1. 23 Apr, 2013 5 commits
    • Trond Myklebust's avatar
      Merge branch 'bugfixes' into linux-next · b0212b84
      Trond Myklebust authored
      Fix up a conflict between the linux-next branch and mainline.
      Conflicts:
      	fs/nfs/nfs4proc.c
      b0212b84
    • Trond Myklebust's avatar
      Merge branch 'rpcsec_gss-from_cel' into linux-next · bd1d421a
      Trond Myklebust authored
      * rpcsec_gss-from_cel: (21 commits)
        NFS: Retry SETCLIENTID with AUTH_SYS instead of AUTH_NONE
        NFSv4: Don't clear the machine cred when client establish returns EACCES
        NFSv4: Fix issues in nfs4_discover_server_trunking
        NFSv4: Fix the fallback to AUTH_NULL if krb5i is not available
        NFS: Use server-recommended security flavor by default (NFSv3)
        SUNRPC: Don't recognize RPC_AUTH_MAXFLAVOR
        NFS: Use "krb5i" to establish NFSv4 state whenever possible
        NFS: Try AUTH_UNIX when PUTROOTFH gets NFS4ERR_WRONGSEC
        NFS: Use static list of security flavors during root FH lookup recovery
        NFS: Avoid PUTROOTFH when managing leases
        NFS: Clean up nfs4_proc_get_rootfh
        NFS: Handle missing rpc.gssd when looking up root FH
        SUNRPC: Remove EXPORT_SYMBOL_GPL() from GSS mech switch
        SUNRPC: Make gss_mech_get() static
        SUNRPC: Refactor nfsd4_do_encode_secinfo()
        SUNRPC: Consider qop when looking up pseudoflavors
        SUNRPC: Load GSS kernel module by OID
        SUNRPC: Introduce rpcauth_get_pseudoflavor()
        SUNRPC: Define rpcsec_gss_info structure
        NFS: Remove unneeded forward declaration
        ...
      bd1d421a
    • Trond Myklebust's avatar
      NFSv4: Don't recheck permissions on open in case of recovery cached open · bdeca1b7
      Trond Myklebust authored
      If we already checked the user access permissions on the original open,
      then don't bother checking again on recovery. Doing so can cause a
      deadlock with NFSv4.1, since the may_open() operation is not privileged.
      Furthermore, we can't report an access permission failure here anyway.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      bdeca1b7
    • Trond Myklebust's avatar
      NFSv4.1: Don't do a delegated open for NFS4_OPEN_CLAIM_DELEG_CUR_FH modes · cd4c9be2
      Trond Myklebust authored
      If we're in a delegation recall situation, we can't do a delegated open.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      cd4c9be2
    • Trond Myklebust's avatar
      NFSv4.1: Use the more efficient open_noattr call for open-by-filehandle · 8188df17
      Trond Myklebust authored
      When we're doing open-by-filehandle in NFSv4.1, we shouldn't need to
      do the cache consistency revalidation on the directory. It is
      therefore more efficient to just use open_noattr, which returns the
      file attributes, but not the directory attributes.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      8188df17
  2. 22 Apr, 2013 2 commits
    • Chuck Lever's avatar
      NFS: Retry SETCLIENTID with AUTH_SYS instead of AUTH_NONE · 79d852bf
      Chuck Lever authored
      Recently I changed the SETCLIENTID code to use AUTH_GSS(krb5i), and
      then retry with AUTH_NONE if that didn't work.  This was to enable
      Kerberos NFS mounts to work without forcing Linux NFS clients to
      have a keytab on hand.
      
      Rick Macklem reports that the FreeBSD server accepts AUTH_NONE only
      for NULL operations (thus certainly not for SETCLIENTID).  Falling
      back to AUTH_NONE means our proposed 3.10 NFS client will not
      interoperate with FreeBSD servers over NFSv4 unless Kerberos is
      fully configured on both ends.
      
      If the Linux client falls back to using AUTH_SYS instead for
      SETCLIENTID, all should work fine as long as the NFS server is
      configured to allow AUTH_SYS for SETCLIENTID.
      
      This may still prevent access to Kerberos-only FreeBSD servers by
      Linux clients with no keytab.  Rick is of the opinion that the
      security settings the server applies to its pseudo-fs should also
      apply to the SETCLIENTID operation.
      
      Linux and Solaris NFS servers do not place that limitation on
      SETCLIENTID.  The security settings for the server's pseudo-fs are
      determined automatically as the union of security flavors allowed on
      real exports, as recommended by RFC 3530bis; and the flavors allowed
      for SETCLIENTID are all flavors supported by the respective server
      implementation.
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      79d852bf
    • Trond Myklebust's avatar
      NFSv4: Ensure that we clear the NFS_OPEN_STATE flag when appropriate · fd068b20
      Trond Myklebust authored
      We should always clear it before initiating file recovery.
      Also ensure that we clear it after a CLOSE and/or after TEST_STATEID fails.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      fd068b20
  3. 21 Apr, 2013 1 commit
  4. 20 Apr, 2013 2 commits
  5. 19 Apr, 2013 1 commit
  6. 16 Apr, 2013 1 commit
  7. 14 Apr, 2013 3 commits
  8. 12 Apr, 2013 1 commit
  9. 11 Apr, 2013 1 commit
  10. 10 Apr, 2013 2 commits
  11. 09 Apr, 2013 3 commits
  12. 08 Apr, 2013 1 commit
    • Trond Myklebust's avatar
      NFSv4: Handle timeouts correctly when probing for lease validity · bc7a05ca
      Trond Myklebust authored
      When we send a RENEW or SEQUENCE operation in order to probe if the
      lease is still valid, we want it to be able to time out since the
      lease we are probing is likely to time out too. Currently, because
      we use soft mount semantics for these RPC calls, the return value
      is EIO, which causes the state manager to exit with an "unhandled
      error" message.
      This patch changes the call semantics, so that the RPC layer returns
      ETIMEDOUT instead of EIO. We then have the state manager default to
      a simple retry instead of exiting.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      bc7a05ca
  13. 05 Apr, 2013 17 commits