NFS: Determine initial mount security
authorBryan Schumaker <bjschuma@netapp.com>
Thu, 24 Mar 2011 17:12:31 +0000 (17:12 +0000)
committerTrond Myklebust <Trond.Myklebust@netapp.com>
Thu, 24 Mar 2011 17:52:42 +0000 (13:52 -0400)
When sec=<something> is not presented as a mount option,
we should attempt to determine what security flavor the
server is using.

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fs/nfs/nfs4proc.c
include/linux/sunrpc/gss_api.h
net/sunrpc/auth_gss/gss_mech_switch.c

index 563463777d9d22d0319795d0a6b16adcfb4dc028..f9150f03d6400d136f48415daef0f0827f050929 100644 (file)
@@ -41,6 +41,7 @@
 #include <linux/string.h>
 #include <linux/slab.h>
 #include <linux/sunrpc/clnt.h>
+#include <linux/sunrpc/gss_api.h>
 #include <linux/nfs.h>
 #include <linux/nfs4.h>
 #include <linux/nfs_fs.h>
@@ -2191,15 +2192,43 @@ static int nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle,
        return err;
 }
 
+static int nfs4_lookup_root_sec(struct nfs_server *server, struct nfs_fh *fhandle,
+                               struct nfs_fsinfo *info, rpc_authflavor_t flavor)
+{
+       struct rpc_auth *auth;
+       int ret;
+
+       auth = rpcauth_create(flavor, server->client);
+       if (!auth) {
+               ret = -EIO;
+               goto out;
+       }
+       ret = nfs4_lookup_root(server, fhandle, info);
+       if (ret < 0)
+               ret = -EAGAIN;
+out:
+       return ret;
+}
+
 /*
  * get the file handle for the "/" directory on the server
  */
 static int nfs4_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
                              struct nfs_fsinfo *info)
 {
-       int status;
+       int i, len, status = 0;
+       rpc_authflavor_t flav_array[NFS_MAX_SECFLAVORS + 2];
 
-       status = nfs4_lookup_root(server, fhandle, info);
+       flav_array[0] = RPC_AUTH_UNIX;
+       len = gss_mech_list_pseudoflavors(&flav_array[1]);
+       flav_array[1+len] = RPC_AUTH_NULL;
+       len += 2;
+
+       for (i = 0; i < len; i++) {
+               status = nfs4_lookup_root_sec(server, fhandle, info, flav_array[i]);
+               if (status == 0)
+                       break;
+       }
        if (status == 0)
                status = nfs4_server_capabilities(server, fhandle);
        if (status == 0)
index 5d8048beb0517b056ce119dd6e92b08998becbd6..332da61cf8b71fc73d802b2609210f46641a9ea1 100644 (file)
@@ -126,6 +126,9 @@ struct gss_api_mech *gss_mech_get_by_name(const char *);
 /* Similar, but get by pseudoflavor. */
 struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
 
+/* Fill in an array with a list of supported pseudoflavors */
+int gss_mech_list_pseudoflavors(u32 *);
+
 /* Just increments the mechanism's reference count and returns its input: */
 struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
 
index 6c844b01a1d19a9acf66f1f78754515afb4250de..e3c36a2744128a47b94537e00a78e5055a5a7fe5 100644 (file)
@@ -215,6 +215,22 @@ gss_mech_get_by_pseudoflavor(u32 pseudoflavor)
 
 EXPORT_SYMBOL_GPL(gss_mech_get_by_pseudoflavor);
 
+int gss_mech_list_pseudoflavors(rpc_authflavor_t *array_ptr)
+{
+       struct gss_api_mech *pos = NULL;
+       int i = 0;
+
+       spin_lock(&registered_mechs_lock);
+       list_for_each_entry(pos, &registered_mechs, gm_list) {
+               array_ptr[i] = pos->gm_pfs->pseudoflavor;
+               i++;
+       }
+       spin_unlock(&registered_mechs_lock);
+       return i;
+}
+
+EXPORT_SYMBOL_GPL(gss_mech_list_pseudoflavors);
+
 u32
 gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 service)
 {