On Wed, 2011-01-05 at 14:49 -0500, Bryan Schumaker wrote: > A submount may use different security than the parent > mount does. We should figure out what sec flavor the > submount uses at mount time. > > Signed-off-by: Bryan Schumaker <bjschuma@xxxxxxxxxx> > --- > fs/nfs/inode.c | 8 ++- > fs/nfs/internal.h | 6 ++ > fs/nfs/namespace.c | 102 ++++++++++++++++++++++++++++++++- > fs/nfs/nfs4proc.c | 14 +++++ > fs/nfs/nfs4xdr.c | 12 ++-- > include/linux/nfs_xdr.h | 1 + > net/sunrpc/auth_gss/gss_mech_switch.c | 22 +++++++ > 7 files changed, 154 insertions(+), 11 deletions(-) > > diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c > index 43a69da..37fdd4f 100644 > --- a/fs/nfs/inode.c > +++ b/fs/nfs/inode.c > @@ -249,7 +249,9 @@ nfs_fhget(struct super_block *sb, struct nfs_fh *fh, struct nfs_fattr *fattr) > struct inode *inode = ERR_PTR(-ENOENT); > unsigned long hash; > > - if ((fattr->valid & NFS_ATTR_FATTR_FILEID) == 0) > + nfs_attr_check_mountpoint(sb, fattr); > + > + if ((fattr->valid & NFS_ATTR_FATTR_FILEID) == 0 && (fattr->valid & NFS_ATTR_FATTR_MOUNTPOINT) == 0) > goto out_no_inode; > if ((fattr->valid & NFS_ATTR_FATTR_TYPE) == 0) > goto out_no_inode; > @@ -293,8 +295,8 @@ nfs_fhget(struct super_block *sb, struct nfs_fh *fh, struct nfs_fattr *fattr) > if (nfs_server_capable(inode, NFS_CAP_READDIRPLUS)) > set_bit(NFS_INO_ADVISE_RDPLUS, &NFS_I(inode)->flags); > /* Deal with crossing mountpoints */ > - if ((fattr->valid & NFS_ATTR_FATTR_FSID) > - && !nfs_fsid_equal(&NFS_SB(sb)->fsid, &fattr->fsid)) { > + if (fattr->valid & NFS_ATTR_FATTR_MOUNTPOINT || > + fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) { > if (fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) > inode->i_op = &nfs_referral_inode_operations; > else > diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h > index 4f5c808..5f46e0a 100644 > --- a/fs/nfs/internal.h > +++ b/fs/nfs/internal.h > @@ -39,6 +39,12 @@ static inline int nfs4_has_persistent_session(const struct nfs_client *clp) > return 0; > } > > +static inline void nfs_attr_check_mountpoint(struct super_block *parent, struct nfs_fattr *fattr) > +{ > + if (!nfs_fsid_equal(&NFS_SB(parent)->fsid, &fattr->fsid)) > + fattr->valid |= NFS_ATTR_FATTR_MOUNTPOINT; > +} > + > struct nfs_clone_mount { > const struct super_block *sb; > const struct dentry *dentry; > diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c > index 3c361f8..8d335b7 100644 > --- a/fs/nfs/namespace.c > +++ b/fs/nfs/namespace.c > @@ -15,6 +15,7 @@ > #include <linux/string.h> > #include <linux/sunrpc/clnt.h> > #include <linux/vfs.h> > +#include <linux/sunrpc/gss_api.h> > #include "internal.h" > > #define NFSDBG_FACILITY NFSDBG_VFS > @@ -28,7 +29,8 @@ int nfs_mountpoint_expiry_timeout = 500 * HZ; > static struct vfsmount *nfs_do_submount(const struct vfsmount *mnt_parent, > const struct dentry *dentry, > struct nfs_fh *fh, > - struct nfs_fattr *fattr); > + struct nfs_fattr *fattr, > + rpc_authflavor_t authflavor); > > /* > * nfs_path - reconstruct the path given an arbitrary dentry > @@ -87,6 +89,90 @@ Elong: > return ERR_PTR(-ENAMETOOLONG); > } > > +rpc_authflavor_t nfs_find_best_sec(struct nfs4_secinfo_flavors *flavors, struct inode *inode) These 3 functions need to be declared 'static', since they are not used outside fs/nfs/namespace.c > +{ > + struct gss_api_mech *mech; > + struct xdr_netobj oid; > + int i; > + rpc_authflavor_t pseudoflavor = RPC_AUTH_UNIX; > + > + for (i = 0; i < flavors->num_flavors; i++) { > + struct nfs4_secinfo_flavor *flavor; > + flavor = &flavors->flavors[i]; > + > + if (flavor->flavor == RPC_AUTH_NULL || flavor->flavor == RPC_AUTH_UNIX) { > + pseudoflavor = flavor->flavor; > + break; > + } else if (flavor->flavor == RPC_AUTH_GSS) { > + oid.len = flavor->gss.sec_oid4.len; > + oid.data = flavor->gss.sec_oid4.data; > + mech = gss_mech_get_by_OID(&oid); > + if (!mech) > + continue; > + pseudoflavor = gss_svc_to_pseudoflavor(mech, flavor->gss.service); > + gss_mech_put(mech); > + break; > + } > + } > + > + return pseudoflavor; > +} > + > +rpc_authflavor_t nfs_negotiate_security(const struct dentry *parent, const struct dentry *dentry) > +{ > + int status = 0; > + struct page *page; > + struct nfs4_secinfo_flavors *flavors; > + int (*secinfo)(struct inode *, const struct qstr *, struct nfs4_secinfo_flavors *); > + rpc_authflavor_t flavor = RPC_AUTH_UNIX; > + > + secinfo = NFS_PROTO(parent->d_inode)->secinfo; > + if (secinfo != NULL) { > + page = alloc_page(GFP_KERNEL); > + if (!page) { > + status = -ENOMEM; > + goto out; > + } > + flavors = page_address(page); > + status = secinfo(parent->d_inode, &dentry->d_name, flavors); > + flavor = nfs_find_best_sec(flavors, dentry->d_inode); > + put_page(page); > + } > + > + return flavor; > + > +out: > + status = -ENOMEM; > + return status; > +} > + > +rpc_authflavor_t nfs_lookup_with_sec(struct nfs_server *server, struct dentry *parent, > + struct dentry *dentry, struct nameidata *nd, > + struct nfs_fh *fh, struct nfs_fattr *fattr) > +{ > + rpc_authflavor_t flavor; > + struct rpc_clnt *clone; > + struct rpc_auth *auth; > + int err; > + > + flavor = nfs_negotiate_security(parent, nd->path.dentry); > + if (flavor < 0) > + goto out; > + clone = rpc_clone_client(server->client); > + auth = rpcauth_create(flavor, clone); > + if (!auth) { > + flavor = -EIO; > + goto out; > + } > + err = server->nfs_client->rpc_ops->lookup(clone, parent->d_inode, > + &nd->path.dentry->d_name, > + fh, fattr); > + if (err < 0) > + flavor = err; > +out: > + return flavor; > +} > + > /* > * nfs_follow_mountpoint - handle crossing a mountpoint on the server > * @dentry - dentry of mountpoint > @@ -108,6 +194,7 @@ static void * nfs_follow_mountpoint(struct dentry *dentry, struct nameidata *nd) > struct nfs_fh *fh = NULL; > struct nfs_fattr *fattr = NULL; > int err; > + rpc_authflavor_t flavor = 1; > > dprintk("--> nfs_follow_mountpoint()\n"); > > @@ -130,6 +217,13 @@ static void * nfs_follow_mountpoint(struct dentry *dentry, struct nameidata *nd) > err = server->nfs_client->rpc_ops->lookup(server->client, parent->d_inode, > &nd->path.dentry->d_name, > fh, fattr); > + if (err == -EPERM) { > + flavor = nfs_lookup_with_sec(server, parent, dentry, nd, fh, fattr); > + if (flavor < 0) > + err = flavor; > + else > + err = 0; > + } > dput(parent); > if (err != 0) > goto out_err; > @@ -138,7 +232,7 @@ static void * nfs_follow_mountpoint(struct dentry *dentry, struct nameidata *nd) > mnt = nfs_do_refmount(nd->path.mnt, nd->path.dentry); > else > mnt = nfs_do_submount(nd->path.mnt, nd->path.dentry, fh, > - fattr); > + fattr, flavor); > err = PTR_ERR(mnt); > if (IS_ERR(mnt)) > goto out_err; > @@ -232,13 +326,15 @@ static struct vfsmount *nfs_do_clone_mount(struct nfs_server *server, > static struct vfsmount *nfs_do_submount(const struct vfsmount *mnt_parent, > const struct dentry *dentry, > struct nfs_fh *fh, > - struct nfs_fattr *fattr) > + struct nfs_fattr *fattr, > + rpc_authflavor_t authflavor) > { > struct nfs_clone_mount mountdata = { > .sb = mnt_parent->mnt_sb, > .dentry = dentry, > .fh = fh, > .fattr = fattr, > + .authflavor = authflavor, > }; > struct vfsmount *mnt = ERR_PTR(-ENOMEM); > char *page = (char *) __get_free_page(GFP_USER); > diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c > index 3fdf821..4a1d79e 100644 > --- a/fs/nfs/nfs4proc.c > +++ b/fs/nfs/nfs4proc.c > @@ -86,6 +86,8 @@ static int nfs4_map_errors(int err) > switch (err) { > case -NFS4ERR_RESOURCE: > return -EREMOTEIO; > + case -NFS4ERR_WRONGSEC: > + return -EPERM; > default: > dprintk("%s could not handle NFSv4 error %d\n", > __func__, -err); > @@ -2363,6 +2365,16 @@ static int _nfs4_proc_lookup(struct rpc_clnt *clnt, struct inode *dir, > return status; > } > > +void nfs_fixup_secinfo_attributes(struct nfs_fattr *fattr, struct nfs_fh *fh) > +{ > + memset(fh, 0, sizeof(struct nfs_fh)); > + fattr->fsid.major = 1; > + fattr->valid |= NFS_ATTR_FATTR_TYPE | NFS_ATTR_FATTR_MODE | > + NFS_ATTR_FATTR_NLINK | NFS_ATTR_FATTR_FSID | NFS_ATTR_FATTR_MOUNTPOINT; > + fattr->mode = S_IFDIR | S_IRUGO | S_IXUGO; > + fattr->nlink = 2; > +} > + > static int nfs4_proc_lookup(struct rpc_clnt *clnt, struct inode *dir, struct qstr *name, > struct nfs_fh *fhandle, struct nfs_fattr *fattr) > { > @@ -2372,6 +2384,8 @@ static int nfs4_proc_lookup(struct rpc_clnt *clnt, struct inode *dir, struct qst > err = nfs4_handle_exception(NFS_SERVER(dir), > _nfs4_proc_lookup(clnt, dir, name, fhandle, fattr), > &exception); > + if (err == -EPERM) > + nfs_fixup_secinfo_attributes(fattr, fhandle); > } while (exception.retry); > return err; > } > diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c > index 020fa88..3d5298c 100644 > --- a/fs/nfs/nfs4xdr.c > +++ b/fs/nfs/nfs4xdr.c > @@ -61,6 +61,7 @@ > #define errno_NFSERR_IO EIO > > static int nfs4_stat_to_errno(int); > +void nfs_fixup_secinfo_attributes(struct nfs_fattr *, struct nfs_fh *); Please put this declaration in fs/nfs/internal.h > > /* NFSv4 COMPOUND tags are only wanted for debugging purposes */ > #ifdef DEBUG > @@ -113,7 +114,7 @@ static int nfs4_stat_to_errno(int); > #define encode_restorefh_maxsz (op_encode_hdr_maxsz) > #define decode_restorefh_maxsz (op_decode_hdr_maxsz) > #define encode_fsinfo_maxsz (encode_getattr_maxsz) > -#define decode_fsinfo_maxsz (op_decode_hdr_maxsz + 11) > +#define decode_fsinfo_maxsz (op_decode_hdr_maxsz + 15) > #define encode_renew_maxsz (op_encode_hdr_maxsz + 3) > #define decode_renew_maxsz (op_decode_hdr_maxsz) > #define encode_setclientid_maxsz \ > @@ -2963,6 +2964,7 @@ static int decode_attr_error(struct xdr_stream *xdr, uint32_t *bitmap) > if (unlikely(!p)) > goto out_overflow; > bitmap[0] &= ~FATTR4_WORD0_RDATTR_ERROR; > + return -be32_to_cpup(p); > } > return 0; > out_overflow: > @@ -3950,6 +3952,10 @@ static int decode_getfattr_attrs(struct xdr_stream *xdr, uint32_t *bitmap, > fattr->valid |= status; > > status = decode_attr_error(xdr, bitmap); > + if (status == -NFS4ERR_WRONGSEC) { > + nfs_fixup_secinfo_attributes(fattr, fh); > + status = 0; > + } > if (status < 0) > goto xdr_error; > > @@ -6315,10 +6321,6 @@ static struct { > { NFS4ERR_SYMLINK, -ELOOP }, > { NFS4ERR_OP_ILLEGAL, -EOPNOTSUPP }, > { NFS4ERR_DEADLOCK, -EDEADLK }, > - { NFS4ERR_WRONGSEC, -EPERM }, /* FIXME: this needs > - * to be handled by a > - * middle-layer. > - */ Can you please add an entry for this mapping into nfs4_map_errors(), so that we don't leak NFS4ERR_WRONGSEC to userland. > { -1, -EIO } > }; > > diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h > index edd74e7..49256a2 100644 > --- a/include/linux/nfs_xdr.h > +++ b/include/linux/nfs_xdr.h > @@ -79,6 +79,7 @@ struct nfs_fattr { > #define NFS_ATTR_FATTR_CHANGE (1U << 17) > #define NFS_ATTR_FATTR_PRECHANGE (1U << 18) > #define NFS_ATTR_FATTR_V4_REFERRAL (1U << 19) /* NFSv4 referral */ > +#define NFS_ATTR_FATTR_MOUNTPOINT (1U << 20) /* Treat as mountpoint */ > > #define NFS_ATTR_FATTR (NFS_ATTR_FATTR_TYPE \ > | NFS_ATTR_FATTR_MODE \ > diff --git a/net/sunrpc/auth_gss/gss_mech_switch.c b/net/sunrpc/auth_gss/gss_mech_switch.c > index 8b40610..6c844b0 100644 > --- a/net/sunrpc/auth_gss/gss_mech_switch.c > +++ b/net/sunrpc/auth_gss/gss_mech_switch.c > @@ -160,6 +160,28 @@ gss_mech_get_by_name(const char *name) > > EXPORT_SYMBOL_GPL(gss_mech_get_by_name); > > +struct gss_api_mech * > +gss_mech_get_by_OID(struct xdr_netobj *obj) > +{ > + struct gss_api_mech *pos, *gm = NULL; > + > + spin_lock(®istered_mechs_lock); > + list_for_each_entry(pos, ®istered_mechs, gm_list) { > + if (obj->len == pos->gm_oid.len) { > + if (0 == memcmp(obj->data, pos->gm_oid.data, obj->len)) { > + if (try_module_get(pos->gm_owner)) > + gm = pos; > + break; > + } > + } > + } > + spin_unlock(®istered_mechs_lock); > + return gm; > + > +} > + > +EXPORT_SYMBOL_GPL(gss_mech_get_by_OID); > + > static inline int > mech_supports_pseudoflavor(struct gss_api_mech *gm, u32 pseudoflavor) > { -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html