diff options
| author | EG Keizer <keie@few.vu.nl> | 2008-08-19 16:34:36 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-10-07 18:16:22 -0400 |
| commit | 37ca8f5c6041516aac603a5abb89b05675493802 (patch) | |
| tree | 5beea95e09c90fb591e92d40b052997d98821fda /fs/nfs | |
| parent | f25b874d39461935b1b5bbffaa622e735e79d49e (diff) | |
nfs: authenticated deep mounting
Allow mount to do authenticated mounts below the root of the exported tree.
The wording in RFC 2623, sec 2.3.2. allows fsinfo with UNIX authentication
on the root of the export. Mounts are not always done on the root
of the exported tree. Especially autoumounts often mount below the root of
the exported tree.
Some server implementations (justly) require full authentication for the
so-called deep mounts. The old code used AUTH_SYS only. This caused deep
mounts to fail on systems requiring stronger authentication..
The client should try both authentication types and use the first one that
succeeds.
This method was already partially implemented. This patch completes
the implementation for NFS2 and NFS3.
This patch was developed to allow Debian systems to automount home directories
on Solaris servers with krb5 authentication.
Tested on kernel 2.6.24-etchnhalf.1
Signed-off-by: E.G. Keizer <keie@few.vu.nl>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfs')
| -rw-r--r-- | fs/nfs/nfs3proc.c | 20 | ||||
| -rw-r--r-- | fs/nfs/proc.c | 10 |
2 files changed, 26 insertions, 4 deletions
diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c index 1e750e4574a9..c55be7a7679e 100644 --- a/fs/nfs/nfs3proc.c +++ b/fs/nfs/nfs3proc.c | |||
| @@ -699,7 +699,7 @@ nfs3_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle, | |||
| 699 | } | 699 | } |
| 700 | 700 | ||
| 701 | static int | 701 | static int |
| 702 | nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, | 702 | do_proc_fsinfo(struct rpc_clnt *client, struct nfs_fh *fhandle, |
| 703 | struct nfs_fsinfo *info) | 703 | struct nfs_fsinfo *info) |
| 704 | { | 704 | { |
| 705 | struct rpc_message msg = { | 705 | struct rpc_message msg = { |
| @@ -711,11 +711,27 @@ nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, | |||
| 711 | 711 | ||
| 712 | dprintk("NFS call fsinfo\n"); | 712 | dprintk("NFS call fsinfo\n"); |
| 713 | nfs_fattr_init(info->fattr); | 713 | nfs_fattr_init(info->fattr); |
| 714 | status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0); | 714 | status = rpc_call_sync(client, &msg, 0); |
| 715 | dprintk("NFS reply fsinfo: %d\n", status); | 715 | dprintk("NFS reply fsinfo: %d\n", status); |
| 716 | return status; | 716 | return status; |
| 717 | } | 717 | } |
| 718 | 718 | ||
| 719 | /* | ||
| 720 | * Bare-bones access to fsinfo: this is for nfs_get_root/nfs_get_sb via | ||
| 721 | * nfs_create_server | ||
| 722 | */ | ||
| 723 | static int | ||
| 724 | nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, | ||
| 725 | struct nfs_fsinfo *info) | ||
| 726 | { | ||
| 727 | int status; | ||
| 728 | |||
| 729 | status = do_proc_fsinfo(server->client, fhandle, info); | ||
| 730 | if (status && server->nfs_client->cl_rpcclient != server->client) | ||
| 731 | status = do_proc_fsinfo(server->nfs_client->cl_rpcclient, fhandle, info); | ||
| 732 | return status; | ||
| 733 | } | ||
| 734 | |||
| 719 | static int | 735 | static int |
| 720 | nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle, | 736 | nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle, |
| 721 | struct nfs_pathconf *info) | 737 | struct nfs_pathconf *info) |
diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c index 4dbb84df1b68..193465210d7c 100644 --- a/fs/nfs/proc.c +++ b/fs/nfs/proc.c | |||
| @@ -65,14 +65,20 @@ nfs_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle, | |||
| 65 | 65 | ||
| 66 | dprintk("%s: call getattr\n", __func__); | 66 | dprintk("%s: call getattr\n", __func__); |
| 67 | nfs_fattr_init(fattr); | 67 | nfs_fattr_init(fattr); |
| 68 | status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0); | 68 | status = rpc_call_sync(server->client, &msg, 0); |
| 69 | /* Retry with default authentication if different */ | ||
| 70 | if (status && server->nfs_client->cl_rpcclient != server->client) | ||
| 71 | status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0); | ||
| 69 | dprintk("%s: reply getattr: %d\n", __func__, status); | 72 | dprintk("%s: reply getattr: %d\n", __func__, status); |
| 70 | if (status) | 73 | if (status) |
| 71 | return status; | 74 | return status; |
| 72 | dprintk("%s: call statfs\n", __func__); | 75 | dprintk("%s: call statfs\n", __func__); |
| 73 | msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS]; | 76 | msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS]; |
| 74 | msg.rpc_resp = &fsinfo; | 77 | msg.rpc_resp = &fsinfo; |
| 75 | status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0); | 78 | status = rpc_call_sync(server->client, &msg, 0); |
| 79 | /* Retry with default authentication if different */ | ||
| 80 | if (status && server->nfs_client->cl_rpcclient != server->client) | ||
| 81 | status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0); | ||
| 76 | dprintk("%s: reply statfs: %d\n", __func__, status); | 82 | dprintk("%s: reply statfs: %d\n", __func__, status); |
| 77 | if (status) | 83 | if (status) |
| 78 | return status; | 84 | return status; |