; and indeed every caller of cache_init increments the reference
count immediately afterwards. So may as well make cache_init set an initial
reference count of 1.
Also, note that cache_init initializes the flags; callers don't need to.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
sunrpc, nfs and nfsd switched to use of kvec and kernel_...msg()
|
|
gcc 3.5 is warning about static vs non static function declarations. The
following patch removes function prototypes in .h files where possible and
changes prototypes to be static elsewhere.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
The server sunrpc code should take a reference on the relevant module before
calling any authentication code.
Also, it looks to me like the table of authops needs some locking.
Finally, gss_svc_init wasn't checking the status of svc_auth_register, and
gss_svc_shutdown wasn't calling svc_auth_unregister.
From: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
From: "J. Bruce Fields" <bfields@fieldses.org>
The kernel currently prints:
nfsd: nobody listening for auth.unix.ip upcall; has some daemon not been started?
on every bootup, during initscripts.
Neil Brown <neilb@cse.unsw.edu.au> says:
It was part of the recent set of idmapper patches. Bruce wanted the admin
to get a warning when the idmapper daemon wasn't running. I thought the
same warning should apply to any daemon that responded to upcalls.
In the case of auth.unix.ip it isn't strictly necessary for a daemon to be
running (for comparability with 2.4).
You can get rid of the warning by doing:
mount -t nfsd nfsd /proc/fs/nfs
before mountd is started (init scripts should start doing this I hope, but
distributions don't tend to use the init script from nfs-utils, so it is
hard to push it). This will trigger mountd to listen on auth.unix.ip and
others.
That's a hassle, so Bruce's patch limits the warning purely to the new
idmapper cache. It provides a callback in the cache_detail that individual
caches can use to log messages when upcalls fail because a userspace daemon
not running. Implement this method for the idmapping caches.
|
|
From: "J. Bruce Fields" <bfields@fieldses.org>
Older gcc's don't like that dimensionless array. Remove it in favour of a
pointer to the data.
|
|
Clean up the interface to the GSSAPI code.
Patch by Bruce Fields
|
|
generally useful. This will help prepare for the spkm3
and lipkey mechanisms.
Patch by Bruce Fields
|
|
RPC: Make "major" timeouts be of fixed length "timeo<<retrans"
rather than counting the number of retransmissions. The
clock starts at the first attempt to send each request.
RPC: Ensure that we "slow start" the RTT estimation after a
major timeout has occurred.
|
|
From: NeilBrown <neilb@cse.unsw.edu.au>
From: "J. Bruce Fields" <bfields@fieldses.org>
To help the user diagnose problems caused by user-level daemons not running.
|
|
updates.
From: NeilBrown <neilb@cse.unsw.edu.au>
This is important for update-in-place caches which may change from being
negative to posative.
Thanks to "J. Bruce Fields" <bfields@fieldses.org> and Olaf Kirch
<okir@suse.de>
|
|
From: "J. Bruce Fields" <bfields@fieldses.org>
Unregister svcauth_gss caches on exit from gss module; fixes an oops on
rmmod.
|
|
|
|
From: NeilBrown <neilb@cse.unsw.edu.au>
From: "J. Bruce Fields" <bfields@fieldses.org>
rpcsec_gss supports three security levels:
1. authentication only: sign the header of each rpc request and response.
2. integrity: sign the header and body of each rpc request and response.
3. privacy: sign the header and encrypt the body of each rpc request and
response.
The first 2 are already supported on the client; this adds integrity support
on the server.
|
|
From: NeilBrown <neilb@cse.unsw.edu.au>
From: "J. Bruce Fields" <bfields@fieldses.org>
Without this compiling auth_gss as module fails.
|
|
From: NeilBrown <neilb@cse.unsw.edu.au>
|
|
In theory the current code could cause two to be scheduled
if something wakes up xprt->snd_task before keventd has
had a chance to run xprt_sock_connect()
|
|
length.
RPC: make the client receive xdr_buf return the actual length of the RPC
length.
NFSv4/RPC: improved checks to prevent XDR reading beyond the actual end of
the RPC reply.
|
|
RPC: Clean up XDR encoding of opaque data.
|
|
If a wait queue is defined as a "priority queue" then requests are dequeued
in blocks of 16 in order to work well with write gathering + readahead on the
server.
There are 3 levels of priority. The high priority tasks get scheduled 16 times
for each time the default level gets scheduled. The lowest level gets
scheduled once every 4 times the normal level gets scheduled.
Original patch contributed by Shantanu Goel.
|
|
This is wanted in order to allow the NFS client to send more requests before
is has to block and wait for replies.
This is mainly useful if you have a WAN and want to ensure that the bandwidth
is being used efficiently.
|
