linux/fs/nfsd
Andrew Elble ed94164398 nfsd: implement machine credential support for some operations
This addresses the conundrum referenced in RFC5661 18.35.3,
and will allow clients to return state to the server using the
machine credentials.

The biggest part of the problem is that we need to allow the client
to send a compound op with integrity/privacy on mounts that don't
have it enabled.

Add server support for properly decoding and using spo_must_enforce
and spo_must_allow bits. Add support for machine credentials to be
used for CLOSE, OPEN_DOWNGRADE, LOCKU, DELEGRETURN,
and TEST/FREE STATEID.
Implement a check so as to not throw WRONGSEC errors when these
operations are used if integrity/privacy isn't turned on.

Without this, Linux clients with credentials that expired while holding
delegations were getting stuck in an endless loop.

Signed-off-by: Andrew Elble <aweits@rit.edu>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2016-07-13 15:32:47 -04:00
..
acl.h nfsd4: remove nfs4_acl_new 2014-07-08 17:14:27 -04:00
auth.c nfsd: silence sparse warning about accessing credentials 2014-07-17 16:15:35 -04:00
auth.h
blocklayout.c nfsd: Fix NFSD_MDS_PR_KEY on 32-bit by adding ULL postfix 2016-06-14 11:50:04 -04:00
blocklayoutxdr.c nfsd: better layoutupdate bounds-checking 2016-03-22 14:39:35 -04:00
blocklayoutxdr.h nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
cache.h nfsd: Remove the cache_hash list 2014-08-17 12:00:12 -04:00
current_stateid.h
export.c nfsd: implement machine credential support for some operations 2016-07-13 15:32:47 -04:00
export.h nfsd: include linux/nfs4.h in export.h 2015-08-13 10:21:21 -04:00
fault_inject.c nfsd: remove old fault injection infrastructure 2014-08-05 10:55:10 -04:00
idmap.h nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
Kconfig nfsd: block and scsi layout drivers need to depend on CONFIG_BLOCK 2016-03-18 11:42:54 -04:00
lockd.c lockd: constify nlmsvc_binding structure 2016-01-07 10:10:50 -05:00
Makefile nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
netns.h nfsd: recover: constify nfsd4_client_tracking_ops structures 2015-11-23 12:15:30 -07:00
nfs2acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs3acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs3proc.c don't bother with ->d_inode->i_sb - it's always equal to ->d_sb 2016-04-10 17:11:51 -04:00
nfs3xdr.c A very quiet cycle for nfsd, mainly just an RDMA update from Chuck Lever. 2016-05-24 14:39:20 -07:00
nfs4acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs4callback.c nfsd4/rpc: move backchannel create logic into rpc code 2016-06-15 10:32:25 -04:00
nfs4idmap.c nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
nfs4layouts.c nfsd: handle seqid wraparound in nfsd4_preprocess_layout_stateid 2016-05-13 15:34:47 -04:00
nfs4proc.c nfsd: implement machine credential support for some operations 2016-07-13 15:32:47 -04:00
nfs4recover.c Various bugfixes, a RDMA update from Chuck Lever, and support for a new 2016-03-24 10:41:00 -07:00
nfs4state.c nfsd: implement machine credential support for some operations 2016-07-13 15:32:47 -04:00
nfs4xdr.c nfsd: implement machine credential support for some operations 2016-07-13 15:32:47 -04:00
nfscache.c nfsd: remove recurring workqueue job to clean DRC 2015-11-10 09:25:51 -05:00
nfsctl.c nfsd: fix nsfd startup race triggering BUG_ON 2015-04-21 16:16:03 -04:00
nfsd.h nfsd: implement machine credential support for some operations 2016-07-13 15:32:47 -04:00
nfsfh.c don't bother with ->d_inode->i_sb - it's always equal to ->d_sb 2016-04-10 17:11:51 -04:00
nfsfh.h wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
nfsproc.c nfsd: Disable NFSv2 timestamp workaround for NFSv3+ 2015-05-29 11:04:01 -04:00
nfssvc.c nfsd: Fix nfsd leaks sunrpc module references 2016-01-07 10:10:51 -05:00
nfsxdr.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
pnfs.h nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
state.h nfsd: implement machine credential support for some operations 2016-07-13 15:32:47 -04:00
stats.c nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
stats.h nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
trace.c nfsd: move include of state.h from trace.c to trace.h 2015-10-23 15:57:29 -04:00
trace.h nfsd: add new io class tracepoint 2016-01-14 17:32:51 -05:00
vfs.c nfsd: use RWF_SYNC 2016-05-01 19:58:39 -04:00
vfs.h nfsd: use short read as well as i_size to set eof 2016-03-23 16:02:39 -04:00
xdr3.h nfsd: fix encode_entryplus_baggage stack usage 2014-01-23 13:50:27 -05:00
xdr4.h nfsd: implement machine credential support for some operations 2016-07-13 15:32:47 -04:00
xdr4cb.h nfsd: implement pNFS layout recalls 2015-02-02 18:09:43 +01:00
xdr.h