diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-04-23 15:40:40 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-04-23 15:40:40 -0400 |
| commit | bd1d421abcaae1b84ba377ea4c33bba31d654199 (patch) | |
| tree | 10bf67d7063a95ffd013a9d01a35b906a7d89fcf /fs/nfs/nfs4state.c | |
| parent | bdeca1b76cd56cd10a029f0ad2fd9ab6dd7e313d (diff) | |
| parent | 79d852bf5e7691dc78cc6322ecd1860c50940785 (diff) | |
Merge branch 'rpcsec_gss-from_cel' into linux-next
* rpcsec_gss-from_cel: (21 commits)
NFS: Retry SETCLIENTID with AUTH_SYS instead of AUTH_NONE
NFSv4: Don't clear the machine cred when client establish returns EACCES
NFSv4: Fix issues in nfs4_discover_server_trunking
NFSv4: Fix the fallback to AUTH_NULL if krb5i is not available
NFS: Use server-recommended security flavor by default (NFSv3)
SUNRPC: Don't recognize RPC_AUTH_MAXFLAVOR
NFS: Use "krb5i" to establish NFSv4 state whenever possible
NFS: Try AUTH_UNIX when PUTROOTFH gets NFS4ERR_WRONGSEC
NFS: Use static list of security flavors during root FH lookup recovery
NFS: Avoid PUTROOTFH when managing leases
NFS: Clean up nfs4_proc_get_rootfh
NFS: Handle missing rpc.gssd when looking up root FH
SUNRPC: Remove EXPORT_SYMBOL_GPL() from GSS mech switch
SUNRPC: Make gss_mech_get() static
SUNRPC: Refactor nfsd4_do_encode_secinfo()
SUNRPC: Consider qop when looking up pseudoflavors
SUNRPC: Load GSS kernel module by OID
SUNRPC: Introduce rpcauth_get_pseudoflavor()
SUNRPC: Define rpcsec_gss_info structure
NFS: Remove unneeded forward declaration
...
Diffstat (limited to 'fs/nfs/nfs4state.c')
| -rw-r--r-- | fs/nfs/nfs4state.c | 60 |
1 files changed, 11 insertions, 49 deletions
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c index b7796950eceb..7a74ea64bf54 100644 --- a/fs/nfs/nfs4state.c +++ b/fs/nfs/nfs4state.c | |||
| @@ -154,18 +154,6 @@ struct rpc_cred *nfs4_get_machine_cred_locked(struct nfs_client *clp) | |||
| 154 | return cred; | 154 | return cred; |
| 155 | } | 155 | } |
| 156 | 156 | ||
| 157 | static void nfs4_clear_machine_cred(struct nfs_client *clp) | ||
| 158 | { | ||
| 159 | struct rpc_cred *cred; | ||
| 160 | |||
| 161 | spin_lock(&clp->cl_lock); | ||
| 162 | cred = clp->cl_machine_cred; | ||
| 163 | clp->cl_machine_cred = NULL; | ||
| 164 | spin_unlock(&clp->cl_lock); | ||
| 165 | if (cred != NULL) | ||
| 166 | put_rpccred(cred); | ||
| 167 | } | ||
| 168 | |||
| 169 | static struct rpc_cred * | 157 | static struct rpc_cred * |
| 170 | nfs4_get_renew_cred_server_locked(struct nfs_server *server) | 158 | nfs4_get_renew_cred_server_locked(struct nfs_server *server) |
| 171 | { | 159 | { |
| @@ -1776,10 +1764,6 @@ static int nfs4_handle_reclaim_lease_error(struct nfs_client *clp, int status) | |||
| 1776 | clear_bit(NFS4CLNT_LEASE_CONFIRM, &clp->cl_state); | 1764 | clear_bit(NFS4CLNT_LEASE_CONFIRM, &clp->cl_state); |
| 1777 | return -EPERM; | 1765 | return -EPERM; |
| 1778 | case -EACCES: | 1766 | case -EACCES: |
| 1779 | if (clp->cl_machine_cred == NULL) | ||
| 1780 | return -EACCES; | ||
| 1781 | /* Handle case where the user hasn't set up machine creds */ | ||
| 1782 | nfs4_clear_machine_cred(clp); | ||
| 1783 | case -NFS4ERR_DELAY: | 1767 | case -NFS4ERR_DELAY: |
| 1784 | case -ETIMEDOUT: | 1768 | case -ETIMEDOUT: |
| 1785 | case -EAGAIN: | 1769 | case -EAGAIN: |
| @@ -1874,31 +1858,18 @@ int nfs4_discover_server_trunking(struct nfs_client *clp, | |||
| 1874 | { | 1858 | { |
| 1875 | const struct nfs4_state_recovery_ops *ops = | 1859 | const struct nfs4_state_recovery_ops *ops = |
| 1876 | clp->cl_mvops->reboot_recovery_ops; | 1860 | clp->cl_mvops->reboot_recovery_ops; |
| 1877 | rpc_authflavor_t *flavors, flav, save; | ||
| 1878 | struct rpc_clnt *clnt; | 1861 | struct rpc_clnt *clnt; |
