From: "J. Bruce Fields" <bfields@fieldses.org>
To: Scott Mayhew <smayhew@redhat.com>
Cc: chuck.lever@oracle.com, simo@redhat.com, linux-nfs@vger.kernel.org
Subject: Re: [PATCH v2 0/2] add hash of the kerberos principal to the data being tracked by nfsdcld
Date: Tue, 10 Sep 2019 09:28:37 -0400 [thread overview]
Message-ID: <20190910132837.GB26695@fieldses.org> (raw)
In-Reply-To: <20190909201031.12323-1-smayhew@redhat.com>
Applying for 5.4, thanks--b.
On Mon, Sep 09, 2019 at 04:10:29PM -0400, Scott Mayhew wrote:
> At the spring bakeathon, Chuck suggested that we should store the
> kerberos principal in addition to the client id string in nfsdcld. The
> idea is to prevent an illegitimate client from reclaiming another
> client's opens by supplying that client's id string.
>
> The first patch lays some groundwork for supporting multiple message
> versions for the nfsdcld upcalls, adding fields for version and message
> length to the nfsd4_client_tracking_ops (these fields are only used for
> the nfsdcld upcalls and ignored for the other tracking methods), as well
> as an upcall to get the maximum version supported by the userspace
> daemon.
>
> The second patch actually adds the v2 message, which adds the sha256 hash
> of the kerberos principal to the Cld_Create upcall and to the Cld_GraceStart
> downcall (which is what loads the data in the reclaim_str_hashtbl).
>
> Changes since v1:
> - use the sha256 hash of a principal instead of the principal itself
> - prefer the cr_raw_principal (returned by gssproxy) if it exists, then
> fall back to cr_principal (returned by both gssproxy and rpc.svcgssd)
>
> Scott Mayhew (2):
> nfsd: add a "GetVersion" upcall for nfsdcld
> nfsd: add support for upcall version 2
>
> fs/nfsd/nfs4recover.c | 388 ++++++++++++++++++++++++++++------
> fs/nfsd/nfs4state.c | 6 +-
> fs/nfsd/state.h | 3 +-
> include/uapi/linux/nfsd/cld.h | 41 +++-
> 4 files changed, 371 insertions(+), 67 deletions(-)
>
> --
> 2.17.2
next prev parent reply other threads:[~2019-09-10 13:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-09 20:10 [PATCH v2 0/2] add hash of the kerberos principal to the data being tracked by nfsdcld Scott Mayhew
2019-09-09 20:10 ` [PATCH v2 1/2] nfsd: add a "GetVersion" upcall for nfsdcld Scott Mayhew
2019-09-09 20:10 ` [PATCH v2 2/2] nfsd: add support for upcall version 2 Scott Mayhew
2019-09-10 13:28 ` J. Bruce Fields [this message]
2019-09-10 14:46 ` [PATCH v2 0/2] add hash of the kerberos principal to the data being tracked by nfsdcld Simo Sorce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190910132837.GB26695@fieldses.org \
--to=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=simo@redhat.com \
--cc=smayhew@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).