2 files changed, 55 insertions, 4 deletions
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 0d79a88f4de9..e4f84f013b57 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1686,6 +1686,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
                        The default is to send the implementation identification
                        information.
+        nfsd.nfs4_disable_idmapping=
+                        [NFSv4] When set to the default of '1', the NFSv4
+                        server will return only numeric uids and gids to
+                        clients using auth_sys, and will accept numeric uids
+                        and gids from such clients.  This is intended to ease
+                        migration from NFSv2/v3.
        objlayoutdriver.osd_login_prog=
                        [NFS] [OBJLAYOUT] sets the pathname to the program which
diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c
index 94096273cd6c..69ca9c5bb600 100644
--- a/fs/nfsd/nfs4idmap.c
+++ b/fs/nfsd/nfs4idmap.c
@@ -41,6 +41,14 @@
 #include "nfsd.h"
 /*
+ * Turn off idmapping when using AUTH_SYS.
+ */
+static bool nfs4_disable_idmapping = true;
+module_param(nfs4_disable_idmapping, bool, 0644);
+MODULE_PARM_DESC(nfs4_disable_idmapping,
+                "Turn off server's NFSv4 idmapping when using 'sec=sys'");
+/*
 * Cache entry
 */
@@ -561,28 +569,65 @@ idmap_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name)
        return ret;
 }
+static bool
+numeric_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, uid_t *id)
+{
+        int ret;
+        char buf[11];
+        if (namelen + 1 > sizeof(buf))
+                /* too long to represent a 32-bit id: */
+                return false;
+        /* Just to make sure it's null-terminated: */
+        memcpy(buf, name, namelen);
+        buf[namelen] = '\0';
+        ret = strict_strtoul(name, 10, (unsigned long *)id);
+        return ret == 0;
+}
+static __be32
+do_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, uid_t *id)
+{
+        if (nfs4_disable_idmapping && rqstp->rq_flavor < RPC_AUTH_GSS)
+                if (numeric_name_to_id(rqstp, type, name, namelen, id))
+                        return 0;
+                /*
+                 * otherwise, fall through and try idmapping, for
+                 * backwards compatibility with clients sending names:
+                 */
+        return idmap_name_to_id(rqstp, type, name, namelen, id);
+}
+static int
+do_id_to_name(struct svc_rqst *rqstp, int type, uid_t id, char *name)
+{
+        if (nfs4_disable_idmapping && rqstp->rq_flavor < RPC_AUTH_GSS)
+                return sprintf(name, "%u", id);
+        return idmap_id_to_name(rqstp, type, id, name);
+}
 __be32
 nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen,
                __u32 *id)
 {
-        return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id);
+        return do_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id);
 }
 __be32
 nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen,
                __u32 *id)
 {
-        return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id);
+        return do_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id);
 }
 int
 nfsd_map_uid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
 {
-        return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name);
+        return do_id_to_name(rqstp, IDMAP_TYPE_USER, id, name);
 }
 int
 nfsd_map_gid_to_name(struct svc_rqst *rqstp, __u32 id, char *name)
 {
-        return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name);
+        return do_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name);
 }

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index 0d79a88f4de9..e4f84f013b57 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt
@@ -1686,6 +1686,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
1686	The default is to send the implementation identification	1686	The default is to send the implementation identification
1687	information.	1687	information.
1688		1688
		1689	nfsd.nfs4_disable_idmapping=
		1690	[NFSv4] When set to the default of '1', the NFSv4
		1691	server will return only numeric uids and gids to
		1692	clients using auth_sys, and will accept numeric uids
		1693	and gids from such clients. This is intended to ease
		1694	migration from NFSv2/v3.
1689		1695
1690	objlayoutdriver.osd_login_prog=	1696	objlayoutdriver.osd_login_prog=
1691	[NFS] [OBJLAYOUT] sets the pathname to the program which	1697	[NFS] [OBJLAYOUT] sets the pathname to the program which


diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c index 94096273cd6c..69ca9c5bb600 100644 --- a/fs/nfsd/nfs4idmap.c +++ b/fs/nfsd/nfs4idmap.c
@@ -41,6 +41,14 @@
41	#include "nfsd.h"	41	#include "nfsd.h"
42		42
43	/*	43	/*
		44	* Turn off idmapping when using AUTH_SYS.
		45	*/
		46	static bool nfs4_disable_idmapping = true;
		47	module_param(nfs4_disable_idmapping, bool, 0644);
		48	MODULE_PARM_DESC(nfs4_disable_idmapping,
		49	"Turn off server's NFSv4 idmapping when using 'sec=sys'");
		50
		51	/*
44	* Cache entry	52	* Cache entry
45	*/	53	*/
46		54
@@ -561,28 +569,65 @@ idmap_id_to_name(struct svc_rqst rqstp, int type, uid_t id, char name)
561	return ret;	569	return ret;
562	}	570	}
563		571
		572	static bool
		573	numeric_name_to_id(struct svc_rqst rqstp, int type, const char name, u32 namelen, uid_t *id)
		574	{
		575	int ret;
		576	char buf[11];
		577
		578	if (namelen + 1 > sizeof(buf))
		579	/* too long to represent a 32-bit id: */
		580	return false;
		581	/* Just to make sure it's null-terminated: */
		582	memcpy(buf, name, namelen);
		583	buf[namelen] = '\0';
		584	ret = strict_strtoul(name, 10, (unsigned long *)id);
		585	return ret == 0;
		586	}
		587
		588	static __be32
		589	do_name_to_id(struct svc_rqst rqstp, int type, const char name, u32 namelen, uid_t *id)
		590	{
		591	if (nfs4_disable_idmapping && rqstp->rq_flavor < RPC_AUTH_GSS)
		592	if (numeric_name_to_id(rqstp, type, name, namelen, id))
		593	return 0;
		594	/*
		595	* otherwise, fall through and try idmapping, for
		596	* backwards compatibility with clients sending names:
		597	*/
		598	return idmap_name_to_id(rqstp, type, name, namelen, id);
		599	}
		600
		601	static int
		602	do_id_to_name(struct svc_rqst rqstp, int type, uid_t id, char name)
		603	{
		604	if (nfs4_disable_idmapping && rqstp->rq_flavor < RPC_AUTH_GSS)
		605	return sprintf(name, "%u", id);
		606	return idmap_id_to_name(rqstp, type, id, name);
		607	}
		608
564	__be32	609	__be32
565	nfsd_map_name_to_uid(struct svc_rqst rqstp, const char name, size_t namelen,	610	nfsd_map_name_to_uid(struct svc_rqst rqstp, const char name, size_t namelen,
566	__u32 *id)	611	__u32 *id)
567	{	612	{
568	return idmap_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id);	613	return do_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, id);
569	}	614	}
570		615
571	__be32	616	__be32
572	nfsd_map_name_to_gid(struct svc_rqst rqstp, const char name, size_t namelen,	617	nfsd_map_name_to_gid(struct svc_rqst rqstp, const char name, size_t namelen,
573	__u32 *id)	618	__u32 *id)
574	{	619	{
575	return idmap_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id);	620	return do_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, id);
576	}	621	}
577		622
578	int	623	int
579	nfsd_map_uid_to_name(struct svc_rqst rqstp, __u32 id, char name)	624	nfsd_map_uid_to_name(struct svc_rqst rqstp, __u32 id, char name)
580	{	625	{
581	return idmap_id_to_name(rqstp, IDMAP_TYPE_USER, id, name);	626	return do_id_to_name(rqstp, IDMAP_TYPE_USER, id, name);
582	}	627	}
583		628
584	int	629	int
585	nfsd_map_gid_to_name(struct svc_rqst rqstp, __u32 id, char name)	630	nfsd_map_gid_to_name(struct svc_rqst rqstp, __u32 id, char name)
586	{	631	{
587	return idmap_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name);	632	return do_id_to_name(rqstp, IDMAP_TYPE_GROUP, id, name);
588	}	633	}