| 1879 | struct rpc_cred *cred; | 1862 | struct rpc_cred *cred; |
| 1880 | int i, len, status; | 1863 | int i, status; |
| 1881 | 1864 | ||
| 1882 | dprintk("NFS: %s: testing '%s'\n", __func__, clp->cl_hostname); | 1865 | dprintk("NFS: %s: testing '%s'\n", __func__, clp->cl_hostname); |
| 1883 | 1866 | ||
| 1884 | len = NFS_MAX_SECFLAVORS; | ||
| 1885 | flavors = kcalloc(len, sizeof(*flavors), GFP_KERNEL); | ||
| 1886 | if (flavors == NULL) { | ||
| 1887 | status = -ENOMEM; | ||
| 1888 | goto out; | ||
| 1889 | } | ||
| 1890 | len = rpcauth_list_flavors(flavors, len); | ||
| 1891 | if (len < 0) { | ||
| 1892 | status = len; | ||
| 1893 | goto out_free; | ||
| 1894 | } | ||
| 1895 | clnt = clp->cl_rpcclient; | 1867 | clnt = clp->cl_rpcclient; |
| 1896 | save = clnt->cl_auth->au_flavor; | ||
| 1897 | i = 0; | 1868 | i = 0; |
| 1898 | 1869 | ||
| 1899 | mutex_lock(&nfs_clid_init_mutex); | 1870 | mutex_lock(&nfs_clid_init_mutex); |
| 1900 | status = -ENOENT; | ||
| 1901 | again: | 1871 | again: |
| 1872 | status = -ENOENT; | ||
| 1902 | cred = ops->get_clid_cred(clp); | 1873 | cred = ops->get_clid_cred(clp); |
| 1903 | if (cred == NULL) | 1874 | if (cred == NULL) |
| 1904 | goto out_unlock; | 1875 | goto out_unlock; |
| @@ -1908,12 +1879,6 @@ again: | |||
| 1908 | switch (status) { | 1879 | switch (status) { |
| 1909 | case 0: | 1880 | case 0: |
| 1910 | break; | 1881 | break; |
| 1911 | |||
| 1912 | case -EACCES: | ||
| 1913 | if (clp->cl_machine_cred == NULL) | ||
| 1914 | break; | ||
| 1915 | /* Handle case where the user hasn't set up machine creds */ | ||
| 1916 | nfs4_clear_machine_cred(clp); | ||
| 1917 | case -NFS4ERR_DELAY: | 1882 | case -NFS4ERR_DELAY: |
| 1918 | case -ETIMEDOUT: | 1883 | case -ETIMEDOUT: |
| 1919 | case -EAGAIN: | 1884 | case -EAGAIN: |
| @@ -1922,17 +1887,12 @@ again: | |||
| 1922 | dprintk("NFS: %s after status %d, retrying\n", | 1887 | dprintk("NFS: %s after status %d, retrying\n", |
| 1923 | __func__, status); | 1888 | __func__, status); |
| 1924 | goto again; | 1889 | goto again; |
| 1925 | 1890 | case -EACCES: | |
| 1891 | if (i++) | ||
| 1892 | break; | ||
| 1926 | case -NFS4ERR_CLID_INUSE: | 1893 | case -NFS4ERR_CLID_INUSE: |
| 1927 | case -NFS4ERR_WRONGSEC: | 1894 | case -NFS4ERR_WRONGSEC: |
| 1928 | status = -EPERM; | 1895 | clnt = rpc_clone_client_set_auth(clnt, RPC_AUTH_UNIX); |
| 1929 | if (i >= len) | ||
| 1930 | break; | ||
| 1931 | |||
| 1932 | flav = flavors[i++]; | ||
| 1933 | if (flav == save) | ||
| 1934 | flav = flavors[i++]; | ||
| 1935 | clnt = rpc_clone_client_set_auth(clnt, flav); | ||
| 1936 | if (IS_ERR(clnt)) { | 1896 | if (IS_ERR(clnt)) { |
| 1937 | status = PTR_ERR(clnt); | 1897 | status = PTR_ERR(clnt); |
| 1938 | break; | 1898 | break; |
| @@ -1948,13 +1908,15 @@ again: | |||
| 1948 | case -NFS4ERR_NOT_SAME: /* FixMe: implement recovery | 1908 | case -NFS4ERR_NOT_SAME: /* FixMe: implement recovery |
| 1949 | * in nfs4_exchange_id */ | 1909 | * in nfs4_exchange_id */ |
| 1950 | status = -EKEYEXPIRED; | 1910 | status = -EKEYEXPIRED; |
| 1911 | break; | ||
| 1912 | default: | ||
| 1913 | pr_warn("NFS: %s unhandled error %d. Exiting with error EIO\n", | ||
| 1914 | __func__, status); | ||
| 1915 | status = -EIO; | ||
| 1951 | } | 1916 | } |
| 1952 | 1917 | ||
| 1953 | out_unlock: | 1918 | out_unlock: |
| 1954 | mutex_unlock(&nfs_clid_init_mutex); | 1919 | mutex_unlock(&nfs_clid_init_mutex); |
| 1955 | out_free: | ||
| 1956 | kfree(flavors); | ||
| 1957 | out: | ||
| 1958 | dprintk("NFS: %s: status = %d\n", __func__, status); | 1920 | dprintk("NFS: %s: status = %d\n", __func__, status); |
| 1959 | return status; | 1921 | return status; |
| 1960 | } | 1922 | } |