Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp7194176ybh; Thu, 8 Aug 2019 11:35:17 -0700 (PDT) X-Google-Smtp-Source: APXvYqzeIQ3AtCzWKlgvl61nLsZV/UHcIiJB1rD1e7EDza0dJF1k6GltCI4YU2ehNTx34CWmh8E3 X-Received: by 2002:a17:902:1027:: with SMTP id b36mr4286856pla.203.1565289317220; Thu, 08 Aug 2019 11:35:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565289317; cv=none; d=google.com; s=arc-20160816; b=V5abOLSaN7NBmJgcSkKialVjWdJXAiytqASN74oNl80IsJY8mBkYOLe9AUDEVm/T+Y hphtpK3uE8rL1F/tlR8Z5/Et4hAB5o+7m2SvZeOCzR90Kj8CNQ0Oykip0hsquqcj3Su8 NmObyL9lgEA3f39vaSi6hrmlrTmPvspdFvNAHLQrQ2SaEA/rECGgibfqZ3nVKxYDImvG 0k46+hT9fQci+aAXHtL3gMS1fsszeK64Ln6nFmKyKUwiYJ4XlymX012u5SNDSmlDJG5b AjMPBkev6SjZwKIbAQyJW3PpN5QoCbJo/O2iQshQD4csChsKuiX3xy07/Gx2ISxkGV88 nkxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=IqN1PX7z0a81+4//18PuMKohsLI+2jUJOt7VaZRqUAI=; b=AbEaJ8/qaY42BbiNlvTNIvw6wvx7ey7b/OlXC8bV2CNrFDGXVIdQ7uHaCprpFgGACV ru+q7dL0Ow34a6/iCN2G7mNdrgGPdzC/iuus9PBNe/nm5wwwyduLFWtG0Wlrnjx6hTKD abNi6MS4epYzQLmxlUbFNDO9pgK4d2yZUrsWBxF1oXJcpEaId9bclpVW5vOJ4MCet3+l 62P6xojOKeR/wda2ZlFstaDqfm/JUlFS/gIJ7elgxjFXSkje015VpV+946banTvfdLte Kn+viyRBektzg9KmyS1fxur8PXomNsRPAqps4FgblifvqOMaBnDsOh28yEFkYSeFBFq0 6cpg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id go9si46186168plb.268.2019.08.08.11.34.57; Thu, 08 Aug 2019 11:35:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733248AbfHHSee (ORCPT + 99 others); Thu, 8 Aug 2019 14:34:34 -0400 Received: from mx1.redhat.com ([209.132.183.28]:33190 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725535AbfHHSee (ORCPT ); Thu, 8 Aug 2019 14:34:34 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2CCFE30C3A1F for ; Thu, 8 Aug 2019 18:34:34 +0000 (UTC) Received: from coeurl.usersys.redhat.com (ovpn-121-91.rdu2.redhat.com [10.10.121.91]) by smtp.corp.redhat.com (Postfix) with ESMTP id 13E0A19C69; Thu, 8 Aug 2019 18:34:34 +0000 (UTC) Received: by coeurl.usersys.redhat.com (Postfix, from userid 1000) id B439E20AAD; Thu, 8 Aug 2019 14:34:33 -0400 (EDT) From: Scott Mayhew To: steved@redhat.com Cc: linux-nfs@vger.kernel.org Subject: [nfs-utils PATCH RFC v2 0/4] add principal to the data being tracked by nfsdcld Date: Thu, 8 Aug 2019 14:34:29 -0400 Message-Id: <20190808183433.3557-1-smayhew@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Thu, 08 Aug 2019 18:34:34 +0000 (UTC) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org At the spring bakeathon, Chuck suggested that we should store the kerberos principal in addition to the client id string in nfsdcld. The idea is to prevent an illegitimate client from reclaiming another client's opens by supplying that client's id string. This is an initial attempt at doing that. The first patch adds support for a "GetVersion" upcall which allows nfsd to determine the maximum message version that nfsdcld supports. Right now it's based on the value of CLD_UPCALL_VERSION from cld.h, but I was thinking we may wish to add a command-line option (and an nfs.conf) option to make it possible to use a lower version than CLD_UPCALL_VERSION. My thinking here is that an older nfsdcld daemon won't be compatible with the new database schema... rather than worrying about messing with downgrading the database, just use the command-line option to make it behave like an older daemon. The second patch adds handling for the v2 Cld_Create and Cld_GraceStart upcalls, which can include the kerberos principal which we'll store along with the client id string in the database. Note that if we're talking to an old kernel that does the v1 upcall, everything still works (we just ignore the new columns in the database). The third patch adds a tool for manipulating nfsdcld's database schema. It's mostly intended to be used to downgrade the database in the (hopefully rare) event that an admin would want to downgrade nfsdcld. It also provides the ability for fixing broken recovery table names (which nfsdcld also fixes automatically) as well as the ability to print the contents of the database. The final patch updates the nfsdcld man page. Questions: 1. Why do we have a copy of cld.h in support/include? It seems unnecessary... maybe we should get rid of it so that we're always using the cld.h from the kernel headers? 2. Should there be a command line option to allow nfsdcld to advertise a lower upcall version to nfsd in the GetVersion upcall reply? Changes since v1: - added a tool for manipulating nfsdcld's sqlite database schema - updated the nfsdcld man page Scott Mayhew (4): nfsdcld: add a "GetVersion" upcall nfsdcld: add support for upcall version 2 Add a tool for manipulating the nfsdcld sqlite database schema. nfsdcld: update nfsdcld.man configure.ac | 1 + support/include/cld.h | 37 ++++- tools/Makefile.am | 4 + tools/clddb-tool/Makefile.am | 13 ++ tools/clddb-tool/clddb-tool.man | 83 ++++++++++ tools/clddb-tool/clddb-tool.py | 261 ++++++++++++++++++++++++++++++++ utils/nfsdcld/cld-internal.h | 13 +- utils/nfsdcld/nfsdcld.c | 140 ++++++++++++++--- utils/nfsdcld/nfsdcld.man | 32 +++- utils/nfsdcld/sqlite.c | 238 ++++++++++++++++++++++++----- utils/nfsdcld/sqlite.h | 2 + 11 files changed, 755 insertions(+), 69 deletions(-) create mode 100644 tools/clddb-tool/Makefile.am create mode 100644 tools/clddb-tool/clddb-tool.man create mode 100644 tools/clddb-tool/clddb-tool.py -- 2.17.2