aboutsummaryrefslogtreecommitdiff
path: root/scripts/selinux/genheaders/genheaders.c
diff options
context:
space:
mode:
authorOlga Kornievskaia <aglo@citi.umich.edu>2008-12-23 16:19:56 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2008-12-23 16:19:56 -0500
commit2efef7080f471d312a9c4feb3dc5ee038039c7ed (patch)
treecad946aa12f1780818d396c732d17ad9db642607 /scripts/selinux/genheaders/genheaders.c
parent8b1c7bf5b624c9bc91b41ae577b9fc5c21641705 (diff)
rpc: add service field to new upcall
This patch extends the new upcall with a "service" field that currently can have 2 values: "*" or "nfs". These values specify matching rules for principals in the keytab file. The "*" means that gssd is allowed to use "root", "nfs", or "host" keytab entries while the other option requires "nfs". Restricting gssd to use the "nfs" principal is needed for when the server performs a callback to the client. The server in this case has to authenticate itself as an "nfs" principal. We also need "service" field to distiguish between two client-side cases both currently using a uid of 0: the case of regular file access by the root user, and the case of state-management calls (such as setclientid) which should use a keytab for authentication. (And the upcall should fail if an appropriate principal can't be found.) Signed-off: Olga Kornievskaia <aglo@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'scripts/selinux/genheaders/genheaders.c')
0 files changed, 0 insertions, 0 deletions