提交 2ea2209f 编写于 作者: J J. Bruce Fields 提交者: Linus Torvalds

knfsd: nfsd: use ip-address-based domain in secinfo case

With this patch, we fall back on using the gss/pseudoflavor only if we fail to
find a matching auth_unix export that has a secinfo list.

As long as sec= options aren't used, there's still no change in behavior here
(except possibly for some additional auth_unix cache lookups, whose results
will be ignored).

The sec= option, however, is not actually enforced yet; later patches will add
the necessary checks.
Signed-off-by: N"J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: NNeil Brown <neilb@suse.de>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 3ab4d8b1
......@@ -1229,6 +1229,10 @@ exp_find(struct auth_domain *clp, int fsid_type, u32 *fsidv,
}
/*
* Uses rq_client and rq_gssclient to find an export; uses rq_client (an
* auth_unix client) if it's available and has secinfo information;
* otherwise, will try to use rq_gssclient.
*
* Called from functions that handle requests; functions that do work on
* behalf of mountd are passed a single client name to use, and should
* use exp_get_by_name() or exp_find().
......@@ -1237,29 +1241,83 @@ struct svc_export *
rqst_exp_get_by_name(struct svc_rqst *rqstp, struct vfsmount *mnt,
struct dentry *dentry)
{
struct auth_domain *clp;
struct svc_export *gssexp, *exp = NULL;
if (rqstp->rq_client == NULL)
goto gss;
clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
return exp_get_by_name(clp, mnt, dentry, &rqstp->rq_chandle);
/* First try the auth_unix client: */
exp = exp_get_by_name(rqstp->rq_client, mnt, dentry,
&rqstp->rq_chandle);
if (PTR_ERR(exp) == -ENOENT)
goto gss;
if (IS_ERR(exp))
return exp;
/* If it has secinfo, assume there are no gss/... clients */
if (exp->ex_nflavors > 0)
return exp;
gss:
/* Otherwise, try falling back on gss client */
if (rqstp->rq_gssclient == NULL)
return exp;
gssexp = exp_get_by_name(rqstp->rq_gssclient, mnt, dentry,
&rqstp->rq_chandle);
if (PTR_ERR(gssexp) == -ENOENT)
return exp;
if (exp && !IS_ERR(exp))
exp_put(exp);
return gssexp;
}
struct svc_export *
rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv)
{
struct auth_domain *clp;
struct svc_export *gssexp, *exp = NULL;
if (rqstp->rq_client == NULL)
goto gss;
clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
return exp_find(clp, fsid_type, fsidv, &rqstp->rq_chandle);
/* First try the auth_unix client: */
exp = exp_find(rqstp->rq_client, fsid_type, fsidv, &rqstp->rq_chandle);
if (PTR_ERR(exp) == -ENOENT)
goto gss;
if (IS_ERR(exp))
return exp;
/* If it has secinfo, assume there are no gss/... clients */
if (exp->ex_nflavors > 0)
return exp;
gss:
/* Otherwise, try falling back on gss client */
if (rqstp->rq_gssclient == NULL)
return exp;
gssexp = exp_find(rqstp->rq_gssclient, fsid_type, fsidv,
&rqstp->rq_chandle);
if (PTR_ERR(gssexp) == -ENOENT)
return exp;
if (exp && !IS_ERR(exp))
exp_put(exp);
return gssexp;
}
struct svc_export *
rqst_exp_parent(struct svc_rqst *rqstp, struct vfsmount *mnt,
struct dentry *dentry)
{
struct auth_domain *clp;
struct svc_export *exp;
dget(dentry);
exp = rqst_exp_get_by_name(rqstp, mnt, dentry);
while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(dentry)) {
struct dentry *parent;
clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
return exp_parent(rqstp->rq_client, mnt, dentry, &rqstp->rq_chandle);
parent = dget_parent(dentry);
dput(dentry);
dentry = parent;
exp = rqst_exp_get_by_name(rqstp, mnt, dentry);
}
dput(dentry);
return exp;
}
/*
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册