aboutsummaryrefslogtreecommitdiffstats
path: root/fs/nfs/namespace.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/nfs/namespace.c')
-rw-r--r--fs/nfs/namespace.c113
1 files changed, 107 insertions, 6 deletions
diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c
index c0b8344db0c6..89fc160fd5b0 100644
--- a/fs/nfs/namespace.c
+++ b/fs/nfs/namespace.c
@@ -15,6 +15,7 @@
15#include <linux/string.h> 15#include <linux/string.h>
16#include <linux/sunrpc/clnt.h> 16#include <linux/sunrpc/clnt.h>
17#include <linux/vfs.h> 17#include <linux/vfs.h>
18#include <linux/sunrpc/gss_api.h>
18#include "internal.h" 19#include "internal.h"
19 20
20#define NFSDBG_FACILITY NFSDBG_VFS 21#define NFSDBG_FACILITY NFSDBG_VFS
@@ -27,7 +28,8 @@ int nfs_mountpoint_expiry_timeout = 500 * HZ;
27 28
28static struct vfsmount *nfs_do_submount(struct dentry *dentry, 29static struct vfsmount *nfs_do_submount(struct dentry *dentry,
29 struct nfs_fh *fh, 30 struct nfs_fh *fh,
30 struct nfs_fattr *fattr); 31 struct nfs_fattr *fattr,
32 rpc_authflavor_t authflavor);
31 33
32/* 34/*
33 * nfs_path - reconstruct the path given an arbitrary dentry 35 * nfs_path - reconstruct the path given an arbitrary dentry
@@ -98,7 +100,7 @@ rename_retry:
98 namelen--; 100 namelen--;
99 buflen -= namelen; 101 buflen -= namelen;
100 if (buflen < 0) { 102 if (buflen < 0) {
101 spin_lock(&dentry->d_lock); 103 spin_unlock(&dentry->d_lock);
102 rcu_read_unlock(); 104 rcu_read_unlock();
103 goto Elong; 105 goto Elong;
104 } 106 }
@@ -108,7 +110,7 @@ rename_retry:
108 rcu_read_unlock(); 110 rcu_read_unlock();
109 return end; 111 return end;
110Elong_unlock: 112Elong_unlock:
111 spin_lock(&dentry->d_lock); 113 spin_unlock(&dentry->d_lock);
112 rcu_read_unlock(); 114 rcu_read_unlock();
113 if (read_seqretry(&rename_lock, seq)) 115 if (read_seqretry(&rename_lock, seq))
114 goto rename_retry; 116 goto rename_retry;
@@ -116,6 +118,99 @@ Elong:
116 return ERR_PTR(-ENAMETOOLONG); 118 return ERR_PTR(-ENAMETOOLONG);
117} 119}
118 120
121#ifdef CONFIG_NFS_V4
122static rpc_authflavor_t nfs_find_best_sec(struct nfs4_secinfo_flavors *flavors, struct inode *inode)
123{
124 struct gss_api_mech *mech;
125 struct xdr_netobj oid;
126 int i;
127 rpc_authflavor_t pseudoflavor = RPC_AUTH_UNIX;
128
129 for (i = 0; i < flavors->num_flavors; i++) {
130 struct nfs4_secinfo_flavor *flavor;
131 flavor = &flavors->flavors[i];
132
133 if (flavor->flavor == RPC_AUTH_NULL || flavor->flavor == RPC_AUTH_UNIX) {
134 pseudoflavor = flavor->flavor;
135 break;
136 } else if (flavor->flavor == RPC_AUTH_GSS) {
137 oid.len = flavor->gss.sec_oid4.len;
138 oid.data = flavor->gss.sec_oid4.data;
139 mech = gss_mech_get_by_OID(&oid);
140 if (!mech)
141 continue;
142 pseudoflavor = gss_svc_to_pseudoflavor(mech, flavor->gss.service);
143 gss_mech_put(mech);
144 break;
145 }
146 }
147
148 return pseudoflavor;
149}
150
151static int nfs_negotiate_security(const struct dentry *parent,
152 const struct dentry *dentry,
153 rpc_authflavor_t *flavor)
154{
155 struct page *page;
156 struct nfs4_secinfo_flavors *flavors;
157 int (*secinfo)(struct inode *, const struct qstr *, struct nfs4_secinfo_flavors *);
158 int ret = -EPERM;
159
160 secinfo = NFS_PROTO(parent->d_inode)->secinfo;
161 if (secinfo != NULL) {
162 page = alloc_page(GFP_KERNEL);
163 if (!page) {
164 ret = -ENOMEM;
165 goto out;
166 }
167 flavors = page_address(page);
168 ret = secinfo(parent->d_inode, &dentry->d_name, flavors);
169 *flavor = nfs_find_best_sec(flavors, dentry->d_inode);
170 put_page(page);
171 }
172
173out:
174 return ret;
175}
176
177static int nfs_lookup_with_sec(struct nfs_server *server, struct dentry *parent,
178 struct dentry *dentry, struct path *path,
179 struct nfs_fh *fh, struct nfs_fattr *fattr,
180 rpc_authflavor_t *flavor)
181{
182 struct rpc_clnt *clone;
