From: NeilBrown <neilb@suse.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Cc: "J. Bruce Fields" <bfields@citi.umich.edu>
Cc: J "." Bruce Fields <bfields@citi.umich.edu>
Cc: Neil Brown <neilb@suse.de>
Subject: [PATCH 018 of 20] knfsd: nfsd4: secinfo handling without secinfo= option
Date: Tue, 10 Jul 2007 12:28:10 +1000 [thread overview]
Message-ID: <1070710022810.13598@suse.de> (raw)
In-Reply-To: 20070710121949.12548.patches@notabene
From: J. Bruce Fields <bfields@citi.umich.edu>
We could return some sort of error in the case where someone asks for
secinfo on an export without the secinfo= option set--that'd be no worse
than what we've been doing. But it's not really correct. So, hack up
an approximate secinfo response in that case--it may not be complete,
but it'll tell the client at least one acceptable security flavor.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
### Diffstat output
./fs/nfsd/nfs4xdr.c | 30 +++++++++++++++++++++++++++---
./include/linux/sunrpc/svcauth_gss.h | 1 +
./net/sunrpc/auth_gss/svcauth_gss.c | 9 +++++++++
3 files changed, 37 insertions(+), 3 deletions(-)
diff .prev/fs/nfsd/nfs4xdr.c ./fs/nfsd/nfs4xdr.c
--- .prev/fs/nfsd/nfs4xdr.c 2007-07-10 11:52:23.000000000 +1000
+++ ./fs/nfsd/nfs4xdr.c 2007-07-10 12:18:53.000000000 +1000
@@ -57,6 +57,7 @@
#include <linux/nfs4.h>
#include <linux/nfs4_acl.h>
#include <linux/sunrpc/gss_api.h>
+#include <linux/sunrpc/svcauth_gss.h>
#define NFSDDBG_FACILITY NFSDDBG_XDR
@@ -2454,15 +2455,38 @@ nfsd4_encode_secinfo(struct nfsd4_compou
{
int i = 0;
struct svc_export *exp = secinfo->si_exp;
+ u32 nflavs;
+ struct exp_flavor_info *flavs;
+ struct exp_flavor_info def_flavs[2];
ENCODE_HEAD;
if (nfserr)
goto out;
+ if (exp->ex_nflavors) {
+ flavs = exp->ex_flavors;
+ nflavs = exp->ex_nflavors;
+ } else { /* Handling of some defaults in absence of real secinfo: */
+ flavs = def_flavs;
+ if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
+ nflavs = 2;
+ flavs[0].pseudoflavor = RPC_AUTH_UNIX;
+ flavs[1].pseudoflavor = RPC_AUTH_NULL;
+ } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
+ nflavs = 1;
+ flavs[0].pseudoflavor
+ = svcauth_gss_flavor(exp->ex_client);
+ } else {
+ nflavs = 1;
+ flavs[0].pseudoflavor
+ = exp->ex_client->flavour->flavour;
+ }
+ }
+
RESERVE_SPACE(4);
- WRITE32(exp->ex_nflavors);
+ WRITE32(nflavs);
ADJUST_ARGS();
- for (i = 0; i < exp->ex_nflavors; i++) {
- u32 flav = exp->ex_flavors[i].pseudoflavor;
+ for (i = 0; i < nflavs; i++) {
+ u32 flav = flavs[i].pseudoflavor;
struct gss_api_mech *gm = gss_mech_get_by_pseudoflavor(flav);
if (gm) {
diff .prev/include/linux/sunrpc/svcauth_gss.h ./include/linux/sunrpc/svcauth_gss.h
--- .prev/include/linux/sunrpc/svcauth_gss.h 2007-07-10 11:19:39.000000000 +1000
+++ ./include/linux/sunrpc/svcauth_gss.h 2007-07-10 12:19:19.000000000 +1000
@@ -23,6 +23,7 @@ int gss_svc_init(void);
void gss_svc_shutdown(void);
int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name);
void svcauth_gss_unregister_pseudoflavor(char *name);
+u32 svcauth_gss_flavor(struct auth_domain *dom);
#endif /* __KERNEL__ */
#endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */
diff .prev/net/sunrpc/auth_gss/svcauth_gss.c ./net/sunrpc/auth_gss/svcauth_gss.c
--- .prev/net/sunrpc/auth_gss/svcauth_gss.c 2007-07-10 11:35:37.000000000 +1000
+++ ./net/sunrpc/auth_gss/svcauth_gss.c 2007-07-10 12:18:53.000000000 +1000
@@ -743,6 +743,15 @@ find_gss_auth_domain(struct gss_ctx *ctx
static struct auth_ops svcauthops_gss;
+u32 svcauth_gss_flavor(struct auth_domain *dom)
+{
+ struct gss_domain *gd = container_of(dom, struct gss_domain, h);
+
+ return gd->pseudoflavor;
+}
+
+EXPORT_SYMBOL(svcauth_gss_flavor);
+
int
svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
{
next prev parent reply other threads:[~2007-07-10 2:29 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-10 2:22 [PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups NeilBrown
