aboutsummaryrefslogtreecommitdiffstats
path: root/fs/nfs/super.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/nfs/super.c')
-rw-r--r--fs/nfs/super.c247
1 files changed, 87 insertions, 160 deletions
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 0b4cbdc60abd..9c85cdb353aa 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -158,7 +158,7 @@ static const match_table_t nfs_mount_option_tokens = {
158 { Opt_mountvers, "mountvers=%s" }, 158 { Opt_mountvers, "mountvers=%s" },
159 { Opt_nfsvers, "nfsvers=%s" }, 159 { Opt_nfsvers, "nfsvers=%s" },
160 { Opt_nfsvers, "vers=%s" }, 160 { Opt_nfsvers, "vers=%s" },
161 { Opt_minorversion, "minorversion=%u" }, 161 { Opt_minorversion, "minorversion=%s" },
162 162
163 { Opt_sec, "sec=%s" }, 163 { Opt_sec, "sec=%s" },
164 { Opt_proto, "proto=%s" }, 164 { Opt_proto, "proto=%s" },
@@ -742,129 +742,10 @@ static int nfs_verify_server_address(struct sockaddr *addr)
742 } 742 }
743 } 743 }
744 744
745 dfprintk(MOUNT, "NFS: Invalid IP address specified\n");
745 return 0; 746 return 0;
746} 747}
747 748
748static void nfs_parse_ipv4_address(char *string, size_t str_len,
749 struct sockaddr *sap, size_t *addr_len)
750{
751 struct sockaddr_in *sin = (struct sockaddr_in *)sap;
752 u8 *addr = (u8 *)&sin->sin_addr.s_addr;
753
754 if (str_len <= INET_ADDRSTRLEN) {
755 dfprintk(MOUNT, "NFS: parsing IPv4 address %*s\n",
756 (int)str_len, string);
757
758 sin->sin_family = AF_INET;
759 *addr_len = sizeof(*sin);
760 if (in4_pton(string, str_len, addr, '\0', NULL))
761 return;
762 }
763
764 sap->sa_family = AF_UNSPEC;
765 *addr_len = 0;
766}
767
768#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
769static int nfs_parse_ipv6_scope_id(const char *string, const size_t str_len,
770 const char *delim,
771 struct sockaddr_in6 *sin6)
772{
773 char *p;
774 size_t len;
775
776 if ((string + str_len) == delim)
777 return 1;
778
779 if (*delim != IPV6_SCOPE_DELIMITER)
780 return 0;
781
782 if (!(ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LINKLOCAL))
783 return 0;
784
785 len = (string + str_len) - delim - 1;
786 p = kstrndup(delim + 1, len, GFP_KERNEL);
787 if (p) {
788 unsigned long scope_id = 0;
789 struct net_device *dev;
790
791 dev = dev_get_by_name(&init_net, p);
792 if (dev != NULL) {
793 scope_id = dev->ifindex;
794 dev_put(dev);
795 } else {
796 if (strict_strtoul(p, 10, &scope_id) == 0) {
797 kfree(p);
798 return 0;
799 }
800 }
801
802 kfree(p);
803
804 sin6->sin6_scope_id = scope_id;
805 dfprintk(MOUNT, "NFS: IPv6 scope ID = %lu\n", scope_id);
806 return 1;
807 }
808
809 return 0;
810}
811
812static void nfs_parse_ipv6_address(char *string, size_t str_len,
813 struct sockaddr *sap, size_t *addr_len)
814{
815 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sap;
816 u8 *addr = (u8 *)&sin6->sin6_addr.in6_u;
817 const char *delim;
818
819 if (str_len <= INET6_ADDRSTRLEN) {
820 dfprintk(MOUNT, "NFS: parsing IPv6 address %*s\n",
821 (int)str_len, string);
822
823 sin6->sin6_family = AF_INET6;
824 *addr_len = sizeof(*sin6);
825 if (in6_pton(string, str_len, addr,
826 IPV6_SCOPE_DELIMITER, &delim) != 0) {
827 if (nfs_parse_ipv6_scope_id(string, str_len,
828 delim, sin6) != 0)
829 return;
830 }
831 }
832
833 sap->sa_family = AF_UNSPEC;
834 *addr_len = 0;
835}
836#else
837static void nfs_parse_ipv6_address(char *string, size_t str_len,
838 struct sockaddr *sap, size_t *addr_len)
839{
840 sap->sa_family = AF_UNSPEC;
841 *addr_len = 0;
842}
843#endif
844
845/*
846 * Construct a sockaddr based on the contents of a string that contains
847 * an IP address in presentation format.
