Date: Tue, 7 Apr 2020 02:45:24 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r359684 - in projects/nfs-over-tls/sys: fs/nfs fs/nfsserver rpc rpc/rpcsec_tls Message-ID: <202004070245.0372jOFE036105@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Tue Apr 7 02:45:24 2020 New Revision: 359684 URL: https://svnweb.freebsd.org/changeset/base/359684 Log: Rename constants with CNUSER in them to ones with CERTUSER in them. CERTUSER is more correct now that user@dns_domain is in the otherName field of subjectAltName and not the CN field of subjectName. Also, add the missing definition for MNTEX_TLSCERTUSER to mount.h. Modified: projects/nfs-over-tls/sys/fs/nfs/nfs.h projects/nfs-over-tls/sys/fs/nfs/nfsdport.h projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdsubs.c projects/nfs-over-tls/sys/rpc/rpcsec_tls.h projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c projects/nfs-over-tls/sys/rpc/svc_auth.c Modified: projects/nfs-over-tls/sys/fs/nfs/nfs.h ============================================================================== --- projects/nfs-over-tls/sys/fs/nfs/nfs.h Tue Apr 7 02:32:42 2020 (r359683) +++ projects/nfs-over-tls/sys/fs/nfs/nfs.h Tue Apr 7 02:45:24 2020 (r359684) @@ -719,10 +719,10 @@ struct nfsrv_descript { #define ND_NOMAP 0x800000000 #define ND_TLS 0x1000000000 #define ND_TLSCERT 0x2000000000 -#define ND_TLSCNUSER 0x4000000000 +#define ND_TLSCERTUSER 0x4000000000 #define ND_EXTLS 0x8000000000 #define ND_EXTLSCERT 0x10000000000 -#define ND_EXTLSCNUSER 0x20000000000 +#define ND_EXTLSCERTUSER 0x20000000000 /* * ND_GSS should be the "or" of all GSS type authentications. Modified: projects/nfs-over-tls/sys/fs/nfs/nfsdport.h ============================================================================== --- projects/nfs-over-tls/sys/fs/nfs/nfsdport.h Tue Apr 7 02:32:42 2020 (r359683) +++ projects/nfs-over-tls/sys/fs/nfs/nfsdport.h Tue Apr 7 02:45:24 2020 (r359684) @@ -83,7 +83,7 @@ struct nfsexstuff { #define NFSVNO_EXV4ONLY(e) ((e)->nes_exflag & MNT_EXV4ONLY) #define NFSVNO_EXTLS(e) ((e)->nes_exflag & MNTEX_TLS) #define NFSVNO_EXTLSCERT(e) ((e)->nes_exflag & MNTEX_TLSCERT) -#define NFSVNO_EXTLSCNUSER(e) ((e)->nes_exflag & MNTEX_TLSCNUSER) +#define NFSVNO_EXTLSCERTUSER(e) ((e)->nes_exflag & MNTEX_TLSCERTUSER) #define NFSVNO_SETEXRDONLY(e) ((e)->nes_exflag = (MNT_EXPORTED|MNT_EXRDONLY)) Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Tue Apr 7 02:32:42 2020 (r359683) +++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Tue Apr 7 02:45:24 2020 (r359684) @@ -243,8 +243,8 @@ nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt) nd.nd_flag |= ND_TLS; if ((xprt->xp_tls & RPCTLS_FLAGS_VERIFIED) != 0) nd.nd_flag |= ND_TLSCERT; - if ((xprt->xp_tls & RPCTLS_FLAGS_CNUSER) != 0) - nd.nd_flag |= ND_TLSCNUSER; + if ((xprt->xp_tls & RPCTLS_FLAGS_CERTUSER) != 0) + nd.nd_flag |= ND_TLSCERTUSER; } nd.nd_maxextsiz = 16384; #ifdef MAC Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c Tue Apr 7 02:32:42 2020 (r359683) +++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c Tue Apr 7 02:45:24 2020 (r359684) @@ -3355,8 +3355,8 @@ nfsd_fhtovp(struct nfsrv_descript *nd, struct nfsrvfh (nd->nd_flag & ND_TLS) == 0) || (NFSVNO_EXTLSCERT(exp) && (nd->nd_flag & ND_TLSCERT) == 0) || - (NFSVNO_EXTLSCNUSER(exp) && - (nd->nd_flag & ND_TLSCNUSER) == 0))) { + (NFSVNO_EXTLSCERTUSER(exp) && + (nd->nd_flag & ND_TLSCERTUSER) == 0))) { vput(*vpp); nd->nd_repstat = NFSERR_ACCES; } @@ -3629,8 +3629,8 @@ nfsvno_v4rootexport(struct nfsrv_descript *nd) nd->nd_flag |= ND_EXTLS; if ((exflags & MNTEX_TLSCERT) != 0) nd->nd_flag |= ND_EXTLSCERT; - if ((exflags & MNTEX_TLSCNUSER) != 0) - nd->nd_flag |= ND_EXTLSCNUSER; + if ((exflags & MNTEX_TLSCERTUSER) != 0) + nd->nd_flag |= ND_EXTLSCERTUSER; } out: Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdsubs.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdsubs.c Tue Apr 7 02:32:42 2020 (r359683) +++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdsubs.c Tue Apr 7 02:45:24 2020 (r359684) @@ -2144,13 +2144,13 @@ nfsd_checkrootexp(struct nfsrv_descript *nd) checktls: if ((nd->nd_flag & ND_EXTLS) == 0) return (0); - if ((nd->nd_flag & (ND_TLSCNUSER | ND_EXTLSCNUSER)) == - (ND_TLSCNUSER | ND_EXTLSCNUSER)) + if ((nd->nd_flag & (ND_TLSCERTUSER | ND_EXTLSCERTUSER)) == + (ND_TLSCERTUSER | ND_EXTLSCERTUSER)) return (0); - if ((nd->nd_flag & (ND_TLSCERT | ND_EXTLSCERT | ND_EXTLSCNUSER)) == + if ((nd->nd_flag & (ND_TLSCERT | ND_EXTLSCERT | ND_EXTLSCERTUSER)) == (ND_TLSCERT | ND_EXTLSCERT)) return (0); - if ((nd->nd_flag & (ND_TLS | ND_EXTLSCNUSER | ND_EXTLSCERT)) == + if ((nd->nd_flag & (ND_TLS | ND_EXTLSCERTUSER | ND_EXTLSCERT)) == ND_TLS) return (0); return (1); Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls.h ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Tue Apr 7 02:32:42 2020 (r359683) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Tue Apr 7 02:45:24 2020 (r359684) @@ -41,7 +41,7 @@ #define RPCTLS_FLAGS_SELFSIGNED 0x04 #define RPCTLS_FLAGS_VERIFIED 0x08 #define RPCTLS_FLAGS_DISABLED 0x10 -#define RPCTLS_FLAGS_CNUSER 0x20 +#define RPCTLS_FLAGS_CERTUSER 0x20 #ifdef _KERNEL /* Functions that perform upcalls to the rpctlsd daemon. */ Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Tue Apr 7 02:32:42 2020 (r359683) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Tue Apr 7 02:45:24 2020 (r359684) @@ -460,8 +460,8 @@ printf("rpctls_conect so=%p\n", so); *sslp++ = res.sec; *sslp++ = res.usec; *sslp = res.ssl; - if ((*flags & (RPCTLS_FLAGS_CNUSER | - RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CNUSER) { + if ((*flags & (RPCTLS_FLAGS_CERTUSER | + RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER) { *ngrps = res.gid.gid_len; *uid = res.uid; *gids = gidp = mem_alloc(*ngrps * sizeof(gid_t)); @@ -559,8 +559,8 @@ printf("authtls: null reply=%d\n", call_stat); xprt->xp_sslsec = ssl[0]; xprt->xp_sslusec = ssl[1]; xprt->xp_sslrefno = ssl[2]; - if ((flags & (RPCTLS_FLAGS_CNUSER | - RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CNUSER) { + if ((flags & (RPCTLS_FLAGS_CERTUSER | + RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER) { xprt->xp_ngrps = ngrps; xprt->xp_uid = uid; xprt->xp_gidp = gidp; Modified: projects/nfs-over-tls/sys/rpc/svc_auth.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/svc_auth.c Tue Apr 7 02:32:42 2020 (r359683) +++ projects/nfs-over-tls/sys/rpc/svc_auth.c Tue Apr 7 02:45:24 2020 (r359684) @@ -190,8 +190,8 @@ svc_getcred(struct svc_req *rqst, struct ucred **crp, * certificate for this TCP connection, use those * instead of what is in the RPC header. */ - if ((xprt->xp_tls & (RPCTLS_FLAGS_CNUSER | - RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CNUSER && + if ((xprt->xp_tls & (RPCTLS_FLAGS_CERTUSER | + RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER && flavor == AUTH_UNIX) { cr = crget(); cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xprt->xp_uid;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004070245.0372jOFE036105>