From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: EG Keizer <keie-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 001/001] nfs: authenticated deep mounting
Date: Tue, 23 Sep 2008 16:05:58 -0400 [thread overview]
Message-ID: <1222200358.7799.50.camel@localhost> (raw)
In-Reply-To: <48AA9122.90805-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
On Tue, 2008-08-19 at 11:23 +0200, EG Keizer wrote:
> Allow mount to do authenticated mounts below the root of the exported tree.
> The wording in RFC 2623, sec 2.3.2. allows fsinfo with UNIX authentication
> on the root of the export. Mounts are not always done on the root
> of the exported tree. Especially autoumounts often mount below the root of
> the exported tree.
> Some server implementations (justly) require full authentication for the
> so-called deep mounts. The old code used AUTH_SYS only. This caused deep
> mounts to fail on systems requiring stronger authentication..
> The client should try both authentication types and use the first one that
> succeeds.
> This method was already partially implemented. This patch completes
> the implementation for NFS2 and NFS3.
> This patch was developed to allow Debian systems to automount home directories
> on Solaris servers with krb5 authentication.
>
> Tested on kernel 2.6.24-etchnhalf.1
>
> Signed-off-by: E.G. Keizer <keie-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
I'd like to apply this patch, but it won't apply to 2.6.27-rc7...
Cheers
Trond
> ---
>
> diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c
> index 549dbce..ce575e6 100644
> --- a/fs/nfs/nfs3proc.c
> +++ b/fs/nfs/nfs3proc.c
> @@ -684,7 +684,7 @@ nfs3_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle,
> }
>
> static int
> -nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
> +do_proc_fsinfo(struct rpc_clnt *client, struct nfs_fh *fhandle,
> struct nfs_fsinfo *info)
> {
> struct rpc_message msg = {
> @@ -696,11 +696,26 @@ nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
>
> dprintk("NFS call fsinfo\n");
> nfs_fattr_init(info->fattr);
> - status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + status = rpc_call_sync(client, &msg, 0);
> dprintk("NFS reply fsinfo: %d\n", status);
> return status;
> }
>
> +/*
> + * Bare-bones access to fsinfo: this is for nfs_get_root/nfs_get_sb via nfs_create_server
> + */
> +static int
> +nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
> + struct nfs_fsinfo *info)
> +{
> + int status;
> +
> + status = do_proc_fsinfo(server->client, fhandle, info);
> + if (status && server->nfs_client->cl_rpcclient != server->client)
> + status = do_proc_fsinfo(server->nfs_client->cl_rpcclient, fhandle, info);
> + return status;
> +}
> +
> static int
> nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
> struct nfs_pathconf *info)
> diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c
> index 5ccf7fa..f728118 100644
> --- a/fs/nfs/proc.c
> +++ b/fs/nfs/proc.c
> @@ -65,14 +65,22 @@ nfs_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
>
> dprintk("%s: call getattr\n", __FUNCTION__);
> nfs_fattr_init(fattr);
> - status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + status = rpc_call_sync(server->client, &msg, 0);
> + /* Retry with default authentication if different */
> + if (status && server->nfs_client->cl_rpcclient != server->client) {
> + status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + }
> dprintk("%s: reply getattr: %d\n", __FUNCTION__, status);
> if (status)
> return status;
> dprintk("%s: call statfs\n", __FUNCTION__);
> msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS];
> msg.rpc_resp = &fsinfo;
> - status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + status = rpc_call_sync(server->client, &msg, 0);
> + /* Retry with default authentication if different */
> + if (status && server->nfs_client->cl_rpcclient != server->client) {
> + status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + }
> dprintk("%s: reply statfs: %d\n", __FUNCTION__, status);
> if (status)
> return status;
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2008-09-23 20:06 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-19 9:23 [PATCH 001/001] nfs: authenticated deep mounting EG Keizer
[not found] ` <48AA9122.90805-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
2008-08-19 20:34 ` [PATCH] " J. Bruce Fields
2008-09-23 20:07 ` Trond Myklebust
2008-09-23 20:05 ` Trond Myklebust [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1222200358.7799.50.camel@localhost \
--to=trond.myklebust@fys.uio.no \
--cc=keie-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.