korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-27 00:04:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
b1b3e13694
linux/fs/nfs
History
Weston Andros Adamson b1b3e13694 NFSv4: use mach cred for SECINFO_NO_NAME w/ integrity 
Commit 97431204ea introduced a regression
that causes SECINFO_NO_NAME to fail without sending an RPC if:

 1) the nfs_client's rpc_client is using krb5i/p (now tried by default)
 2) the current user doesn't have valid kerberos credentials

This situation is quite common - as of now a sec=sys mount would use
krb5i for the nfs_client's rpc_client and a user would hardly be faulted
for not having run kinit.

The solution is to use the machine cred when trying to use an integrity
protected auth flavor for SECINFO_NO_NAME.

Older servers may not support using the machine cred or an integrity
protected auth flavor for SECINFO_NO_NAME in every circumstance, so we fall
back to using the user's cred and the filesystem's auth flavor in this case.

We run into another problem when running against linux nfs servers -
they return NFS4ERR_WRONGSEC when using integrity auth flavor (unless the
mount is also that flavor) even though that is not a valid error for
SECINFO*.  Even though it's against spec, handle WRONGSEC errors on
SECINFO_NO_NAME by falling back to using the user cred and the
filesystem's auth flavor.

Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-07 18:39:25 -04:00
..
blocklayout NFSv4.1 use pnfs_device maxcount for the blocklayout gdia_maxcount 2013-06-28 15:34:44 -04:00
objlayout NFSv4.1 use pnfs_device maxcount for the objectlayout gdia_maxcount 2013-06-28 15:34:45 -04:00
cache_lib.c NFS: simplify and clean cache library 2013-02-15 10:43:36 -05:00
cache_lib.h NFS: simplify and clean cache library 2013-02-15 10:43:36 -05:00
callback_proc.c NFS: When displaying session slot numbers, use "%u" consistently 2013-09-03 15:26:30 -04:00
callback_xdr.c Merge branch 'labeled-nfs' into linux-next 2013-06-28 16:29:51 -04:00
callback.c NFS client updates for Linux 3.11 2013-07-09 12:09:43 -07:00
callback.h NFS: Add in v4.2 callback operation 2013-06-08 16:20:18 -04:00
client.c NFS Remove unused authflavour parameter from init_client 2013-08-07 13:09:30 -04:00
delegation.c NFSv4: Add tracepoints for debugging delegations 2013-08-22 08:58:24 -04:00
delegation.h NFSv4: Fix CB_RECALL_ANY to only return delegations that are not in use 2013-04-05 17:03:57 -04:00
dir.c NFS: Ensure that rmdir() waits for sillyrenames to complete 2013-09-03 15:26:29 -04:00
direct.c nfs: fix page dirtying in NFS DIO read codepath 2012-12-12 12:56:19 -05:00
dns_resolve.c NFSv4: Move the DNS resolver into the NFSv4 module 2013-06-18 13:47:18 -04:00
dns_resolve.h NFS: DNS resolver cache per network namespace context introduced 2012-01-31 18:20:26 -05:00
file.c NFS avoid expired credential keys for buffered writes 2013-09-03 15:25:09 -04:00
fscache-index.c NFS: Use the inode->i_version to cache NFSv4 change attribute information 2011-10-18 09:14:34 -07:00
fscache.c NFS4: Open files for fscaching 2012-12-20 22:19:42 +00:00
fscache.h NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n 2012-12-21 08:06:48 -08:00
getroot.c NFS:Add labels to client function prototypes 2013-06-08 16:20:15 -04:00
idmap.c NFSv4: Convert idmapper to use the new framework for pipefs dentries 2013-09-01 11:12:42 -04:00
inode.c NFS: Add event tracing for generic NFS events 2013-08-22 08:58:17 -04:00
internal.h NFSv4: Fix security auto-negotiation 2013-09-07 16:18:30 -04:00
iostat.h NFS: Squelch compiler warning in nfs_add_server_stats() 2010-05-14 15:09:31 -04:00
Kconfig Kconfig: Add Kconfig entry for Labeled NFS V4 client 2013-06-08 16:20:17 -04:00
Makefile NFS: Enable slot table helpers for NFSv4.0 2013-09-03 15:26:33 -04:00
mount_clnt.c nfs: have nfs_mount fake up a auth_flavs list when the server didn't provide it 2013-06-28 15:51:51 -04:00