2007-07-10 2:22 ` [PATCH 001 of 20] knfsd: nfsd: make all exp_finding functions return -errno's on err NeilBrown
2007-07-10 2:23 ` [PATCH 002 of 20] knfsd: nfsd4: build rpcsec_gss whenever nfsd4 is built NeilBrown
2007-07-10 2:23 ` [PATCH 003 of 20] knfsd: nfsd4: store pseudoflavor in request NeilBrown
2007-07-10 2:23 ` [PATCH 004 of 20] knfsd: nfsd4: parse secinfo information in exports downcall NeilBrown
2007-07-10 2:24 ` [PATCH 005 of 20] knfsd: nfsd4: simplify exp_pseudoroot arguments NeilBrown
2007-07-10 2:24 ` [PATCH 006 of 20] knfsd: nfsd: remove superfluous assignment from nfsd_lookup NeilBrown
2007-07-10 2:24 ` [PATCH 007 of 20] knfsd: nfsd: provide export lookup wrappers which take a svc_rqst NeilBrown
2007-07-10 2:24 ` [PATCH 008 of 20] knfsd: nfsd: set rq_client to ip-address-determined-domain NeilBrown
2007-07-10 2:25 ` [PATCH 009 of 20] knfsd: nfsd: use ip-address-based domain in secinfo case NeilBrown
2007-07-10 16:06 ` J. Bruce Fields
2007-07-10 2:25 ` [PATCH 010 of 20] knfsd: nfsd: factor nfsd_lookup into 2 pieces NeilBrown
2007-07-10 2:25 ` [PATCH 011 of 20] knfsd: nfsd4: return nfserr_wrongsec NeilBrown
2007-07-10 2:26 ` [PATCH 012 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor NeilBrown
2007-07-13 7:27 ` Andrew Morton
2007-07-13 9:54 ` Christoph Hellwig
2007-07-10 2:27 ` [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags NeilBrown
2007-07-13 7:29 ` Andrew Morton
2007-07-18 23:05 ` [NFS] " J. Bruce Fields
2007-07-19 0:16 ` Neil Brown
2007-07-19 15:35 ` J. Bruce Fields
2007-07-20 2:21 ` Neil Brown
2007-07-20 4:22 ` Satyam Sharma
2007-07-20 22:18 ` [PATCH] knfsd: Fix typo in export display, print uid and gid as unsigned J. Bruce Fields
2007-07-19 0:18 ` [NFS] [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags Andrew Morton
2007-07-10 2:27 ` [PATCH 014 of 20] knfsd: nfsd: display export secinfo information NeilBrown
2007-07-10 2:27 ` [PATCH 015 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor NeilBrown
2007-07-13 7:12 ` Andrew Morton
2007-07-13 8:47 ` Andrew Morton
2007-07-10 2:27 ` [PATCH 016 of 20] knfsd: rpc: add gss krb5 and spkm3 oid values NeilBrown
2007-07-10 2:28 ` [PATCH 017 of 20] knfsd: nfsd4: implement secinfo NeilBrown
2007-07-10 2:28 ` NeilBrown [this message]
2007-07-10 2:28 ` [PATCH 019 of 20] knfsd: nfsd: allow auth_sys nlm on rpcsec_gss exports NeilBrown
2007-07-10 2:28 ` [PATCH 020 of 20] knfsd: nfsd: enforce per-flavor id squashing NeilBrown
2007-07-13 7:33 ` [PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups Andrew Morton
2007-07-13 18:10 ` J. Bruce Fields
2007-07-13 18:42 ` Andrew Morton
2007-07-18 22:57 ` J. Bruce Fields
[not found] ` <2ac9f179334dc7894bb58b1c2fb62837a07fbbdf.1184798679.git.bfields@citi.umich.edu>
2007-07-18 22:57 ` [PATCH 1/5] nfsd: fix possible read-ahead cache and export table corruption J. Bruce Fields
[not found] ` <278646972e4b7eaf86d648d8ee2ae879f8b6b680.1184798679.git.bfields@citi.umich.edu>
2007-07-18 22:57 ` [PATCH 2/5] nfsd: return errors, not NULL, from export functions J. Bruce Fields
[not found] ` <ca76105264283034a0f3d9d138bded79f5b2f87e.1184798679.git.bfields@citi.umich.edu>
2007-07-18 22:57 ` [PATCH 3/5] nfsd: remove unnecessary NULL checks from nfsd_cross_mnt J. Bruce Fields
[not found] ` <fbbdd23e675df0288cf80243fdcd5e211fff855b.1184798679.git.bfields@citi.umich.edu>
2007-07-18 22:57 ` [PATCH 4/5] knfsd: move EX_RDONLY out of header J. Bruce Fields
2007-07-19 8:28 ` [NFS] " Christoph Hellwig
2007-07-19 8:36 ` Andrew Morton
[not found] ` <986bf36dcb843bf352799fad5c20f1764748ce22.1184798679.git.bfields@citi.umich.edu>
2007-07-18 22:57 ` [PATCH 5/5] knfsd: clean up EX_RDONLY J. Bruce Fields
2007-07-19 8:29 ` [NFS] " Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1070710022810.13598@suse.de \
--to=neilb@suse.de \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox