diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-09-07 12:58:57 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-09-07 16:18:30 -0400 |
commit | 5e6b19901b763f502e62b5fd4f583778df983ce7 (patch) | |
tree | f407c8014634062f1f02a7528801dd1b4868e6ba /fs/nfs/nfs4proc.c | |
parent | 19e7b8d240702297d837891694f463435910f718 (diff) | |
download | lwn-5e6b19901b763f502e62b5fd4f583778df983ce7.tar.gz lwn-5e6b19901b763f502e62b5fd4f583778df983ce7.zip |
NFSv4: Fix security auto-negotiation
NFSv4 security auto-negotiation has been broken since
commit 4580a92d44e2b21c2254fa5fef0f1bfb43c82318 (NFS:
Use server-recommended security flavor by default (NFSv3))
because nfs4_try_mount() will automatically select AUTH_SYS
if it sees no auth flavours.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'fs/nfs/nfs4proc.c')
-rw-r--r-- | fs/nfs/nfs4proc.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index cb56102ad40e..68551ea0b673 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -2884,18 +2884,27 @@ static int nfs4_do_find_root_sec(struct nfs_server *server, * @server: initialized nfs_server handle * @fhandle: we fill in the pseudo-fs root file handle * @info: we fill in an FSINFO struct + * @auth_probe: probe the auth flavours * * Returns zero on success, or a negative errno. */ int nfs4_proc_get_rootfh(struct nfs_server *server, struct nfs_fh *fhandle, - struct nfs_fsinfo *info) + struct nfs_fsinfo *info, + bool auth_probe) { int status; - status = nfs4_lookup_root(server, fhandle, info); - if ((status == -NFS4ERR_WRONGSEC) && - !(server->flags & NFS_MOUNT_SECFLAVOUR)) + switch (auth_probe) { + case false: + status = nfs4_lookup_root(server, fhandle, info); + if (status != -NFS4ERR_WRONGSEC) + break; + /* Did user force a 'sec=' mount option? */ + if (server->flags & NFS_MOUNT_SECFLAVOUR) + break; + default: status = nfs4_do_find_root_sec(server, fhandle, info); + } if (status == 0) status = nfs4_server_capabilities(server, fhandle); |