diff options
| author | David Howells <dhowells@redhat.com> | 2025-04-11 10:52:57 +0100 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2025-04-14 17:36:42 -0700 |
| commit | d98c317fd9aa78dfa45e47deb6536cd35783afd1 (patch) | |
| tree | 0503e2913c1082d5fc50cfdd903a868cb323c796 /fs/afs/internal.h | |
| parent | d03539d5c2dec9b028297c15e57bd3c01d0d9c0d (diff) | |
afs: Use rxgk RESPONSE to pass token for callback channel
Implement in kafs the hook for adding appdata into a RESPONSE packet
generated in response to an RxGK CHALLENGE packet, and include the key for
securing the callback channel so that notifications from the fileserver get
encrypted.
This will be necessary when more complex notifications are used that convey
changed data around.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
Link: https://patch.msgid.link/20250411095303.2316168-13-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'fs/afs/internal.h')
| -rw-r--r-- | fs/afs/internal.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/fs/afs/internal.h b/fs/afs/internal.h index 178804817efb..1124ea4000cb 100644 --- a/fs/afs/internal.h +++ b/fs/afs/internal.h @@ -20,6 +20,7 @@ #include <linux/uuid.h> #include <linux/mm_types.h> #include <linux/dns_resolver.h> +#include <crypto/krb5.h> #include <net/net_namespace.h> #include <net/netns/generic.h> #include <net/sock.h> @@ -308,6 +309,7 @@ struct afs_net { struct list_head fs_probe_slow; /* List of afs_server to probe at 5m intervals */ struct hlist_head fs_proc; /* procfs servers list */ + struct key *fs_cm_token_key; /* Key for creating CM tokens */ struct work_struct fs_prober; struct timer_list fs_probe_timer; atomic_t servers_outstanding; @@ -543,6 +545,8 @@ struct afs_server { struct list_head volumes; /* RCU list of afs_server_entry objects */ struct work_struct destroyer; /* Work item to try and destroy a server */ struct timer_list timer; /* Management timer */ + struct mutex cm_token_lock; /* Lock governing creation of appdata */ + struct krb5_buffer cm_rxgk_appdata; /* Appdata to be included in RESPONSE packet */ time64_t unuse_time; /* Time at which last unused */ unsigned long flags; #define AFS_SERVER_FL_RESPONDING 0 /* The server is responding */ @@ -1065,6 +1069,14 @@ extern bool afs_cm_incoming_call(struct afs_call *); * cm_security.c */ void afs_process_oob_queue(struct work_struct *work); +#ifdef CONFIG_RXGK +int afs_create_token_key(struct afs_net *net, struct socket *socket); +#else +static inline int afs_create_token_key(struct afs_net *net, struct socket *socket) +{ + return 0; +} +#endif /* * dir.c |