NFS: Do secinfo as part of lookup

Whenever lookup sees wrongsec do a secinfo and retry the lookup to find attributes of the file or directory, such as "is this a referral mountpoint?". This also allows me to remove handling -NFS4ERR_WRONSEC as part of getattr xdr decoding. Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: Bryan Schumaker <bjschuma@netapp.com> 2012-04-27 13:27:40 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2012-04-27 14:10:02 -0400
commit: 72de53ec4bca39c26709122a8f78bfefe7b6bca4 (patch)
tree: dac32c44281b153df7104037c1e97c11deffae69
parent: db0a9593d52f935c80085d8993bdcead1ad30b0c (diff)
5 files changed, 103 insertions, 20 deletions
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index 2476dc69365f..45966d953169 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -234,7 +234,6 @@ extern const u32 nfs41_maxwrite_overhead;
 /* nfs4proc.c */
 #ifdef CONFIG_NFS_V4
 extern struct rpc_procinfo nfs4_procedures[];
-void nfs_fixup_secinfo_attributes(struct nfs_fattr *, struct nfs_fh *);
 #endif
 extern int nfs4_init_ds_session(struct nfs_client *clp);
diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h
index b6db9e33fb7b..c82c2cda3dfd 100644
--- a/fs/nfs/nfs4_fs.h
+++ b/fs/nfs/nfs4_fs.h
@@ -205,6 +205,9 @@ struct nfs4_state_maintenance_ops {
 extern const struct dentry_operations nfs4_dentry_operations;
 extern const struct inode_operations nfs4_dir_inode_operations;
+/* nfs4namespace.c */
+struct rpc_clnt *nfs4_create_sec_client(struct rpc_clnt *, struct inode *, struct qstr *);
 /* nfs4proc.c */
 extern int nfs4_proc_setclientid(struct nfs_client *, u32, unsigned short, struct rpc_cred *, struct nfs4_setclientid_res *);
 extern int nfs4_proc_setclientid_confirm(struct nfs_client *, struct nfs4_setclientid_res *arg, struct rpc_cred *);
@@ -215,6 +218,7 @@ extern int nfs4_do_close(struct nfs4_state *state, gfp_t gfp_mask, int wait, boo
 extern int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle);
 extern int nfs4_proc_fs_locations(struct inode *dir, const struct qstr *name,
                struct nfs4_fs_locations *fs_locations, struct page *page);
+extern int nfs4_proc_secinfo(struct inode *, const struct qstr *, struct nfs4_secinfo_flavors *);
 extern int nfs4_release_lockowner(struct nfs4_lock_state *);
 extern const struct xattr_handler *nfs4_xattr_handlers[];
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c
index 7483a177dc97..9f8681bf90de 100644
--- a/fs/nfs/nfs4namespace.c
+++ b/fs/nfs/nfs4namespace.c
@@ -132,6 +132,58 @@ static size_t nfs_parse_server_name(char *string, size_t len,
        return ret;
 }
+static rpc_authflavor_t nfs4_negotiate_security(struct inode *inode, struct qstr *name)
+{
+        struct page *page;
+        struct nfs4_secinfo_flavors *flavors;
+        rpc_authflavor_t flavor;
+        int err;
+        page = alloc_page(GFP_KERNEL);
+        if (!page)
+                return -ENOMEM;
+        flavors = page_address(page);
+        err = nfs4_proc_secinfo(inode, name, flavors);
+        if (err < 0) {
+                flavor = err;
+                goto out;
+        }
+        flavor = nfs_find_best_sec(flavors);
+out:
+        put_page(page);
+        return flavor;
+}
+/*
+ * Please call rpc_shutdown_client() when you are done with this client.
+ */
+struct rpc_clnt *nfs4_create_sec_client(struct rpc_clnt *clnt, struct inode *inode,
+                                        struct qstr *name)
+{
+        struct rpc_clnt *clone;
+        struct rpc_auth *auth;
+        rpc_authflavor_t flavor;
+        flavor = nfs4_negotiate_security(inode, name);
+        if (flavor < 0)
+                return ERR_PTR(flavor);
+        clone = rpc_clone_client(clnt);
+        if (IS_ERR(clone))
+                return clone;
+        auth = rpcauth_create(flavor, clone);
+        if (!auth) {
+                rpc_shutdown_client(clone);
+                clone = ERR_PTR(-EIO);
+        }
+        return clone;
+}
 static struct vfsmount *try_location(struct nfs_clone_mount *mountdata,
                                     char *page, char *page2,
                                     const struct nfs4_fs_location *location)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index ff7571f12bb8..3d92fe6be780 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -2528,39 +2528,69 @@ static int _nfs4_proc_lookup(struct rpc_clnt *clnt, struct inode *dir,
        return status;
 }
-void nfs_fixup_secinfo_attributes(struct nfs_fattr *fattr, struct nfs_fh *fh)
+static void nfs_fixup_secinfo_attributes(struct nfs_fattr *fattr)
 {
-        memset(fh, 0, sizeof(struct nfs_fh));
-        fattr->fsid.major = 1;
        fattr->valid |= NFS_ATTR_FATTR_TYPE | NFS_ATTR_FATTR_MODE |
-                NFS_ATTR_FATTR_NLINK | NFS_ATTR_FATTR_FSID | NFS_ATTR_FATTR_MOUNTPOINT;
+                NFS_ATTR_FATTR_NLINK | NFS_ATTR_FATTR_MOUNTPOINT;
        fattr->mode = S_IFDIR | S_IRUGO | S_IXUGO;
        fattr->nlink = 2;
 }
-static int nfs4_proc_lookup(struct rpc_clnt *clnt, struct inode *dir, struct qstr *name,
+static int nfs4_proc_lookup_common(struct rpc_clnt **clnt, struct inode *dir,
-                            struct nfs_fh *fhandle, struct nfs_fattr *fattr)
+                                   struct qstr *name, struct nfs_fh *fhandle,
+                                   struct nfs_fattr *fattr)
 {
        struct nfs4_exception exception = { };
+        struct rpc_clnt *client = *clnt;
        int err;
        do {
-                int status;
+                err = _nfs4_proc_lookup(client, dir, name, fhandle, fattr);
+                switch (err) {
-                status = _nfs4_proc_lookup(clnt, dir, name, fhandle, fattr);
-                switch (status) {
                case -NFS4ERR_BADNAME:
-                        return -ENOENT;
+                        err = -ENOENT;
+                        goto out;
                case -NFS4ERR_MOVED:
-                        return nfs4_get_referral(dir, name, fattr, fhandle);
+                        err = nfs4_get_referral(dir, name, fattr, fhandle);
+                        goto out;
                case -NFS4ERR_WRONGSEC:
-                        nfs_fixup_secinfo_attributes(fattr, fhandle);
+                        err = -EPERM;
+                        if (client != *clnt)
+                                goto out;
+                        client = nfs4_create_sec_client(client, dir, name);
+                        if (IS_ERR(client))
+                                return PTR_ERR(client);
+                        exception.retry = 1;
+                        break;
+                default:
+                        err = nfs4_handle_exception(NFS_SERVER(dir), err, &exception);
                }
-                err = nfs4_handle_exception(NFS_SERVER(dir),
-                                status, &exception);
        } while (exception.retry);
+out:
+        if (err == 0)
+                *clnt = client;
+        else if (client != *clnt)
+                rpc_shutdown_client(client);
        return err;
 }
+static int nfs4_proc_lookup(struct rpc_clnt *clnt, struct inode *dir, struct qstr *name,
+                            struct nfs_fh *fhandle, struct nfs_fattr *fattr)
+{
+        int status;
+        struct rpc_clnt *client = NFS_CLIENT(dir);
+        status = nfs4_proc_lookup_common(&client, dir, name, fhandle, fattr);
+        if (client != NFS_CLIENT(dir)) {
+                rpc_shutdown_client(client);
+                nfs_fixup_secinfo_attributes(fattr);
+        }
+        return status;
+}
 static int _nfs4_proc_access(struct inode *inode, struct nfs_access_entry *entry)
 {
        struct nfs_server *server = NFS_SERVER(inode);
@@ -4996,8 +5026,8 @@ static int _nfs4_proc_secinfo(struct inode *dir, const struct qstr *name, struct
        return status;
 }
-static int nfs4_proc_secinfo(struct inode *dir, const struct qstr *name,
+int nfs4_proc_secinfo(struct inode *dir, const struct qstr *name,