848 *
849 * If there is a problem constructing the new sockaddr, set the address
850 * family to AF_UNSPEC.
851 */
852void nfs_parse_ip_address(char *string, size_t str_len,
853 struct sockaddr *sap, size_t *addr_len)
854{
855 unsigned int i, colons;
856
857 colons = 0;
858 for (i = 0; i < str_len; i++)
859 if (string[i] == ':')
860 colons++;
861
862 if (colons >= 2)
863 nfs_parse_ipv6_address(string, str_len, sap, addr_len);
864 else
865 nfs_parse_ipv4_address(string, str_len, sap, addr_len);
866}
867
868/* 749/*
869 * Sanity check the NFS transport protocol. 750 * Sanity check the NFS transport protocol.
870 * 751 *
@@ -904,8 +785,6 @@ static void nfs_set_mount_transport_protocol(struct nfs_parsed_mount_data *mnt)
904 785
905/* 786/*
906 * Parse the value of the 'sec=' option. 787 * Parse the value of the 'sec=' option.
907 *
908 * The flavor_len setting is for v4 mounts.
909 */ 788 */
910static int nfs_parse_security_flavors(char *value, 789static int nfs_parse_security_flavors(char *value,
911 struct nfs_parsed_mount_data *mnt) 790 struct nfs_parsed_mount_data *mnt)
@@ -916,53 +795,43 @@ static int nfs_parse_security_flavors(char *value,
916 795
917 switch (match_token(value, nfs_secflavor_tokens, args)) { 796 switch (match_token(value, nfs_secflavor_tokens, args)) {
918 case Opt_sec_none: 797 case Opt_sec_none:
919 mnt->auth_flavor_len = 0;
920 mnt->auth_flavors[0] = RPC_AUTH_NULL; 798 mnt->auth_flavors[0] = RPC_AUTH_NULL;
921 break; 799 break;
922 case Opt_sec_sys: 800 case Opt_sec_sys:
923 mnt->auth_flavor_len = 0;
924 mnt->auth_flavors[0] = RPC_AUTH_UNIX; 801 mnt->auth_flavors[0] = RPC_AUTH_UNIX;
925 break; 802 break;
926 case Opt_sec_krb5: 803 case Opt_sec_krb5:
927 mnt->auth_flavor_len = 1;
928 mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5; 804 mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5;
929 break; 805 break;
930 case Opt_sec_krb5i: 806 case Opt_sec_krb5i:
931 mnt->auth_flavor_len = 1;
932 mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5I; 807 mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5I;
933 break; 808 break;
934 case Opt_sec_krb5p: 809 case Opt_sec_krb5p:
935 mnt->auth_flavor_len = 1;
936 mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5P; 810 mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5P;
937 break; 811 break;
938 case Opt_sec_lkey: 812 case Opt_sec_lkey:
939 mnt->auth_flavor_len = 1;
940 mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEY; 813 mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEY;
941 break; 814 break;
942 case Opt_sec_lkeyi: 815 case Opt_sec_lkeyi:
943 mnt->auth_flavor_len = 1;
944 mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYI; 816 mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYI;
945 break; 817 break;
946 case Opt_sec_lkeyp: 818 case Opt_sec_lkeyp:
947 mnt->auth_flavor_len = 1;
948 mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYP; 819 mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYP;
949 break; 820 break;
950 case Opt_sec_spkm: 821 case Opt_sec_spkm:
951 mnt->auth_flavor_len = 1;
952 mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKM; 822 mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKM;
953 break; 823 break;
954 case Opt_sec_spkmi: 824 case Opt_sec_spkmi:
955 mnt->auth_flavor_len = 1;
956 mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMI; 825 mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMI;
957 break; 826 break;
958 case Opt_sec_spkmp: 827 case Opt_sec_spkmp:
959 mnt->auth_flavor_len = 1;
960 mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMP; 828 mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMP;
961 break; 829 break;
962 default: 830 default:
