git.baikalelectronics.ru Git - kernel.git/commit

author	Andrew Elble <aweits@rit.edu>
	Wed, 15 Jun 2016 16:52:09 +0000 (12:52 -0400)
committer	J. Bruce Fields <bfields@redhat.com>
	Wed, 13 Jul 2016 19:32:47 +0000 (15:32 -0400)
commit	79aac4f9450b3427c84df2e907e69ce119f21f6a
tree	54e540b879c62b023ff3d0f93ad537209bdf3ff4	tree \| snapshot
parent	7ef0440237b2926ddec3b4a57fe3750db8f34e21	commit \| diff

nfsd: implement machine credential support for some operations

This addresses the conundrum referenced in RFC5661 18.35.3,
and will allow clients to return state to the server using the
machine credentials.

The biggest part of the problem is that we need to allow the client
to send a compound op with integrity/privacy on mounts that don't
have it enabled.

Add server support for properly decoding and using spo_must_enforce
and spo_must_allow bits. Add support for machine credentials to be
used for CLOSE, OPEN_DOWNGRADE, LOCKU, DELEGRETURN,
and TEST/FREE STATEID.
Implement a check so as to not throw WRONGSEC errors when these
operations are used if integrity/privacy isn't turned on.

Without this, Linux clients with credentials that expired while holding
delegations were getting stuck in an endless loop.

Signed-off-by: Andrew Elble <aweits@rit.edu>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

fs/nfsd/export.c		diff \| blob \| history
fs/nfsd/nfs4proc.c		diff \| blob \| history
fs/nfsd/nfs4state.c		diff \| blob \| history
fs/nfsd/nfs4xdr.c		diff \| blob \| history
fs/nfsd/nfsd.h		diff \| blob \| history
fs/nfsd/state.h		diff \| blob \| history
fs/nfsd/xdr4.h		diff \| blob \| history