NFSv4: test SECINFO RPC_AUTH_GSS pseudoflavors for support
authorAndy Adamson <andros@netapp.com>
Thu, 12 Jun 2014 19:02:32 +0000 (15:02 -0400)
committerTrond Myklebust <trond.myklebust@primarydata.com>
Tue, 24 Jun 2014 22:46:58 +0000 (18:46 -0400)
Fix nfs4_negotiate_security to create an rpc_clnt used to test each SECINFO
returned pseudoflavor. Check credential creation  (and gss_context creation)
which is important for RPC_AUTH_GSS pseudoflavors which can fail for multiple
reasons including mis-configuration.

Don't call nfs4_negotiate in nfs4_submount as it was just called by
nfs4_proc_lookup_mountpoint (nfs4_proc_lookup_common)

Signed-off-by: Andy Adamson <andros@netapp.com>
[Trond: fix corrupt return value from nfs_find_best_sec()]
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
fs/nfs/nfs4_fs.h
fs/nfs/nfs4namespace.c
fs/nfs/nfs4proc.c
net/sunrpc/auth.c

index f63cb87..ba2affa 100644 (file)
@@ -230,7 +230,7 @@ int nfs_atomic_open(struct inode *, struct dentry *, struct file *,
 extern struct file_system_type nfs4_fs_type;
 
 /* nfs4namespace.c */
-struct rpc_clnt *nfs4_create_sec_client(struct rpc_clnt *, struct inode *, struct qstr *);
+struct rpc_clnt *nfs4_negotiate_security(struct rpc_clnt *, struct inode *, struct qstr *);
 struct vfsmount *nfs4_submount(struct nfs_server *, struct dentry *,
                               struct nfs_fh *, struct nfs_fattr *);
 int nfs4_replace_transport(struct nfs_server *server,
index fd4dcb6..3d83cb1 100644 (file)
@@ -139,17 +139,22 @@ static size_t nfs_parse_server_name(char *string, size_t len,
  * @server: NFS server struct
  * @flavors: List of security tuples returned by SECINFO procedure
  *
- * Return the pseudoflavor of the first security mechanism in
- * "flavors" that is locally supported. The "flavors" array
+ * Return an rpc client that uses the first security mechanism in
+ * "flavors" that is locally supported.  The "flavors" array
  * is searched in the order returned from the server, per RFC 3530
- * recommendation.
+ * recommendation and each flavor is checked for membership in the
+ * sec= mount option list if it exists.
  *
  * Return -EPERM if no matching flavor is found in the array.
+ *
+ * Please call rpc_shutdown_client() when you are done with this rpc client.
+ *
  */
-static rpc_authflavor_t nfs_find_best_sec(struct nfs_server *server,
+static struct rpc_clnt *nfs_find_best_sec(struct rpc_clnt *clnt,
+                                         struct nfs_server *server,
                                          struct nfs4_secinfo_flavors *flavors)
 {
-       rpc_authflavor_t pseudoflavor;
+       rpc_authflavor_t pflavor;
        struct nfs4_secinfo4 *secinfo;
        unsigned int i;
 
@@ -160,58 +165,73 @@ static rpc_authflavor_t nfs_find_best_sec(struct nfs_server *server,
                case RPC_AUTH_NULL:
                case RPC_AUTH_UNIX:
                case RPC_AUTH_GSS:
-                       pseudoflavor = rpcauth_get_pseudoflavor(secinfo->flavor,
+                       pflavor = rpcauth_get_pseudoflavor(secinfo->flavor,
                                                        &secinfo->flavor_info);
-                       /* make sure pseudoflavor matches sec= mount opt */
-                       if (pseudoflavor != RPC_AUTH_MAXFLAVOR &&
-                           nfs_auth_info_match(&server->auth_info,
-                                               pseudoflavor))
-                               return pseudoflavor;
-                       break;
+                       /* does the pseudoflavor match a sec= mount opt? */
+                       if (pflavor != RPC_AUTH_MAXFLAVOR &&
+                           nfs_auth_info_match(&server->auth_info, pflavor)) {
+                               struct rpc_clnt *new;
+                               struct rpc_cred *cred;
+
+                               /* Cloning creates an rpc_auth for the flavor */
+                               new = rpc_clone_client_set_auth(clnt, pflavor);
+                               if (IS_ERR(new))
+                                       continue;
+                               /**
+                               * Check that the user actually can use the
+                               * flavor. This is mostly for RPC_AUTH_GSS
+                               * where cr_init obtains a gss context
+                               */
+                               cred = rpcauth_lookupcred(new->cl_auth, 0);
+                               if (IS_ERR(cred)) {
+                                       rpc_shutdown_client(new);
+                                       continue;
+                               }
+                               put_rpccred(cred);
+                               return new;
+                       }
                }
        }
-
-       return -EPERM;
+       return ERR_PTR(-EPERM);
 }
 
