* [PATCH] nfs: don't attempt auth methods that require upcall unless we know that gssd is running
@ 2014-01-24 12:09 Jeff Layton
2014-01-24 12:45 ` Jeff Layton
0 siblings, 1 reply; 2+ messages in thread
From: Jeff Layton @ 2014-01-24 12:09 UTC (permalink / raw)
To: trond.myklebust; +Cc: dros, linux-nfs
Currently, if the server lists krb5 as an allowed auth method, but gssd isn't
running, you'll get the infamous "AUTH_GSS upcall failed" message, even if
you didn't request sec=krb5.
This is because nfs4_find_root_sec() establishes a default list of auth
methods to try when the admin didn't supply one, and that list contains
AUTH_GSS methods first. Skip those methods if gssd isn't running since
they won't succeed anyway.
Cc: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
fs/nfs/nfs4proc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 15052b8..468a581 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -2900,6 +2900,13 @@ static int nfs4_find_root_sec(struct nfs_server *server, struct nfs_fh *fhandle,
} else {
/* no flavors specified by user, try default list */
for (i = 0; i < ARRAY_SIZE(flav_array); i++) {
+ /*
+ * Don't attempt to upcall with the default list
+ * unless we know that gssd is running.
+ */
+ if (!gssd_running(server->nfs_client->cl_net))
+ continue;
+
status = nfs4_lookup_root_sec(server, fhandle, info,
flav_array[i]);
if (status == -NFS4ERR_WRONGSEC || status == -EACCES)
--
1.8.5.3
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] nfs: don't attempt auth methods that require upcall unless we know that gssd is running
2014-01-24 12:09 [PATCH] nfs: don't attempt auth methods that require upcall unless we know that gssd is running Jeff Layton
@ 2014-01-24 12:45 ` Jeff Layton
0 siblings, 0 replies; 2+ messages in thread
From: Jeff Layton @ 2014-01-24 12:45 UTC (permalink / raw)
To: trond.myklebust; +Cc: dros, linux-nfs
On Fri, 24 Jan 2014 07:09:28 -0500
Jeff Layton <jlayton@redhat.com> wrote:
> Currently, if the server lists krb5 as an allowed auth method, but gssd isn't
> running, you'll get the infamous "AUTH_GSS upcall failed" message, even if
> you didn't request sec=krb5.
>
> This is because nfs4_find_root_sec() establishes a default list of auth
> methods to try when the admin didn't supply one, and that list contains
> AUTH_GSS methods first. Skip those methods if gssd isn't running since
> they won't succeed anyway.
>
> Cc: Weston Andros Adamson <dros@netapp.com>
> Signed-off-by: Jeff Layton <jlayton@redhat.com>
> ---
> fs/nfs/nfs4proc.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
> index 15052b8..468a581 100644
> --- a/fs/nfs/nfs4proc.c
> +++ b/fs/nfs/nfs4proc.c
> @@ -2900,6 +2900,13 @@ static int nfs4_find_root_sec(struct nfs_server *server, struct nfs_fh *fhandle,
> } else {
> /* no flavors specified by user, try default list */
> for (i = 0; i < ARRAY_SIZE(flav_array); i++) {
> + /*
> + * Don't attempt to upcall with the default list
> + * unless we know that gssd is running.
> + */
> + if (!gssd_running(server->nfs_client->cl_net))
> + continue;
> +
> status = nfs4_lookup_root_sec(server, fhandle, info,
> flav_array[i]);
> if (status == -NFS4ERR_WRONGSEC || status == -EACCES)
Eep! Wrong patch. I'll resend. Sorry for the noise...
--
Jeff Layton <jlayton@redhat.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-01-24 12:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-24 12:09 [PATCH] nfs: don't attempt auth methods that require upcall unless we know that gssd is running Jeff Layton
2014-01-24 12:45 ` Jeff Layton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox