* [PATCH 001/001] nfs: authenticated deep mounting
@ 2008-08-19 9:23 EG Keizer
[not found] ` <48AA9122.90805-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: EG Keizer @ 2008-08-19 9:23 UTC (permalink / raw)
To: linux-nfs
Allow mount to do authenticated mounts below the root of the exported tree.
The wording in RFC 2623, sec 2.3.2. allows fsinfo with UNIX authentication
on the root of the export. Mounts are not always done on the root
of the exported tree. Especially autoumounts often mount below the root of
the exported tree.
Some server implementations (justly) require full authentication for the
so-called deep mounts. The old code used AUTH_SYS only. This caused deep
mounts to fail on systems requiring stronger authentication..
The client should try both authentication types and use the first one that
succeeds.
This method was already partially implemented. This patch completes
the implementation for NFS2 and NFS3.
This patch was developed to allow Debian systems to automount home directories
on Solaris servers with krb5 authentication.
Tested on kernel 2.6.24-etchnhalf.1
Signed-off-by: E.G. Keizer <keie-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
---
diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c
index 549dbce..ce575e6 100644
--- a/fs/nfs/nfs3proc.c
+++ b/fs/nfs/nfs3proc.c
@@ -684,7 +684,7 @@ nfs3_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle,
}
static int
-nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
+do_proc_fsinfo(struct rpc_clnt *client, struct nfs_fh *fhandle,
struct nfs_fsinfo *info)
{
struct rpc_message msg = {
@@ -696,11 +696,26 @@ nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
dprintk("NFS call fsinfo\n");
nfs_fattr_init(info->fattr);
- status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+ status = rpc_call_sync(client, &msg, 0);
dprintk("NFS reply fsinfo: %d\n", status);
return status;
}
+/*
+ * Bare-bones access to fsinfo: this is for nfs_get_root/nfs_get_sb via nfs_create_server
+ */
+static int
+nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
+ struct nfs_fsinfo *info)
+{
+ int status;
+
+ status = do_proc_fsinfo(server->client, fhandle, info);
+ if (status && server->nfs_client->cl_rpcclient != server->client)
+ status = do_proc_fsinfo(server->nfs_client->cl_rpcclient, fhandle, info);
+ return status;
+}
+
static int
nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
struct nfs_pathconf *info)
diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c
index 5ccf7fa..f728118 100644
--- a/fs/nfs/proc.c
+++ b/fs/nfs/proc.c
@@ -65,14 +65,22 @@ nfs_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
dprintk("%s: call getattr\n", __FUNCTION__);
nfs_fattr_init(fattr);
- status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+ status = rpc_call_sync(server->client, &msg, 0);
+ /* Retry with default authentication if different */
+ if (status && server->nfs_client->cl_rpcclient != server->client) {
+ status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+ }
dprintk("%s: reply getattr: %d\n", __FUNCTION__, status);
if (status)
return status;
dprintk("%s: call statfs\n", __FUNCTION__);
msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS];
msg.rpc_resp = &fsinfo;
- status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+ status = rpc_call_sync(server->client, &msg, 0);
+ /* Retry with default authentication if different */
+ if (status && server->nfs_client->cl_rpcclient != server->client) {
+ status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+ }
dprintk("%s: reply statfs: %d\n", __FUNCTION__, status);
if (status)
return status;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] nfs: authenticated deep mounting
[not found] ` <48AA9122.90805-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
@ 2008-08-19 20:34 ` J. Bruce Fields
2008-09-23 20:07 ` Trond Myklebust
2008-09-23 20:05 ` [PATCH 001/001] " Trond Myklebust
1 sibling, 1 reply; 4+ messages in thread
From: J. Bruce Fields @ 2008-08-19 20:34 UTC (permalink / raw)
To: EG Keizer; +Cc: linux-nfs, Trond Myklebust
From: EG Keizer <keie-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
Allow mount to do authenticated mounts below the root of the exported tree.
The wording in RFC 2623, sec 2.3.2. allows fsinfo with UNIX authentication
on the root of the export. Mounts are not always done on the root
of the exported tree. Especially autoumounts often mount below the root of
the exported tree.
