'[iisaman@citi.umich.edu: [PATCH 01/01]: nfsd4: exports sec= parsing]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-nfsv4
Subject:    [iisaman@citi.umich.edu: [PATCH 01/01]: nfsd4: exports sec= parsing]
From:       "J. Bruce Fields" <bfields () fieldses ! org>
Date:       2006-06-30 20:19:07
Message-ID: 20060630201907.GF30111 () fieldses ! org
[Download RAW message or body]

By the way, in the spirit of full disclosure, this is the sort of thing we're
considering to pass down the pseudoflavor information.  Note that, along with
fs_locations, this is another patch that tacks extra stuff onto the exports
downcall.

In the fs_locations case I don't have strong opinions either way about that
particular approach.  In this case, I do--I'm quite convinced that attaching
the pseudoflavor list to the exports is the most straightforward model that
fits the protocol and user requirements.  So if we had to convert one of these
two (fs_locations or secinfo) to a separate cache, I'd rather it be
fs_locations.

(Note--this patch is still preliminary, and the rest of the work (specifically,
code to use the information passed down) isn't done yet.  So this is an RFC,
not a submission....)

--b.

----- Forwarded message from Fredric Isaman <iisaman@citi.umich.edu> -----

Date: Wed, 28 Jun 2006 15:25:53 -0400 (EDT)
From: Fredric Isaman <iisaman@citi.umich.edu>
To: "J. Bruce Fields" <bfields@fieldses.org>
Subject: [PATCH 01/01]: nfsd4: exports sec= parsing

Below is a patch that applies to linux-2.6.17-rc6-CITI_NFS4_ALL-1.diff
that parses and stores info sent through exports cache via
"... secinfo n flavor1 flag1 ... flavorN flagN"

Signed-off-by: Fred Isaman <iisaman@citi.umich.edu>
---
Index: linux-2.6.17-rc6/fs/nfsd/export.c
===================================================================

--- linux-2.6.17-rc6.orig/fs/nfsd/export.c
+++ linux-2.6.17-rc6/fs/nfsd/export.c
@@ -396,10 +396,13 @@ fsloc_parse(char **mesg, char *buf, stru
 {
 	int len;
 	int listsize, migrated, i, err;
+	char *orig = *mesg;

 	len = qword_get(mesg, buf, PAGE_SIZE);
-	if (len != 5 || memcmp(buf, "fsloc", 5))
+	if (len != 5 || memcmp(buf, "fsloc", 5)) {
+		*mesg = orig;
 		return 0;
+	}

 	/* listsize */
 	err = get_int(mesg, &listsize);
@@ -453,8 +456,71 @@ out_free_all:
 	return err;
 }

+static int flavor_parse(char *str)
+{
+	if (!strcmp(str, "sys"))
+		return SECINFO_SYS;
+	else if (!strcmp(str, "krb5"))
+		return SECINFO_KRB5;
+	else if (!strcmp(str, "krb5i"))
+		return SECINFO_KRB5I;
+	else if (!strcmp(str, "krb5p"))
+		return SECINFO_KRB5P;
+	else
+		dprintk("Unknown security flavor %s", str);
+		return -1;
+}
+
+static void secinfo_clearall(struct svc_export *exp)
+{
+	exp->ex_si_order[0] = -1;
+}
+
+static void secinfo_useflavor(int flavor, struct svc_export *exp)
+{
+	int *p;
+	for (p=exp->ex_si_order; *p >= 0; p++)
+		; /* Do nothing */
+	*p = flavor;
+}
+
+static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp)
+{
+	int len, listsize, i, flavor, err;
+	char *orig = *mesg;
+
+	len = qword_get(mesg, buf, PAGE_SIZE);
+	if (strcmp(buf, "secinfo")) {
+		*mesg = orig;
+		return 0;
+	}
+
+	/* listsize */
+	err = get_int(mesg, &listsize);
+	if (err)
+		return err;
+	if (listsize <0)
+		return -EINVAL;
+	secinfo_clearall(exp);
+
+	for (i=0; i<listsize; i++) {
+		len = qword_get(mesg, buf, PAGE_SIZE);
+		if (len <= 0)
+			return -EINVAL;
+		flavor = flavor_parse(buf);
+		if (flavor < 0)
+			return -EINVAL;
+		err = get_int(mesg, exp->ex_si_flags + flavor);
+		if (err)
+			return err;
+		secinfo_useflavor(flavor, exp);
+	}
+	return 0;
+}
+
 #else /* CONFIG_NFSD_V4 */
 static int fsloc_parse(char **, char *, struct svc_export *) { return 0; }
+static int secinfo_parse(char **, char *, struct svc_export *) { return 0; }
 #endif

 static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
@@ -538,6 +604,10 @@ static int svc_export_parse(struct cache
 		err = fsloc_parse(&mesg, buf, &exp);
 		if (err)
 			goto out;
+
+		err = secinfo_parse(&mesg, buf, &exp);
+		if (err)
+			goto out;
 	}

 	expp = svc_export_lookup(&exp);
Index: linux-2.6.17-rc6/include/linux/nfsd/export.h
===================================================================
--- linux-2.6.17-rc6.orig/include/linux/nfsd/export.h
+++ linux-2.6.17-rc6/include/linux/nfsd/export.h
@@ -45,6 +45,14 @@

 #ifdef __KERNEL__

+#ifdef CONFIG_NFSD_V4
+#define SECINFO_SYS		0
+#define SECINFO_KRB5		1
+#define SECINFO_KRB5I		2
+#define SECINFO_KRB5P		3
+#define SECINFO_COUNT		4
+#endif
+
 struct svc_export {
 	struct cache_head	h;
 	struct auth_domain *	ex_client;
@@ -56,6 +64,8 @@ struct svc_export {
 	int			ex_fsid;
 #ifdef CONFIG_NFSD_V4
 	struct nfsd4_fs_locations *ex_fslocs;
+	int			ex_si_order[SECINFO_COUNT+1];
+	int			ex_si_flags[SECINFO_COUNT];
 #endif
 };


----- End forwarded message -----
_______________________________________________
NFSv4 mailing list
NFSv4@linux-nfs.org
http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
[prev in list] [next in list] [prev in thread] [next in thread] 
