From: Jeff Layton <jlayton@redhat.com>
To: trond.myklebust@netapp.com
Cc: linux-nfs@vger.kernel.org, chuck.lever@oracle.com,
Weston.Adamson@netapp.com
Subject: [PATCH v4 0/4] nfs: teach NFSv3 mount code to try each authflavor in turn
Date: Thu, 27 Jun 2013 15:54:37 -0400 [thread overview]
Message-ID: <1372362881-32282-1-git-send-email-jlayton@redhat.com> (raw)
Changes:
v4:
- fake up server list in nfs_mount rather than in nfs_try_mount_request.
This simplifies the auth selection code by allowing it to always
assume that it has a non-empty authlist from the mount request.
v3:
- fix some signed vs. unsigned type comparisons
- change how an empty server_authlist is handled. Instead of picking an
authflavor to try at that point, just munge the list to contain only
RPC_AUTH_NULL. The rest of the logic can take over at that point.
I got a report of a regression in recent kernels. Windows 2012 servers
support v3 and v4.1. They also return a list of authflavors that starts
with AUTH_GSS flavors and ends with AUTH_SYS.
Since commit 4580a92 (NFS: Use server-recommended security flavor by
default (NFSv3)) mounting this server with nfsv3 fails unless you
specify sec=sys. I can replicate the problem with a Linux NFS server
by exporing a filesystem with "sec=krb5:sys".
This patchset overhauls the NFSv3 auth code to try each authflavor in
the list provided by the server in the order that it specified them.
With this, I'm again able to mount the server without needing any
special mount options.
Thanks to Chuck Lever for suggestions thus far...
Jeff Layton (4):
nfs: refactor "need_mount" code out of nfs_try_mount
nfs: move server_authlist into nfs_try_mount_request
nfs: have nfs_mount fake up a auth_flavs list when the server didn't
provide it
nfs: have NFSv3 try server-specified auth flavors in turn
fs/nfs/mount_clnt.c | 18 +++++-
fs/nfs/super.c | 175 ++++++++++++++++++++++++++++------------------------
2 files changed, 110 insertions(+), 83 deletions(-)
--
1.8.1.4
next reply other threads:[~2013-06-27 19:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-27 19:54 Jeff Layton [this message]
2013-06-27 19:54 ` [PATCH v4 1/4] nfs: refactor "need_mount" code out of nfs_try_mount Jeff Layton
2013-06-27 19:54 ` [PATCH v4 2/4] nfs: move server_authlist into nfs_try_mount_request Jeff Layton
2013-06-27 19:54 ` [PATCH v4 3/4] nfs: have nfs_mount fake up a auth_flavs list when the server didn't provide it Jeff Layton
2013-06-28 15:06 ` Chuck Lever
2013-06-28 15:18 ` Jeff Layton
2013-06-27 19:54 ` [PATCH v4 4/4] nfs: have NFSv3 try server-specified auth flavors in turn Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1372362881-32282-1-git-send-email-jlayton@redhat.com \
--to=jlayton@redhat.com \
--cc=Weston.Adamson@netapp.com \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@netapp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).