knfsd: nfsd4: secinfo handling without secinfo= option

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

We could return some sort of error in the case where someone asks for secinfo
on an export without the secinfo= option set--that'd be no worse than what
we've been doing. But it's not really correct. So, hack up an approximate
secinfo response in that case--it may not be complete, but it'll tell the
client at least one acceptable security flavor.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

J. Bruce Fields and committed by

Linus Torvalds 19 years ago 4796f457 dcb488a3

+37 -3

3 changed files

expand all

nfsd

nfs4xdr.c

include

linux

sunrpc

svcauth_gss.h

net

sunrpc

auth_gss

svcauth_gss.c

+27 -3

fs/nfsd/nfs4xdr.c

··· 57 57 #include <linux/nfs4.h> 58 58 #include <linux/nfs4_acl.h> 59 59 #include <linux/sunrpc/gss_api.h> 60 + #include <linux/sunrpc/svcauth_gss.h> 60 61 61 62 #define NFSDDBG_FACILITY NFSDDBG_XDR 62 63 ··· 2455 2454 { 2456 2455 int i = 0; 2457 2456 struct svc_export *exp = secinfo->si_exp; 2457 + u32 nflavs; 2458 + struct exp_flavor_info *flavs; 2459 + struct exp_flavor_info def_flavs[2]; 2458 2460 ENCODE_HEAD; 2459 2461 2460 2462 if (nfserr) 2461 2463 goto out; 2464 + if (exp->ex_nflavors) { 2465 + flavs = exp->ex_flavors; 2466 + nflavs = exp->ex_nflavors; 2467 + } else { /* Handling of some defaults in absence of real secinfo: */ 2468 + flavs = def_flavs; 2469 + if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) { 2470 + nflavs = 2; 2471 + flavs[0].pseudoflavor = RPC_AUTH_UNIX; 2472 + flavs[1].pseudoflavor = RPC_AUTH_NULL; 2473 + } else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) { 2474 + nflavs = 1; 2475 + flavs[0].pseudoflavor 2476 + = svcauth_gss_flavor(exp->ex_client); 2477 + } else { 2478 + nflavs = 1; 2479 + flavs[0].pseudoflavor 2480 + = exp->ex_client->flavour->flavour; 2481 + } 2482 + } 2483 + 2462 2484 RESERVE_SPACE(4); 2463 - WRITE32(exp->ex_nflavors); 2485 + WRITE32(nflavs); 2464 2486 ADJUST_ARGS(); 2465 - for (i = 0; i < exp->ex_nflavors; i++) { 2466 - u32 flav = exp->ex_flavors[i].pseudoflavor; 2487 + for (i = 0; i < nflavs; i++) { 2488 + u32 flav = flavs[i].pseudoflavor; 2467 2489 struct gss_api_mech *gm = gss_mech_get_by_pseudoflavor(flav); 2468 2490 2469 2491 if (gm) {

include/linux/sunrpc/svcauth_gss.h

··· 22 22 int gss_svc_init(void); 23 23 void gss_svc_shutdown(void); 24 24 int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name); 25 + u32 svcauth_gss_flavor(struct auth_domain *dom); 25 26 26 27 #endif /* __KERNEL__ */ 27 28 #endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */

net/sunrpc/auth_gss/svcauth_gss.c

··· 743 743 744 744 static struct auth_ops svcauthops_gss; 745 745 746 + u32 svcauth_gss_flavor(struct auth_domain *dom) 747 + { 748 + struct gss_domain *gd = container_of(dom, struct gss_domain, h); 749 + 750 + return gd->pseudoflavor; 751 + } 752 + 753 + EXPORT_SYMBOL(svcauth_gss_flavor); 754 + 746 755 int 747 756 svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name) 748 757 {