summaryrefslogtreecommitdiffstats
path: root/fs/nfs/callback.c
diff options
context:
space:
mode:
authorJeff Layton <jlayton@poochiereds.net>2014-06-22 02:52:17 +0200
committerTrond Myklebust <trond.myklebust@primarydata.com>2014-07-13 00:41:25 +0200
commitf11b2a1cfbf5dd783eb55cb470509d06e20d1c78 (patch)
tree3e7ecb73670953ef7067551582dd3c432736a86c /fs/nfs/callback.c
parentsunrpc: add a new "stringify_acceptor" rpc_credop (diff)
downloadlinux-f11b2a1cfbf5dd783eb55cb470509d06e20d1c78.tar.xz
linux-f11b2a1cfbf5dd783eb55cb470509d06e20d1c78.zip
nfs4: copy acceptor name from context to nfs_client
The current CB_COMPOUND handling code tries to compare the principal name of the request with the cl_hostname in the client. This is not guaranteed to ever work, particularly if the client happened to mount a CNAME of the server or a non-fqdn. Fix this by instead comparing the cr_principal string with the acceptor name that we get from gssd. In the event that gssd didn't send one down (i.e. it was too old), then we fall back to trying to use the cl_hostname as we do today. Signed-off-by: Jeff Layton <jlayton@poochiereds.net> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Diffstat (limited to 'fs/nfs/callback.c')
-rw-r--r--fs/nfs/callback.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
index 073b4cf67ed9..54de482143cc 100644
--- a/fs/nfs/callback.c
+++ b/fs/nfs/callback.c
@@ -428,6 +428,18 @@ check_gss_callback_principal(struct nfs_client *clp, struct svc_rqst *rqstp)
if (p == NULL)
return 0;
+ /*
+ * Did we get the acceptor from userland during the SETCLIENID
+ * negotiation?
+ */
+ if (clp->cl_acceptor)
+ return !strcmp(p, clp->cl_acceptor);
+
+ /*
+ * Otherwise try to verify it using the cl_hostname. Note that this
+ * doesn't work if a non-canonical hostname was used in the devname.
+ */
+
/* Expect a GSS_C_NT_HOSTBASED_NAME like "nfs@serverhostname" */
if (memcmp(p, "nfs@", 4) != 0)