leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cb25e7b293
linux/fs
History
Chuck Lever cb25e7b293 nfsd: Use correct credential for NFSv4.0 callback with GSS 
I've had trouble when operating a multi-homed Linux NFS server with
Kerberos using NFSv4.0. Lately, I've seen my clients reporting
this (and then hanging):

May  9 11:43:26 manet kernel: NFS: NFSv4 callback contains invalid cred

The client-side commit f11b2a1cfb ("nfs4: copy acceptor name from
context to nfs_client") appears to be related, but I suspect this
problem has been going on for some time before that.

RFC 7530 Section 3.3.3 says:
> For Kerberos V5, nfs/hostname would be a server principal in the
> Kerberos Key Distribution Center database.  This is the same
> principal the client acquired a GSS-API context for when it issued
> the SETCLIENTID operation ...

In other words, an NFSv4.0 client expects that the server will use
the same GSS principal for callback that the client used to
establish its lease. For example, if the client used the service
principal "nfs@server.domain" to establish its lease, the server
is required to use "nfs@server.domain" when performing NFSv4.0
callback operations.

The Linux NFS server currently does not. It uses a common service
principal for all callback connections. Sometimes this works as
expected, and other times -- for example, when the server is
accessible via multiple hostnames -- it won't work at all.

This patch scrapes the target name from the client credential,
and uses that for the NFSv4.0 callback credential. That should
be correct much more often.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-08-22 18:32:07 -04:00
..
9p treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
adfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
affs affs: fix potential memory leak when parsing option 'prefix' 2018-05-28 12:36:41 +02:00
afs Merge branch 'afs-proc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-16 16:32:04 +09:00
autofs autofs: Fix typo s/thenew new/the new/ in AUTOFS4_FS description 2018-06-12 12:31:19 -07:00
befs fix a series of Documentation/ broken file name references 2018-06-15 18:10:01 -03:00
bfs bfs_add_entry: pass name/len as qstr pointer 2018-05-22 14:27:50 -04:00
btrfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
cachefiles Merge branch 'hch.procfs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-04 10:00:01 -07:00
ceph vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
cifs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
coda vfs: change inode times to use struct timespec64 2018-06-05 16:57:31 -07:00
configfs vfs: change inode times to use struct timespec64 2018-06-05 16:57:31 -07:00
cramfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
crypto f2fs-for-4.18-rc1 2018-06-11 10:16:13 -07:00
debugfs Revert "debugfs: inode: debugfs_create_dir uses mode permission from parent" 2018-06-12 20:52:16 -07:00
devpts
dlm treewide: Use array_size() in vmalloc() 2018-06-12 16:19:22 -07:00
ecryptfs Merge branch 'fixes' of https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs into aio-base 2018-05-26 09:16:25 +02:00
efivarfs
efs
exofs exofs: avoid VLA in structures 2018-06-15 07:55:24 +09:00
exportfs ovl: do not try to reconnect a disconnected origin dentry 2018-04-12 12:04:49 +02:00
ext2 treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
ext4 vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
f2fs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
fat Merge branch 'akpm' (patches from Andrew) 2018-06-15 08:51:42 +09:00
freevxfs freevxfs_lookup(): use d_splice_alias() 2018-05-22 14:27:51 -04:00
fscache proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00
fuse vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
gfs2 vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
hfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
hfsplus vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
hostfs vfs: change inode times to use struct timespec64 2018-06-05 16:57:31 -07:00
hpfs treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
hugetlbfs hugetlbfs: fix bug in pgoff overflow checking 2018-04-05 21:36:21 -07:00
isofs isofs: fix potential memory leak in mount option parsing 2018-04-16 09:47:41 +02:00
jbd2 treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
jffs2 vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
jfs treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
kernfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
lockd nfsd: fix leaked file lock with nfs exported overlayfs 2018-08-09 16:11:21 -04:00
minix minix_lookup: use d_splice_alias() 2018-05-22 14:27:52 -04:00
nfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
nfs_common net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nfsd nfsd: Use correct credential for NFSv4.0 callback with GSS 2018-08-22 18:32:07 -04:00
nilfs2 do d_instantiate/unlock_new_inode combinations safely 2018-05-11 15:36:37 -04:00
nls
notify fsnotify: add fsnotify_add_inode_mark() wrappers 2018-05-18 14:58:22 +02:00
ntfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
ocfs2 vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
omfs omfs_lookup(): report IO errors, use d_splice_alias() 2018-05-22 14:27:58 -04:00
openpromfs openpromfs: switch to d_splice_alias() 2018-05-22 14:27:57 -04:00
orangefs Solve a series of broken links for files under Documentation: 2018-06-17 05:25:18 +09:00
overlayfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
proc Merge branch 'afs-proc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-16 16:32:04 +09:00
pstore pstore: Remove bogus format string definition 2018-06-14 14:57:24 +02:00
qnx4 qnx4_lookup: use d_splice_alias() 2018-05-22 14:27:52 -04:00
qnx6 qnx6_lookup: switch to d_splice_alias() 2018-05-22 14:27:54 -04:00
quota fs: quota: Replace GFP_ATOMIC with GFP_KERNEL in dquot_init 2018-04-09 17:48:54 +02:00
ramfs
reiserfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
romfs romfs_lookup: switch to d_splice_alias() 2018-05-22 14:27:55 -04:00
squashfs
sysfs unfuck sysfs_mount() 2018-05-21 14:30:09 -04:00
sysv sysv_lookup: use d_splice_alias() 2018-05-22 14:27:53 -04:00
tracefs
ubifs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
udf vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
ufs treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
xfs vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
aio.c aio: only return events requested in poll_mask() for IOCB_CMD_POLL 2018-06-14 20:08:14 -04:00
anon_inodes.c
attr.c vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
bad_inode.c vfs: change inode times to use struct timespec64 2018-06-05 16:57:31 -07:00
binfmt_aout.c exec: introduce finalize_exec() before start_thread() 2018-04-11 10:28:37 -07:00
binfmt_elf_fdpic.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
binfmt_elf.c coredump: fix spam with zero VMA process 2018-06-15 07:55:24 +09:00
binfmt_em86.c
binfmt_flat.c exec: introduce finalize_exec() before start_thread() 2018-04-11 10:28:37 -07:00
binfmt_misc.c docs: Fix more broken references 2018-06-15 18:11:26 -03:00
binfmt_script.c
block_dev.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
buffer.c fs: move page_cache_seek_hole_data to iomap.c 2018-06-01 18:37:33 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c autofs: clean up includes 2018-06-07 17:34:40 -07:00
compat.c ncpfs: remove compat functionality 2018-06-05 19:23:26 +02:00
coredump.c
d_path.c split d_path() and friends into a separate file 2018-03-29 15:07:46 -04:00
dax.c libnvdimm for 4.18 2018-06-08 17:21:52 -07:00
dcache.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-04 10:14:28 -07:00
dcookies.c fs: add do_lookup_dcookie() helper; remove in-kernel call to syscall 2018-04-02 20:15:39 +02:00
direct-io.c block: consistently use GFP_NOIO instead of __GFP_NORECLAIM 2018-05-14 08:55:18 -06:00
drop_caches.c
eventfd.c eventfd: only return events requested in poll_mask() 2018-06-14 20:07:38 -04:00
eventpoll.c eventpoll: switch to ->poll_mask 2018-06-14 20:09:28 -04:00
exec.c Merge branch 'core-rseq-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-06-10 10:17:09 -07:00
fcntl.c mm: restructure memfd code 2018-06-07 17:34:35 -07:00
fhandle.c
file_table.c
file.c fs: add ksys_close() wrapper; remove in-kernel calls to sys_close() 2018-04-02 20:16:00 +02:00
filesystems.c proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00
fs_pin.c
fs_struct.c
fs-writeback.c bdi: Fix oops in wb_workfn() 2018-05-03 16:11:37 -06:00
inode.c vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
internal.h Revert "fs: fold open_check_o_direct into do_dentry_open" 2018-06-03 10:58:23 -07:00
ioctl.c fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems 2018-05-24 12:04:28 -05:00
iomap.c Changes since last update: 2018-06-12 15:49:00 -07:00
Kconfig autofs: remove left-over autofs4 stubs 2018-06-11 08:22:34 -07:00
Kconfig.binfmt docs: Fix more broken references 2018-06-15 18:11:26 -03:00
libfs.c fs, dax: prepare for dax-specific address_space_operations 2018-03-30 11:34:55 -07:00
locks.c vfs/y2038: inode timestamps conversion to timespec64 2018-06-15 07:31:07 +09:00
Makefile autofs: remove left-over autofs4 stubs 2018-06-11 08:22:34 -07:00
mbcache.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
mount.h
mpage.c
namei.c Merge branch 'afs-proc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-16 16:32:04 +09:00
namespace.c fs: Allow superblock owner to access do_remount_sb() 2018-05-24 12:02:25 -05:00
no-block.c
nsfs.c
open.c Revert "fs: fold open_check_o_direct into do_dentry_open" 2018-06-03 10:58:23 -07:00
pipe.c pipe: convert to ->poll_mask 2018-05-26 09:16:44 +02:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
readdir.c fs: add ksys_getdents64() helper; remove in-kernel calls to sys_getdents64() 2018-04-02 20:16:02 +02:00
select.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
seq_file.c proc: fix smaps and meminfo alignment 2018-05-25 18:12:11 -07:00
signalfd.c Merge branch 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-16 16:21:50 +09:00
splice.c Merge branch 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-16 16:21:50 +09:00
stack.c
stat.c fs: add do_readlinkat() helper; remove internal call to sys_readlinkat() 2018-04-02 20:15:34 +02:00
statfs.c
super.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-06-04 10:14:28 -07:00
sync.c Changes for this release: 2018-04-04 12:44:02 -07:00
timerfd.c timerfd: convert to ->poll_mask 2018-05-26 09:16:44 +02:00
userfaultfd.c userfaultfd: prevent non-cooperative events vs mcopy_atomic races 2018-06-07 17:34:38 -07:00
utimes.c fs: add do_compat_futimesat() helper; remove in-kernel call to compat syscall 2018-04-02 20:15:44 +02:00
xattr.c vfs: delete unnecessary assignment in vfs_listxattr 2018-05-29 13:22:41 -04:00