The cred is a machine_cred iff ->principal is set, so there is no
need for the extra flag.
There is one case which deserves some
explanation. nfs4_root_machine_cred() calls rpc_lookup_machine_cred()
with a NULL principal name which results in not getting a machine
credential, but getting a root credential instead.
This appears to be what is expected of the caller, and is
clearly the result provided by both auth_unix and auth_gss
which already ignore the flag.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
struct auth_cred {
const struct cred *cred;
struct auth_cred {
const struct cred *cred;
+ const char *principal; /* If present, this is a machine credential */
- unsigned char machine_cred : 1;
/*
* Public call interface for looking up machine creds.
/*
* Public call interface for looking up machine creds.
+ * Note that if service_name is NULL, we actually look up
+ * "root" credential.
*/
struct rpc_cred *rpc_lookup_machine_cred(const char *service_name)
{
struct auth_cred acred = {
.principal = service_name,
*/
struct rpc_cred *rpc_lookup_machine_cred(const char *service_name)
{
struct auth_cred acred = {
.principal = service_name,
.cred = get_task_cred(&init_task),
};
struct rpc_cred *ret;
.cred = get_task_cred(&init_task),
};
struct rpc_cred *ret;
gcred->acred.cred = gcred->gc_base.cr_cred;
gcred->acred.ac_flags = 0;
gcred->acred.cred = gcred->gc_base.cr_cred;
gcred->acred.ac_flags = 0;
- gcred->acred.machine_cred = acred->machine_cred;
gcred->acred.principal = acred->principal;
dprintk("RPC: allocated %s cred %p for uid %d gid %d\n",
gcred->acred.principal = acred->principal;
dprintk("RPC: allocated %s cred %p for uid %d gid %d\n",
- gcred->acred.machine_cred ? "machine" : "generic",
+ gcred->acred.principal ? "machine" : "generic",
gcred,
from_kuid(&init_user_ns, acred->cred->fsuid),
from_kgid(&init_user_ns, acred->cred->fsgid));
gcred,
from_kuid(&init_user_ns, acred->cred->fsuid),
from_kgid(&init_user_ns, acred->cred->fsgid));
static int
machine_cred_match(struct auth_cred *acred, struct generic_cred *gcred, int flags)
{
static int
machine_cred_match(struct auth_cred *acred, struct generic_cred *gcred, int flags)
{
- if (!gcred->acred.machine_cred ||
+ if (!gcred->acred.principal ||
gcred->acred.principal != acred->principal ||
!uid_eq(gcred->acred.cred->fsuid, acred->cred->fsuid) ||
!gid_eq(gcred->acred.cred->fsgid, acred->cred->fsgid))
gcred->acred.principal != acred->principal ||
!uid_eq(gcred->acred.cred->fsuid, acred->cred->fsuid) ||
!gid_eq(gcred->acred.cred->fsgid, acred->cred->fsgid))
int i;
struct group_info *a, *g;
int i;
struct group_info *a, *g;
- if (acred->machine_cred)
return machine_cred_match(acred, gcred, flags);
if (!uid_eq(gcred->acred.cred->fsuid, acred->cred->fsuid) ||
!gid_eq(gcred->acred.cred->fsgid, acred->cred->fsgid) ||
return machine_cred_match(acred, gcred, flags);
if (!uid_eq(gcred->acred.cred->fsuid, acred->cred->fsuid) ||
!gid_eq(gcred->acred.cred->fsgid, acred->cred->fsgid) ||
- gcred->acred.machine_cred != 0)
+ gcred->acred.principal != NULL)
goto out_nomatch;
a = acred->cred->group_info;
goto out_nomatch;
a = acred->cred->group_info;
*/
cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
cred->gc_service = gss_auth->service;
*/
cred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_NEW;
cred->gc_service = gss_auth->service;
- cred->gc_principal = NULL;
- if (acred->machine_cred)
- cred->gc_principal = acred->principal;
+ cred->gc_principal = acred->principal;
kref_get(&gss_auth->kref);
return &cred->gc_base;
kref_get(&gss_auth->kref);
return &cred->gc_base;
struct auth_cred acred = {
.cred = oldcred->cr_cred,
.principal = gss_cred->gc_principal,
struct auth_cred acred = {
.cred = oldcred->cr_cred,
.principal = gss_cred->gc_principal,
- .machine_cred = (gss_cred->gc_principal != NULL ? 1 : 0),