1. 01 5月, 2013 1 次提交
    • J
      nfsd4: don't remap EISDIR errors in rename · 2a6cf944
      J. Bruce Fields 提交于
      We're going out of our way here to remap an error to make rfc 3530
      happy--but the rfc itself (nor rfc 1813, which has similar language)
      gives no justification.  And disagrees with local filesystem behavior,
      with Linux and posix man pages, and knfsd's implemented behavior for v2
      and v3.
      
      And the documented behavior seems better, in that it gives a little more
      information--you could implement the 3530 behavior using the posix
      behavior, but not the other way around.
      
      Also, the Linux client makes no attempt to remap this error in the v4
      case, so it can end up just returning EEXIST to the application in a
      case where it should return EISDIR.
      
      So honestly I think the rfc's are just buggy here--or in any case it
      doesn't see worth the trouble to remap this error.
      Reported-by: NFrank S Filz <ffilz@us.ibm.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      2a6cf944
  2. 30 4月, 2013 4 次提交
  3. 29 4月, 2013 2 次提交
  4. 27 4月, 2013 2 次提交
    • J
      nfsd4: better error return to indicate SSV non-support · dd30333c
      J. Bruce Fields 提交于
      As 4.1 becomes less experimental and SSV still isn't implemented, we
      have to admit it's not going to be, and return some sensible error
      rather than just saying "our server's broken".  Discussion in the ietf
      group hasn't turned up any objections to using NFS4ERR_ENC_ALG_UNSUPP
      for that purpose.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      dd30333c
    • J
      nfsd: fix EXDEV checking in rename · aa387d6c
      J. Bruce Fields 提交于
      We again check for the EXDEV a little later on, so the first check is
      redundant.  This check is also slightly racier, since a badly timed
      eviction from the export cache could leave us with the two fh_export
      pointers pointing to two different cache entries which each refer to the
      same underlying export.
      
      It's better to compare vfsmounts as the later check does, but that
      leaves a minor security hole in the case where the two exports refer to
      two different directories especially if (for example) they have
      different root-squashing options.
      
      So, compare ex_path.dentry too.
      Reported-by: NJoe Habermann <joe.habermann@gmail.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      aa387d6c
  5. 26 4月, 2013 6 次提交
    • S
      SUNRPC: Use gssproxy upcall for server RPCGSS authentication. · 030d794b
      Simo Sorce 提交于
      The main advantge of this new upcall mechanism is that it can handle
      big tickets as seen in Kerberos implementations where tickets carry
      authorization data like the MS-PAC buffer with AD or the Posix Authorization
      Data being discussed in IETF on the krbwg working group.
      
      The Gssproxy program is used to perform the accept_sec_context call on the
      kernel's behalf. The code is changed to also pass the input buffer straight
      to upcall mechanism to avoid allocating and copying many pages as tokens can
      be as big (potentially more in future) as 64KiB.
      Signed-off-by: NSimo Sorce <simo@redhat.com>
      [bfields: containerization, negotiation api]
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      030d794b
    • S
      SUNRPC: Add RPC based upcall mechanism for RPCGSS auth · 1d658336
      Simo Sorce 提交于
      This patch implements a sunrpc client to use the services of the gssproxy
      userspace daemon.
      
      In particular it allows to perform calls in user space using an RPC
      call instead of custom hand-coded upcall/downcall messages.
      
      Currently only accept_sec_context is implemented as that is all is needed for
      the server case.
      
      File server modules like NFS and CIFS can use full gssapi services this way,
      once init_sec_context is also implemented.
      
      For the NFS server case this code allow to lift the limit of max 2k krb5
      tickets. This limit is prevents legitimate kerberos deployments from using krb5
      authentication with the Linux NFS server as they have normally ticket that are
      many kilobytes large.
      
