struct auth_cred
struct auth_cred
記錄著uid,gid,是最基本的cred信息。
通過current_cred()
得到當(dāng)前進(jìn)程的struct auth_cred
struct rpc_auth
用來描述RPC傳輸時(shí)候使用哪種方式鑒權(quán), Linux內(nèi)核提供了4個(gè)unix_auth经瓷,null_auth靡努,generic_auth假颇,gss_auth,其中unix_auth是默認(rèn)使用的次慢。
struct rpc_auth {
unsigned int au_cslack; /* call cred size estimate */
/* guess at number of u32's auth adds before
* reply data; normally the verifier size: */
unsigned int au_rslack;
/* for gss, used to calculate au_rslack: */
unsigned int au_verfsize;
unsigned int au_flags; /* various flags */
const struct rpc_authops *au_ops; /* operations */
rpc_authflavor_t au_flavor; /* pseudoflavor (note may
* differ from the flavor in
* au_ops->au_flavor in gss
* case) */
atomic_t au_count; /* Reference counter */
struct rpc_cred_cache * au_credcache;
/* per-flavor data */
};
rpc auth flavors
鑒權(quán)方式岩馍,mount時(shí)候參數(shù)sec=xx,默認(rèn)是sys倒淫,對(duì)應(yīng)RPC_AUTH_UNIX伙菊。還可以為krb5,krb5i敌土,krb5p等镜硕。
enum rpc_auth_flavors {
RPC_AUTH_NULL = 0,
RPC_AUTH_UNIX = 1,
RPC_AUTH_SHORT = 2,
RPC_AUTH_DES = 3,
RPC_AUTH_KRB = 4,
RPC_AUTH_GSS = 6,
RPC_AUTH_MAXFLAVOR = 8,
/* pseudoflavors: */
RPC_AUTH_GSS_KRB5 = 390003,
RPC_AUTH_GSS_KRB5I = 390004,
RPC_AUTH_GSS_KRB5P = 390005,
RPC_AUTH_GSS_LKEY = 390006,
RPC_AUTH_GSS_LKEYI = 390007,
RPC_AUTH_GSS_LKEYP = 390008,
RPC_AUTH_GSS_SPKM = 390009,
RPC_AUTH_GSS_SPKMI = 390010,
RPC_AUTH_GSS_SPKMP = 390011,
};
struct rpc_cred
struct rpc_cred {
struct hlist_node cr_hash; /* hash chain */
struct list_head cr_lru; /* lru garbage collection */
struct rcu_head cr_rcu;
struct rpc_auth * cr_auth;
const struct rpc_credops *cr_ops;
unsigned long cr_expire; /* when to gc */
unsigned long cr_flags; /* various flags */
atomic_t cr_count; /* ref count */
kuid_t cr_uid;
/* per-flavor data */
};
設(shè)置rpc_cred
Linux Kernel每次通過RPC發(fā)送NFS數(shù)據(jù)的時(shí)候,都會(huì)走一個(gè)狀態(tài)機(jī)返干。當(dāng)走到call_refresh狀態(tài)時(shí)候兴枯,
每次發(fā)RPC命令時(shí)候,都會(huì)準(zhǔn)備類似的message,其中包括了設(shè)置cred
struct rpc_message msg = {
.rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_OPEN],
.rpc_argp = o_arg,
.rpc_resp = o_res,
.rpc_cred = data->owner->so_cred,
};
不同的NFS請(qǐng)求犬金,cred來自不同的地方念恍。
exchange_id命令是來自
int nfs4_discover_server_trunking(struct nfs_client *clp,
struct nfs_client **result)
{
...
//來自于unix_auth
cred = nfs4_get_clid_cred(clp);
...
}
open命令
struct nfs_open_context *alloc_nfs_open_context(struct dentry *dentry, fmode_t f_mode)
{
...
//來自于gss_auth
struct rpc_cred *cred = rpc_lookup_cred();
...
}
``