-static rpc_authflavor_t nfs4_negotiate_security(struct inode *inode, struct qstr *name)
+/**
+ * nfs4_negotiate_security - in response to an NFS4ERR_WRONGSEC on lookup,
+ * return an rpc_clnt that uses the best available security flavor with
+ * respect to the secinfo flavor list and the sec= mount options.
+ *
+ * @clnt: RPC client to clone
+ * @inode: directory inode
+ * @name: lookup name
+ *
+ * Please call rpc_shutdown_client() when you are done with this rpc client.
+ */
+struct rpc_clnt *
+nfs4_negotiate_security(struct rpc_clnt *clnt, struct inode *inode,
+                                       struct qstr *name)
 {
        struct page *page;
        struct nfs4_secinfo_flavors *flavors;
-       rpc_authflavor_t flavor;
+       struct rpc_clnt *new;
        int err;
 
        page = alloc_page(GFP_KERNEL);
        if (!page)
-               return -ENOMEM;
+               return ERR_PTR(-ENOMEM);
+
        flavors = page_address(page);
 
        err = nfs4_proc_secinfo(inode, name, flavors);
        if (err < 0) {
-               flavor = err;
+               new = ERR_PTR(err);
                goto out;
        }
 
-       flavor = nfs_find_best_sec(NFS_SERVER(inode), flavors);
+       new = nfs_find_best_sec(clnt, NFS_SERVER(inode), flavors);
 
 out:
        put_page(page);
-       return flavor;
-}
-
-/*
- * Please call rpc_shutdown_client() when you are done with this client.
- */
-struct rpc_clnt *nfs4_create_sec_client(struct rpc_clnt *clnt, struct inode *inode,
-                                       struct qstr *name)
-{
-       rpc_authflavor_t flavor;
-
-       flavor = nfs4_negotiate_security(inode, name);
-       if ((int)flavor < 0)
-               return ERR_PTR((int)flavor);
-
-       return rpc_clone_client_set_auth(clnt, flavor);
+       return new;
 }
 
 static struct vfsmount *try_location(struct nfs_clone_mount *mountdata,
@@ -394,14 +414,6 @@ struct vfsmount *nfs4_submount(struct nfs_server *server, struct dentry *dentry,
 
        if (client->cl_auth->au_flavor != flavor)
                flavor = client->cl_auth->au_flavor;
-       else {
-               rpc_authflavor_t new = nfs4_negotiate_security(dir, name);
-               if ((int)new < 0) {
-                       mnt = ERR_PTR((int)new);
-                       goto out;
-               }
-               flavor = new;
-       }
        mnt = nfs_do_submount(dentry, fh, fattr, flavor);
 out:
        rpc_shutdown_client(client);
index 285ad53..4bf3d97 100644 (file)
@@ -3247,7 +3247,7 @@ static int nfs4_proc_lookup_common(struct rpc_clnt **clnt, struct inode *dir,
                        err = -EPERM;
                        if (client != *clnt)
                                goto out;
-                       client = nfs4_create_sec_client(client, dir, name);
+                       client = nfs4_negotiate_security(client, dir, name);
                        if (IS_ERR(client))
                                return PTR_ERR(client);
 
index 247e973..f773667 100644 (file)
@@ -592,6 +592,7 @@ rpcauth_lookupcred(struct rpc_auth *auth, int flags)
        put_group_info(acred.group_info);
        return ret;
 }
+EXPORT_SYMBOL_GPL(rpcauth_lookupcred);
 
 void
 rpcauth_init_cred(struct rpc_cred *cred, const struct auth_cred *acred,