-                struct nfs4_secinfo_flavors *flavors)
+                      struct nfs4_secinfo_flavors *flavors)
 {
        struct nfs4_exception exception = { };
        int err;
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index c77e802db736..c54aae364bee 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -4258,8 +4258,6 @@ static int decode_getfattr_attrs(struct xdr_stream *xdr, uint32_t *bitmap,
        status = decode_attr_error(xdr, bitmap, &err);
        if (status < 0)
                goto xdr_error;
-        if (err == -NFS4ERR_WRONGSEC)
-                nfs_fixup_secinfo_attributes(fattr, fh);
        status = decode_attr_filehandle(xdr, bitmap, fh);
        if (status < 0)
author	Bryan Schumaker <bjschuma@netapp.com>	2012-04-27 13:27:40 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2012-04-27 14:10:02 -0400
commit	72de53ec4bca39c26709122a8f78bfefe7b6bca4 (patch)
tree	dac32c44281b153df7104037c1e97c11deffae69
parent	db0a9593d52f935c80085d8993bdcead1ad30b0c (diff)

diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h index 2476dc69365f..45966d953169 100644 --- a/fs/nfs/internal.h +++ b/fs/nfs/internal.h
@@ -234,7 +234,6 @@ extern const u32 nfs41_maxwrite_overhead;
234	/* nfs4proc.c */	234	/* nfs4proc.c */
235	#ifdef CONFIG_NFS_V4	235	#ifdef CONFIG_NFS_V4
236	extern struct rpc_procinfo nfs4_procedures[];	236	extern struct rpc_procinfo nfs4_procedures[];
237	void nfs_fixup_secinfo_attributes(struct nfs_fattr , struct nfs_fh );
238	#endif	237	#endif
239		238
240	extern int nfs4_init_ds_session(struct nfs_client *clp);	239	extern int nfs4_init_ds_session(struct nfs_client *clp);


diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h index b6db9e33fb7b..c82c2cda3dfd 100644 --- a/fs/nfs/nfs4_fs.h +++ b/fs/nfs/nfs4_fs.h
@@ -205,6 +205,9 @@ struct nfs4_state_maintenance_ops {
205	extern const struct dentry_operations nfs4_dentry_operations;	205	extern const struct dentry_operations nfs4_dentry_operations;
206	extern const struct inode_operations nfs4_dir_inode_operations;	206	extern const struct inode_operations nfs4_dir_inode_operations;
207		207
		208	/* nfs4namespace.c */
		209	struct rpc_clnt nfs4_create_sec_client(struct rpc_clnt , struct inode , struct qstr );
		210
208	/* nfs4proc.c */	211	/* nfs4proc.c */
209	extern int nfs4_proc_setclientid(struct nfs_client , u32, unsigned short, struct rpc_cred , struct nfs4_setclientid_res *);	212	extern int nfs4_proc_setclientid(struct nfs_client , u32, unsigned short, struct rpc_cred , struct nfs4_setclientid_res *);
210	extern int nfs4_proc_setclientid_confirm(struct nfs_client , struct nfs4_setclientid_res arg, struct rpc_cred *);	213	extern int nfs4_proc_setclientid_confirm(struct nfs_client , struct nfs4_setclientid_res arg, struct rpc_cred *);
@@ -215,6 +218,7 @@ extern int nfs4_do_close(struct nfs4_state *state, gfp_t gfp_mask, int wait, boo
215	extern int nfs4_server_capabilities(struct nfs_server server, struct nfs_fh fhandle);	218	extern int nfs4_server_capabilities(struct nfs_server server, struct nfs_fh fhandle);
216	extern int nfs4_proc_fs_locations(struct inode dir, const struct qstr name,	219	extern int nfs4_proc_fs_locations(struct inode dir, const struct qstr name,
217	struct nfs4_fs_locations fs_locations, struct page page);	220	struct nfs4_fs_locations fs_locations, struct page page);
		221	extern int nfs4_proc_secinfo(struct inode , const struct qstr , struct nfs4_secinfo_flavors *);
218	extern int nfs4_release_lockowner(struct nfs4_lock_state *);	222	extern int nfs4_release_lockowner(struct nfs4_lock_state *);
219	extern const struct xattr_handler *nfs4_xattr_handlers[];	223	extern const struct xattr_handler *nfs4_xattr_handlers[];
220		224


diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c index 7483a177dc97..9f8681bf90de 100644 --- a/fs/nfs/nfs4namespace.c +++ b/fs/nfs/nfs4namespace.c
@@ -132,6 +132,58 @@ static size_t nfs_parse_server_name(char *string, size_t len,
132	return ret;	132	return ret;
133	}	133	}
134		134
		135	static rpc_authflavor_t nfs4_negotiate_security(struct inode inode, struct qstr name)
		136	{
		137	struct page *page;
		138	struct nfs4_secinfo_flavors *flavors;
		139	rpc_authflavor_t flavor;
		140	int err;
		141
		142	page = alloc_page(GFP_KERNEL);
		143	if (!page)
		144	return -ENOMEM;
		145	flavors = page_address(page);
		146
		147	err = nfs4_proc_secinfo(inode, name, flavors);
		148	if (err < 0) {
		149	flavor = err;
		150	goto out;
		151	}
		152
		153	flavor = nfs_find_best_sec(flavors);
		154
		155	out:
		156	put_page(page);
		157	return flavor;
		158	}
		159
		160	/*
		161	* Please call rpc_shutdown_client() when you are done with this client.
