From patchwork Tue Jun 28 18:25:41 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 925732 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.4) with ESMTP id p5SIgqZ8004724 for ; Tue, 28 Jun 2011 18:42:56 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932081Ab1F1S2H (ORCPT ); Tue, 28 Jun 2011 14:28:07 -0400 Received: from mail-iy0-f174.google.com ([209.85.210.174]:44869 "EHLO mail-iy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1760495Ab1F1SZo (ORCPT ); Tue, 28 Jun 2011 14:25:44 -0400 Received: by mail-iy0-f174.google.com with SMTP id 12so373005iyb.19 for ; Tue, 28 Jun 2011 11:25:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:from:subject:to:date:message-id:in-reply-to:references :user-agent:mime-version:content-type:content-transfer-encoding; bh=bSSbnyoAZSHIEW+xQiwacUAVN9rMX7Yp7l9F1GhDgC8=; b=rleXLxUJLMJM+Tnrt/5T70/F+Xsw94ugGyljuW9m25uyIMJadIPlCizrl2TwgH+cz1 XE4/eqiG36yI6X+Lao5GtaV3BjJ4t744P6zKphjrFeVxUz/j8eBcYMFFuR9u6lPXwqYw QJHwLMQsrG2WFG6f+hG4cWik8WLLJNAARUhrU= Received: by 10.42.108.73 with SMTP id g9mr8595325icp.139.1309285543985; Tue, 28 Jun 2011 11:25:43 -0700 (PDT) Received: from seurat.1015granger.net (adsl-99-26-161-222.dsl.sfldmi.sbcglobal.net [99.26.161.222]) by mx.google.com with ESMTPS id ft12sm192618ibb.36.2011.06.28.11.25.42 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 28 Jun 2011 11:25:43 -0700 (PDT) From: Chuck Lever Subject: [PATCH 2/2] NFS: Allow sec=none mounts in certain cases To: linux-nfs@vger.kernel.org Date: Tue, 28 Jun 2011 14:25:41 -0400 Message-ID: <20110628182540.2866.42553.stgit@seurat.1015granger.net> In-Reply-To: <20110628181324.2866.98154.stgit@seurat.1015granger.net> References: <20110628181324.2866.98154.stgit@seurat.1015granger.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Tue, 28 Jun 2011 18:42:56 +0000 (UTC) There is an undocumented convention (verified by reviewing network traces from a NetApp filer and a Solaris NFS server) where a server that returns a mount authflavor list containing an AUTH_NULL entry is actually indicating it will accept any security flavor for the export being mounted. This might be used when the server maps all security flavors into the same security mode. For example, the server treats all accessors as, say, UID 17. Essentially, AUTH_NULL is treated as a wildcard that matches the flavor the mounter requested. Signed-off-by: Chuck Lever --- fs/nfs/super.c | 15 +++++++++++---- 1 files changed, 11 insertions(+), 4 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/nfs/super.c b/fs/nfs/super.c index 4625a4c..543cf9f 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -1570,13 +1570,20 @@ static int nfs_walk_authlist(struct nfs_parsed_mount_data *args, * the first flavor in the list that it supports, on the * assumption that the best access is provided by the first * flavor." + * + * By convention we treat AUTH_NULL in the returned list as + * a wild card. The server will map our requested flavor to + * something else. */ - for (i = 0; i < args->auth_flavor_len; i++) - for (j = 0; j < server_authlist_len; j++) - if (args->auth_flavors[i] == server->auth_flavs[j]) { - args->auth_flavors[0] = server->auth_flavs[j]; + for (i = 0; i < server_authlist_len; i++) { + if (server->auth_flavs[i] == RPC_AUTH_NULL) + goto out; + for (j = 0; j < args->auth_flavor_len; j++) + if (server->auth_flavs[i] == args->auth_flavors[j]) { + args->auth_flavors[0] = server->auth_flavs[i]; goto out; } + } dfprintk(MOUNT, "NFS: server does not support requested auth flavor\n"); nfs_umount(server);