NFS Return -EPERM if no supported or matching SECINFO flavor
Do not return RPC_AUTH_UNIX if SEINFO reply tests fail. This prevents an infinite loop of NFS4ERR_WRONGSEC for non RPC_AUTH_UNIX mounts. Without this patch, a mount with no sec= option to a server that does not include RPC_AUTH_UNIX in the SECINFO return can be presented with an attemtp to use RPC_AUTH_UNIX which will result in an NFS4ERR_WRONG_SEC which will prompt the SECINFO call which will again try RPC_AUTH_UNIX.... Signed-off-by: Andy Adamson <andros@netapp.com> Tested-By: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
This commit is contained in:
parent
57bbe3d7c1
commit
8445cd3528
|
@ -140,10 +140,11 @@ static size_t nfs_parse_server_name(char *string, size_t len,
|
|||
* @flavors: List of security tuples returned by SECINFO procedure
|
||||
*
|
||||
* Return the pseudoflavor of the first security mechanism in
|
||||
* "flavors" that is locally supported. Return RPC_AUTH_UNIX if
|
||||
* no matching flavor is found in the array. The "flavors" array
|
||||
* "flavors" that is locally supported. The "flavors" array
|
||||
* is searched in the order returned from the server, per RFC 3530
|
||||
* recommendation.
|
||||
*
|
||||
* Return -EPERM if no matching flavor is found in the array.
|
||||
*/
|
||||
static rpc_authflavor_t nfs_find_best_sec(struct nfs_server *server,
|
||||
struct nfs4_secinfo_flavors *flavors)
|
||||
|
@ -170,11 +171,7 @@ static rpc_authflavor_t nfs_find_best_sec(struct nfs_server *server,
|
|||
}
|
||||
}
|
||||
|
||||
/* if there were any sec= options then nothing matched */
|
||||
if (server->auth_info.flavor_len > 0)
|
||||
return -EPERM;
|
||||
|
||||
return RPC_AUTH_UNIX;
|
||||
}
|
||||
|
||||
static rpc_authflavor_t nfs4_negotiate_security(struct inode *inode, struct qstr *name)
|
||||
|
|
Loading…
Reference in New Issue