public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-04 08:17:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/fs/nfs
History
NeilBrown b79e87e070 NFSv4.1: don't use machine credentials for CLOSE when using 'sec=sys' 
An NFSv4.1 client might close a file after the user who opened it has
logged off.  In this case the user's credentials may no longer be
valid, if they are e.g. kerberos credentials that have expired.

NFSv4.1 has a mechanism to allow the client to use machine credentials
to close a file.  However due to a short-coming in the RFC, a CLOSE
with those credentials may not be possible if the file in question
isn't exported to the same security flavor - the required PUTFH must
be rejected when this is the case.

Specifically if a server and client support kerberos in general and
have used it to form a machine credential, but the file is only
exported to "sec=sys", a PUTFH with the machine credentials will fail,
so CLOSE is not possible.

As RPC_AUTH_UNIX (used by sec=sys) credentials can never expire, there
is no value in using the machine credential in place of them.
So in that case, just use the users credentials for CLOSE etc, as you would
in NFSv4.0

Signed-off-by: Neil Brown <neilb@suse.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2017-08-20 12:43:17 -04:00
..
blocklayout block: switch bios to blk_status_t 2017-06-09 09:27:32 -06:00
filelayout NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid() 2017-07-21 14:08:45 -04:00
flexfilelayout nfs/flexfiles: fix leak of nfs4_ff_ds_version arrays 2017-08-08 17:18:10 -04:00
cache_lib.c sunrpc/nfs: cleanup procfs/pipefs entry in cache_detail 2017-02-08 17:02:45 -05:00
cache_lib.h
callback.c sunrpc: mark all struct svc_version instances as const 2017-07-13 15:58:03 -04:00
callback.h nfs: don't cast callback decode/proc/encode routines 2017-07-13 15:57:56 -04:00
callback_proc.c nfs: don't cast callback decode/proc/encode routines 2017-07-13 15:57:56 -04:00
callback_xdr.c Chuck's RDMA update overhauls the "call receive" side of the 2017-07-13 13:56:24 -07:00
client.c mount: copy the port field into the cloned nfs_server structure. 2017-07-19 15:28:21 -04:00
delegation.c
delegation.h
dir.c NFS client bugfixes for 4.13 2017-07-21 16:26:01 -07:00
direct.c NFS client updates for Linux 4.12 2017-05-10 13:03:38 -07:00
dns_resolve.c
dns_resolve.h
export.c nfs: add export operations 2017-07-13 17:12:04 -04:00
file.c NFS: Optimize fallocate by refreshing mapping when needed. 2017-07-27 11:22:42 -04:00
fscache-index.c
fscache.c
fscache.h
getroot.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
inode.c nfs: add a nfs_ilookup helper 2017-07-13 16:00:15 -04:00
internal.h NFS client updates for Linux 4.13 2017-07-13 14:35:37 -07:00
io.c
iostat.h
Kconfig pnfs/blocklayout: require 64-bit sector_t 2017-08-11 14:10:13 -04:00
Makefile nfs: add export operations 2017-07-13 17:12:04 -04:00
mount_clnt.c nfs: count correct array for mnt3_counts array size 2017-07-21 08:49:57 -04:00
namespace.c NFS: Use ERR_CAST() to avoid cross-structure cast 2017-05-28 10:11:47 -07:00
netns.h
nfs.h
nfs2super.c
nfs2xdr.c NFS: convert flags to bool 2017-07-13 15:58:04 -04:00
nfs3_fs.h
nfs3acl.c
nfs3client.c
nfs3proc.c NFSv3: Convert nfs3_proc_access() to use nfs_access_set_mask() 2017-07-21 11:51:19 -04:00
nfs3super.c
nfs3xdr.c NFS: convert flags to bool 2017-07-13 15:58:04 -04:00
nfs4_fs.h NFSv4.1: don't use machine credentials for CLOSE when using 'sec=sys' 2017-08-20 12:43:17 -04:00
nfs4client.c NFSv4: Fix double frees in nfs4_test_session_trunk() 2017-08-02 09:45:55 -04:00
nfs4file.c
nfs4getroot.c NFS: Clean up nfs4_get_rootfh() 2017-04-20 13:39:35 -04:00
nfs4idmap.c NFS: silence a uninitialized variable warning 2017-07-13 15:58:28 -04:00
nfs4idmap.h
nfs4namespace.c NFS: Remove extra dprintk()s from nfs4namespace.c 2017-04-20 13:39:35 -04:00
nfs4proc.c Some more NFS client bugfixes for 4.13 2017-08-11 13:54:09 -07:00
nfs4renewd.c NFSv4: Set the connection timeout to match the lease period 2017-02-09 14:15:16 -05:00
nfs4session.c
nfs4session.h NFS: Make trace_nfs4_setup_sequence() available to NFS v4.0 2017-01-30 13:14:50 -05:00
nfs4state.c NFS client updates for Linux 4.13 2017-07-13 14:35:37 -07:00
nfs4super.c
nfs4sysctl.c
nfs4trace.c
nfs4trace.h nfs4: add NFSv4 LOOKUPP handlers 2017-07-13 16:00:15 -04:00
nfs4xdr.c NFSv4: Fix EXCHANGE_ID corrupt verifier issue 2017-08-01 16:28:55 -04:00
nfs42.h
nfs42proc.c NFSv4.2 fix size storage for nfs42_proc_copy 2017-07-13 16:00:14 -04:00
nfs42xdr.c nfs: fix decoder callback prototypes 2017-07-13 15:57:56 -04:00
nfsroot.c
nfstrace.c
nfstrace.h
pagelist.c NFS: Remove unused parameter gfp_flags from nfs_pageio_init() 2017-08-20 11:35:33 -04:00
pnfs.c pnfs: Fix the check for requests in range of layout segment 2017-05-24 07:55:02 -04:00
pnfs.h pnfs: Fix the check for requests in range of layout segment 2017-05-24 07:55:02 -04:00
pnfs_dev.c
pnfs_nfs.c Revert commit 722f0b8911 ("pNFS: Don't send COMMITs to the DSes if...") 2017-07-19 15:28:21 -04:00
proc.c NFS: convert flags to bool 2017-07-13 15:58:04 -04:00
read.c NFS: Remove unused parameter gfp_flags from nfs_pageio_init() 2017-08-20 11:35:33 -04:00
super.c NFS client updates for Linux 4.13 2017-07-13 14:35:37 -07:00
symlink.c
sysctl.c
unlink.c NFS: nfs_rename() - revalidate directories on -ERESTARTSYS 2017-07-13 15:58:04 -04:00
write.c NFS: Remove unused parameter gfp_flags from nfs_pageio_init() 2017-08-20 11:35:33 -04:00