963 return 0; 831 return 0;
964 } 832 }
965 833
834 mnt->auth_flavor_len = 1;
966 return 1; 835 return 1;
967} 836}
968 837
@@ -1001,7 +870,6 @@ static int nfs_parse_mount_options(char *raw,
1001 while ((p = strsep(&raw, ",")) != NULL) { 870 while ((p = strsep(&raw, ",")) != NULL) {
1002 substring_t args[MAX_OPT_ARGS]; 871 substring_t args[MAX_OPT_ARGS];
1003 unsigned long option; 872 unsigned long option;
1004 int int_option;
1005 int token; 873 int token;
1006 874
1007 if (!*p) 875 if (!*p)
@@ -1273,11 +1141,16 @@ static int nfs_parse_mount_options(char *raw,
1273 } 1141 }
1274 break; 1142 break;
1275 case Opt_minorversion: 1143 case Opt_minorversion:
1276 if (match_int(args, &int_option)) 1144 string = match_strdup(args);
1277 return 0; 1145 if (string == NULL)
1278 if (int_option < 0 || int_option > NFS4_MAX_MINOR_VERSION) 1146 goto out_nomem;
1279 return 0; 1147 rc = strict_strtoul(string, 10, &option);
1280 mnt->minorversion = int_option; 1148 kfree(string);
1149 if (rc != 0)
1150 goto out_invalid_value;
1151 if (option > NFS4_MAX_MINOR_VERSION)
1152 goto out_invalid_value;
1153 mnt->minorversion = option;
1281 break; 1154 break;
1282 1155
1283 /* 1156 /*
@@ -1352,11 +1225,14 @@ static int nfs_parse_mount_options(char *raw,
1352 string = match_strdup(args); 1225 string = match_strdup(args);
1353 if (string == NULL) 1226 if (string == NULL)
1354 goto out_nomem; 1227 goto out_nomem;
1355 nfs_parse_ip_address(string, strlen(string), 1228 mnt->nfs_server.addrlen =
1356 (struct sockaddr *) 1229 rpc_pton(string, strlen(string),
1357 &mnt->nfs_server.address, 1230 (struct sockaddr *)
1358 &mnt->nfs_server.addrlen); 1231 &mnt->nfs_server.address,
1232 sizeof(mnt->nfs_server.address));
1359 kfree(string); 1233 kfree(string);
1234 if (mnt->nfs_server.addrlen == 0)
1235 goto out_invalid_address;
1360 break; 1236 break;
1361 case Opt_clientaddr: 1237 case Opt_clientaddr:
1362 string = match_strdup(args); 1238 string = match_strdup(args);
@@ -1376,11 +1252,14 @@ static int nfs_parse_mount_options(char *raw,
1376 string = match_strdup(args); 1252 string = match_strdup(args);
1377 if (string == NULL) 1253 if (string == NULL)
1378 goto out_nomem; 1254 goto out_nomem;
1379 nfs_parse_ip_address(string, strlen(string), 1255 mnt->mount_server.addrlen =
1380 (struct sockaddr *) 1256 rpc_pton(string, strlen(string),
1381 &mnt->mount_server.address, 1257 (struct sockaddr *)
1382 &mnt->mount_server.addrlen); 1258 &mnt->mount_server.address,
1259 sizeof(mnt->mount_server.address));
1383 kfree(string); 1260 kfree(string);
1261 if (mnt->mount_server.addrlen == 0)
1262 goto out_invalid_address;
1384 break; 1263 break;
1385 case Opt_lookupcache: 1264 case Opt_lookupcache:
1386 string = match_strdup(args); 1265 string = match_strdup(args);
@@ -1432,8 +1311,11 @@ static int nfs_parse_mount_options(char *raw,
1432 1311
1433 return 1; 1312 return 1;
1434 1313
1314out_invalid_address:
1315 printk(KERN_INFO "NFS: bad IP address specified: %s\n", p);
1316 return 0;
1435out_invalid_value: 1317out_invalid_value:
1436 printk(KERN_INFO "NFS: bad mount option value specified: %s \n", p); 1318 printk(KERN_INFO "NFS: bad mount option value specified: %s\n", p);
1437 return 0; 1319 return 0;
1438out_nomem: 1320out_nomem:
1439 printk(KERN_INFO "NFS: not enough memory to parse option\n"); 1321 printk(KERN_INFO "NFS: not enough memory to parse option\n");
@@ -1445,13 +1327,50 @@ out_security_failure:
1445} 1327}
1446 1328
1447/* 1329/*
1330 * Match the requested auth flavors with the list returned by
1331 * the server. Returns zero and sets the mount's authentication
1332 * flavor on success; returns -EACCES if server does not support
1333 * the requested flavor.
