> Begin forwarded message: > > From: Simo Sorce <simo@xxxxxxxxxx> > Subject: Re: [PATCH RFC 0/4] Use correct NFSv4.0 callback credential > Date: May 18, 2018 at 12:03:08 PM EDT > To: Chuck Lever <chuck.lever@xxxxxxxxxx>, linux-nfs@xxxxxxxxxxxxxxx > > On Fri, 2018-05-18 at 11:39 -0400, Chuck Lever wrote: >> I've been experimenting with this series that modifies NFSD to >> discover and use the correct GSS service principal when constructing >> its NFSv4.0 callback channels. I'm interested in review of this >> approach. There are a couple of code comments marked with XXX that >> also need some attention. >> >> The rpc.gssd change mentioned in 1/4 is unremarkable and will be >> made available once there is consensus about the kernel changes >> in this series. No gssproxy changes are necessary. >> >> --- >> >> Chuck Lever (4): >> sunrpc: Enable the kernel to specify the hostname part of service principals >> sunrpc: Extract target name into svc_cred >> nfsd: Use correct credential for NFSv4.0 callback with GSS >> nfsd: Remove callback_cred >> >> >> fs/nfsd/nfs4callback.c | 29 ++++---------- >> fs/nfsd/nfs4state.c | 17 +++----- >> fs/nfsd/state.h | 2 - >> include/linux/sunrpc/svcauth.h | 3 + >> net/sunrpc/auth_gss/auth_gss.c | 20 ++++++++-- >> net/sunrpc/auth_gss/gss_rpc_upcall.c | 70 ++++++++++++++++++++++------------ >> 6 files changed, 80 insertions(+), 61 deletions(-) >> >> -- >> Chuck Lever > > Ack for the sunrpc gssp changes. Hi Bruce, are you willing to take this series for v4.18? If so, I can post the gssd patch that goes with it. If not, shall I post these again after v4.18-rc1 ? > The one thing I am unsure of is whether always using the source name > as the callback target is going to work properly, and what happens > when it is not. > > Machines mounting with NFSv4.0 but without machine credentials (ie: > root kinits to admin@xxxxxxx and uses those creds to mount) will > always fail to establish a callback because the NFS client's kernel > does not have access to the user long term key. So even if the KDC > would decide to allow you to get a ticket for a user principal, the > client would not be able to complete context establishment. > > Maybe a fallback behavior where it tries to guess at a possible > machine service name would be valuable for cases where a machine > credential is actually available on the client host even though > for whatever reason the mount was done using some user credential. > > Simo. > > -- > Simo Sorce > Sr. Principal Software Engineer > Red Hat, Inc > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Chuck Lever -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
