• J. Bruce Fields's avatar
    knfsd: nfsd: set rq_client to ip-address-determined-domain · 3ab4d8b1
    J. Bruce Fields authored
    We want it to be possible for users to restrict exports both by IP address and
    by pseudoflavor.  The pseudoflavor information has previously been passed
    using special auth_domains stored in the rq_client field.  After the preceding
    patch that stored the pseudoflavor in rq_pflavor, that's now superfluous; so
    now we use rq_client for the ip information, as auth_null and auth_unix do.
    
    However, we keep around the special auth_domain in the rq_gssclient field for
    backwards compatibility purposes, so we can still do upcalls using the old
    "gss/pseudoflavor" auth_domain if upcalls using the unix domain to give us an
    appropriate export.  This allows us to continue supporting old mountd.
    
    In fact, for this first patch, we always use the "gss/pseudoflavor"
    auth_domain (and only it) if it is available; thus rq_client is ignored in the
    auth_gss case, and this patch on its own makes no change in behavior; that
    will be left to later patches.
    
    Note on idmap: I'm almost tempted to just replace the auth_domain in the idmap
    upcall by a dummy value--no version of idmapd has ever used it, and it's
    unlikely anyone really wants to perform idmapping differently depending on the
    where the client is (they may want to perform *credential* mapping
    differently, but that's a different matter--the idmapper just handles id's
    used in getattr and setattr).  But I'm updating the idmapd code anyway, just
    out of general backwards-compatibility paranoia.
    Signed-off-by: default avatar"J. Bruce Fields" <bfields@citi.umich.edu>
    Signed-off-by: default avatarNeil Brown <neilb@suse.de>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    3ab4d8b1
nfs4idmap.c 15.2 KB