Some server implementations (justly) require full authentication for the
so-called deep mounts. The old code used AUTH_SYS only. This caused deep
mounts to fail on systems requiring stronger authentication..
The client should try both authentication types and use the first one that
succeeds.
This method was already partially implemented. This patch completes
the implementation for NFS2 and NFS3.
This patch was developed to allow Debian systems to automount home directories
on Solaris servers with krb5 authentication.
Tested on kernel 2.6.24-etchnhalf.1
Signed-off-by: E.G. Keizer <keie-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
---
fs/nfs/nfs3proc.c | 20 ++++++++++++++++++--
fs/nfs/proc.c | 10 ++++++++--
2 files changed, 26 insertions(+), 4 deletions(-)
On Tue, Aug 19, 2008 at 11:23:46AM +0200, EG Keizer wrote:
> Allow mount to do authenticated mounts below the root of the exported tree.
Thanks. For some reason, if I look at your mail in a text editor I see
an extra space at the beginning of each line. Which prevents patch from
applying it. Anyway, with that fixed up, and some other trivial
changes, the below is what I get. Makes sense to me; Trond?
--b.
diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c
index 1e750e4..c55be7a 100644
--- a/fs/nfs/nfs3proc.c
+++ b/fs/nfs/nfs3proc.c
@@ -699,7 +699,7 @@ nfs3_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle,
}
static int
-nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
+do_proc_fsinfo(struct rpc_clnt *client, struct nfs_fh *fhandle,
struct nfs_fsinfo *info)
{
struct rpc_message msg = {
@@ -711,11 +711,27 @@ nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
dprintk("NFS call fsinfo\n");
nfs_fattr_init(info->fattr);
- status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+ status = rpc_call_sync(client, &msg, 0);
dprintk("NFS reply fsinfo: %d\n", status);
return status;
}
+/*
+ * Bare-bones access to fsinfo: this is for nfs_get_root/nfs_get_sb via
+ * nfs_create_server
+ */
+static int
+nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
+ struct nfs_fsinfo *info)
+{
+ int status;
+
+ status = do_proc_fsinfo(server->client, fhandle, info);
+ if (status && server->nfs_client->cl_rpcclient != server->client)
+ status = do_proc_fsinfo(server->nfs_client->cl_rpcclient, fhandle, info);
+ return status;
+}
+
static int
nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
struct nfs_pathconf *info)
diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c
index 4dbb84d..1934652 100644
--- a/fs/nfs/proc.c
+++ b/fs/nfs/proc.c
@@ -65,14 +65,20 @@ nfs_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
dprintk("%s: call getattr\n", __func__);
nfs_fattr_init(fattr);
- status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+ status = rpc_call_sync(server->client, &msg, 0);
+ /* Retry with default authentication if different */
+ if (status && server->nfs_client->cl_rpcclient != server->client)
+ status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
dprintk("%s: reply getattr: %d\n", __func__, status);
if (status)
return status;
dprintk("%s: call statfs\n", __func__);
msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS];
msg.rpc_resp = &fsinfo;
- status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+ status = rpc_call_sync(server->client, &msg, 0);
+ /* Retry with default authentication if different */
+ if (status && server->nfs_client->cl_rpcclient != server->client)
+ status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
dprintk("%s: reply statfs: %d\n", __func__, status);
if (status)
return status;
--
1.5.5.rc1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 001/001] nfs: authenticated deep mounting
[not found] ` <48AA9122.90805-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
2008-08-19 20:34 ` [PATCH] " J. Bruce Fields
@ 2008-09-23 20:05 ` Trond Myklebust
1 sibling, 0 replies; 4+ messages in thread
From: Trond Myklebust @ 2008-09-23 20:05 UTC (permalink / raw)
To: EG Keizer; +Cc: linux-nfs
On Tue, 2008-08-19 at 11:23 +0200, EG Keizer wrote:
> Allow mount to do authenticated mounts below the root of the exported tree.
