SUNRPC: Cache cred of process creating the rpc_client
When converting kuids to AUTH_UNIX creds, etc we will want to use the same user namespace as the process that created the rpc client. Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
This commit is contained in:
parent
2cfd11f16f
commit
79caa5fad4
@ -458,6 +458,7 @@ nlm_bind_host(struct nlm_host *host)
|
|||||||
.authflavor = RPC_AUTH_UNIX,
|
.authflavor = RPC_AUTH_UNIX,
|
||||||
.flags = (RPC_CLNT_CREATE_NOPING |
|
.flags = (RPC_CLNT_CREATE_NOPING |
|
||||||
RPC_CLNT_CREATE_AUTOBIND),
|
RPC_CLNT_CREATE_AUTOBIND),
|
||||||
|
.cred = current_cred(),
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -82,6 +82,7 @@ static struct rpc_clnt *nsm_create(struct net *net, const char *nodename)
|
|||||||
.version = NSM_VERSION,
|
.version = NSM_VERSION,
|
||||||
.authflavor = RPC_AUTH_NULL,
|
.authflavor = RPC_AUTH_NULL,
|
||||||
.flags = RPC_CLNT_CREATE_NOPING,
|
.flags = RPC_CLNT_CREATE_NOPING,
|
||||||
|
.cred = current_cred(),
|
||||||
};
|
};
|
||||||
|
|
||||||
return rpc_create(&args);
|
return rpc_create(&args);
|
||||||
|
@ -500,6 +500,7 @@ int nfs_create_rpc_client(struct nfs_client *clp,
|
|||||||
.program = &nfs_program,
|
.program = &nfs_program,
|
||||||
.version = clp->rpc_ops->version,
|
.version = clp->rpc_ops->version,
|
||||||
.authflavor = flavor,
|
.authflavor = flavor,
|
||||||
|
.cred = current_cred(),
|
||||||
};
|
};
|
||||||
|
|
||||||
if (test_bit(NFS_CS_DISCRTRY, &clp->cl_flags))
|
if (test_bit(NFS_CS_DISCRTRY, &clp->cl_flags))
|
||||||
|
@ -163,6 +163,7 @@ int nfs_mount(struct nfs_mount_request *info)
|
|||||||
.program = &mnt_program,
|
.program = &mnt_program,
|
||||||
.version = info->version,
|
.version = info->version,
|
||||||
.authflavor = RPC_AUTH_UNIX,
|
.authflavor = RPC_AUTH_UNIX,
|
||||||
|
.cred = current_cred(),
|
||||||
};
|
};
|
||||||
struct rpc_clnt *mnt_clnt;
|
struct rpc_clnt *mnt_clnt;
|
||||||
int status;
|
int status;
|
||||||
@ -249,6 +250,7 @@ void nfs_umount(const struct nfs_mount_request *info)
|
|||||||
.version = info->version,
|
.version = info->version,
|
||||||
.authflavor = RPC_AUTH_UNIX,
|
.authflavor = RPC_AUTH_UNIX,
|
||||||
.flags = RPC_CLNT_CREATE_NOPING,
|
.flags = RPC_CLNT_CREATE_NOPING,
|
||||||
|
.cred = current_cred(),
|
||||||
};
|
};
|
||||||
struct rpc_message msg = {
|
struct rpc_message msg = {
|
||||||
.rpc_argp = info->dirpath,
|
.rpc_argp = info->dirpath,
|
||||||
|
@ -868,6 +868,7 @@ static int setup_callback_client(struct nfs4_client *clp, struct nfs4_cb_conn *c
|
|||||||
.program = &cb_program,
|
.program = &cb_program,
|
||||||
.version = 1,
|
.version = 1,
|
||||||
.flags = (RPC_CLNT_CREATE_NOPING | RPC_CLNT_CREATE_QUIET),
|
.flags = (RPC_CLNT_CREATE_NOPING | RPC_CLNT_CREATE_QUIET),
|
||||||
|
.cred = current_cred(),
|
||||||
};
|
};
|
||||||
struct rpc_clnt *client;
|
struct rpc_clnt *client;
|
||||||
const struct cred *cred;
|
const struct cred *cred;
|
||||||
|
@ -72,6 +72,7 @@ struct rpc_clnt {
|
|||||||
struct dentry *cl_debugfs; /* debugfs directory */
|
struct dentry *cl_debugfs; /* debugfs directory */
|
||||||
#endif
|
#endif
|
||||||
struct rpc_xprt_iter cl_xpi;
|
struct rpc_xprt_iter cl_xpi;
|
||||||
|
const struct cred *cl_cred;
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -126,6 +127,7 @@ struct rpc_create_args {
|
|||||||
unsigned long flags;
|
unsigned long flags;
|
||||||
char *client_name;
|
char *client_name;
|
||||||
struct svc_xprt *bc_xprt; /* NFSv4.1 backchannel */
|
struct svc_xprt *bc_xprt; /* NFSv4.1 backchannel */
|
||||||
|
const struct cred *cred;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct rpc_add_xprt_test {
|
struct rpc_add_xprt_test {
|
||||||
|
@ -394,6 +394,7 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args,
|
|||||||
if (err)
|
if (err)
|
||||||
goto out_no_clid;
|
goto out_no_clid;
|
||||||
|
|
||||||
|
clnt->cl_cred = get_cred(args->cred);
|
||||||
clnt->cl_procinfo = version->procs;
|
clnt->cl_procinfo = version->procs;
|
||||||
clnt->cl_maxproc = version->nrprocs;
|
clnt->cl_maxproc = version->nrprocs;
|
||||||
clnt->cl_prog = args->prognumber ? : program->number;
|
clnt->cl_prog = args->prognumber ? : program->number;
|
||||||
@ -439,6 +440,7 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args,
|
|||||||
out_no_path:
|
out_no_path:
|
||||||
rpc_free_iostats(clnt->cl_metrics);
|
rpc_free_iostats(clnt->cl_metrics);
|
||||||
out_no_stats:
|
out_no_stats:
|
||||||
|
put_cred(clnt->cl_cred);
|
||||||
rpc_free_clid(clnt);
|
rpc_free_clid(clnt);
|
||||||
out_no_clid:
|
out_no_clid:
|
||||||
kfree(clnt);
|
kfree(clnt);
|
||||||
@ -631,6 +633,7 @@ static struct rpc_clnt *__rpc_clone_client(struct rpc_create_args *args,
|
|||||||
new->cl_discrtry = clnt->cl_discrtry;
|
new->cl_discrtry = clnt->cl_discrtry;
|
||||||
new->cl_chatty = clnt->cl_chatty;
|
new->cl_chatty = clnt->cl_chatty;
|
||||||
new->cl_principal = clnt->cl_principal;
|
new->cl_principal = clnt->cl_principal;
|
||||||
|
new->cl_cred = get_cred(clnt->cl_cred);
|
||||||
return new;
|
return new;
|
||||||
|
|
||||||
out_err:
|
out_err:
|
||||||
@ -652,6 +655,7 @@ struct rpc_clnt *rpc_clone_client(struct rpc_clnt *clnt)
|
|||||||
.prognumber = clnt->cl_prog,
|
.prognumber = clnt->cl_prog,
|
||||||
.version = clnt->cl_vers,
|
.version = clnt->cl_vers,
|
||||||
.authflavor = clnt->cl_auth->au_flavor,
|
.authflavor = clnt->cl_auth->au_flavor,
|
||||||
|
.cred = clnt->cl_cred,
|
||||||
};
|
};
|
||||||
return __rpc_clone_client(&args, clnt);
|
return __rpc_clone_client(&args, clnt);
|
||||||
}
|
}
|
||||||
@ -673,6 +677,7 @@ rpc_clone_client_set_auth(struct rpc_clnt *clnt, rpc_authflavor_t flavor)
|
|||||||
.prognumber = clnt->cl_prog,
|
.prognumber = clnt->cl_prog,
|
||||||
.version = clnt->cl_vers,
|
.version = clnt->cl_vers,
|
||||||
.authflavor = flavor,
|
.authflavor = flavor,
|
||||||
|
.cred = clnt->cl_cred,
|
||||||
};
|
};
|
||||||
return __rpc_clone_client(&args, clnt);
|
return __rpc_clone_client(&args, clnt);
|
||||||
}
|
}
|
||||||
@ -880,6 +885,7 @@ rpc_free_client(struct rpc_clnt *clnt)
|
|||||||
xprt_put(rcu_dereference_raw(clnt->cl_xprt));
|
xprt_put(rcu_dereference_raw(clnt->cl_xprt));
|
||||||
xprt_iter_destroy(&clnt->cl_xpi);
|
xprt_iter_destroy(&clnt->cl_xpi);
|
||||||
rpciod_down();
|
rpciod_down();
|
||||||
|
put_cred(clnt->cl_cred);
|
||||||
rpc_free_clid(clnt);
|
rpc_free_clid(clnt);
|
||||||
kfree(clnt);
|
kfree(clnt);
|
||||||
return parent;
|
return parent;
|
||||||
@ -944,6 +950,7 @@ struct rpc_clnt *rpc_bind_new_program(struct rpc_clnt *old,
|
|||||||
.prognumber = program->number,
|
.prognumber = program->number,
|
||||||
.version = vers,
|
.version = vers,
|
||||||
.authflavor = old->cl_auth->au_flavor,
|
.authflavor = old->cl_auth->au_flavor,
|
||||||
|
.cred = old->cl_cred,
|
||||||
};
|
};
|
||||||
struct rpc_clnt *clnt;
|
struct rpc_clnt *clnt;
|
||||||
int err;
|
int err;
|
||||||
|
@ -240,6 +240,7 @@ static int rpcb_create_local_unix(struct net *net)
|
|||||||
.program = &rpcb_program,
|
.program = &rpcb_program,
|
||||||
.version = RPCBVERS_2,
|
.version = RPCBVERS_2,
|
||||||
.authflavor = RPC_AUTH_NULL,
|
.authflavor = RPC_AUTH_NULL,
|
||||||
|
.cred = current_cred(),
|
||||||
/*
|
/*
|
||||||
* We turn off the idle timeout to prevent the kernel
|
* We turn off the idle timeout to prevent the kernel
|
||||||
* from automatically disconnecting the socket.