1334 */
1335static int nfs_walk_authlist(struct nfs_parsed_mount_data *args,
1336 struct nfs_mount_request *request)
1337{
1338 unsigned int i, j, server_authlist_len = *(request->auth_flav_len);
1339
1340 /*
1341 * We avoid sophisticated negotiating here, as there are
1342 * plenty of cases where we can get it wrong, providing
1343 * either too little or too much security.
1344 *
1345 * RFC 2623, section 2.7 suggests we SHOULD prefer the
1346 * flavor listed first. However, some servers list
1347 * AUTH_NULL first. Our caller plants AUTH_SYS, the
1348 * preferred default, in args->auth_flavors[0] if user
1349 * didn't specify sec= mount option.
1350 */
1351 for (i = 0; i < args->auth_flavor_len; i++)
1352 for (j = 0; j < server_authlist_len; j++)
1353 if (args->auth_flavors[i] == request->auth_flavs[j]) {
1354 dfprintk(MOUNT, "NFS: using auth flavor %d\n",
1355 request->auth_flavs[j]);
1356 args->auth_flavors[0] = request->auth_flavs[j];
1357 return 0;
1358 }
1359
1360 dfprintk(MOUNT, "NFS: server does not support requested auth flavor\n");
1361 nfs_umount(request);
1362 return -EACCES;
1363}
1364
1365/*
1448 * Use the remote server's MOUNT service to request the NFS file handle 1366 * Use the remote server's MOUNT service to request the NFS file handle
1449 * corresponding to the provided path. 1367 * corresponding to the provided path.
1450 */ 1368 */
1451static int nfs_try_mount(struct nfs_parsed_mount_data *args, 1369static int nfs_try_mount(struct nfs_parsed_mount_data *args,
1452 struct nfs_fh *root_fh) 1370 struct nfs_fh *root_fh)
1453{ 1371{
1454 unsigned int auth_flavor_len = 0; 1372 rpc_authflavor_t server_authlist[NFS_MAX_SECFLAVORS];
1373 unsigned int server_authlist_len = ARRAY_SIZE(server_authlist);
1455 struct nfs_mount_request request = { 1374 struct nfs_mount_request request = {
1456 .sap = (struct sockaddr *) 1375 .sap = (struct sockaddr *)
1457 &args->mount_server.address, 1376 &args->mount_server.address,
@@ -1459,7 +1378,8 @@ static int nfs_try_mount(struct nfs_parsed_mount_data *args,
1459 .protocol = args->mount_server.protocol, 1378 .protocol = args->mount_server.protocol,
1460 .fh = root_fh, 1379 .fh = root_fh,
1461 .noresvport = args->flags & NFS_MOUNT_NORESVPORT, 1380 .noresvport = args->flags & NFS_MOUNT_NORESVPORT,
1462 .auth_flav_len = &auth_flavor_len, 1381 .auth_flav_len = &server_authlist_len,
1382 .auth_flavs = server_authlist,
1463 }; 1383 };
1464 int status; 1384 int status;
1465 1385
@@ -1489,19 +1409,25 @@ static int nfs_try_mount(struct nfs_parsed_mount_data *args,
1489 /* 1409 /*
1490 * autobind will be used if mount_server.port == 0 1410 * autobind will be used if mount_server.port == 0
1491 */ 1411 */
1492 nfs_set_port(request.sap, args->mount_server.port); 1412 rpc_set_port(request.sap, args->mount_server.port);
1493 1413
1494 /* 1414 /*
1495 * Now ask the mount server to map our export path 1415 * Now ask the mount server to map our export path
1496 * to a file handle. 1416 * to a file handle.
1497 */ 1417 */
1498 status = nfs_mount(&request); 1418 status = nfs_mount(&request);
1499 if (status == 0) 1419 if (status != 0) {
1500 return 0; 1420 dfprintk(MOUNT, "NFS: unable to mount server %s, error %d\n",
1421 request.hostname, status);
1422 return status;
1423 }
1501 1424
1502 dfprintk(MOUNT, "NFS: unable to mount server %s, error %d\n", 1425 /*
1503 request.hostname, status); 1426 * MNTv1 (NFSv2) does not support auth flavor negotiation.
1504 return status; 1427 */
1428 if (args->mount_server.version != NFS_MNT3_VERSION)
1429 return 0;
1430 return nfs_walk_authlist(args, &request);
1505} 1431}
1506 1432
1507static int nfs_parse_simple_hostname(const char *dev_name, 1433static int nfs_parse_simple_hostname(const char *dev_name,
@@ -1676,6 +1602,7 @@ static int nfs_validate_mount_data(void *options,
1676 args->nfs_server.port = 0; /* autobind unless user sets port */ 1602 args->nfs_server.port = 0; /* autobind unless user sets port */
1677 args->nfs_server.protocol = XPRT_TRANSPORT_TCP; 1603 args->nfs_server.protocol = XPRT_TRANSPORT_TCP;
1678 args->auth_flavors[0] = RPC_AUTH_UNIX; 1604 args->auth_flavors[0] = RPC_AUTH_UNIX;
1605 args->auth_flavor_len = 1;
1679 1606
1680 switch (data->version) { 1607 switch (data->version) {
1681 case 1: 1608 case 1:
@@ -1776,7 +1703,7 @@ static int nfs_validate_mount_data(void *options,
1776 &args->nfs_server.address)) 1703 &args->nfs_server.address))
1777 goto out_no_address; 1704 goto out_no_address;
1778 1705
1779 nfs_set_port((struct sockaddr *)&args->nfs_server.address, 1706 rpc_set_port((struct sockaddr *)&args->nfs_server.address,
1780 args->nfs_server.port); 1707 args->nfs_server.port);
1781 1708
1782 nfs_set_mount_transport_protocol(args); 1709 nfs_set_mount_transport_protocol(args);
@@ -2339,7 +2266,7 @@ static int nfs4_validate_mount_data(void *options,
2339 args->acdirmax = NFS_DEF_ACDIRMAX; 2266 args->acdirmax = NFS_DEF_ACDIRMAX;
2340 args->nfs_server.port = NFS_PORT; /* 2049 unless user set port= */ 2267 args->nfs_server.port = NFS_PORT; /* 2049 unless user set port= */
2341 args->auth_flavors[0] = RPC_AUTH_UNIX; 2268 args->auth_flavors[0] = RPC_AUTH_UNIX;
2342 args->auth_flavor_len = 0; 2269 args->auth_flavor_len = 1;
2343 args->minorversion = 0; 2270 args->minorversion = 0;
2344 2271
2345 switch (data->version) { 2272 switch (data->version) {
@@ -2409,7 +2336,7 @@ static int nfs4_validate_mount_data(void *options,
2409 &args->nfs_server.address)) 2336 &args->nfs_server.address))
2410 return -EINVAL; 2337 return -EINVAL;
2411 2338
2412 nfs_set_port((struct sockaddr *)&args->nfs_server.address, 2339 rpc_set_port((struct sockaddr *)&args->nfs_server.address,
2413 args->nfs_server.port); 2340 args->nfs_server.port);
2414 2341
2415 nfs_validate_transport_protocol(args); 2342 nfs_validate_transport_protocol(args);
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-14 22:36:15 -0500