summaryrefslogtreecommitdiffstats
path: root/fs/nfs/inode.c
diff options
context:
space:
mode:
authorNeilBrown <neilb@suse.com>2017-08-18 17:12:52 +1000
committerTrond Myklebust <trond.myklebust@primarydata.com>2017-08-20 12:43:17 -0400
commitb79e87e070476e16b1d687e5ccc2da6db1a839dc (patch)
treeb96e07ac1fe4b2f702cd4f05d41eb40cd3be4915 /fs/nfs/inode.c
parentfd01b2597941d9c17980222999b0721648b383b8 (diff)
downloadlinux-b79e87e070476e16b1d687e5ccc2da6db1a839dc.tar.gz
linux-b79e87e070476e16b1d687e5ccc2da6db1a839dc.tar.bz2
linux-b79e87e070476e16b1d687e5ccc2da6db1a839dc.zip
NFSv4.1: don't use machine credentials for CLOSE when using 'sec=sys'
An NFSv4.1 client might close a file after the user who opened it has logged off. In this case the user's credentials may no longer be valid, if they are e.g. kerberos credentials that have expired. NFSv4.1 has a mechanism to allow the client to use machine credentials to close a file. However due to a short-coming in the RFC, a CLOSE with those credentials may not be possible if the file in question isn't exported to the same security flavor - the required PUTFH must be rejected when this is the case. Specifically if a server and client support kerberos in general and have used it to form a machine credential, but the file is only exported to "sec=sys", a PUTFH with the machine credentials will fail, so CLOSE is not possible. As RPC_AUTH_UNIX (used by sec=sys) credentials can never expire, there is no value in using the machine credential in place of them. So in that case, just use the users credentials for CLOSE etc, as you would in NFSv4.0 Signed-off-by: Neil Brown <neilb@suse.com> Signed-off-by: NeilBrown <neilb@suse.com> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Diffstat (limited to 'fs/nfs/inode.c')
0 files changed, 0 insertions, 0 deletions