diff options
Diffstat (limited to 'fs/nfs/namespace.c')
-rw-r--r-- | fs/nfs/namespace.c | 113 |
1 files changed, 107 insertions, 6 deletions
diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c index c0b8344db0c6..89fc160fd5b0 100644 --- a/fs/nfs/namespace.c +++ b/fs/nfs/namespace.c | |||
@@ -15,6 +15,7 @@ | |||
15 | #include <linux/string.h> | 15 | #include <linux/string.h> |
16 | #include <linux/sunrpc/clnt.h> | 16 | #include <linux/sunrpc/clnt.h> |
17 | #include <linux/vfs.h> | 17 | #include <linux/vfs.h> |
18 | #include <linux/sunrpc/gss_api.h> | ||
18 | #include "internal.h" | 19 | #include "internal.h" |
19 | 20 | ||
20 | #define NFSDBG_FACILITY NFSDBG_VFS | 21 | #define NFSDBG_FACILITY NFSDBG_VFS |
@@ -27,7 +28,8 @@ int nfs_mountpoint_expiry_timeout = 500 * HZ; | |||
27 | 28 | ||
28 | static struct vfsmount *nfs_do_submount(struct dentry *dentry, | 29 | static struct vfsmount *nfs_do_submount(struct dentry *dentry, |
29 | struct nfs_fh *fh, | 30 | struct nfs_fh *fh, |
30 | struct nfs_fattr *fattr); | 31 | struct nfs_fattr *fattr, |
32 | rpc_authflavor_t authflavor); | ||
31 | 33 | ||
32 | /* | 34 | /* |
33 | * nfs_path - reconstruct the path given an arbitrary dentry | 35 | * nfs_path - reconstruct the path given an arbitrary dentry |
@@ -98,7 +100,7 @@ rename_retry: | |||
98 | namelen--; | 100 | namelen--; |
99 | buflen -= namelen; | 101 | buflen -= namelen; |
100 | if (buflen < 0) { | 102 | if (buflen < 0) { |
101 | spin_lock(&dentry->d_lock); | 103 | spin_unlock(&dentry->d_lock); |
102 | rcu_read_unlock(); | 104 | rcu_read_unlock(); |
103 | goto Elong; | 105 | goto Elong; |
104 | } | 106 | } |
@@ -108,7 +110,7 @@ rename_retry: | |||
108 | rcu_read_unlock(); | 110 | rcu_read_unlock(); |
109 | return end; | 111 | return end; |
110 | Elong_unlock: | 112 | Elong_unlock: |
111 | spin_lock(&dentry->d_lock); | 113 | spin_unlock(&dentry->d_lock); |
112 | rcu_read_unlock(); | 114 | rcu_read_unlock(); |
113 | if (read_seqretry(&rename_lock, seq)) | 115 | if (read_seqretry(&rename_lock, seq)) |
114 | goto rename_retry; | 116 | goto rename_retry; |
@@ -116,6 +118,99 @@ Elong: | |||
116 | return ERR_PTR(-ENAMETOOLONG); | 118 | return ERR_PTR(-ENAMETOOLONG); |
117 | } | 119 | } |
118 | 120 | ||
121 | #ifdef CONFIG_NFS_V4 | ||
122 | static rpc_authflavor_t nfs_find_best_sec(struct nfs4_secinfo_flavors *flavors, struct inode *inode) | ||
123 | { | ||
124 | struct gss_api_mech *mech; | ||
125 | struct xdr_netobj oid; | ||
126 | int i; | ||
127 | rpc_authflavor_t pseudoflavor = RPC_AUTH_UNIX; | ||
128 | |||
129 | for (i = 0; i < flavors->num_flavors; i++) { | ||
130 | struct nfs4_secinfo_flavor *flavor; | ||
131 | flavor = &flavors->flavors[i]; | ||
132 | |||
133 | if (flavor->flavor == RPC_AUTH_NULL || flavor->flavor == RPC_AUTH_UNIX) { | ||
134 | pseudoflavor = flavor->flavor; | ||
135 | break; | ||
136 | } else if (flavor->flavor == RPC_AUTH_GSS) { | ||
137 | oid.len = flavor->gss.sec_oid4.len; | ||