      It will also allow to lift the limitation on the size of the credential set
      (uid,gid,gids) passed down from user space for users that have very many groups
      associated. Currently the downcall mechanism used by rpc.svcgssd is limited
      to around 2k secondary groups of the 65k allowed by kernel structures.
      Signed-off-by: NSimo Sorce <simo@redhat.com>
      [bfields: containerization, concurrent upcalls, misc. fixes and cleanup]
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      1d658336
    • S
      SUNRPC: conditionally return endtime from import_sec_context · 400f26b5
      Simo Sorce 提交于
      We expose this parameter for a future caller.
      It will be used to extract the endtime from the gss-proxy upcall mechanism,
      in order to set the rsc cache expiration time.
      Signed-off-by: NSimo Sorce <simo@redhat.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      400f26b5
    • J
      SUNRPC: allow disabling idle timeout · 33d90ac0
      J. Bruce Fields 提交于
      In the gss-proxy case we don't want to have to reconnect at random--we
      want to connect only on gss-proxy startup when we can steal gss-proxy's
      context to do the connect in the right namespace.
      
      So, provide a flag that allows the rpc_create caller to turn off the
      idle timeout.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      33d90ac0
    • J
      SUNRPC: attempt AF_LOCAL connect on setup · 7073ea87
      J. Bruce Fields 提交于
      In the gss-proxy case, setup time is when I know I'll have the right
      namespace for the connect.
      
      In other cases, it might be useful to get any connection errors
      earlier--though actually in practice it doesn't make any difference for
      rpcbind.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      7073ea87
    • J
      Merge Trond's nfs-for-next · c85b03ab
      J. Bruce Fields 提交于
      Merging Trond's nfs-for-next branch, mainly to get
      b7993ceb "SUNRPC: Allow rpc_create() to
      request that TCP slots be unlimited", which a small piece of the
      gss-proxy work depends on.
      c85b03ab
  6. 24 4月, 2013 6 次提交
  7. 23 4月, 2013 1 次提交
    • C
      NFS: Retry SETCLIENTID with AUTH_SYS instead of AUTH_NONE · 79d852bf
      Chuck Lever 提交于
      Recently I changed the SETCLIENTID code to use AUTH_GSS(krb5i), and
      then retry with AUTH_NONE if that didn't work.  This was to enable
      Kerberos NFS mounts to work without forcing Linux NFS clients to
      have a keytab on hand.
      
      Rick Macklem reports that the FreeBSD server accepts AUTH_NONE only
      for NULL operations (thus certainly not for SETCLIENTID).  Falling
      back to AUTH_NONE means our proposed 3.10 NFS client will not
      interoperate with FreeBSD servers over NFSv4 unless Kerberos is
      fully configured on both ends.
      
      If the Linux client falls back to using AUTH_SYS instead for
      SETCLIENTID, all should work fine as long as the NFS server is
      configured to allow AUTH_SYS for SETCLIENTID.
      
      This may still prevent access to Kerberos-only FreeBSD servers by
      Linux clients with no keytab.  Rick is of the opinion that the
      security settings the server applies to its pseudo-fs should also
      apply to the SETCLIENTID operation.
      
      Linux and Solaris NFS servers do not place that limitation on
      SETCLIENTID.  The security settings for the server's pseudo-fs are
      determined automatically as the union of security flavors allowed on
      real exports, as recommended by RFC 3530bis; and the flavors allowed
      for SETCLIENTID are all flavors supported by the respective server
      implementation.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      79d852bf
  8. 22 4月, 2013 2 次提交
  9. 20 4月, 2013 3 次提交
  10. 17 4月, 2013 3 次提交
  11. 16 4月, 2013 2 次提交
  12. 15 4月, 2013 3 次提交
  13. 13 4月, 2013 1 次提交
  14. 11 4月, 2013 3 次提交
  15. 10 4月, 2013 1 次提交
    • J
      nfsd4: clean up validate_stateid · 23340032
      J. Bruce Fields 提交于
      The logic here is better expressed with a switch statement.
      
      While we're here, CLOSED stateids (or stateids of an unkown type--which
      would indicate a server bug) should probably return nfserr_bad_stateid,
      though this behavior shouldn't affect any non-buggy client.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      23340032