diff options
author | NeilBrown <neilb@suse.com> | 2018-12-03 01:30:30 +0100 |
---|---|---|
committer | Anna Schumaker <Anna.Schumaker@Netapp.com> | 2018-12-19 19:52:45 +0100 |
commit | 5e16923b432bfe79fdfb7cd95ed8e63f6438b663 (patch) | |
tree | 92c842d96a8cacdead34c4f260bd371077f06793 /fs/nfsd/nfs4callback.c | |
parent | SUNRPC: discard RPC_DO_ROOTOVERRIDE() (diff) | |
download | linux-5e16923b432bfe79fdfb7cd95ed8e63f6438b663.tar.xz linux-5e16923b432bfe79fdfb7cd95ed8e63f6438b663.zip |
NFS/SUNRPC: don't lookup machine credential until rpcauth_bindcred().
When NFS creates a machine credential, it is a "generic" credential,
not tied to any auth protocol, and is really just a container for
the princpal name.
This doesn't get linked to a genuine credential until rpcauth_bindcred()
is called.
The lookup always succeeds, so various places that test if the machine
credential is NULL, are pointless.
As a step towards getting rid of generic credentials, this patch gets
rid of generic machine credentials. The nfs_client and rpc_client
just hold a pointer to a constant principal name.
When a machine credential is wanted, a special static 'struct rpc_cred'
pointer is used. rpcauth_bindcred() recognizes this, finds the
principal from the client, and binds the correct credential.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Diffstat (limited to 'fs/nfsd/nfs4callback.c')
-rw-r--r-- | fs/nfsd/nfs4callback.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c index c032e4c24a8d..1dcee1fd32d9 100644 --- a/fs/nfsd/nfs4callback.c +++ b/fs/nfsd/nfs4callback.c @@ -847,14 +847,10 @@ static int max_cb_time(struct net *net) static struct rpc_cred *get_backchannel_cred(struct nfs4_client *clp, struct rpc_clnt *client, struct nfsd4_session *ses) { if (clp->cl_minorversion == 0) { - char *principal = clp->cl_cred.cr_targ_princ ? - clp->cl_cred.cr_targ_princ : "nfs"; - struct rpc_cred *cred; - - cred = rpc_lookup_machine_cred(principal); - if (!IS_ERR(cred)) - get_rpccred(cred); - return cred; + client->cl_principal = clp->cl_cred.cr_targ_princ ? + clp->cl_cred.cr_targ_princ : "nfs"; + + return get_rpccred(rpc_machine_cred()); } else { struct rpc_auth *auth = client->cl_auth; struct auth_cred acred = {}; |