> The wording in RFC 2623, sec 2.3.2. allows fsinfo with UNIX authentication
> on the root of the export. Mounts are not always done on the root
> of the exported tree. Especially autoumounts often mount below the root of
> the exported tree.
> Some server implementations (justly) require full authentication for the
> so-called deep mounts. The old code used AUTH_SYS only. This caused deep
> mounts to fail on systems requiring stronger authentication..
> The client should try both authentication types and use the first one that
> succeeds.
> This method was already partially implemented. This patch completes
> the implementation for NFS2 and NFS3.
> This patch was developed to allow Debian systems to automount home directories
> on Solaris servers with krb5 authentication.
>
> Tested on kernel 2.6.24-etchnhalf.1
>
> Signed-off-by: E.G. Keizer <keie-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
I'd like to apply this patch, but it won't apply to 2.6.27-rc7...
Cheers
Trond
> ---
>
> diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c
> index 549dbce..ce575e6 100644
> --- a/fs/nfs/nfs3proc.c
> +++ b/fs/nfs/nfs3proc.c
> @@ -684,7 +684,7 @@ nfs3_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle,
> }
>
> static int
> -nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
> +do_proc_fsinfo(struct rpc_clnt *client, struct nfs_fh *fhandle,
> struct nfs_fsinfo *info)
> {
> struct rpc_message msg = {
> @@ -696,11 +696,26 @@ nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
>
> dprintk("NFS call fsinfo\n");
> nfs_fattr_init(info->fattr);
> - status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + status = rpc_call_sync(client, &msg, 0);
> dprintk("NFS reply fsinfo: %d\n", status);
> return status;
> }
>
> +/*
> + * Bare-bones access to fsinfo: this is for nfs_get_root/nfs_get_sb via nfs_create_server
> + */
> +static int
> +nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
> + struct nfs_fsinfo *info)
> +{
> + int status;
> +
> + status = do_proc_fsinfo(server->client, fhandle, info);
> + if (status && server->nfs_client->cl_rpcclient != server->client)
> + status = do_proc_fsinfo(server->nfs_client->cl_rpcclient, fhandle, info);
> + return status;
> +}
> +
> static int
> nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
> struct nfs_pathconf *info)
> diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c
> index 5ccf7fa..f728118 100644
> --- a/fs/nfs/proc.c
> +++ b/fs/nfs/proc.c
> @@ -65,14 +65,22 @@ nfs_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
>
> dprintk("%s: call getattr\n", __FUNCTION__);
> nfs_fattr_init(fattr);
> - status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + status = rpc_call_sync(server->client, &msg, 0);
> + /* Retry with default authentication if different */
> + if (status && server->nfs_client->cl_rpcclient != server->client) {
> + status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + }
> dprintk("%s: reply getattr: %d\n", __FUNCTION__, status);
> if (status)
> return status;
> dprintk("%s: call statfs\n", __FUNCTION__);
> msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS];
> msg.rpc_resp = &fsinfo;
> - status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + status = rpc_call_sync(server->client, &msg, 0);
> + /* Retry with default authentication if different */
> + if (status && server->nfs_client->cl_rpcclient != server->client) {
> + status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + }
> dprintk("%s: reply statfs: %d\n", __FUNCTION__, status);
> if (status)
> return status;
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] nfs: authenticated deep mounting
2008-08-19 20:34 ` [PATCH] " J. Bruce Fields
@ 2008-09-23 20:07 ` Trond Myklebust
0 siblings, 0 replies; 4+ messages in thread
From: Trond Myklebust @ 2008-09-23 20:07 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: EG Keizer, linux-nfs, Trond Myklebust
On Tue, 2008-08-19 at 16:34 -0400, J. Bruce Fields wrote:
> From: EG Keizer <keie-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
>
> Allow mount to do authenticated mounts below the root of the exported tree.
> The wording in RFC 2623, sec 2.3.2. allows fsinfo with UNIX authentication
> on the root of the export. Mounts are not always done on the root
> of the exported tree. Especially autoumounts often mount below the root of
> the exported tree.