namespace.c NFS:Add labels to client function prototypes 2013-06-08 16:20:15 -04:00
netns.h nfs: include NFSv4 header in netns.h 2012-10-02 08:17:02 -07:00
nfs2super.c NFS: Convert v2 into a module 2012-07-30 19:06:41 -04:00
nfs2xdr.c nfs: Convert nfs2xdr to use kuids and kgids 2013-02-13 06:15:30 -08:00
nfs3acl.c userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr 2012-09-18 01:01:35 -07:00
nfs3client.c NFS: Only initialize the ACL client in the v3 case 2012-07-30 19:05:54 -04:00
nfs3proc.c NFSv4: Don't try to recover NFSv4 locks when they are lost. 2013-09-04 12:26:32 -04:00
nfs3super.c NFS: Convert v3 into a module 2012-07-30 19:06:46 -04:00
nfs3xdr.c nfs: Convert nfs3xdr to use kuids and kgids 2013-02-13 06:15:31 -08:00
nfs4_fs.h NFSv4: Fix security auto-negotiation 2013-09-07 16:18:30 -04:00
nfs4client.c NFSv4: Allow security autonegotiation for submounts 2013-09-07 17:52:42 -04:00
nfs4file.c NFSv4: Move dentry instantiation into the NFSv4-specific atomic open code 2013-06-06 16:24:43 -04:00
nfs4filelayout.c NFSv4.1 Use MDS auth flavor for data server connection 2013-09-06 14:49:16 -04:00
nfs4filelayout.h NFSv4.1: Use layout credentials for get_deviceinfo calls 2013-06-06 16:24:37 -04:00
nfs4filelayoutdev.c NFSv4.1 Fix gdia_maxcount calculation to fit in ca_maxresponsesize 2013-06-28 15:34:43 -04:00
nfs4getroot.c NFSv4: Fix security auto-negotiation 2013-09-07 16:18:30 -04:00
nfs4namespace.c NFSv4: Allow security autonegotiation for submounts 2013-09-07 17:52:42 -04:00
nfs4proc.c NFSv4: use mach cred for SECINFO_NO_NAME w/ integrity 2013-09-07 18:39:25 -04:00
nfs4renewd.c workqueue: use mod_delayed_work() instead of cancel + queue 2012-08-13 16:27:37 -07:00
nfs4session.c When CONFIG_NFS_V4_1 is not enabled, "make C=2" emits this warning: 2013-09-04 12:26:30 -04:00
nfs4session.h When CONFIG_NFS_V4_1 is not enabled, "make C=2" emits this warning: 2013-09-04 12:26:30 -04:00
nfs4state.c NFSv4: Don't try to recover NFSv4 locks when they are lost. 2013-09-04 12:26:32 -04:00
nfs4super.c NFSv4: Fix security auto-negotiation 2013-09-07 16:18:30 -04:00
nfs4sysctl.c nfs: include nfs4_fh.h in nfs4sysctl.c 2012-10-02 08:17:03 -07:00
nfs4trace.c NFSv4.1: Add tracepoints for debugging slot table operations 2013-08-22 08:58:27 -04:00
nfs4trace.h NFSv4.1: Add tracepoints for debugging test_stateid events 2013-08-22 08:58:27 -04:00
nfs4xdr.c nfs4.1: Minimal SP4_MACH_CRED implementation 2013-09-05 10:40:45 -04:00
nfs.h NFS: Convert v4 into a module 2012-07-30 19:06:52 -04:00
nfsroot.c SUNRPC/NFS: Add Kbuild dependencies for NFS_DEBUG/RPC_DEBUG 2012-03-20 13:08:26 -04:00
nfstrace.c NFS: Add event tracing for generic NFS lookups 2013-08-22 08:58:18 -04:00
nfstrace.h NFS: Add tracepoints for debugging NFS hard links 2013-08-22 08:58:20 -04:00
pagelist.c NFS: Don't check lock owner compatability unless file is locked (part 2) 2013-09-06 11:27:41 -04:00
pnfs_dev.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
pnfs.c NFSv4: Add tracepoints for debugging reads and writes 2013-08-22 08:58:26 -04:00
pnfs.h NFSv4.1 Fix gdia_maxcount calculation to fit in ca_maxresponsesize 2013-06-28 15:34:43 -04:00
proc.c NFSv4: Don't try to recover NFSv4 locks when they are lost. 2013-09-04 12:26:32 -04:00
read.c NFSv4: Don't try to recover NFSv4 locks when they are lost. 2013-09-04 12:26:32 -04:00
super.c NFS: nfs_compare_super shouldn't check the auth flavour unless 'sec=' was set 2013-09-07 18:38:04 -04:00
symlink.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sysctl.c NFS: Initialize v4 sysctls from nfs_init_v4() 2012-07-17 13:33:18 -04:00
unlink.c NFS: Ensure that rmdir() waits for sillyrenames to complete 2013-09-03 15:26:29 -04:00
write.c NFS: Don't check lock owner compatibility in writes unless file is locked 2013-09-05 18:11:42 -04:00