commit 53a75f22e78a601321c2e1fd16266ecdae2f2309

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

NFS: Fix NFSv2 security settings

For a while now any NFSv2 mount where sec= is specified uses
AUTH_NULL. If sec= is not specified, the mount uses AUTH_UNIX.
Commit e68fd7c8071d ("mount: use sec= that was specified on the
command line") attempted to address a very similar problem with
NFSv3, and should have fixed this too, but it has a bug.

The MNTv1 MNT procedure does not return a list of security flavors,
so our client makes up a list containing just AUTH_NULL. This should
enable nfs_verify_authflavors() to assign the sec= specified flavor,
but instead, it incorrectly sets it to AUTH_NULL.

I expect this would also be a problem for any NFSv3 server whose
MNTv3 MNT procedure returned a security flavor list containing only
AUTH_NULL.

Fixes: e68fd7c8071d ("mount: use sec= that was specified on ... ")
BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=310
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>

authored by

Chuck Lever and committed by

Trond Myklebust 8 years ago 53a75f22 b79e87e0

+8 -4

1 changed file

expand all

unified split

nfs

super.c

+8 -4

fs/nfs/super.c

··· 1691 1691 rpc_authflavor_t *server_authlist, unsigned int count) 1692 1692 { 1693 1693 rpc_authflavor_t flavor = RPC_AUTH_MAXFLAVOR; 1694 + bool found_auth_null = false; 1694 1695 unsigned int i; 1695 - int use_auth_null = false; 1696 1696 1697 1697 /* 1698 1698 * If the sec= mount option is used, the specified flavor or AUTH_NULL ··· 1701 1701 * AUTH_NULL has a special meaning when it's in the server list - it 1702 1702 * means that the server will ignore the rpc creds, so any flavor 1703 1703 * can be used but still use the sec= that was specified. 1704 + * 1705 + * Note also that the MNT procedure in MNTv1 does not return a list 1706 + * of supported security flavors. In this case, nfs_mount() fabricates 1707 + * a security flavor list containing just AUTH_NULL. 1704 1708 */ 1705 1709 for (i = 0; i < count; i++) { 1706 1710 flavor = server_authlist[i]; ··· 1713 1709 goto out; 1714 1710 1715 1711 if (flavor == RPC_AUTH_NULL) 1716 - use_auth_null = true; 1712 + found_auth_null = true; 1717 1713 } 1718 1714 1719 - if (use_auth_null) { 1720 - flavor = RPC_AUTH_NULL; 1715 + if (found_auth_null) { 1716 + flavor = args->auth_info.flavors[0]; 1721 1717 goto out; 1722 1718 } 1723 1719