|
* from automatically disconnecting the socket.
|
||||||
@ -299,6 +300,7 @@ static int rpcb_create_local_net(struct net *net)
|
|||||||
.program = &rpcb_program,
|
.program = &rpcb_program,
|
||||||
.version = RPCBVERS_2,
|
.version = RPCBVERS_2,
|
||||||
.authflavor = RPC_AUTH_UNIX,
|
.authflavor = RPC_AUTH_UNIX,
|
||||||
|
.cred = current_cred(),
|
||||||
.flags = RPC_CLNT_CREATE_NOPING,
|
.flags = RPC_CLNT_CREATE_NOPING,
|
||||||
};
|
};
|
||||||
struct rpc_clnt *clnt, *clnt4;
|
struct rpc_clnt *clnt, *clnt4;
|
||||||
@ -358,7 +360,8 @@ out:
|
|||||||
static struct rpc_clnt *rpcb_create(struct net *net, const char *nodename,
|
static struct rpc_clnt *rpcb_create(struct net *net, const char *nodename,
|
||||||
const char *hostname,
|
const char *hostname,
|
||||||
struct sockaddr *srvaddr, size_t salen,
|
struct sockaddr *srvaddr, size_t salen,
|
||||||
int proto, u32 version)
|
int proto, u32 version,
|
||||||
|
const struct cred *cred)
|
||||||
{
|
{
|
||||||
struct rpc_create_args args = {
|
struct rpc_create_args args = {
|
||||||
.net = net,
|
.net = net,
|
||||||
@ -370,6 +373,7 @@ static struct rpc_clnt *rpcb_create(struct net *net, const char *nodename,
|
|||||||
.program = &rpcb_program,
|
.program = &rpcb_program,
|
||||||
.version = version,
|
.version = version,
|
||||||
.authflavor = RPC_AUTH_UNIX,
|
.authflavor = RPC_AUTH_UNIX,
|
||||||
|
.cred = cred,
|
||||||
.flags = (RPC_CLNT_CREATE_NOPING |
|
.flags = (RPC_CLNT_CREATE_NOPING |
|
||||||
RPC_CLNT_CREATE_NONPRIVPORT),
|
RPC_CLNT_CREATE_NONPRIVPORT),
|
||||||
};
|
};
|
||||||
@ -745,7 +749,8 @@ void rpcb_getport_async(struct rpc_task *task)
|
|||||||
rpcb_clnt = rpcb_create(xprt->xprt_net,
|
rpcb_clnt = rpcb_create(xprt->xprt_net,
|
||||||
clnt->cl_nodename,
|
clnt->cl_nodename,
|
||||||
xprt->servername, sap, salen,
|
xprt->servername, sap, salen,
|
||||||
xprt->prot, bind_version);
|
xprt->prot, bind_version,
|
||||||
|
clnt->cl_cred);
|
||||||
if (IS_ERR(rpcb_clnt)) {
|
if (IS_ERR(rpcb_clnt)) {
|
||||||
status = PTR_ERR(rpcb_clnt);
|
status = PTR_ERR(rpcb_clnt);
|
||||||
dprintk("RPC: %5u %s: rpcb_create failed, error %ld\n",
|
dprintk("RPC: %5u %s: rpcb_create failed, error %ld\n",
|
||||||
|
Loading…
Reference in New Issue
Block a user