Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp950179ybl;
        Fri, 30 Aug 2019 09:27:11 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzVjfFi73Ea+ne93YFv5hxY5bmeVefFeC3/Dzms0PgENOv7hi9yyWaSEmq8MwJY86Ghh+3h
X-Received: by 2002:a17:90b:8e:: with SMTP id bb14mr16073724pjb.35.1567182431132;
        Fri, 30 Aug 2019 09:27:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1567182431; cv=none;
        d=google.com; s=arc-20160816;
        b=Dj+9E357oxkxbPSUNoev+rF9gPt0aypwtZeRG0BDnQaFXDL1C5BRQHO7p7HK6SsgGK
         ijl1aHRHj9UlclyeB+aSHOX+iUx4fMOCHPRB3IrL1hh5stg4JK+fytc2Nl3HbNkDJWem
         inacdvZSoQHlP3dziO6/geL5f1DHMwQrx1RjB2UxVZKmSaxgUHoJXYexk+vjYvX4GR+I
         3bWDBpqpeUSjkyXtdDhZPjy0fELbm27sz0EDQhRGN0kYtOt8M5nrQeENDROywoV/7Lhj
         V/NjC4SvSBhJCleDuYpHW6QOGl7wOzl6NDw0kW6gbHhoDW/bozEUz5nSm9AFhU6Hq/hj
         7xUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from;
        bh=+XOqdmznrohQWSBColBmycHh8xzrDdVQDOKRYa6T3N8=;
        b=RwtZ+26zvNHr7T5EJ5rm2DE9/4Y9odAFXAKx29cb4zvQSPEngfMB+fEa8hVFyMN0Ef
         Kd7plD8tpHNtt4ugm3N2ZrNFNx96tlyBfKL9UOAAQrfe8O8W3k5iNrYeGwaf5Wzb+unK
         Z29Owf9mdjkd3+WIqu8r8o7pmSTuPWM0xdQCA882OhJQFFLIi2ae48EiCXXX+QC1YUxC
         zhgeQB/zUkn28C4pHkJPmW8DcRoObfVtA1ZBOT/tittCWilRdHEml2e4X39A8EVxrPaj
         ZM5c/PPRKEZD0ts3LWNYU76Bn5Efbc+kygrJz6CV4h+OUJ0RFkJbHqrPMdXeCFCdtKH7
         IFIw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x26si6268762pfn.78.2019.08.30.09.26.45;
        Fri, 30 Aug 2019 09:27:11 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727876AbfH3Q0g (ORCPT <rfc822;elessard97@gmail.com>
        + 99 others); Fri, 30 Aug 2019 12:26:36 -0400
Received: from mx1.redhat.com ([209.132.183.28]:48624 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727246AbfH3Q0g (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
        Fri, 30 Aug 2019 12:26:36 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id A7D0CA36EE3;
        Fri, 30 Aug 2019 16:26:36 +0000 (UTC)
Received: from coeurl.usersys.redhat.com (ovpn-121-35.rdu2.redhat.com [10.10.121.35])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 8F7A26092D;
        Fri, 30 Aug 2019 16:26:36 +0000 (UTC)
Received: by coeurl.usersys.redhat.com (Postfix, from userid 1000)
        id 2F67920963; Fri, 30 Aug 2019 12:26:31 -0400 (EDT)
From:   Scott Mayhew <smayhew@redhat.com>
To:     bfields@fieldses.org, chuck.lever@oracle.com
Cc:     linux-nfs@vger.kernel.org
Subject: [PATCH 0/2] nfsd: add principal to the data being tracked by nfsdcld
Date:   Fri, 30 Aug 2019 12:26:29 -0400
Message-Id: <20190830162631.13195-1-smayhew@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.68]); Fri, 30 Aug 2019 16:26:36 +0000 (UTC)
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

At the spring bakeathon, Chuck suggested that we should store the
kerberos principal in addition to the client id string in nfsdcld.  The
idea is to prevent an illegitimate client from reclaiming another
client's opens by supplying that client's id string.

The first patch lays some groundwork for supporting multiple message
versions for the nfsdcld upcalls, adding fields for version and message
length to the nfsd4_client_tracking_ops (these fields are only used for
the nfsdcld upcalls and ignored for the other tracking methods), as well
as an upcall to get the maximum version supported by the userspace
daemon.

The second patch actually adds the v2 message, which adds the principal
(actually just the first 1024 bytes) to the Cld_Create upcall and to the
Cld_GraceStart downcall (which is what loads the data in the
reclaim_str_hashtbl). I couldn't really figure out what the maximum length
of a kerberos principal actually is (looking at krb5.h the length field in
the struct krb5_data is an unsigned int, so I guess it can be pretty big).
I don't think the principal will be that large in practice, and even if
it is the first 1024 bytes should be sufficient for our purposes.

Scott Mayhew (2):
  nfsd: add a "GetVersion" upcall for nfsdcld
  nfsd: add support for upcall version 2

 fs/nfsd/nfs4recover.c         | 332 +++++++++++++++++++++++++++-------
 fs/nfsd/nfs4state.c           |   6 +-
 fs/nfsd/state.h               |   3 +-
 include/uapi/linux/nfsd/cld.h |  37 +++-
 4 files changed, 311 insertions(+), 67 deletions(-)

-- 
2.17.2