Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5668957ybe;
        Tue, 10 Sep 2019 07:12:10 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxEFkMFID/nUcxmGcvZCGKJqTnC2L/0bEeSa6wPModQ+hpc68+YiE3OOS++IL3r+2dnR8Wb
X-Received: by 2002:a50:a0e2:: with SMTP id 89mr30433369edo.118.1568124729963;
        Tue, 10 Sep 2019 07:12:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1568124729; cv=none;
        d=google.com; s=arc-20160816;
        b=w8ooo1ISHlrmufDTf3ZOfk2kBK5d9dwXd6weNoZDaGpX1qyHmtr8ceHBW2Cqx+69bx
         w1bAgCCBY0l4JKDuT7e8KF/IsxeX6abYMcv9cejAlAW1wCdRZqmQuI/sfid2Eh4RmP1t
         xo3SrPL7YGJOnTTwDN8DIPVLvNVcyfdb57qK5qgy44ZjgXYkENd/joRFYuLEW9VKZ5Qp
         VaG4/MdpaCJbS0im07xRz1pV/JExzSkV7mU65C5+37iU9qbE8WBZFNLuCYZWn4eJFReP
         S/+ZRF1z8No4EX6oSKLnK+UNeU1Q+x09HgD3b9hO8WgDRLODStuySgqkKrc4MVlydW9R
         mUsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=HWugu4wdUtZ+iz1LZTShtN/+pYsUpvzm/ww+/itxz7k=;
        b=eFrhgu2yxUigwS02RKiMPzGtOcP/JQ3R7814JCLVB2J0WDFlBCTPhi6xJUgAKF4Ukp
         hkNrSoN2V5pxNTAuP5iE/sO593T+5x9mYXutuYBMrBOZleSOU0byx1ytw0IN2azC8S0C
         LsPNBhPz7hRQ4NKps/Vls7e64SbrKNq8FIZAoKEfk62Z87HufrdGP+ZlG1aXnRr8IHAF
         uW1I49xsnKWA0wuSsOqfbjFqCVrTej9G6jYKHjeobjQrAIY0JxVj6EfFIy03mMxFc5wm
         yQOTZv2s3BOojPyr7zbjEdbvrxv1XIKe36yzXn3y3GxKz9LPpxZGiBpu6k9JmWhS3zGs
         eD6Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q5si5945449eju.175.2019.09.10.07.11.37;
        Tue, 10 Sep 2019 07:12:09 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727402AbfIJN2i (ORCPT <rfc822;rhuang0701@gmail.com>
        + 99 others); Tue, 10 Sep 2019 09:28:38 -0400
Received: from fieldses.org ([173.255.197.46]:32828 "EHLO fieldses.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726394AbfIJN2i (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
        Tue, 10 Sep 2019 09:28:38 -0400
Received: by fieldses.org (Postfix, from userid 2815)
        id 4F1632010; Tue, 10 Sep 2019 09:28:37 -0400 (EDT)
Date:   Tue, 10 Sep 2019 09:28:37 -0400
From:   "J. Bruce Fields" <bfields@fieldses.org>
To:     Scott Mayhew <smayhew@redhat.com>
Cc:     chuck.lever@oracle.com, simo@redhat.com, linux-nfs@vger.kernel.org
Subject: Re: [PATCH v2 0/2] add hash of the kerberos principal to the data
 being tracked by nfsdcld
Message-ID: <20190910132837.GB26695@fieldses.org>
References: <20190909201031.12323-1-smayhew@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190909201031.12323-1-smayhew@redhat.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

Applying for 5.4, thanks--b.

On Mon, Sep 09, 2019 at 04:10:29PM -0400, Scott Mayhew wrote:
> At the spring bakeathon, Chuck suggested that we should store the
> kerberos principal in addition to the client id string in nfsdcld.  The
> idea is to prevent an illegitimate client from reclaiming another
> client's opens by supplying that client's id string.
> 
> The first patch lays some groundwork for supporting multiple message
> versions for the nfsdcld upcalls, adding fields for version and message
> length to the nfsd4_client_tracking_ops (these fields are only used for
> the nfsdcld upcalls and ignored for the other tracking methods), as well
> as an upcall to get the maximum version supported by the userspace
> daemon.
> 
> The second patch actually adds the v2 message, which adds the sha256 hash
> of the kerberos principal to the Cld_Create upcall and to the Cld_GraceStart
> downcall (which is what loads the data in the reclaim_str_hashtbl).
> 
> Changes since v1:
> - use the sha256 hash of a principal instead of the principal itself
> - prefer the cr_raw_principal (returned by gssproxy) if it exists, then
>   fall back to cr_principal (returned by both gssproxy and rpc.svcgssd)
> 
> Scott Mayhew (2):
>   nfsd: add a "GetVersion" upcall for nfsdcld
>   nfsd: add support for upcall version 2
> 
>  fs/nfsd/nfs4recover.c         | 388 ++++++++++++++++++++++++++++------
>  fs/nfsd/nfs4state.c           |   6 +-
>  fs/nfsd/state.h               |   3 +-
>  include/uapi/linux/nfsd/cld.h |  41 +++-
>  4 files changed, 371 insertions(+), 67 deletions(-)
> 
> -- 
> 2.17.2