		162	*/
		163	struct rpc_clnt nfs4_create_sec_client(struct rpc_clnt clnt, struct inode *inode,
		164	struct qstr *name)
		165	{
		166	struct rpc_clnt *clone;
		167	struct rpc_auth *auth;
		168	rpc_authflavor_t flavor;
		169
		170	flavor = nfs4_negotiate_security(inode, name);
		171	if (flavor < 0)
		172	return ERR_PTR(flavor);
		173
		174	clone = rpc_clone_client(clnt);
		175	if (IS_ERR(clone))
		176	return clone;
		177
		178	auth = rpcauth_create(flavor, clone);
		179	if (!auth) {
		180	rpc_shutdown_client(clone);
		181	clone = ERR_PTR(-EIO);
		182	}
		183
		184	return clone;
		185	}
		186
135	static struct vfsmount try_location(struct nfs_clone_mount mountdata,	187	static struct vfsmount try_location(struct nfs_clone_mount mountdata,
136	char page, char page2,	188	char page, char page2,
137	const struct nfs4_fs_location *location)	189	const struct nfs4_fs_location *location)


diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index ff7571f12bb8..3d92fe6be780 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c
@@ -2528,39 +2528,69 @@ static int _nfs4_proc_lookup(struct rpc_clnt clnt, struct inode dir,
2528	return status;	2528	return status;
2529	}	2529	}
2530		2530
2531	void nfs_fixup_secinfo_attributes(struct nfs_fattr fattr, struct nfs_fh fh)	2531	static void nfs_fixup_secinfo_attributes(struct nfs_fattr *fattr)
2532	{	2532	{
2533	memset(fh, 0, sizeof(struct nfs_fh));
2534	fattr->fsid.major = 1;
2535	fattr->valid \|= NFS_ATTR_FATTR_TYPE \| NFS_ATTR_FATTR_MODE \|	2533	fattr->valid \|= NFS_ATTR_FATTR_TYPE \| NFS_ATTR_FATTR_MODE \|
2536	NFS_ATTR_FATTR_NLINK \| NFS_ATTR_FATTR_FSID \| NFS_ATTR_FATTR_MOUNTPOINT;	2534	NFS_ATTR_FATTR_NLINK \| NFS_ATTR_FATTR_MOUNTPOINT;
2537	fattr->mode = S_IFDIR \| S_IRUGO \| S_IXUGO;	2535	fattr->mode = S_IFDIR \| S_IRUGO \| S_IXUGO;
2538	fattr->nlink = 2;	2536	fattr->nlink = 2;
2539	}	2537	}
2540		2538
2541	static int nfs4_proc_lookup(struct rpc_clnt clnt, struct inode dir, struct qstr *name,	2539	static int nfs4_proc_lookup_common(struct rpc_clnt *clnt, struct inode dir,
2542	struct nfs_fh fhandle, struct nfs_fattr fattr)	2540	struct qstr name, struct nfs_fh fhandle,
		2541	struct nfs_fattr *fattr)
2543	{	2542	{
2544	struct nfs4_exception exception = { };	2543	struct nfs4_exception exception = { };
		2544	struct rpc_clnt client = clnt;
2545	int err;	2545	int err;
2546	do {	2546	do {
2547	int status;	2547	err = _nfs4_proc_lookup(client, dir, name, fhandle, fattr);
2548		2548	switch (err) {
2549	status = _nfs4_proc_lookup(clnt, dir, name, fhandle, fattr);
2550	switch (status) {
2551	case -NFS4ERR_BADNAME:	2549	case -NFS4ERR_BADNAME:
2552	return -ENOENT;	2550	err = -ENOENT;
		2551	goto out;
2553	case -NFS4ERR_MOVED:	2552	case -NFS4ERR_MOVED:
2554	return nfs4_get_referral(dir, name, fattr, fhandle);	2553	err = nfs4_get_referral(dir, name, fattr, fhandle);
