NFSv4.1: try SECINFO_NO_NAME flavs until one works

Call nfs4_lookup_root_sec for each flavor returned by SECINFO_NO_NAME until one works. One example of a situation this fixes: - server configured for krb5 - server principal somehow gets deleted from KDC - server still thinking krb is good, sends krb5 as first entry in SECINFO_NO_NAME response - client tries krb5, but this fails without even sending an RPC because gssd's requests to the KDC can't find the server's principal Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: Weston Andros Adamson <dros@netapp.com> 2013-09-24 13:58:02 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2013-09-29 16:03:34 -0400
commit: 58a8cf1212f0f3b9afb07b73647a2bca4e5a28af (patch)
tree: c90dad345ab5c10e63fff95942f03d8d4ab62276 /fs/nfs
parent: acd65e5bc1986d0089efec3fe63e52ea0c406d6d (diff)
1 files changed, 27 insertions, 3 deletions
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 488ef9b5c51a..f5fe16bd426c 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -7578,6 +7578,8 @@ nfs41_find_root_sec(struct nfs_server *server, struct nfs_fh *fhandle,
        struct page *page;
        rpc_authflavor_t flavor;
        struct nfs4_secinfo_flavors *flavors;
+        struct nfs4_secinfo4 *secinfo;
+        int i;
        page = alloc_page(GFP_KERNEL);
        if (!page) {
@@ -7599,9 +7601,31 @@ nfs41_find_root_sec(struct nfs_server *server, struct nfs_fh *fhandle,
        if (err)
                goto out_freepage;
-        flavor = nfs_find_best_sec(flavors);
+        for (i = 0; i < flavors->num_flavors; i++) {
-        if (err == 0)
+                secinfo = &flavors->flavors[i];
-                err = nfs4_lookup_root_sec(server, fhandle, info, flavor);
+                switch (secinfo->flavor) {
+                case RPC_AUTH_NULL:
+                case RPC_AUTH_UNIX:
+                case RPC_AUTH_GSS:
+                        flavor = rpcauth_get_pseudoflavor(secinfo->flavor,
+                                        &secinfo->flavor_info);
+                        break;
+                default:
+                        flavor = RPC_AUTH_MAXFLAVOR;
+                        break;
+                }
+                if (flavor != RPC_AUTH_MAXFLAVOR) {
+                        err = nfs4_lookup_root_sec(server, fhandle,
+                                                   info, flavor);
+                        if (!err)
+                                break;
+                }
+        }
+        if (flavor == RPC_AUTH_MAXFLAVOR)
+                err = -EPERM;
 out_freepage:
        put_page(page);
author	Weston Andros Adamson <dros@netapp.com>	2013-09-24 13:58:02 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2013-09-29 16:03:34 -0400
commit	58a8cf1212f0f3b9afb07b73647a2bca4e5a28af (patch)
tree	c90dad345ab5c10e63fff95942f03d8d4ab62276 /fs/nfs
parent	acd65e5bc1986d0089efec3fe63e52ea0c406d6d (diff)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 488ef9b5c51a..f5fe16bd426c 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c
@@ -7578,6 +7578,8 @@ nfs41_find_root_sec(struct nfs_server server, struct nfs_fh fhandle,
7578	struct page *page;	7578	struct page *page;
7579	rpc_authflavor_t flavor;	7579	rpc_authflavor_t flavor;
7580	struct nfs4_secinfo_flavors *flavors;	7580	struct nfs4_secinfo_flavors *flavors;
		7581	struct nfs4_secinfo4 *secinfo;
		7582	int i;
7581		7583
7582	page = alloc_page(GFP_KERNEL);	7584	page = alloc_page(GFP_KERNEL);
7583	if (!page) {	7585	if (!page) {
@@ -7599,9 +7601,31 @@ nfs41_find_root_sec(struct nfs_server server, struct nfs_fh fhandle,
7599	if (err)	7601	if (err)
7600	goto out_freepage;	7602	goto out_freepage;
7601		7603
7602	flavor = nfs_find_best_sec(flavors);	7604	for (i = 0; i < flavors->num_flavors; i++) {
7603	if (err == 0)	7605	secinfo = &flavors->flavors[i];
7604	err = nfs4_lookup_root_sec(server, fhandle, info, flavor);	7606
		7607	switch (secinfo->flavor) {
		7608	case RPC_AUTH_NULL:
		7609	case RPC_AUTH_UNIX:
		7610	case RPC_AUTH_GSS:
		7611	flavor = rpcauth_get_pseudoflavor(secinfo->flavor,
		7612	&secinfo->flavor_info);
		7613	break;
		7614	default:
		7615	flavor = RPC_AUTH_MAXFLAVOR;
		7616	break;
		7617	}
		7618
		7619	if (flavor != RPC_AUTH_MAXFLAVOR) {
		7620	err = nfs4_lookup_root_sec(server, fhandle,
		7621	info, flavor);
		7622	if (!err)
		7623	break;
		7624	}
		7625	}
		7626
		7627	if (flavor == RPC_AUTH_MAXFLAVOR)
		7628	err = -EPERM;
7605		7629
7606	out_freepage:	7630	out_freepage:
7607	put_page(page);	7631	put_page(page);