> Some server implementations (justly) require full authentication for the
> so-called deep mounts. The old code used AUTH_SYS only. This caused deep
> mounts to fail on systems requiring stronger authentication..
> The client should try both authentication types and use the first one that
> succeeds.
> This method was already partially implemented. This patch completes
> the implementation for NFS2 and NFS3.
> This patch was developed to allow Debian systems to automount home directories
> on Solaris servers with krb5 authentication.
>
> Tested on kernel 2.6.24-etchnhalf.1
>
> Signed-off-by: E.G. Keizer <keie-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
> ---
> fs/nfs/nfs3proc.c | 20 ++++++++++++++++++--
> fs/nfs/proc.c | 10 ++++++++--
> 2 files changed, 26 insertions(+), 4 deletions(-)
>
> On Tue, Aug 19, 2008 at 11:23:46AM +0200, EG Keizer wrote:
> > Allow mount to do authenticated mounts below the root of the exported tree.
>
> Thanks. For some reason, if I look at your mail in a text editor I see
> an extra space at the beginning of each line. Which prevents patch from
> applying it. Anyway, with that fixed up, and some other trivial
> changes, the below is what I get. Makes sense to me; Trond?
>
> --b.
OK. This one applies correctly...
> diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c
> index 1e750e4..c55be7a 100644
> --- a/fs/nfs/nfs3proc.c
> +++ b/fs/nfs/nfs3proc.c
> @@ -699,7 +699,7 @@ nfs3_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle,
> }
>
> static int
> -nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
> +do_proc_fsinfo(struct rpc_clnt *client, struct nfs_fh *fhandle,
> struct nfs_fsinfo *info)
> {
> struct rpc_message msg = {
> @@ -711,11 +711,27 @@ nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
>
> dprintk("NFS call fsinfo\n");
> nfs_fattr_init(info->fattr);
> - status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + status = rpc_call_sync(client, &msg, 0);
> dprintk("NFS reply fsinfo: %d\n", status);
> return status;
> }
>
> +/*
> + * Bare-bones access to fsinfo: this is for nfs_get_root/nfs_get_sb via
> + * nfs_create_server
> + */
> +static int
> +nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
> + struct nfs_fsinfo *info)
> +{
> + int status;
> +
> + status = do_proc_fsinfo(server->client, fhandle, info);
> + if (status && server->nfs_client->cl_rpcclient != server->client)
> + status = do_proc_fsinfo(server->nfs_client->cl_rpcclient, fhandle, info);
> + return status;
> +}
> +
> static int
> nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
> struct nfs_pathconf *info)
> diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c
> index 4dbb84d..1934652 100644
> --- a/fs/nfs/proc.c
> +++ b/fs/nfs/proc.c
> @@ -65,14 +65,20 @@ nfs_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
>
> dprintk("%s: call getattr\n", __func__);
> nfs_fattr_init(fattr);
> - status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + status = rpc_call_sync(server->client, &msg, 0);
> + /* Retry with default authentication if different */
> + if (status && server->nfs_client->cl_rpcclient != server->client)
> + status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> dprintk("%s: reply getattr: %d\n", __func__, status);
> if (status)
> return status;
> dprintk("%s: call statfs\n", __func__);
> msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS];
> msg.rpc_resp = &fsinfo;
> - status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> + status = rpc_call_sync(server->client, &msg, 0);
> + /* Retry with default authentication if different */
> + if (status && server->nfs_client->cl_rpcclient != server->client)
> + status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
> dprintk("%s: reply statfs: %d\n", __func__, status);
> if (status)
> return status;
> --
> 1.5.5.rc1
>
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@netapp.com
www.netapp.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-09-23 20:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-08-19 9:23 [PATCH 001/001] nfs: authenticated deep mounting EG Keizer
[not found] ` <48AA9122.90805-vHs5IaWfoDhmR6Xm/wNWPw@public.gmane.org>
2008-08-19 20:34 ` [PATCH] " J. Bruce Fields
2008-09-23 20:07 ` Trond Myklebust
2008-09-23 20:05 ` [PATCH 001/001] " Trond Myklebust
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox