Linux-NFS Archive on
 help / color / Atom feed
From: "J. Bruce Fields" <>
To: Scott Mayhew <>
Subject: Re: [PATCH v2 0/2] add hash of the kerberos principal to the data being tracked by nfsdcld
Date: Tue, 10 Sep 2019 09:28:37 -0400
Message-ID: <> (raw)
In-Reply-To: <>

Applying for 5.4, thanks--b.

On Mon, Sep 09, 2019 at 04:10:29PM -0400, Scott Mayhew wrote:
> At the spring bakeathon, Chuck suggested that we should store the
> kerberos principal in addition to the client id string in nfsdcld.  The
> idea is to prevent an illegitimate client from reclaiming another
> client's opens by supplying that client's id string.
> The first patch lays some groundwork for supporting multiple message
> versions for the nfsdcld upcalls, adding fields for version and message
> length to the nfsd4_client_tracking_ops (these fields are only used for
> the nfsdcld upcalls and ignored for the other tracking methods), as well
> as an upcall to get the maximum version supported by the userspace
> daemon.
> The second patch actually adds the v2 message, which adds the sha256 hash
> of the kerberos principal to the Cld_Create upcall and to the Cld_GraceStart
> downcall (which is what loads the data in the reclaim_str_hashtbl).
> Changes since v1:
> - use the sha256 hash of a principal instead of the principal itself
> - prefer the cr_raw_principal (returned by gssproxy) if it exists, then
>   fall back to cr_principal (returned by both gssproxy and rpc.svcgssd)
> Scott Mayhew (2):
>   nfsd: add a "GetVersion" upcall for nfsdcld
>   nfsd: add support for upcall version 2
>  fs/nfsd/nfs4recover.c         | 388 ++++++++++++++++++++++++++++------
>  fs/nfsd/nfs4state.c           |   6 +-
>  fs/nfsd/state.h               |   3 +-
>  include/uapi/linux/nfsd/cld.h |  41 +++-
>  4 files changed, 371 insertions(+), 67 deletions(-)
> -- 
> 2.17.2

  parent reply index

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-09 20:10 Scott Mayhew
2019-09-09 20:10 ` [PATCH v2 1/2] nfsd: add a "GetVersion" upcall for nfsdcld Scott Mayhew
2019-09-09 20:10 ` [PATCH v2 2/2] nfsd: add support for upcall version 2 Scott Mayhew
2019-09-10 13:28 ` J. Bruce Fields [this message]
2019-09-10 14:46 ` [PATCH v2 0/2] add hash of the kerberos principal to the data being tracked by nfsdcld Simo Sorce

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-NFS Archive on

Archives are clonable:
	git clone --mirror linux-nfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-nfs linux-nfs/ \
	public-inbox-index linux-nfs

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone