Commit 8f70e95f authored by Bryan Schumaker's avatar Bryan Schumaker Committed by Trond Myklebust

NFS: Determine initial mount security

When sec=<something> is not presented as a mount option,
we should attempt to determine what security flavor the
server is using.
Signed-off-by: default avatarBryan Schumaker <bjschuma@netapp.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 7ebb9315
...@@ -41,6 +41,7 @@ ...@@ -41,6 +41,7 @@
#include <linux/string.h> #include <linux/string.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/sunrpc/clnt.h> #include <linux/sunrpc/clnt.h>
#include <linux/sunrpc/gss_api.h>
#include <linux/nfs.h> #include <linux/nfs.h>
#include <linux/nfs4.h> #include <linux/nfs4.h>
#include <linux/nfs_fs.h> #include <linux/nfs_fs.h>
...@@ -2191,15 +2192,43 @@ static int nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle, ...@@ -2191,15 +2192,43 @@ static int nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle,
return err; return err;
} }
static int nfs4_lookup_root_sec(struct nfs_server *server, struct nfs_fh *fhandle,
struct nfs_fsinfo *info, rpc_authflavor_t flavor)
{
struct rpc_auth *auth;
int ret;
auth = rpcauth_create(flavor, server->client);
if (!auth) {
ret = -EIO;
goto out;
}
ret = nfs4_lookup_root(server, fhandle, info);
if (ret < 0)
ret = -EAGAIN;
out:
return ret;
}
/* /*
* get the file handle for the "/" directory on the server * get the file handle for the "/" directory on the server
*/ */
static int nfs4_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle, static int nfs4_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
struct nfs_fsinfo *info) struct nfs_fsinfo *info)
{ {
int status; int i, len, status = 0;
rpc_authflavor_t flav_array[NFS_MAX_SECFLAVORS + 2];
status = nfs4_lookup_root(server, fhandle, info); flav_array[0] = RPC_AUTH_UNIX;
len = gss_mech_list_pseudoflavors(&flav_array[1]);
flav_array[1+len] = RPC_AUTH_NULL;
len += 2;
for (i = 0; i < len; i++) {
status = nfs4_lookup_root_sec(server, fhandle, info, flav_array[i]);
if (status == 0)
break;
}
if (status == 0) if (status == 0)
status = nfs4_server_capabilities(server, fhandle); status = nfs4_server_capabilities(server, fhandle);
if (status == 0) if (status == 0)
......
...@@ -126,6 +126,9 @@ struct gss_api_mech *gss_mech_get_by_name(const char *); ...@@ -126,6 +126,9 @@ struct gss_api_mech *gss_mech_get_by_name(const char *);
/* Similar, but get by pseudoflavor. */ /* Similar, but get by pseudoflavor. */
struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32); struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
/* Fill in an array with a list of supported pseudoflavors */
int gss_mech_list_pseudoflavors(u32 *);
/* Just increments the mechanism's reference count and returns its input: */ /* Just increments the mechanism's reference count and returns its input: */
struct gss_api_mech * gss_mech_get(struct gss_api_mech *); struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
......
...@@ -215,6 +215,22 @@ gss_mech_get_by_pseudoflavor(u32 pseudoflavor) ...@@ -215,6 +215,22 @@ gss_mech_get_by_pseudoflavor(u32 pseudoflavor)
EXPORT_SYMBOL_GPL(gss_mech_get_by_pseudoflavor); EXPORT_SYMBOL_GPL(gss_mech_get_by_pseudoflavor);
int gss_mech_list_pseudoflavors(rpc_authflavor_t *array_ptr)
{
struct gss_api_mech *pos = NULL;
int i = 0;
spin_lock(&registered_mechs_lock);
list_for_each_entry(pos, &registered_mechs, gm_list) {
array_ptr[i] = pos->gm_pfs->pseudoflavor;
i++;
}
spin_unlock(&registered_mechs_lock);
return i;
}
EXPORT_SYMBOL_GPL(gss_mech_list_pseudoflavors);
u32 u32
gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 service) gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 service)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment