[PATCH] NFS: remount with security change should return EINVAL

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] NFS: remount with security change should return EINVAL
@ 2014-12-06  2:52 Benjamin Coddington
  2015-03-11 19:58 ` Benjamin Coddington
  2015-03-12 16:00 ` Trond Myklebust
  0 siblings, 2 replies; 3+ messages in thread
From: Benjamin Coddington @ 2014-12-06  2:52 UTC (permalink / raw)
  To: linux-nfs

A remount that alters security flavors can appear to succeed when it should
instead return -EINVAL.  Check to see if the current security flavor exists
within the flavors specified in the remount options, and if not fail the
remount.

Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
---
 fs/nfs/super.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 31a11b0..e6275e0 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -2191,7 +2191,7 @@ nfs_compare_remount_data(struct nfs_server *nfss,
 	    data->version != nfss->nfs_client->rpc_ops->version ||
 	    data->minorversion != nfss->nfs_client->cl_minorversion ||
 	    data->retrans != nfss->client->cl_timeout->to_retries ||
-	    data->selected_flavor != nfss->client->cl_auth->au_flavor ||
+	    !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) ||
 	    data->acregmin != nfss->acregmin / HZ ||
 	    data->acregmax != nfss->acregmax / HZ ||
 	    data->acdirmin != nfss->acdirmin / HZ ||
@@ -2239,7 +2239,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
 	data->wsize = nfss->wsize;
 	data->retrans = nfss->client->cl_timeout->to_retries;
 	data->selected_flavor = nfss->client->cl_auth->au_flavor;
-	data->auth_info = nfss->auth_info;
 	data->acregmin = nfss->acregmin / HZ;
 	data->acregmax = nfss->acregmax / HZ;
 	data->acdirmin = nfss->acdirmin / HZ;
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] NFS: remount with security change should return EINVAL
  2014-12-06  2:52 [PATCH] NFS: remount with security change should return EINVAL Benjamin Coddington
@ 2015-03-11 19:58 ` Benjamin Coddington
  2015-03-12 16:00 ` Trond Myklebust
  1 sibling, 0 replies; 3+ messages in thread
From: Benjamin Coddington @ 2015-03-11 19:58 UTC (permalink / raw)
  To: linux-nfs

Bump..  ..even though I can't imagine a smaller problem, any chance to take
this one?

Ben

On Fri, 5 Dec 2014, Benjamin Coddington wrote:

> A remount that alters security flavors can appear to succeed when it should
> instead return -EINVAL.  Check to see if the current security flavor exists
> within the flavors specified in the remount options, and if not fail the
> remount.
>
> Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
> ---
>  fs/nfs/super.c |    3 +--
>  1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfs/super.c b/fs/nfs/super.c
> index 31a11b0..e6275e0 100644
> --- a/fs/nfs/super.c
> +++ b/fs/nfs/super.c
> @@ -2191,7 +2191,7 @@ nfs_compare_remount_data(struct nfs_server *nfss,
>  	    data->version != nfss->nfs_client->rpc_ops->version ||
>  	    data->minorversion != nfss->nfs_client->cl_minorversion ||
>  	    data->retrans != nfss->client->cl_timeout->to_retries ||
> -	    data->selected_flavor != nfss->client->cl_auth->au_flavor ||
> +	    !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) ||
>  	    data->acregmin != nfss->acregmin / HZ ||
>  	    data->acregmax != nfss->acregmax / HZ ||
>  	    data->acdirmin != nfss->acdirmin / HZ ||
> @@ -2239,7 +2239,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
>  	data->wsize = nfss->wsize;
>  	data->retrans = nfss->client->cl_timeout->to_retries;
>  	data->selected_flavor = nfss->client->cl_auth->au_flavor;
> -	data->auth_info = nfss->auth_info;
>  	data->acregmin = nfss->acregmin / HZ;
>  	data->acregmax = nfss->acregmax / HZ;
>  	data->acdirmin = nfss->acdirmin / HZ;
> --
> 1.7.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] NFS: remount with security change should return EINVAL
  2014-12-06  2:52 [PATCH] NFS: remount with security change should return EINVAL Benjamin Coddington
  2015-03-11 19:58 ` Benjamin Coddington
@ 2015-03-12 16:00 ` Trond Myklebust
  1 sibling, 0 replies; 3+ messages in thread
From: Trond Myklebust @ 2015-03-12 16:00 UTC (permalink / raw)
  To: Benjamin Coddington; +Cc: linux-nfs

On Fri, 2014-12-05 at 21:52 -0500, Benjamin Coddington wrote:
> A remount that alters security flavors can appear to succeed when it should
> instead return -EINVAL.  Check to see if the current security flavor exists
> within the flavors specified in the remount options, and if not fail the
> remount.
> 
> Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
> ---
>  fs/nfs/super.c |    3 +--
>  1 files changed, 1 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/nfs/super.c b/fs/nfs/super.c
> index 31a11b0..e6275e0 100644
> --- a/fs/nfs/super.c
> +++ b/fs/nfs/super.c
> @@ -2191,7 +2191,7 @@ nfs_compare_remount_data(struct nfs_server *nfss,
>  	    data->version != nfss->nfs_client->rpc_ops->version ||
>  	    data->minorversion != nfss->nfs_client->cl_minorversion ||
>  	    data->retrans != nfss->client->cl_timeout->to_retries ||
> -	    data->selected_flavor != nfss->client->cl_auth->au_flavor ||
> +	    !nfs_auth_info_match(&data->auth_info, nfss->client->cl_auth->au_flavor) ||
>  	    data->acregmin != nfss->acregmin / HZ ||
>  	    data->acregmax != nfss->acregmax / HZ ||
>  	    data->acdirmin != nfss->acdirmin / HZ ||
> @@ -2239,7 +2239,6 @@ nfs_remount(struct super_block *sb, int *flags, char *raw_data)
>  	data->wsize = nfss->wsize;
>  	data->retrans = nfss->client->cl_timeout->to_retries;
>  	data->selected_flavor = nfss->client->cl_auth->au_flavor;
> -	data->auth_info = nfss->auth_info;
>  	data->acregmin = nfss->acregmin / HZ;
>  	data->acregmax = nfss->acregmax / HZ;
>  	data->acdirmin = nfss->acdirmin / HZ;

Thanks Ben. Applied...
-- 
Trond Myklebust
Linux NFS client maintainer, PrimaryData
trond.myklebust@primarydata.com





^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-03-12 16:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-06  2:52 [PATCH] NFS: remount with security change should return EINVAL Benjamin Coddington
2015-03-11 19:58 ` Benjamin Coddington
2015-03-12 16:00 ` Trond Myklebust

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).