From: "J. Bruce Fields" <bfields@redhat.com>
To: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Cc: Bryan Schumaker <bjschuma@netapp.com>,
"J. Bruce Fields" <bfields@redhat.com>
Subject: [PATCH 2/5] nfsd4: allow fh_verify caller to skip pseudoflavor checks
Date: Sun, 10 Apr 2011 12:29:30 -0400 [thread overview]
Message-ID: <1302452973-27272-2-git-send-email-bfields@redhat.com> (raw)
In-Reply-To: <20110410162536.GC26233@fieldses.org>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
fs/nfsd/nfsfh.c | 2 +-
fs/nfsd/vfs.h | 1 +
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index 55c8e63..90c6aa6 100644
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -344,7 +344,7 @@ fh_verify(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, int access)
* which clients virtually always use auth_sys for,
* even while using RPCSEC_GSS for NFS.
*/
- if (access & NFSD_MAY_LOCK)
+ if (access & NFSD_MAY_LOCK || access & NFSD_MAY_BYPASS_GSS)
goto skip_pseudoflavor_check;
/*
* Clients may expect to be able to use auth_sys during mount,
diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h
index 1036913..4d2509f 100644
--- a/fs/nfsd/vfs.h
+++ b/fs/nfsd/vfs.h
@@ -24,6 +24,7 @@
#define NFSD_MAY_LOCAL_ACCESS 128 /* IRIX doing local access check on device special file*/
#define NFSD_MAY_BYPASS_GSS_ON_ROOT 256
#define NFSD_MAY_NOT_BREAK_LEASE 512
+#define NFSD_MAY_BYPASS_GSS 1024
#define NFSD_MAY_CREATE (NFSD_MAY_EXEC|NFSD_MAY_WRITE)
#define NFSD_MAY_REMOVE (NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC)
--
1.7.1
next prev parent reply other threads:[~2011-04-10 16:29 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-04 13:43 secinfo_no_name question Bryan Schumaker
2011-04-04 15:14 ` J. Bruce Fields
2011-04-04 15:22 ` Bryan Schumaker
2011-04-05 16:09 ` Tom Haynes
2011-04-10 16:25 ` J. Bruce Fields
2011-04-10 16:29 ` [PATCH 1/5] nfsd: distinguish functions of NFSD_MAY_* flags J. Bruce Fields
2011-04-11 3:06 ` Mi Jinlong
2011-04-11 12:42 ` J. Bruce Fields
2011-04-10 16:29 ` J. Bruce Fields [this message]
2011-04-10 16:29 ` [PATCH 3/5] nfsd4: introduce OPDESC helper J. Bruce Fields
2011-04-10 16:29 ` [PATCH 4/5] nfsd4: make fh_verify responsibility of nfsd_lookup_dentry caller J. Bruce Fields
2011-04-10 16:29 ` [PATCH 5/5] nfsd4: fix wrongsec handling for PUTFH + op cases J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1302452973-27272-2-git-send-email-bfields@redhat.com \
--to=bfields@redhat.com \
--cc=bjschuma@netapp.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).