diff options
| author | J. Bruce Fields <bfields@redhat.com> | 2013-05-15 17:34:39 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2013-07-01 17:23:06 -0400 |
| commit | b78724b70599f66a91c6d6c897a81f4f87f549f4 (patch) | |
| tree | 52b9f29bf6122fa54e0f498585ccaa752af96818 /fs/nfsd | |
| parent | 57266a6e916e2522ea61758a3ee5576b60156791 (diff) | |
nfsd4: fail attempts to request gss on the backchannel
We don't support gss on the backchannel. We should state that fact up
front rather than just letting things continue and later making the
client try to figure out why the backchannel isn't working.
Trond suggested instead returning NFS4ERR_NOENT. I think it would be
tricky for the client to distinguish between the case "I don't support
gss on the backchannel" and "I can't find that in my cache, please
create another context and try that instead", and I'd prefer something
that currently doesn't have any other meaning for this operation, hence
the (somewhat arbitrary) NFS4ERR_ENCR_ALG_UNSUPP.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd')
| -rw-r--r-- | fs/nfsd/nfs4state.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 2383d24e258f..c4f63399832c 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c | |||
| @@ -1872,6 +1872,24 @@ static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca) | |||
| 1872 | return nfs_ok; | 1872 | return nfs_ok; |
| 1873 | } | 1873 | } |
| 1874 | 1874 | ||
| 1875 | static __be32 nfsd4_check_cb_sec(struct nfsd4_cb_sec *cbs) | ||
| 1876 | { | ||
| 1877 | switch (cbs->flavor) { | ||
| 1878 | case RPC_AUTH_NULL: | ||
| 1879 | case RPC_AUTH_UNIX: | ||
| 1880 | return nfs_ok; | ||
| 1881 | default: | ||
| 1882 | /* | ||
| 1883 | * GSS case: the spec doesn't allow us to return this | ||
| 1884 | * error. But it also doesn't allow us not to support | ||
| 1885 | * GSS. | ||
| 1886 | * I'd rather this fail hard than return some error the | ||
| 1887 | * client might think it can already handle: | ||
| 1888 | */ | ||
| 1889 | return nfserr_encr_alg_unsupp; | ||
| 1890 | } | ||
| 1891 | } | ||
| 1892 | |||
| 1875 | __be32 | 1893 | __be32 |
| 1876 | nfsd4_create_session(struct svc_rqst *rqstp, | 1894 | nfsd4_create_session(struct svc_rqst *rqstp, |
| 1877 | struct nfsd4_compound_state *cstate, | 1895 | struct nfsd4_compound_state *cstate, |
| @@ -1887,6 +1905,9 @@ nfsd4_create_session(struct svc_rqst *rqstp, | |||
| 1887 | 1905 | ||
| 1888 | if (cr_ses->flags & ~SESSION4_FLAG_MASK_A) | 1906 | if (cr_ses->flags & ~SESSION4_FLAG_MASK_A) |
| 1889 | return nfserr_inval; | 1907 | return nfserr_inval; |
| 1908 | status = nfsd4_check_cb_sec(&cr_ses->cb_sec); | ||
| 1909 | if (status) | ||
| 1910 | return status; | ||
| 1890 | status = check_forechannel_attrs(&cr_ses->fore_channel, nn); | 1911 | status = check_forechannel_attrs(&cr_ses->fore_channel, nn); |
| 1891 | if (status) | 1912 | if (status) |
| 1892 | return status; | 1913 | return status; |
| @@ -1996,7 +2017,11 @@ __be32 nfsd4_backchannel_ctl(struct svc_rqst *rqstp, struct nfsd4_compound_state | |||
| 1996 | { | 2017 | { |
| 1997 | struct nfsd4_session *session = cstate->session; | 2018 | struct nfsd4_session *session = cstate->session; |
| 1998 | struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); | 2019 | struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id); |
| 2020 | __be32 status; | ||
| 1999 | 2021 | ||
| 2022 | status = nfsd4_check_cb_sec(&bc->bc_cb_sec); | ||
| 2023 | if (status) | ||
| 2024 | return status; | ||
| 2000 | spin_lock(&nn->client_lock); | 2025 | spin_lock(&nn->client_lock); |
| 2001 | session->se_cb_prog = bc->bc_cb_program; | 2026 | session->se_cb_prog = bc->bc_cb_program; |
| 2002 | session->se_cb_sec = bc->bc_cb_sec; | 2027 | session->se_cb_sec = bc->bc_cb_sec; |