Return-Path: Received: from fieldses.org ([174.143.236.118]:60085 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1760553Ab1F1TGk (ORCPT ); Tue, 28 Jun 2011 15:06:40 -0400 Date: Tue, 28 Jun 2011 15:06:40 -0400 To: Chuck Lever Cc: linux-nfs@vger.kernel.org Subject: Re: [PATCH 2/2] NFS: Allow sec=none mounts in certain cases Message-ID: <20110628190640.GB26517@fieldses.org> References: <20110628181324.2866.98154.stgit@seurat.1015granger.net> <20110628182540.2866.42553.stgit@seurat.1015granger.net> Content-Type: text/plain; charset=us-ascii In-Reply-To: <20110628182540.2866.42553.stgit@seurat.1015granger.net> From: "J. Bruce Fields" Sender: linux-nfs-owner@vger.kernel.org List-ID: MIME-Version: 1.0 On Tue, Jun 28, 2011 at 02:25:41PM -0400, Chuck Lever wrote: > There is an undocumented convention (verified by reviewing network > traces from a NetApp filer and a Solaris NFS server) where a server > that returns a mount authflavor list containing an AUTH_NULL entry > is actually indicating it will accept any security flavor for the > export being mounted. This is only in the case of NLM? (Not v4 secinfo?) --b. > > This might be used when the server maps all security flavors into the > same security mode. For example, the server treats all accessors as, > say, UID 17. > > Essentially, AUTH_NULL is treated as a wildcard that matches the > flavor the mounter requested. > > Signed-off-by: Chuck Lever > --- > > fs/nfs/super.c | 15 +++++++++++---- > 1 files changed, 11 insertions(+), 4 deletions(-) > > diff --git a/fs/nfs/super.c b/fs/nfs/super.c > index 4625a4c..543cf9f 100644 > --- a/fs/nfs/super.c > +++ b/fs/nfs/super.c > @@ -1570,13 +1570,20 @@ static int nfs_walk_authlist(struct nfs_parsed_mount_data *args, > * the first flavor in the list that it supports, on the > * assumption that the best access is provided by the first > * flavor." > + * > + * By convention we treat AUTH_NULL in the returned list as > + * a wild card. The server will map our requested flavor to > + * something else. > */ > - for (i = 0; i < args->auth_flavor_len; i++) > - for (j = 0; j < server_authlist_len; j++) > - if (args->auth_flavors[i] == server->auth_flavs[j]) { > - args->auth_flavors[0] = server->auth_flavs[j]; > + for (i = 0; i < server_authlist_len; i++) { > + if (server->auth_flavs[i] == RPC_AUTH_NULL) > + goto out; > + for (j = 0; j < args->auth_flavor_len; j++) > + if (server->auth_flavs[i] == args->auth_flavors[j]) { > + args->auth_flavors[0] = server->auth_flavs[i]; > goto out; > } > + } > > dfprintk(MOUNT, "NFS: server does not support requested auth flavor\n"); > nfs_umount(server); > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html