183 struct rpc_auth *auth;
184 int err;
185
186 err = nfs_negotiate_security(parent, path->dentry, flavor);
187 if (err < 0)
188 goto out;
189 clone = rpc_clone_client(server->client);
190 auth = rpcauth_create(*flavor, clone);
191 if (!auth) {
192 err = -EIO;
193 goto out_shutdown;
194 }
195 err = server->nfs_client->rpc_ops->lookup(clone, parent->d_inode,
196 &path->dentry->d_name,
197 fh, fattr);
198out_shutdown:
199 rpc_shutdown_client(clone);
200out:
201 return err;
202}
203#else /* CONFIG_NFS_V4 */
204static inline int nfs_lookup_with_sec(struct nfs_server *server,
205 struct dentry *parent, struct dentry *dentry,
206 struct path *path, struct nfs_fh *fh,
207 struct nfs_fattr *fattr,
208 rpc_authflavor_t *flavor)
209{
210 return -EPERM;
211}
212#endif /* CONFIG_NFS_V4 */
213
119/* 214/*
120 * nfs_d_automount - Handle crossing a mountpoint on the server 215 * nfs_d_automount - Handle crossing a mountpoint on the server
121 * @path - The mountpoint 216 * @path - The mountpoint
@@ -136,6 +231,7 @@ struct vfsmount *nfs_d_automount(struct path *path)
136 struct nfs_fh *fh = NULL; 231 struct nfs_fh *fh = NULL;
137 struct nfs_fattr *fattr = NULL; 232 struct nfs_fattr *fattr = NULL;
138 int err; 233 int err;
234 rpc_authflavor_t flavor = RPC_AUTH_UNIX;
139 235
140 dprintk("--> nfs_d_automount()\n"); 236 dprintk("--> nfs_d_automount()\n");
141 237
@@ -153,9 +249,11 @@ struct vfsmount *nfs_d_automount(struct path *path)
153 249
154 /* Look it up again to get its attributes */ 250 /* Look it up again to get its attributes */
155 parent = dget_parent(path->dentry); 251 parent = dget_parent(path->dentry);
156 err = server->nfs_client->rpc_ops->lookup(parent->d_inode, 252 err = server->nfs_client->rpc_ops->lookup(server->client, parent->d_inode,
157 &path->dentry->d_name, 253 &path->dentry->d_name,
158 fh, fattr); 254 fh, fattr);
255 if (err == -EPERM && NFS_PROTO(parent->d_inode)->secinfo != NULL)
256 err = nfs_lookup_with_sec(server, parent, path->dentry, path, fh, fattr, &flavor);
159 dput(parent); 257 dput(parent);
160 if (err != 0) { 258 if (err != 0) {
161 mnt = ERR_PTR(err); 259 mnt = ERR_PTR(err);
@@ -165,7 +263,7 @@ struct vfsmount *nfs_d_automount(struct path *path)
165 if (fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) 263 if (fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL)
166 mnt = nfs_do_refmount(path->dentry); 264 mnt = nfs_do_refmount(path->dentry);
167 else 265 else
168 mnt = nfs_do_submount(path->dentry, fh, fattr); 266 mnt = nfs_do_submount(path->dentry, fh, fattr, flavor);
169 if (IS_ERR(mnt)) 267 if (IS_ERR(mnt))
170 goto out; 268 goto out;
171 269
@@ -232,17 +330,20 @@ static struct vfsmount *nfs_do_clone_mount(struct nfs_server *server,
232 * @dentry - parent directory 330 * @dentry - parent directory
233 * @fh - filehandle for new root dentry 331 * @fh - filehandle for new root dentry
234 * @fattr - attributes for new root inode 332 * @fattr - attributes for new root inode
333 * @authflavor - security flavor to use when performing the mount
235 * 334 *
236 */ 335 */
237static struct vfsmount *nfs_do_submount(struct dentry *dentry, 336static struct vfsmount *nfs_do_submount(struct dentry *dentry,
238 struct nfs_fh *fh, 337 struct nfs_fh *fh,
239 struct nfs_fattr *fattr) 338 struct nfs_fattr *fattr,
339 rpc_authflavor_t authflavor)
240{ 340{
241 struct nfs_clone_mount mountdata = { 341 struct nfs_clone_mount mountdata = {
242 .sb = dentry->d_sb, 342 .sb = dentry->d_sb,
243 .dentry = dentry, 343 .dentry = dentry,
244 .fh = fh, 344 .fh = fh,
245 .fattr = fattr, 345 .fattr = fattr,
346 .authflavor = authflavor,
246 }; 347 };
247 struct vfsmount *mnt = ERR_PTR(-ENOMEM); 348 struct vfsmount *mnt = ERR_PTR(-ENOMEM);
248 char *page = (char *) __get_free_page(GFP_USER); 349 char *page = (char *) __get_free_page(GFP_USER);