creating nfs client per security flavor
This commit is contained in:
Olga Kornievskaia
unknown
parent
3b9f37d5a1
commit
f7a9932cb3
5 changed files with 50 additions and 23 deletions
|
|
@ -66,7 +66,7 @@ static int handle_mount(nfs41_upcall *upcall)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
// create root
|
// create root
|
||||||
status = nfs41_root_create(args->hostname,
|
status = nfs41_root_create(args->hostname, args->sec_flavor,
|
||||||
NFS41_MAX_FILEIO_SIZE + WRITE_OVERHEAD,
|
NFS41_MAX_FILEIO_SIZE + WRITE_OVERHEAD,
|
||||||
NFS41_MAX_FILEIO_SIZE + READ_OVERHEAD, &root);
|
NFS41_MAX_FILEIO_SIZE + READ_OVERHEAD, &root);
|
||||||
if (status) {
|
if (status) {
|
||||||
|
|
@ -76,7 +76,7 @@ static int handle_mount(nfs41_upcall *upcall)
|
||||||
// add a mount
|
// add a mount
|
||||||
root->uid = upcall->uid;
|
root->uid = upcall->uid;
|
||||||
root->gid = upcall->gid;
|
root->gid = upcall->gid;
|
||||||
root->sec_flavor = args->sec_flavor;
|
|
||||||
status = nfs41_root_mount_addrs(root, &addrs, 0, 0, &client);
|
status = nfs41_root_mount_addrs(root, &addrs, 0, 0, &client);
|
||||||
if (status) {
|
if (status) {
|
||||||
eprintf("nfs41_root_mount() failed with %d\n", status);
|
eprintf("nfs41_root_mount() failed with %d\n", status);
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,7 @@
|
||||||
/* nfs41_root */
|
/* nfs41_root */
|
||||||
int nfs41_root_create(
|
int nfs41_root_create(
|
||||||
IN const char *name,
|
IN const char *name,
|
||||||
|
IN uint32_t sec_flavor,
|
||||||
IN uint32_t wsize,
|
IN uint32_t wsize,
|
||||||
IN uint32_t rsize,
|
IN uint32_t rsize,
|
||||||
OUT nfs41_root **root_out)
|
OUT nfs41_root **root_out)
|
||||||
|
|
@ -58,9 +59,10 @@ int nfs41_root_create(
|
||||||
root->rsize = rsize;
|
root->rsize = rsize;
|
||||||
InitializeCriticalSection(&root->lock);
|
InitializeCriticalSection(&root->lock);
|
||||||
root->ref_count = 1;
|
root->ref_count = 1;
|
||||||
|
root->sec_flavor = sec_flavor;
|
||||||
|
|
||||||
/* generate a unique client_owner */
|
/* generate a unique client_owner */
|
||||||
status = nfs41_client_owner(name, &root->client_owner);
|
status = nfs41_client_owner(name, sec_flavor, &root->client_owner);
|
||||||
if (status) {
|
if (status) {
|
||||||
eprintf("nfs41_client_owner() failed with %d\n", status);
|
eprintf("nfs41_client_owner() failed with %d\n", status);
|
||||||
goto out;
|
goto out;
|
||||||
|
|
|
||||||
|
|
@ -191,6 +191,7 @@ typedef struct __nfs41_root {
|
||||||
/* nfs41_namespace.c */
|
/* nfs41_namespace.c */
|
||||||
int nfs41_root_create(
|
int nfs41_root_create(
|
||||||
IN const char *name,
|
IN const char *name,
|
||||||
|
IN uint32_t sec_flavor,
|
||||||
IN uint32_t wsize,
|
IN uint32_t wsize,
|
||||||
IN uint32_t rsize,
|
IN uint32_t rsize,
|
||||||
OUT nfs41_root **root_out);
|
OUT nfs41_root **root_out);
|
||||||
|
|
@ -298,6 +299,7 @@ void nfs41_server_addrs(
|
||||||
/* nfs41_client.c */
|
/* nfs41_client.c */
|
||||||
int nfs41_client_owner(
|
int nfs41_client_owner(
|
||||||
IN const char *name,
|
IN const char *name,
|
||||||
|
IN uint32_t sec_flavor,
|
||||||
OUT client_owner4 *owner);
|
OUT client_owner4 *owner);
|
||||||
|
|
||||||
uint32_t nfs41_exchange_id_flags(
|
uint32_t nfs41_exchange_id_flags(
|
||||||
|
