Commit 47040da3 authored by Trond Myklebust's avatar Trond Myklebust

NFSv4: Allow security autonegotiation for submounts

In cases where the parent super block was not mounted with a 'sec=' line,
allow autonegotiation of security for the submounts.
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 41d058c3
...@@ -1078,7 +1078,8 @@ struct nfs_server *nfs4_create_referral_server(struct nfs_clone_mount *data, ...@@ -1078,7 +1078,8 @@ struct nfs_server *nfs4_create_referral_server(struct nfs_clone_mount *data,
if (error < 0) if (error < 0)
goto error; goto error;
error = nfs4_server_common_setup(server, mntfh, false); error = nfs4_server_common_setup(server, mntfh,
!(parent_server->flags & NFS_MOUNT_SECFLAVOUR));
if (error < 0) if (error < 0)
goto error; goto error;
......
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
#include <linux/mount.h> #include <linux/mount.h>
#include <linux/namei.h> #include <linux/namei.h>
#include <linux/nfs_fs.h> #include <linux/nfs_fs.h>
#include <linux/nfs_mount.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/string.h> #include <linux/string.h>
#include <linux/sunrpc/clnt.h> #include <linux/sunrpc/clnt.h>
...@@ -369,21 +370,33 @@ static struct vfsmount *nfs_do_refmount(struct rpc_clnt *client, struct dentry * ...@@ -369,21 +370,33 @@ static struct vfsmount *nfs_do_refmount(struct rpc_clnt *client, struct dentry *
struct vfsmount *nfs4_submount(struct nfs_server *server, struct dentry *dentry, struct vfsmount *nfs4_submount(struct nfs_server *server, struct dentry *dentry,
struct nfs_fh *fh, struct nfs_fattr *fattr) struct nfs_fh *fh, struct nfs_fattr *fattr)
{ {
rpc_authflavor_t flavor = server->client->cl_auth->au_flavor;
struct dentry *parent = dget_parent(dentry); struct dentry *parent = dget_parent(dentry);
struct inode *dir = parent->d_inode;
struct qstr *name = &dentry->d_name;
struct rpc_clnt *client; struct rpc_clnt *client;
struct vfsmount *mnt; struct vfsmount *mnt;
/* Look it up again to get its attributes and sec flavor */ /* Look it up again to get its attributes and sec flavor */
client = nfs4_proc_lookup_mountpoint(parent->d_inode, &dentry->d_name, fh, fattr); client = nfs4_proc_lookup_mountpoint(dir, name, fh, fattr);
dput(parent); dput(parent);
if (IS_ERR(client)) if (IS_ERR(client))
return ERR_CAST(client); return ERR_CAST(client);
if (fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) if (fattr->valid & NFS_ATTR_FATTR_V4_REFERRAL) {
mnt = nfs_do_refmount(client, dentry); mnt = nfs_do_refmount(client, dentry);
else goto out;
mnt = nfs_do_submount(dentry, fh, fattr, client->cl_auth->au_flavor); }
if (client->cl_auth->au_flavor != flavor)
flavor = client->cl_auth->au_flavor;
else if (!(server->flags & NFS_MOUNT_SECFLAVOUR)) {
rpc_authflavor_t new = nfs4_negotiate_security(dir, name);
if ((int)new >= 0)
flavor = new;
}
mnt = nfs_do_submount(dentry, fh, fattr, flavor);
out:
rpc_shutdown_client(client); rpc_shutdown_client(client);
return mnt; return mnt;
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment