svn commit: r359684 - in projects/nfs-over-tls/sys: fs/nfs fs/nfsserver rpc rpc/rpcsec_tls
Rick Macklem
rmacklem at FreeBSD.org
Tue Apr 7 02:45:26 UTC 2020
Author: rmacklem
Date: Tue Apr 7 02:45:24 2020
New Revision: 359684
URL: https://svnweb.freebsd.org/changeset/base/359684
Log:
Rename constants with CNUSER in them to ones with CERTUSER in them.
CERTUSER is more correct now that user at dns_domain is in the otherName
field of subjectAltName and not the CN field of subjectName.
Also, add the missing definition for MNTEX_TLSCERTUSER to mount.h.
Modified:
projects/nfs-over-tls/sys/fs/nfs/nfs.h
projects/nfs-over-tls/sys/fs/nfs/nfsdport.h
projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c
projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c
projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdsubs.c
projects/nfs-over-tls/sys/rpc/rpcsec_tls.h
projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c
projects/nfs-over-tls/sys/rpc/svc_auth.c
Modified: projects/nfs-over-tls/sys/fs/nfs/nfs.h
==============================================================================
--- projects/nfs-over-tls/sys/fs/nfs/nfs.h Tue Apr 7 02:32:42 2020 (r359683)
+++ projects/nfs-over-tls/sys/fs/nfs/nfs.h Tue Apr 7 02:45:24 2020 (r359684)
@@ -719,10 +719,10 @@ struct nfsrv_descript {
#define ND_NOMAP 0x800000000
#define ND_TLS 0x1000000000
#define ND_TLSCERT 0x2000000000
-#define ND_TLSCNUSER 0x4000000000
+#define ND_TLSCERTUSER 0x4000000000
#define ND_EXTLS 0x8000000000
#define ND_EXTLSCERT 0x10000000000
-#define ND_EXTLSCNUSER 0x20000000000
+#define ND_EXTLSCERTUSER 0x20000000000
/*
* ND_GSS should be the "or" of all GSS type authentications.
Modified: projects/nfs-over-tls/sys/fs/nfs/nfsdport.h
==============================================================================
--- projects/nfs-over-tls/sys/fs/nfs/nfsdport.h Tue Apr 7 02:32:42 2020 (r359683)
+++ projects/nfs-over-tls/sys/fs/nfs/nfsdport.h Tue Apr 7 02:45:24 2020 (r359684)
@@ -83,7 +83,7 @@ struct nfsexstuff {
#define NFSVNO_EXV4ONLY(e) ((e)->nes_exflag & MNT_EXV4ONLY)
#define NFSVNO_EXTLS(e) ((e)->nes_exflag & MNTEX_TLS)
#define NFSVNO_EXTLSCERT(e) ((e)->nes_exflag & MNTEX_TLSCERT)
-#define NFSVNO_EXTLSCNUSER(e) ((e)->nes_exflag & MNTEX_TLSCNUSER)
+#define NFSVNO_EXTLSCERTUSER(e) ((e)->nes_exflag & MNTEX_TLSCERTUSER)
#define NFSVNO_SETEXRDONLY(e) ((e)->nes_exflag = (MNT_EXPORTED|MNT_EXRDONLY))
Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c
==============================================================================
--- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Tue Apr 7 02:32:42 2020 (r359683)
+++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Tue Apr 7 02:45:24 2020 (r359684)
@@ -243,8 +243,8 @@ nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt)
nd.nd_flag |= ND_TLS;
if ((xprt->xp_tls & RPCTLS_FLAGS_VERIFIED) != 0)
nd.nd_flag |= ND_TLSCERT;
- if ((xprt->xp_tls & RPCTLS_FLAGS_CNUSER) != 0)
- nd.nd_flag |= ND_TLSCNUSER;
+ if ((xprt->xp_tls & RPCTLS_FLAGS_CERTUSER) != 0)
+ nd.nd_flag |= ND_TLSCERTUSER;
}
nd.nd_maxextsiz = 16384;
#ifdef MAC
Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c
==============================================================================
--- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c Tue Apr 7 02:32:42 2020 (r359683)
+++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c Tue Apr 7 02:45:24 2020 (r359684)
@@ -3355,8 +3355,8 @@ nfsd_fhtovp(struct nfsrv_descript *nd, struct nfsrvfh
(nd->nd_flag & ND_TLS) == 0) ||
(NFSVNO_EXTLSCERT(exp) &&
(nd->nd_flag & ND_TLSCERT) == 0) ||
- (NFSVNO_EXTLSCNUSER(exp) &&
- (nd->nd_flag & ND_TLSCNUSER) == 0))) {
+ (NFSVNO_EXTLSCERTUSER(exp) &&
+ (nd->nd_flag & ND_TLSCERTUSER) == 0))) {
vput(*vpp);
nd->nd_repstat = NFSERR_ACCES;
}
@@ -3629,8 +3629,8 @@ nfsvno_v4rootexport(struct nfsrv_descript *nd)
nd->nd_flag |= ND_EXTLS;
if ((exflags & MNTEX_TLSCERT) != 0)
nd->nd_flag |= ND_EXTLSCERT;
- if ((exflags & MNTEX_TLSCNUSER) != 0)
- nd->nd_flag |= ND_EXTLSCNUSER;
+ if ((exflags & MNTEX_TLSCERTUSER) != 0)
+ nd->nd_flag |= ND_EXTLSCERTUSER;
}
out:
Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdsubs.c
==============================================================================
--- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdsubs.c Tue Apr 7 02:32:42 2020 (r359683)
+++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdsubs.c Tue Apr 7 02:45:24 2020 (r359684)
@@ -2144,13 +2144,13 @@ nfsd_checkrootexp(struct nfsrv_descript *nd)
checktls:
if ((nd->nd_flag & ND_EXTLS) == 0)
return (0);
- if ((nd->nd_flag & (ND_TLSCNUSER | ND_EXTLSCNUSER)) ==
- (ND_TLSCNUSER | ND_EXTLSCNUSER))
+ if ((nd->nd_flag & (ND_TLSCERTUSER | ND_EXTLSCERTUSER)) ==
+ (ND_TLSCERTUSER | ND_EXTLSCERTUSER))
return (0);
- if ((nd->nd_flag & (ND_TLSCERT | ND_EXTLSCERT | ND_EXTLSCNUSER)) ==
+ if ((nd->nd_flag & (ND_TLSCERT | ND_EXTLSCERT | ND_EXTLSCERTUSER)) ==
(ND_TLSCERT | ND_EXTLSCERT))
return (0);
- if ((nd->nd_flag & (ND_TLS | ND_EXTLSCNUSER | ND_EXTLSCERT)) ==
+ if ((nd->nd_flag & (ND_TLS | ND_EXTLSCERTUSER | ND_EXTLSCERT)) ==
ND_TLS)
return (0);
return (1);
Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls.h
==============================================================================
--- projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Tue Apr 7 02:32:42 2020 (r359683)
+++ projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Tue Apr 7 02:45:24 2020 (r359684)
@@ -41,7 +41,7 @@
#define RPCTLS_FLAGS_SELFSIGNED 0x04
#define RPCTLS_FLAGS_VERIFIED 0x08
#define RPCTLS_FLAGS_DISABLED 0x10
-#define RPCTLS_FLAGS_CNUSER 0x20
+#define RPCTLS_FLAGS_CERTUSER 0x20
#ifdef _KERNEL
/* Functions that perform upcalls to the rpctlsd daemon. */
Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Tue Apr 7 02:32:42 2020 (r359683)
+++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Tue Apr 7 02:45:24 2020 (r359684)
@@ -460,8 +460,8 @@ printf("rpctls_conect so=%p\n", so);
*sslp++ = res.sec;
*sslp++ = res.usec;
*sslp = res.ssl;
- if ((*flags & (RPCTLS_FLAGS_CNUSER |
- RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CNUSER) {
+ if ((*flags & (RPCTLS_FLAGS_CERTUSER |
+ RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER) {
*ngrps = res.gid.gid_len;
*uid = res.uid;
*gids = gidp = mem_alloc(*ngrps * sizeof(gid_t));
@@ -559,8 +559,8 @@ printf("authtls: null reply=%d\n", call_stat);
xprt->xp_sslsec = ssl[0];
xprt->xp_sslusec = ssl[1];
xprt->xp_sslrefno = ssl[2];
- if ((flags & (RPCTLS_FLAGS_CNUSER |
- RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CNUSER) {
+ if ((flags & (RPCTLS_FLAGS_CERTUSER |
+ RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER) {
xprt->xp_ngrps = ngrps;
xprt->xp_uid = uid;
xprt->xp_gidp = gidp;
Modified: projects/nfs-over-tls/sys/rpc/svc_auth.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/svc_auth.c Tue Apr 7 02:32:42 2020 (r359683)
+++ projects/nfs-over-tls/sys/rpc/svc_auth.c Tue Apr 7 02:45:24 2020 (r359684)
@@ -190,8 +190,8 @@ svc_getcred(struct svc_req *rqst, struct ucred **crp,
* certificate for this TCP connection, use those
* instead of what is in the RPC header.
*/
- if ((xprt->xp_tls & (RPCTLS_FLAGS_CNUSER |
- RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CNUSER &&
+ if ((xprt->xp_tls & (RPCTLS_FLAGS_CERTUSER |
+ RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER &&
flavor == AUTH_UNIX) {
cr = crget();
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xprt->xp_uid;
More information about the svn-src-projects
mailing list