|
|
||||||
|
|
@ -365,6 +365,7 @@ out:
|
||||||
|
|
||||||
int nfs41_client_owner(
|
int nfs41_client_owner(
|
||||||
IN const char *name,
|
IN const char *name,
|
||||||
|
IN uint32_t sec_flavor,
|
||||||
OUT client_owner4 *owner)
|
OUT client_owner4 *owner)
|
||||||
{
|
{
|
||||||
HCRYPTPROV context;
|
HCRYPTPROV context;
|
||||||
|
|
@ -391,6 +392,12 @@ int nfs41_client_owner(
|
||||||
goto out_context;
|
goto out_context;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!CryptHashData(hash, (const BYTE*)&sec_flavor, (DWORD)sizeof(sec_flavor), 0)) {
|
||||||
|
status = GetLastError();
|
||||||
|
eprintf("CryptHashData() failed with %d\n", status);
|
||||||
|
goto out_hash;
|
||||||
|
}
|
||||||
|
|
||||||
if (!CryptHashData(hash, (const BYTE*)name, (DWORD)strlen(name), 0)) {
|
if (!CryptHashData(hash, (const BYTE*)name, (DWORD)strlen(name), 0)) {
|
||||||
status = GetLastError();
|
status = GetLastError();
|
||||||
eprintf("CryptHashData() failed with %d\n", status);
|
eprintf("CryptHashData() failed with %d\n", status);
|
||||||
|
|
|
||||||
|
|
@ -292,7 +292,8 @@ typedef struct _NFS41_MOUNT_CONFIG {
|
||||||
typedef struct _NFS41_NETROOT_EXTENSION {
|
typedef struct _NFS41_NETROOT_EXTENSION {
|
||||||
NODE_TYPE_CODE NodeTypeCode;
|
NODE_TYPE_CODE NodeTypeCode;
|
||||||
NODE_BYTE_SIZE NodeByteSize;
|
NODE_BYTE_SIZE NodeByteSize;
|
||||||
HANDLE session;
|
HANDLE auth_sys_session;
|
||||||
|
HANDLE gss_session;
|
||||||
DWORD nfs41d_version;
|
DWORD nfs41d_version;
|
||||||
} NFS41_NETROOT_EXTENSION, *PNFS41_NETROOT_EXTENSION;
|
} NFS41_NETROOT_EXTENSION, *PNFS41_NETROOT_EXTENSION;
|
||||||
#define NFS41GetNetRootExtension(pNetRoot) \
|
#define NFS41GetNetRootExtension(pNetRoot) \
|
||||||
|
|
@ -2360,15 +2361,6 @@ NTSTATUS nfs41_CreateVNetRoot(
|
||||||
pNetRoot->MRxNetRootState = MRX_NET_ROOT_STATE_GOOD;
|
pNetRoot->MRxNetRootState = MRX_NET_ROOT_STATE_GOOD;
|
||||||
pNetRoot->DeviceType = FILE_DEVICE_DISK;
|
pNetRoot->DeviceType = FILE_DEVICE_DISK;
|
||||||
|
|
||||||
if (pNetRootContext->session) {
|
|
||||||
/* already established a session for this net root */
|
|
||||||
pVNetRootContext->session = pNetRootContext->session;
|
|
||||||
DbgP("Using existing session 0x%x\n", pVNetRootContext->session);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
pVNetRootContext->session = pNetRootContext->session = NULL;
|
|
||||||
|
|
||||||
nfs41_MountConfig_InitDefaults(&Config);
|
nfs41_MountConfig_InitDefaults(&Config);
|
||||||
|
|
||||||
if (pCreateNetRootContext->RxContext->Create.EaLength) {
|
if (pCreateNetRootContext->RxContext->Create.EaLength) {
|
||||||
|
|
@ -2394,15 +2386,30 @@ NTSTATUS nfs41_CreateVNetRoot(
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (pVNetRootContext->sec_flavor == RPCSEC_AUTH_SYS &&
|
||||||
|
pNetRootContext->auth_sys_session) {
|
||||||
|
pVNetRootContext->session = pNetRootContext->auth_sys_session;
|
||||||
|
DbgP("Using existing AUTH_SYS session 0x%x\n", pVNetRootContext->session);
|
||||||
|
goto out;
|
||||||
|
} else if (pVNetRootContext->sec_flavor != RPCSEC_AUTH_SYS &&
|
||||||
|
pNetRootContext->gss_session) {
|
||||||
|
pVNetRootContext->session = pNetRootContext->gss_session;
|
||||||
|
DbgP("Using existing AUTHGSS session 0x%x\n", pVNetRootContext->session);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
