Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp3388871rwe; Sun, 16 Apr 2023 19:07:10 -0700 (PDT) X-Google-Smtp-Source: AKy350YUO/l2KxkADdj0d0uzWuGzpmPa8X/zVMRNdwLE+Rl/wo1S0QObv32D/VecvDwpT0Vute3a X-Received: by 2002:a05:6a20:258e:b0:ef:e240:b55d with SMTP id k14-20020a056a20258e00b000efe240b55dmr1551415pzd.55.1681697230283; Sun, 16 Apr 2023 19:07:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681697230; cv=none; d=google.com; s=arc-20160816; b=czULkxzId5WdMrzSAUORxkHqDs+c8PVXZgOibvgTFQbojEyU5ihg6N7Qx2CmXxXix2 VdiCu6Bm0B87/EoOn0/1cSerG+yC8VHl10BbJN9hQMvPDCogveD8ctY992jQSTq4m5Fq 4TN2V5PoxfVVpw3TLZtm+HdMFJ5X5ajDud3JTbAJwDJl0jZ67Ec86toQ1nkHQtGY1R3c lpBFQit/wZDaeht6XF74EDf8n9617+YeXT+SAsNyu/a1H2V7+7XAVr2xZgKLYQv4MaMK gn0dzu1w/YzYazTGVwGER8hoAqGf1XvqpfQaenW54lwONvvJbd/MUaHs+5AcvGDJihpW OCGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:references:in-reply-to:cc:subject:to:from:date; bh=3+gv/vOz2r5Ls5mhz1NIE1/sMNPr4j/STOwPCPqSF94=; b=eJ2yCASg1ayjWSm9g2PrS4xen5yMGVvTukRavGVB/yX4Bhe6iH3fW6pNzDfk4aEqnA iZJBRK5CLfJcZNFOfKt5Mf2/6HfO1xcSICvOdQz0ZCurumhTBEG/5pkyeT4hvurWyFJ+ O9tPxzFLcbyx8KcZmS+l6Ub0OFmK7288Yjwrp/EmTM4NTufPDS7SUSyJVZBGle2jiISJ welhJW43FjgQZgt2s/EvIOEMB4rMdEP73wRw6N2Jfb0lyRLYrqg6Bf9P1BM4xNeQkuLo U1KhxMjsBFyWQq1WlbGGWF74LMH4qBTi884VJnV4qbgR7oMyvCevJ2Dw4i/37qu3qMUL GJcg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r124-20020a632b82000000b0051b930ef847si4505475pgr.134.2023.04.16.19.06.47; Sun, 16 Apr 2023 19:07:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229461AbjDQCFU (ORCPT + 99 others); Sun, 16 Apr 2023 22:05:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229588AbjDQCFT (ORCPT ); Sun, 16 Apr 2023 22:05:19 -0400 Received: from out28-82.mail.aliyun.com (out28-82.mail.aliyun.com [115.124.28.82]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 157D12132 for ; Sun, 16 Apr 2023 19:05:17 -0700 (PDT) X-Alimail-AntiSpam: AC=CONTINUE;BC=0.1613221|-1;CH=green;DM=|CONTINUE|false|;DS=CONTINUE|ham_regular_dialog|0.0277373-0.000616635-0.971646;FP=0|0|0|0|0|-1|-1|-1;HT=ay29a033018047208;MF=wangyugui@e16-tech.com;NM=1;PH=DS;RN=6;RT=6;SR=0;TI=SMTPD_---.SHuJhJS_1681697111; Received: from 192.168.2.112(mailfrom:wangyugui@e16-tech.com fp:SMTPD_---.SHuJhJS_1681697111) by smtp.aliyun-inc.com; Mon, 17 Apr 2023 10:05:12 +0800 Date: Mon, 17 Apr 2023 10:05:12 +0800 From: Wang Yugui To: "NeilBrown" Subject: Re: [PATCH nfs-utils] mountd: don't advertise krb5 for v4root when not configured. Cc: Steve Dickson , Petr Vorel , linux-nfs , Dave Jones , bfields@redhat.com In-Reply-To: <168169080542.24821.1095959058130927513@noble.neil.brown.name> References: <168169080542.24821.1095959058130927513@noble.neil.brown.name> Message-Id: <20230417100511.9131.409509F4@e16-tech.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.81.04 [en] X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Hi, > > If /etc/krb5.keytab does not exist, then krb5 cannot work, so > advertising it as an option for v4root is pointless. > Since linux commit 676e4ebd5f2c ("NFSD: SECINFO doesn't handle > unsupported pseudoflavors correctly") this can result in an unhelpful > warning if the krb5 code is not built, or built as a module which is not > installed. > > [ 161.668635] NFS: SECINFO: security flavor 390003 is not supported > [ 161.668655] NFS: SECINFO: security flavor 390004 is not supported > [ 161.668670] NFS: SECINFO: security flavor 390005 is not supported > > So avoid advertising krb5 security options when krb5.keytab cannot be > found. > > Link: https://lore.kernel.org/linux-nfs/20170104190327.v3wbpcbqtfa5jy7d@codemonkey.org.uk/ > Signed-off-by: NeilBrown > --- > support/export/v4root.c | 2 ++ > support/include/pseudoflavors.h | 1 + > support/nfs/exports.c | 14 +++++++------- > 3 files changed, 10 insertions(+), 7 deletions(-) > > diff --git a/support/export/v4root.c b/support/export/v4root.c > index fbb0ad5f5b81..3e049582d7c1 100644 > --- a/support/export/v4root.c > +++ b/support/export/v4root.c > @@ -66,6 +66,8 @@ set_pseudofs_security(struct exportent *pseudo) > > if (!flav->fnum) > continue; > + if (flav->need_krb5 && !access("/etc/krb5.keytab", F_OK)) > + continue; Could we replace "/etc/krb5.keytab" with krb5_kt_default_name()? Best Regards Wang Yugui (wangyugui@e16-tech.com) 2023/04/17