aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/nfs/super.c48
1 files changed, 41 insertions, 7 deletions
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 3bb8318f6d0c..b65001c0a119 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -1607,16 +1607,15 @@ out_security_failure:
1607/* 1607/*
1608 * Select a security flavor for this mount. The selected flavor 1608 * Select a security flavor for this mount. The selected flavor
1609 * is planted in args->auth_flavors[0]. 1609 * is planted in args->auth_flavors[0].
1610 *
1611 * Returns 0 on success, -EACCES on failure.
1610 */ 1612 */
1611static void nfs_select_flavor(struct nfs_parsed_mount_data *args, 1613static int nfs_select_flavor(struct nfs_parsed_mount_data *args,
1612 struct nfs_mount_request *request) 1614 struct nfs_mount_request *request)
1613{ 1615{
1614 unsigned int i, count = *(request->auth_flav_len); 1616 unsigned int i, count = *(request->auth_flav_len);
1615 rpc_authflavor_t flavor; 1617 rpc_authflavor_t flavor;
1616 1618
1617 if (args->auth_flavors[0] != RPC_AUTH_MAXFLAVOR)
1618 goto out;
1619
1620 /* 1619 /*
1621 * The NFSv2 MNT operation does not return a flavor list. 1620 * The NFSv2 MNT operation does not return a flavor list.
1622 */ 1621 */
@@ -1631,6 +1630,25 @@ static void nfs_select_flavor(struct nfs_parsed_mount_data *args,
1631 goto out_default; 1630 goto out_default;
1632 1631
1633 /* 1632 /*
1633 * If the sec= mount option is used, the specified flavor or AUTH_NULL
1634 * must be in the list returned by the server.
1635 *
1636 * AUTH_NULL has a special meaning when it's in the server list - it
1637 * means that the server will ignore the rpc creds, so any flavor
1638 * can be used.
1639 */
1640 if (args->auth_flavors[0] != RPC_AUTH_MAXFLAVOR) {
1641 for (i = 0; i < count; i++) {
1642 if (args->auth_flavors[0] == request->auth_flavs[i] ||
1643 request->auth_flavs[i] == RPC_AUTH_NULL)
1644 goto out;
1645 }
1646 dfprintk(MOUNT, "NFS: auth flavor %d not supported by server\n",
1647 args->auth_flavors[0]);
1648 goto out_err;
1649 }
1650
1651 /*
1634 * RFC 2623, section 2.7 suggests we SHOULD prefer the 1652 * RFC 2623, section 2.7 suggests we SHOULD prefer the
1635 * flavor listed first. However, some servers list 1653 * flavor listed first. However, some servers list
1636 * AUTH_NULL first. Avoid ever choosing AUTH_NULL. 1654 * AUTH_NULL first. Avoid ever choosing AUTH_NULL.
@@ -1650,12 +1668,29 @@ static void nfs_select_flavor(struct nfs_parsed_mount_data *args,
1650 } 1668 }
1651 } 1669 }
1652 1670
1671 /*
1672 * As a last chance, see if the server list contains AUTH_NULL -
1673 * if it does, use the default flavor.
1674 */
1675 for (i = 0; i < count; i++) {
1676 if (request->auth_flavs[i] == RPC_AUTH_NULL)
1677 goto out_default;
1678 }
1679
1680 dfprintk(MOUNT, "NFS: no auth flavors in common with server\n");
1681 goto out_err;
1682
1653out_default: 1683out_default:
1654 flavor = RPC_AUTH_UNIX; 1684 /* use default if flavor not already set */
1685 flavor = (args->auth_flavors[0] == RPC_AUTH_MAXFLAVOR) ?
1686 RPC_AUTH_UNIX : args->auth_flavors[0];
1655out_set: 1687out_set:
1656 args->auth_flavors[0] = flavor; 1688 args->auth_flavors[0] = flavor;
1657out: 1689out:
1658 dfprintk(MOUNT, "NFS: using auth flavor %d\n", args->auth_flavors[0]); 1690 dfprintk(MOUNT, "NFS: using auth flavor %d\n", args->auth_flavors[0]);
1691 return 0;
1692out_err:
1693 return -EACCES;
1659} 1694}
1660 1695
1661/* 1696/*
@@ -1718,8 +1753,7 @@ static int nfs_request_mount(struct nfs_parsed_mount_data *args,
1718 return status; 1753 return status;
1719 } 1754 }
1720 1755
1721 nfs_select_flavor(args, &request); 1756 return nfs_select_flavor(args, &request);
1722 return 0;
1723} 1757}
1724 1758
1725struct dentry *nfs_try_mount(int flags, const char *dev_name, 1759struct dentry *nfs_try_mount(int flags, const char *dev_name,
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-19 20:09:24 -0500