From patchwork Thu Nov 7 19:09:24 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Dickson X-Patchwork-Id: 3154111 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 735369F3C4 for ; Thu, 7 Nov 2013 19:09:31 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 0831320459 for ; Thu, 7 Nov 2013 19:09:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F0ECD20457 for ; Thu, 7 Nov 2013 19:09:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751924Ab3KGTJ1 (ORCPT ); Thu, 7 Nov 2013 14:09:27 -0500 Received: from mx1.redhat.com ([209.132.183.28]:59635 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750940Ab3KGTJ1 (ORCPT ); Thu, 7 Nov 2013 14:09:27 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rA7J9QTs019946 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 7 Nov 2013 14:09:26 -0500 Received: from bighat.boston.devel.redhat.com (bighat.boston.devel.redhat.com [10.19.60.55]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rA7J9Qgo005776; Thu, 7 Nov 2013 14:09:26 -0500 From: Steve Dickson To: Trond Myklebust Cc: Linux NFS Mailing list Subject: [PATCH] Adding the nfs4_use_min_auth module parameter Date: Thu, 7 Nov 2013 14:09:24 -0500 Message-Id: <1383851364-8370-1-git-send-email-steved@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This new module parameter makes the v4 client use the minimal authentication flavor (AUTH_UNIX) when establishing NFSV4 state and doing the pseudoroot lookup Signed-off-by: Steve Dickson --- fs/nfs/nfs4_fs.h | 1 + fs/nfs/nfs4client.c | 8 ++++++-- fs/nfs/nfs4proc.c | 4 +++- fs/nfs/super.c | 6 +++++- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h index 28842ab..20bf925 100644 --- a/fs/nfs/nfs4_fs.h +++ b/fs/nfs/nfs4_fs.h @@ -438,6 +438,7 @@ extern bool nfs4_disable_idmapping; extern unsigned short max_session_slots; extern unsigned short send_implementation_id; extern bool recover_lost_locks; +extern bool nfs4_use_min_auth; #define NFS4_CLIENT_ID_UNIQ_LEN (64) extern char nfs4_client_id_uniquifier[NFS4_CLIENT_ID_UNIQ_LEN]; diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c index a860ab5..ff85991 100644 --- a/fs/nfs/nfs4client.c +++ b/fs/nfs/nfs4client.c @@ -355,6 +355,7 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, char buf[INET6_ADDRSTRLEN + 1]; struct nfs_client *old; int error; + rpc_authflavor_t flavor = RPC_AUTH_GSS_KRB5I; if (clp->cl_cons_state == NFS_CS_READY) { /* the client is initialised already */ @@ -368,8 +369,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, if (clp->cl_minorversion != 0) __set_bit(NFS_CS_INFINITE_SLOTS, &clp->cl_flags); __set_bit(NFS_CS_DISCRTRY, &clp->cl_flags); - error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_GSS_KRB5I); - if (error == -EINVAL) + + if (nfs4_use_min_auth) + flavor = RPC_AUTH_UNIX; + error = nfs_create_rpc_client(clp, timeparms, flavor); + if (error == -EINVAL && flavor != RPC_AUTH_UNIX) error = nfs_create_rpc_client(clp, timeparms, RPC_AUTH_UNIX); if (error < 0) goto error; diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index d53d678..00162cb 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -2864,7 +2864,9 @@ static int nfs4_find_root_sec(struct nfs_server *server, struct nfs_fh *fhandle, int status = -EPERM; size_t i; - for (i = 0; i < ARRAY_SIZE(flav_array); i++) { + if (nfs4_use_min_auth) + status = nfs4_lookup_root_sec(server, fhandle, info, RPC_AUTH_UNIX); + else for (i = 0; i < ARRAY_SIZE(flav_array); i++) { status = nfs4_lookup_root_sec(server, fhandle, info, flav_array[i]); if (status == -NFS4ERR_WRONGSEC || status == -EACCES) continue; diff --git a/fs/nfs/super.c b/fs/nfs/super.c index a03b9c6..42b4f9b 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -2791,6 +2791,7 @@ unsigned short max_session_slots = NFS4_DEF_SLOT_TABLE_SIZE; unsigned short send_implementation_id = 1; char nfs4_client_id_uniquifier[NFS4_CLIENT_ID_UNIQ_LEN] = ""; bool recover_lost_locks = false; +bool nfs4_use_min_auth = false; EXPORT_SYMBOL_GPL(nfs_callback_set_tcpport); EXPORT_SYMBOL_GPL(nfs_callback_tcpport); @@ -2800,6 +2801,7 @@ EXPORT_SYMBOL_GPL(max_session_slots); EXPORT_SYMBOL_GPL(send_implementation_id); EXPORT_SYMBOL_GPL(nfs4_client_id_uniquifier); EXPORT_SYMBOL_GPL(recover_lost_locks); +EXPORT_SYMBOL_GPL(nfs4_use_min_auth); #define NFS_CALLBACK_MAXPORTNR (65535U) @@ -2842,5 +2844,7 @@ MODULE_PARM_DESC(recover_lost_locks, "If the server reports that a lock might be lost, " "try to recover it risking data corruption."); - +module_param(nfs4_use_min_auth, bool, 0644); +MODULE_PARM_DESC(nfs4_use_min_auth, + "Use mimnal auth in SETCLIENTID operation"); #endif /* CONFIG_NFS_V4 */