@@ -1541,15 +1541,19 @@ out_security_failure:
}
/*
- * Match the requested auth flavors with the list returned by
- * the server. Returns zero and sets the mount's authentication
- * flavor on success; returns -EACCES if server does not support
- * the requested flavor.
+ * Match the requested auth flavors with the list returned by the
+ * server. args->auth_flavors contains a list of security flavors
+ * to check for. The caller has already set up the list of flavors
+ * with the default (usually AUTH_SYS).
+ *
+ * Returns zero on success; the authentication flavor in args->
+ * auth_flavors[0] should be used for this mount. Otherwise, returns
+ * -EACCES if server does not support the requested flavor.
*/
static int nfs_walk_authlist(struct nfs_parsed_mount_data *args,
- struct nfs_mount_request *request)
+ struct nfs_mount_request *server)
{
- unsigned int i, j, server_authlist_len = *(request->auth_flav_len);
+ unsigned int i, j, server_authlist_len = *(server->auth_flav_len);
/*
* Certain releases of Linux's mountd return an empty
@@ -1559,31 +1563,28 @@ static int nfs_walk_authlist(struct nfs_parsed_mount_data *args,
* if the returned flavor list is empty.
*/
if (server_authlist_len == 0)
- return 0;
+ goto out;
/*
- * We avoid sophisticated negotiating here, as there are
- * plenty of cases where we can get it wrong, providing
- * either too little or too much security.
- *
- * RFC 2623, section 2.7 suggests we SHOULD prefer the
- * flavor listed first. However, some servers list
- * AUTH_NULL first. Our caller plants AUTH_SYS, the
- * preferred default, in args->auth_flavors[0] if user
- * didn't specify sec= mount option.
+ * RFC 2623 section 2.7 says "... a NFS client SHOULD use
+ * the first flavor in the list that it supports, on the
+ * assumption that the best access is provided by the first
+ * flavor."
*/
for (i = 0; i < args->auth_flavor_len; i++)
for (j = 0; j < server_authlist_len; j++)
- if (args->auth_flavors[i] == request->auth_flavs[j]) {
- dfprintk(MOUNT, "NFS: using auth flavor %d\n",
- request->auth_flavs[j]);
- args->auth_flavors[0] = request->auth_flavs[j];
- return 0;
+ if (args->auth_flavors[i] == server->auth_flavs[j]) {
+ args->auth_flavors[0] = server->auth_flavs[j];
+ goto out;
}
dfprintk(MOUNT, "NFS: server does not support requested auth flavor\n");
- nfs_umount(request);
+ nfs_umount(server);
return -EACCES;
+
+out:
+ dfprintk(MOUNT, "NFS: using auth flavor %d\n", args->auth_flavors[0]);
+ return 0;
}
/*
Clean up: Add common exit labels in preparation for the following patch. Clarify comments. Rename variable for clarity. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- fs/nfs/super.c | 45 +++++++++++++++++++++++---------------------- 1 files changed, 23 insertions(+), 22 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html