138 | oid.data = flavor->gss.sec_oid4.data; | ||
139 | mech = gss_mech_get_by_OID(&oid); | ||
140 | if (!mech) | ||
141 | continue; | ||
142 | pseudoflavor = gss_svc_to_pseudoflavor(mech, flavor->gss.service); | ||
143 | gss_mech_put(mech); | ||
144 | break; | ||
145 | } | ||
146 | } | ||
147 | |||
148 | return pseudoflavor; | ||
149 | } | ||
150 | |||
151 | static int nfs_negotiate_security(const struct dentry *parent, | ||
152 | const struct dentry *dentry, | ||
153 | rpc_authflavor_t *flavor) | ||
154 | { | ||
155 | struct page *page; | ||
156 | struct nfs4_secinfo_flavors *flavors; | ||
157 | int (*secinfo)(struct inode *, const struct qstr *, struct nfs4_secinfo_flavors *); | ||
158 | int ret = -EPERM; | ||
159 | |||
160 | secinfo = NFS_PROTO(parent->d_inode)->secinfo; | ||
161 | if (secinfo != NULL) { | ||
162 | page = alloc_page(GFP_KERNEL); | ||
163 | if (!page) { | ||
164 | ret = -ENOMEM; | ||
165 | goto out; | ||
166 | } | ||
167 | flavors = page_address(page); | ||
168 | ret = secinfo(parent->d_inode, &dentry->d_name, flavors); | ||
169 | *flavor = nfs_find_best_sec(flavors, dentry->d_inode); | ||
170 | put_page(page); | ||
171 | } | ||
172 | |||
173 | out: | ||
174 | return ret; | ||
175 | } | ||
176 | |||
177 | static int nfs_lookup_with_sec(struct nfs_server *server, struct dentry *parent, | ||
178 | struct dentry *dentry, struct path *path, | ||
179 | struct nfs_fh *fh, struct nfs_fattr *fattr, | ||
180 | rpc_authflavor_t *flavor) | ||
181 | { | ||
182 | struct rpc_clnt *clone; | ||
183 | struct rpc_auth *auth; | ||
184 | int err; | ||
185 | |||
186 | err = nfs_negotiate_security(parent, path->dentry, flavor); | ||
187 | if (err < 0) | ||
188 | goto out; | ||
189 | clone = rpc_clone_client(server->client); | ||
190 | auth = rpcauth_create(*flavor, clone); | ||
191 | if (!auth) { | ||
192 | err = -EIO; | ||
193 | goto out_shutdown; | ||
194 | } | ||
195 | err = server->nfs_client->rpc_ops->lookup(clone, parent->d_inode, | ||
196 | &path->dentry->d_name, | ||
197 | fh, fattr); | ||
198 | out_shutdown: | ||
199 | rpc_shutdown_client(clone); | ||
200 | out: | ||
201 | return err; | ||
202 | } | ||
203 | #else /* CONFIG_NFS_V4 */ | ||
204 | static inline int nfs_lookup_with_sec(struct nfs_server *server, | ||
205 | struct dentry *parent, struct dentry *dentry, | ||
206 | struct path *path, struct nfs_fh *fh, | ||
207 | struct nfs_fattr *fattr, | ||
208 | rpc_authflavor_t *flavor) | ||
209 | { | ||
210 | return -EPERM; | ||
211 | } | ||
212 | #endif /* CONFIG_NFS_V4 */ | ||
213 | |||
119 | /* | 214 | /* |
120 | * nfs_d_automount - Handle crossing a mountpoint on the server | 215 | * nfs_d_automount - Handle crossing a mountpoint on the server |
121 | * @path - The mountpoint | 216 | * @path - The mountpoint |
@@ -136,6 +231,7 @@ struct vfsmount *nfs_d_automount(struct path *path) | |||
136 | struct nfs_fh *fh = NULL; | 231 | struct nfs_fh *fh = NULL; |
137 | struct nfs_fattr *fattr = NULL; | 232 | struct nfs_fattr *fattr = NULL; |
