Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2683904imu; Tue, 6 Nov 2018 20:15:31 -0800 (PST) X-Google-Smtp-Source: AJdET5depLt9cBalcgKNPh8hxTpZOPyaGup0EY40z97vmQwF8TcYfw0Lg2rGEhBhAbeZxcwBnhjl X-Received: by 2002:a63:5e43:: with SMTP id s64mr309198pgb.101.1541564131809; Tue, 06 Nov 2018 20:15:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541564131; cv=none; d=google.com; s=arc-20160816; b=vOE2Slkx5rEnW4v0vu7x3Aj0fk4HkOhsIh9W2bQdRe7WWVOH7aWeW1o6lY3mxEw8P2 f6s8wtaVE6h3a3xR1knLTW+0l/iP9MjcFP8nkLoTDaydUnY91QrWSmcfcJgbk8HT5kt3 1BhlIdC0XlVFBBAzVAI7rb1QIzzA8j4AqTGrOPXVnrnqGEP6cteHjmoSzttZ3wfheBWQ wl353fAy5PJgzre6sGvNsSOjnzXQSKqatucQGlvp4RWaHFDCmzdpNTU4g6Ol0Wk0V/LI ueEvtC2C09NiK/xbPceSsbhWT0k2tVhF/scGv0MjSOHesFQbzmaRzGhd0GerVcVoGdCJ BOmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:cc:subject:date:to :from; bh=SER3GovvbPokziNqZAyZZ9iB/gZYqTiQi8qXr9dRnNs=; b=QT14QwTDNLOt7gofrDPqXHLNoUnh0mZ8saM8XR6UvDteEp+XrFGyxFuzYmSWOKE5pa gMONsJGuX/LkAljXV/NvWiIdgmivFj4KaJNk9uNklXuh0IbbNft4ssGLPG+VnT98iH59 OeRm4oP5pxbtal8DCZ+dBFE3T3sNOv/iTP9mHGs+RUYjmKS50+8KfTk9OC+IQRy1JbPl k6r5NeWGycSNDolXAL/6i7YRY+WFrrfiu47b0vM6dvroBmxwM/cn6U/AcelZe+x6xlZo KMOGYtbZ4GKhYWCIkMnp8Jcq4D68h41F5Pf4DM4GwDi1m4qf25zUCOkdzpSKTNXAlNF5 aymQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o1-v6si20930109pll.325.2018.11.06.20.15.17; Tue, 06 Nov 2018 20:15:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388912AbeKGNm7 (ORCPT + 99 others); Wed, 7 Nov 2018 08:42:59 -0500 Received: from mx2.suse.de ([195.135.220.15]:56608 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388530AbeKGNm6 (ORCPT ); Wed, 7 Nov 2018 08:42:58 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 60E4EB68F; Wed, 7 Nov 2018 04:14:21 +0000 (UTC) From: NeilBrown To: "J. Bruce Fields" , Chuck Lever , Jeff Layton , Trond Myklebust , Anna Schumaker Date: Wed, 07 Nov 2018 15:12:31 +1100 Subject: [PATCH 08/23] SUNRPC: remove machine_cred field from struct auth_cred Cc: Linux NFS Mailing List , linux-kernel@vger.kernel.org Message-ID: <154156395100.24086.17269213836017570177.stgit@noble> In-Reply-To: <154156285766.24086.14262073575778354276.stgit@noble> References: <154156285766.24086.14262073575778354276.stgit@noble> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The cred is a machine_cred iff ->principal is set, so there is no need for the extra flag. There is one case which deserves some explanation. nfs4_root_machine_cred() calls rpc_lookup_machine_cred() with a NULL principal name which results in not getting a machine credential, but getting a root credential instead. This appears to be what is expected of the caller, and is clearly the result provided by both auth_unix and auth_gss which already ignore the flag. Signed-off-by: NeilBrown --- include/linux/sunrpc/auth.h | 3 +-- net/sunrpc/auth_generic.c | 12 ++++++------ net/sunrpc/auth_gss/auth_gss.c | 5 +---- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/include/linux/sunrpc/auth.h b/include/linux/sunrpc/auth.h index 831ea65bd9f4..1c0468f39479 100644 --- a/include/linux/sunrpc/auth.h +++ b/include/linux/sunrpc/auth.h @@ -46,9 +46,8 @@ enum { struct auth_cred { const struct cred *cred; - const char *principal; + const char *principal; /* If present, this is a machine credential */ unsigned long ac_flags; - unsigned char machine_cred : 1; }; /* diff --git a/net/sunrpc/auth_generic.c b/net/sunrpc/auth_generic.c index b9481f69ce7b..810d535c79b8 100644 --- a/net/sunrpc/auth_generic.c +++ b/net/sunrpc/auth_generic.c @@ -50,12 +50,13 @@ EXPORT_SYMBOL_GPL(rpc_lookup_cred_nonblock); /* * Public call interface for looking up machine creds. + * Note that if service_name is NULL, we actually look up + * "root" credential. */ struct rpc_cred *rpc_lookup_machine_cred(const char *service_name) { struct auth_cred acred = { .principal = service_name, - .machine_cred = 1, .cred = get_task_cred(&init_task), }; struct rpc_cred *ret; @@ -108,11 +109,10 @@ generic_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags, g gcred->acred.cred = gcred->gc_base.cr_cred; gcred->acred.ac_flags = 0; - gcred->acred.machine_cred = acred->machine_cred; gcred->acred.principal = acred->principal; dprintk("RPC: allocated %s cred %p for uid %d gid %d\n", - gcred->acred.machine_cred ? "machine" : "generic", + gcred->acred.principal ? "machine" : "generic", gcred, from_kuid(&init_user_ns, acred->cred->fsuid), from_kgid(&init_user_ns, acred->cred->fsgid)); @@ -145,7 +145,7 @@ generic_destroy_cred(struct rpc_cred *cred) static int machine_cred_match(struct auth_cred *acred, struct generic_cred *gcred, int flags) { - if (!gcred->acred.machine_cred || + if (!gcred->acred.principal || gcred->acred.principal != acred->principal || !uid_eq(gcred->acred.cred->fsuid, acred->cred->fsuid) || !gid_eq(gcred->acred.cred->fsgid, acred->cred->fsgid)) @@ -163,12 +163,12 @@ generic_match(struct auth_cred *acred, struct rpc_cred *cred, int flags) int i; struct group_info *a, *g; - if (acred->machine_cred) + if (acred->principal) return machine_cred_match(acred, gcred, flags); if (!uid_eq(gcred->acred.cred->fsuid, acred->cred->fsuid) || !gid_eq(gcred->acred.cred->fsgid, acred->cred->fsgid) || - gcred->acred.machine_cred != 0) + gcred->acred.principal != NULL) goto out_nomatch; a = acred->cred->group_info; diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 2501ac3cbdf4..feea8e65797c 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -1372,9 +1372,7 @@ gss_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags, gfp_t */ cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW; cred->gc_service = gss_auth->service; - cred->gc_principal = NULL; - if (acred->machine_cred) - cred->gc_principal = acred->principal; + cred->gc_principal = acred->principal; kref_get(&gss_auth->kref); return &cred->gc_base; @@ -1587,7 +1585,6 @@ static int gss_renew_cred(struct rpc_task *task) struct auth_cred acred = { .cred = oldcred->cr_cred, .principal = gss_cred->gc_principal, - .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0), }; struct rpc_cred *new;