Earlier this week, we had a lively discussion about how to fix the bogus way that the callback channel tries to authenticate requests coming in. The consensus was that the right approach is to save off the acceptor name in a GSSAPI SETCLIENTID call, and then to compare that to the initiator name in the callback requests. This patchset is the kernel portion of that change. There is also a companion patchset for gssd to make it pass the acceptor name to the kernel in the downcall. Jeff Layton (3): auth_gss: fetch the acceptor name out of the downcall sunrpc: add a new "stringify_acceptor" rpc_credop nfs4: copy acceptor name from context to nfs_client fs/nfs/callback.c | 12 ++++++ fs/nfs/client.c | 1 + fs/nfs/nfs4proc.c | 30 ++++++++++++++- include/linux/nfs_fs_sb.h | 1 + include/linux/nfs_xdr.h | 1 + include/linux/sunrpc/auth.h | 2 + include/linux/sunrpc/auth_gss.h | 1 + net/sunrpc/auth.c | 9 +++++ net/sunrpc/auth_gss/auth_gss.c | 82 +++++++++++++++++++++++++++++------------ 9 files changed, 115 insertions(+), 24 deletions(-) -- 1.9.0 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html