138 | int err; | 233 | int err; |
234 | rpc_authflavor_t flavor = RPC_AUTH_UNIX; | ||
139 | 235 | ||
140 | dprintk("--> nfs_d_automount()\n"); | 236 | dprintk("--> nfs_d_automount()\n"); |
141 | 237 | ||
@@ -153,9 +249,11 @@ struct vfsmount *nfs_d_automount(struct path *path) | |||
153 | 249 | ||
154 | /* Look it up again to get its attributes */ | 250 | /* Look it up again to get its attributes */ |
155 | parent = dget_parent(path->dentry); | 251 | parent = dget_parent(path->dentry); |
156 | err = server->nfs_client->rpc_ops->lookup(parent->d_inode, | 252 | err = server->nfs_client->rpc_ops->lookup(server->client, parent->d_inode, |
157 | &path->dentry->d_name, | 253 | &path->dentry->d_name, |
158 | fh, fattr); | 254 | fh, fattr); |
255 | if (err == -EPERM && NFS_PROTO(parent->d_inode)->secinfo != NULL) | ||
256 | err = nfs_lookup_with_sec(server, parent, path->dentry, path, fh, fattr, &flavor); | ||
159 | dput(parent); | 257 | dput(parent); |
160 | if (err != 0) { | 258 | if (err != 0) { |
161 | mnt = ERR_PTR(err); | 259 | mnt = ERR_PTR(err); |
@@ -165,7 +263,7 @@ struct vfsmount *nfs_d_automount(struct path *path) | |||
165 | if (fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) | 263 | if (fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) |
166 | mnt = nfs_do_refmount(path->dentry); | 264 | mnt = nfs_do_refmount(path->dentry); |
167 | else | 265 | else |
168 | mnt = nfs_do_submount(path->dentry, fh, fattr); | 266 | mnt = nfs_do_submount(path->dentry, fh, fattr, flavor); |
169 | if (IS_ERR(mnt)) | 267 | if (IS_ERR(mnt)) |
170 | goto out; | 268 | goto out; |
171 | 269 | ||
@@ -232,17 +330,20 @@ static struct vfsmount *nfs_do_clone_mount(struct nfs_server *server, | |||
232 | * @dentry - parent directory | 330 | * @dentry - parent directory |
233 | * @fh - filehandle for new root dentry | 331 | * @fh - filehandle for new root dentry |
234 | * @fattr - attributes for new root inode | 332 | * @fattr - attributes for new root inode |
333 | * @authflavor - security flavor to use when performing the mount | ||
235 | * | 334 | * |
236 | */ | 335 | */ |
237 | static struct vfsmount *nfs_do_submount(struct dentry *dentry, | 336 | static struct vfsmount *nfs_do_submount(struct dentry *dentry, |
238 | struct nfs_fh *fh, | 337 | struct nfs_fh *fh, |
239 | struct nfs_fattr *fattr) | 338 | struct nfs_fattr *fattr, |
339 | rpc_authflavor_t authflavor) | ||
240 | { | 340 | { |
241 | struct nfs_clone_mount mountdata = { | 341 | struct nfs_clone_mount mountdata = { |
242 | .sb = dentry->d_sb, | 342 | .sb = dentry->d_sb, |
243 | .dentry = dentry, | 343 | .dentry = dentry, |
244 | .fh = fh, | 344 | .fh = fh, |
245 | .fattr = fattr, | 345 | .fattr = fattr, |
346 | .authflavor = authflavor, | ||
246 | }; | 347 | }; |
247 | struct vfsmount *mnt = ERR_PTR(-ENOMEM); | 348 | struct vfsmount *mnt = ERR_PTR(-ENOMEM); |
248 | char *page = (char *) __get_free_page(GFP_USER); | 349 | char *page = (char *) __get_free_page(GFP_USER); |