From patchwork Thu Aug 30 20:53:58 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 1389581 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id B6A8D3FC33 for ; Thu, 30 Aug 2012 20:54:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752010Ab2H3UyH (ORCPT ); Thu, 30 Aug 2012 16:54:07 -0400 Received: from mail-pb0-f46.google.com ([209.85.160.46]:60811 "EHLO mail-pb0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751865Ab2H3UyF (ORCPT ); Thu, 30 Aug 2012 16:54:05 -0400 Received: by pbbrr13 with SMTP id rr13so3758610pbb.19 for ; Thu, 30 Aug 2012 13:54:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:subject:to:date:message-id:user-agent:mime-version :content-type:content-transfer-encoding; bh=x0HRhOg8EtOofSlQmAcK4EGWCkSKDBRmq+FurxjiKTE=; b=q/9GBXIyEBELorQ0bI+wzoPcgGbWOTQXUPz1KIpVsb1g+09mgucwM/Ks2gwLaRmt31 TTbeVLUm5O4ZZGSlYiI8r8NZafw327yODWlo2aGTGFiNl3Y1GeBgJ0FD7mWPC+6FpvMK 4ZpB5eS8HEvfvRRnqdCfhWIDU6hQVptZz6Qc2+qS8X8Gnz5uobgYt9HtuhI6GnTRAHvI GAyVEl53sUxPaxclDtJ1taAy/iAp+oaYKF6ZhLY2ny1lpAqAJWBk/CLa721+kUlgtUh+ 8TrULqCTVrsd3Jz7LEGBWzQhGBvYUX2Hrylozdzi1GTOAc04a2xtvav4XIOWcklRInDT 4bpg== Received: by 10.68.134.97 with SMTP id pj1mr13338750pbb.55.1346360045091; Thu, 30 Aug 2012 13:54:05 -0700 (PDT) Received: from seurat.1015granger.net ([38.96.16.75]) by mx.google.com with ESMTPS id kp3sm2144950pbc.64.2012.08.30.13.54.00 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 30 Aug 2012 13:54:02 -0700 (PDT) From: Chuck Lever Subject: [PATCH] NFS: Filter auth flavors returned by MNT3 To: linux-nfs@vger.kernel.org Date: Thu, 30 Aug 2012 13:53:58 -0700 Message-ID: <20120830204930.3101.99200.stgit@seurat.1015granger.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Use the new rpcauth_list_flavors() API introduced in commit 6a1a1e34 to prevent legacy NFS mounts from attempting to use security flavors that the local RPC client does not support. Signed-off-by: Chuck Lever --- I don't remember exactly what we wanted to do here. Trond, do you recall? fs/nfs/mount_clnt.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 91 insertions(+), 0 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/nfs/mount_clnt.c b/fs/nfs/mount_clnt.c index 8e65c7f..3e39678 100644 --- a/fs/nfs/mount_clnt.c +++ b/fs/nfs/mount_clnt.c @@ -135,6 +135,88 @@ struct mnt_fhstatus { struct nfs_fh *fh; }; +/* + * Predicate: return true if info->auth_flavs[] contains "flavor" + */ +static bool flavor_found(struct nfs_mount_request *info, + rpc_authflavor_t flavor) +{ + unsigned int i, max = *info->auth_flav_len; + + for (i = 0; i < max; i++) { + if (info->auth_flavs[i] == flavor) { + return true; + } + } + return false; +} + +static int do_filter_flavors(rpc_authflavor_t *supported, + unsigned int sup_size, + struct nfs_mount_request *info) +{ + unsigned int i, j, max = *info->auth_flav_len; + rpc_authflavor_t *good; + int status; + + good = kcalloc(max, sizeof(*good), GFP_KERNEL); + if (good == NULL) { + status = -ENOMEM; + goto out; + } + + j = 0; + for (i = 0; i < sup_size; i++) { + if (flavor_found(info, supported[i])) { + good[j++] = supported[i]; + } + } + + if (j == 0) { + /* no supported flavors found */ + status = -EACCES; + goto out; + } + + for (i = 0; i < j; i++) { + info->auth_flavs[i] = good[i]; + } + *info->auth_flav_len = j; + status = 0; + +out: + kfree(good); + return status; +} + +/* + * Flavors not supported locally are removed from the flavor list + * returned from the server. On success, update the server's + * flavor list and return zero. Otherwise a negative errno + * is returned. + */ +static int nfs_filter_auth_flavors(struct nfs_mount_request *info) +{ + int status, sup_size = NFS_MAX_SECFLAVORS; + rpc_authflavor_t *supported; + + supported = kcalloc(sup_size, sizeof(*supported), GFP_KERNEL); + if (supported == NULL) { + status = -ENOMEM; + goto out; + } + + status = rpcauth_list_flavors(supported, sup_size); + if (status < 0) + goto out; + + status = do_filter_flavors(supported, status, info); + +out: + kfree(supported); + return status; +} + /** * nfs_mount - Obtain an NFS file handle for the given host and path * @info: pointer to mount request arguments @@ -189,6 +271,12 @@ int nfs_mount(struct nfs_mount_request *info) if (result.errno != 0) goto out_mnt_err; + if (info->version == NFS_MNT3_VERSION) { + status = nfs_filter_auth_flavors(info); + if (status < 0) + goto out_filter_err; + } + dprintk("NFS: MNT request succeeded\n"); status = 0; @@ -208,6 +296,9 @@ out_mnt_err: dprintk("NFS: MNT server returned result %d\n", result.errno); status = result.errno; goto out; +out_filter_err: + dprintk("NFS: error %d filtering flavors\n", status); + goto out; } /**