From: <andros@netapp.com>
To: <trond.myklebust@primarydata.com>
Cc: <linux-nfs@vger.kernel.org>, Andy Adamson <andros@netapp.com>
Subject: [PATCH 2/3] NFS Return -EPERM if no supported or matching SECINFO flavor
Date: Mon, 9 Jun 2014 15:33:20 -0400 [thread overview]
Message-ID: <1402342401-5640-3-git-send-email-andros@netapp.com> (raw)
In-Reply-To: <1402342401-5640-1-git-send-email-andros@netapp.com>
From: Andy Adamson <andros@netapp.com>
Do not return RPC_AUTH_UNIX if SEINFO reply tests fail. This
prevents an infinite loop of NFS4ERR_WRONGSEC for non RPC_AUTH_UNIX mounts.
Without this patch, a mount with no sec= option to a server
that does not include RPC_AUTH_UNIX in the
SECINFO return can be presented with an attemtp to use RPC_AUTH_UNIX
which will result in an NFS4ERR_WRONG_SEC which will prompt the SECINFO
call which will again try RPC_AUTH_UNIX....
Signed-off-by: Andy Adamson <andros@netapp.com>
---
fs/nfs/nfs4namespace.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c
index 1b86fef..fd4dcb6 100644
--- a/fs/nfs/nfs4namespace.c
+++ b/fs/nfs/nfs4namespace.c
@@ -140,10 +140,11 @@ static size_t nfs_parse_server_name(char *string, size_t len,
* @flavors: List of security tuples returned by SECINFO procedure
*
* Return the pseudoflavor of the first security mechanism in
- * "flavors" that is locally supported. Return RPC_AUTH_UNIX if
- * no matching flavor is found in the array. The "flavors" array
+ * "flavors" that is locally supported. The "flavors" array
* is searched in the order returned from the server, per RFC 3530
* recommendation.
+ *
+ * Return -EPERM if no matching flavor is found in the array.
*/
static rpc_authflavor_t nfs_find_best_sec(struct nfs_server *server,
struct nfs4_secinfo_flavors *flavors)
@@ -170,11 +171,7 @@ static rpc_authflavor_t nfs_find_best_sec(struct nfs_server *server,
}
}
- /* if there were any sec= options then nothing matched */
- if (server->auth_info.flavor_len > 0)
- return -EPERM;
-
- return RPC_AUTH_UNIX;
+ return -EPERM;
}
static rpc_authflavor_t nfs4_negotiate_security(struct inode *inode, struct qstr *name)
--
1.8.3.1
next prev parent reply other threads:[~2014-06-09 19:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-09 19:33 [PATCH 0/3] NFS: Fix SECINFO processing regression andros
2014-06-09 19:33 ` [PATCH 1/3] NFS check the return of nfs4_negotiate_security in nfs4_submount andros
2014-06-09 19:33 ` andros [this message]
2014-06-09 19:33 ` [PATCH 3/3] NFS test SECINFO RPC_AUTH_GSS pseudoflavors for support andros
2014-06-10 16:21 ` Trond Myklebust
2014-06-10 18:38 ` Adamson, Andy
2014-06-10 19:29 ` Trond Myklebust
2014-06-10 19:37 ` Adamson, Andy
2014-06-10 15:04 ` [PATCH 0/3] NFS: Fix SECINFO processing regression Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1402342401-5640-3-git-send-email-andros@netapp.com \
--to=andros@netapp.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).