summaryrefslogtreecommitdiff
path: root/net/sunrpc/auth.c
diff options
context:
space:
mode:
authorNeilBrown <neilb@suse.com>2018-12-03 03:30:30 +0300
committerAnna Schumaker <Anna.Schumaker@Netapp.com>2018-12-19 21:52:45 +0300
commit1de7eea92946d7b581a8cd26084410913c80e594 (patch)
tree24f83b50f58976dbad4025bae814daebb6029657 /net/sunrpc/auth.c
parenta68a72e135ef55bce136a0b604413fd6b0f6d3fc (diff)
downloadlinux-1de7eea92946d7b581a8cd26084410913c80e594.tar.xz
SUNRPC: add side channel to use non-generic cred for rpc call.
The credential passed in rpc_message.rpc_cred is always a generic credential except in one instance. When gss_destroying_context() calls rpc_call_null(), it passes a specific credential that it needs to destroy. In this case the RPC acts *on* the credential rather than being authorized by it. This special case deserves explicit support and providing that will mean that rpc_message.rpc_cred is *always* generic, allowing some optimizations. So add "tk_op_cred" to rpc_task and "rpc_op_cred" to the setup data. Use this to pass the cred down from rpc_call_null(), and have rpcauth_bindcred() notice it and bind it in place. Credit to kernel test robot <fengguang.wu@intel.com> for finding a bug in earlier version of this patch. Signed-off-by: NeilBrown <neilb@suse.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Diffstat (limited to 'net/sunrpc/auth.c')
-rw-r--r--net/sunrpc/auth.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index dcfcc590b34e..27d90578e7a0 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -751,7 +751,11 @@ rpcauth_bindcred(struct rpc_task *task, struct rpc_cred *cred, int flags)
if (flags & RPC_TASK_ASYNC)
lookupflags |= RPCAUTH_LOOKUP_NEW;
- if (cred != NULL && cred != &machine_cred)
+ if (task->tk_op_cred)
+ /* Task must use exactly this rpc_cred */
+ new = task->tk_op_cred->cr_ops->crbind(task, task->tk_op_cred,
+ lookupflags);
+ else if (cred != NULL && cred != &machine_cred)
new = cred->cr_ops->crbind(task, cred, lookupflags);
else if (cred == &machine_cred)
new = rpcauth_bind_machine_cred(task, lookupflags);