/* send the mount upcall */
|
/* send the mount upcall */
|
||||||
DbgP("Server Name %wZ Mount Point %wZ\n",
|
DbgP("Server Name %wZ Mount Point %wZ SecFlavor %wZ\n",
|
||||||
&Config.SrvName, &Config.MntPt);
|
&Config.SrvName, &Config.MntPt, &Config.SecFlavor);
|
||||||
status = nfs41_mount(&Config.SrvName, &Config.MntPt, pVNetRootContext->sec_flavor,
|
status = nfs41_mount(&Config.SrvName, &Config.MntPt, pVNetRootContext->sec_flavor,
|
||||||
&pVNetRootContext->session, &nfs41d_version);
|
&pVNetRootContext->session, &nfs41d_version);
|
||||||
if (status != STATUS_SUCCESS)
|
if (status != STATUS_SUCCESS)
|
||||||
goto out;
|
goto out;
|
||||||
pNetRootContext->nfs41d_version = nfs41d_version;
|
pNetRootContext->nfs41d_version = nfs41d_version;
|
||||||
pNetRootContext->session = pVNetRootContext->session;
|
if (pVNetRootContext->sec_flavor == RPCSEC_AUTH_SYS)
|
||||||
|
pNetRootContext->auth_sys_session = pVNetRootContext->session;
|
||||||
|
else
|
||||||
|
pNetRootContext->gss_session = pVNetRootContext->session;
|
||||||
DbgP("Saving new session 0x%x\n", pVNetRootContext->session);
|
DbgP("Saving new session 0x%x\n", pVNetRootContext->session);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
|
|
@ -2499,7 +2506,8 @@ NTSTATUS nfs41_FinalizeNetRoot(
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pNetRootContext == NULL || pNetRootContext->session == NULL) {
|
if (pNetRootContext == NULL || (pNetRootContext->auth_sys_session == NULL &&
|
||||||
|
pNetRootContext->gss_session == NULL)) {
|
||||||
print_error("No valid session has been established\n");
|
print_error("No valid session has been established\n");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
@ -2510,12 +2518,20 @@ NTSTATUS nfs41_FinalizeNetRoot(
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = nfs41_unmount(pNetRootContext->session, pNetRootContext->nfs41d_version);
|
if (pNetRootContext->auth_sys_session) {
|
||||||
|
status = nfs41_unmount(pNetRootContext->auth_sys_session, pNetRootContext->nfs41d_version);
|
||||||
if (status) {
|
if (status) {
|
||||||
print_error("nfs41_mount failed with %d\n", status);
|
print_error("nfs41_mount AUTH_SYS failed with %d\n", status);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
if (pNetRootContext->gss_session) {
|
||||||
|
status = nfs41_unmount(pNetRootContext->gss_session, pNetRootContext->nfs41d_version);
|
||||||
|
if (status) {
|
||||||
|
print_error("nfs41_mount AUTHGSS failed with %d\n", status);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
}
|
||||||
// check if there is anything waiting in the upcall or downcall queue
|
// check if there is anything waiting in the upcall or downcall queue
|
||||||
do {
|
do {
|
||||||
nfs41_GetFirstEntry(upcallLock, upcall, tmp);
|
nfs41_GetFirstEntry(upcallLock, upcall, tmp);
|
||||||
|
|
@ -2674,7 +2690,7 @@ NTSTATUS nfs41_Create(
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pNetRootContext->session == NULL) {
|
if (pNetRootContext->auth_sys_session == NULL && pNetRootContext->gss_session == NULL) {
|
||||||
print_error("No valid session established\n");
|
print_error("No valid session established\n");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue