From patchwork Mon Jun 9 19:33:20 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Adamson X-Patchwork-Id: 4323191 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 25704BEEAA for ; Mon, 9 Jun 2014 19:33:34 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 49CDA201FE for ; Mon, 9 Jun 2014 19:33:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6502420204 for ; Mon, 9 Jun 2014 19:33:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753831AbaFITd3 (ORCPT ); Mon, 9 Jun 2014 15:33:29 -0400 Received: from mx11.netapp.com ([216.240.18.76]:49950 "EHLO mx11.netapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750878AbaFITd2 (ORCPT ); Mon, 9 Jun 2014 15:33:28 -0400 X-IronPort-AV: E=Sophos;i="4.98,1003,1392192000"; d="scan'208";a="127722252" Received: from vmwexceht01-prd.hq.netapp.com ([10.106.76.239]) by mx11-out.netapp.com with ESMTP; 09 Jun 2014 12:33:28 -0700 Received: from VMWEXCHTS02-PRD.hq.netapp.com (10.122.105.23) by vmwexceht01-prd.hq.netapp.com (10.106.76.239) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 9 Jun 2014 12:33:28 -0700 Received: from smtp1.corp.netapp.com (10.57.156.124) by VMWEXCHTS02-PRD.hq.netapp.com (10.122.105.23) with Microsoft SMTP Server id 15.0.847.32; Mon, 9 Jun 2014 12:33:27 -0700 Received: from netapp42.cthon.org (vpn2ntap-43268.vpn.netapp.com [10.55.72.229]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id s59JXO2i018048; Mon, 9 Jun 2014 12:33:26 -0700 (PDT) From: To: CC: , Andy Adamson Subject: [PATCH 2/3] NFS Return -EPERM if no supported or matching SECINFO flavor Date: Mon, 9 Jun 2014 15:33:20 -0400 Message-ID: <1402342401-5640-3-git-send-email-andros@netapp.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1402342401-5640-1-git-send-email-andros@netapp.com> References: <1402342401-5640-1-git-send-email-andros@netapp.com> MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Andy Adamson Do not return RPC_AUTH_UNIX if SEINFO reply tests fail. This prevents an infinite loop of NFS4ERR_WRONGSEC for non RPC_AUTH_UNIX mounts. Without this patch, a mount with no sec= option to a server that does not include RPC_AUTH_UNIX in the SECINFO return can be presented with an attemtp to use RPC_AUTH_UNIX which will result in an NFS4ERR_WRONG_SEC which will prompt the SECINFO call which will again try RPC_AUTH_UNIX.... Signed-off-by: Andy Adamson --- fs/nfs/nfs4namespace.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c index 1b86fef..fd4dcb6 100644 --- a/fs/nfs/nfs4namespace.c +++ b/fs/nfs/nfs4namespace.c @@ -140,10 +140,11 @@ static size_t nfs_parse_server_name(char *string, size_t len, * @flavors: List of security tuples returned by SECINFO procedure * * Return the pseudoflavor of the first security mechanism in - * "flavors" that is locally supported. Return RPC_AUTH_UNIX if - * no matching flavor is found in the array. The "flavors" array + * "flavors" that is locally supported. The "flavors" array * is searched in the order returned from the server, per RFC 3530 * recommendation. + * + * Return -EPERM if no matching flavor is found in the array. */ static rpc_authflavor_t nfs_find_best_sec(struct nfs_server *server, struct nfs4_secinfo_flavors *flavors) @@ -170,11 +171,7 @@ static rpc_authflavor_t nfs_find_best_sec(struct nfs_server *server, } } - /* if there were any sec= options then nothing matched */ - if (server->auth_info.flavor_len > 0) - return -EPERM; - - return RPC_AUTH_UNIX; + return -EPERM; } static rpc_authflavor_t nfs4_negotiate_security(struct inode *inode, struct qstr *name)