• Andrew Elble's avatar
    nfsd: implement machine credential support for some operations · ed941643
    Andrew Elble authored
    This addresses the conundrum referenced in RFC5661 18.35.3,
    and will allow clients to return state to the server using the
    machine credentials.
    
    The biggest part of the problem is that we need to allow the client
    to send a compound op with integrity/privacy on mounts that don't
    have it enabled.
    
    Add server support for properly decoding and using spo_must_enforce
    and spo_must_allow bits. Add support for machine credentials to be
    used for CLOSE, OPEN_DOWNGRADE, LOCKU, DELEGRETURN,
    and TEST/FREE STATEID.
    Implement a check so as to not throw WRONGSEC errors when these
    operations are used if integrity/privacy isn't turned on.
    
    Without this, Linux clients with credentials that expired while holding
    delegations were getting stuck in an endless loop.
    Signed-off-by: default avatarAndrew Elble <aweits@rit.edu>
    Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
    ed941643
export.c 31.6 KB