		2554	goto out;
2555	case -NFS4ERR_WRONGSEC:	2555	case -NFS4ERR_WRONGSEC:
2556	nfs_fixup_secinfo_attributes(fattr, fhandle);	2556	err = -EPERM;
		2557	if (client != *clnt)
		2558	goto out;
		2559
		2560	client = nfs4_create_sec_client(client, dir, name);
		2561	if (IS_ERR(client))
		2562	return PTR_ERR(client);
		2563
		2564	exception.retry = 1;
		2565	break;
		2566	default:
		2567	err = nfs4_handle_exception(NFS_SERVER(dir), err, &exception);
2557	}	2568	}
2558	err = nfs4_handle_exception(NFS_SERVER(dir),
2559	status, &exception);
2560	} while (exception.retry);	2569	} while (exception.retry);
		2570
		2571	out:
		2572	if (err == 0)
		2573	*clnt = client;
		2574	else if (client != *clnt)
		2575	rpc_shutdown_client(client);
		2576
2561	return err;	2577	return err;
2562	}	2578	}
2563		2579
		2580	static int nfs4_proc_lookup(struct rpc_clnt clnt, struct inode dir, struct qstr *name,
		2581	struct nfs_fh fhandle, struct nfs_fattr fattr)
		2582	{
		2583	int status;
		2584	struct rpc_clnt *client = NFS_CLIENT(dir);
		2585
		2586	status = nfs4_proc_lookup_common(&client, dir, name, fhandle, fattr);
		2587	if (client != NFS_CLIENT(dir)) {
		2588	rpc_shutdown_client(client);
		2589	nfs_fixup_secinfo_attributes(fattr);
		2590	}
		2591	return status;
		2592	}
		2593
2564	static int _nfs4_proc_access(struct inode inode, struct nfs_access_entry entry)	2594	static int _nfs4_proc_access(struct inode inode, struct nfs_access_entry entry)
2565	{	2595	{
2566	struct nfs_server *server = NFS_SERVER(inode);	2596	struct nfs_server *server = NFS_SERVER(inode);
@@ -4996,8 +5026,8 @@ static int _nfs4_proc_secinfo(struct inode dir, const struct qstr name, struct
4996	return status;	5026	return status;
4997	}	5027	}
4998		5028
4999	static int nfs4_proc_secinfo(struct inode dir, const struct qstr name,	5029	int nfs4_proc_secinfo(struct inode dir, const struct qstr name,
5000	struct nfs4_secinfo_flavors *flavors)	5030	struct nfs4_secinfo_flavors *flavors)
5001	{	5031	{
5002	struct nfs4_exception exception = { };	5032	struct nfs4_exception exception = { };
5003	int err;	5033	int err;


diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index c77e802db736..c54aae364bee 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c
@@ -4258,8 +4258,6 @@ static int decode_getfattr_attrs(struct xdr_stream xdr, uint32_t bitmap,
4258	status = decode_attr_error(xdr, bitmap, &err);	4258	status = decode_attr_error(xdr, bitmap, &err);
4259	if (status < 0)	4259	if (status < 0)
4260	goto xdr_error;	4260	goto xdr_error;
4261	if (err == -NFS4ERR_WRONGSEC)
4262	nfs_fixup_secinfo_attributes(fattr, fh);
4263		4261
4264	status = decode_attr_filehandle(xdr, bitmap, fh);	4262	status = decode_attr_filehandle(xdr, bitmap, fh);
4265	if (status < 0)	4263	if (status < 0)