nfs: authenticated deep mounting

Allow mount to do authenticated mounts below the root of the exported tree.
The wording in RFC 2623, sec 2.3.2. allows fsinfo with UNIX authentication
on the root of the export. Mounts are not always done on the root
of the exported tree. Especially autoumounts often mount below the root of
the exported tree.
Some server implementations (justly) require full authentication for the
so-called deep mounts. The old code used AUTH_SYS only. This caused deep
mounts to fail on systems requiring stronger authentication..
The client should try both authentication types and use the first one that
succeeds.
This method was already partially implemented. This patch completes
the implementation for NFS2 and NFS3.
This patch was developed to allow Debian systems to automount home directories
on Solaris servers with krb5 authentication.

Tested on kernel 2.6.24-etchnhalf.1

Signed-off-by: E.G. Keizer <keie@few.vu.nl>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
EG Keizer 2008-08-19 16:34:36 -04:00 committed by Trond Myklebust
parent f25b874d39
commit 37ca8f5c60
2 changed files with 26 additions and 4 deletions

View File

@ -699,7 +699,7 @@ nfs3_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle,
} }
static int static int
nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, do_proc_fsinfo(struct rpc_clnt *client, struct nfs_fh *fhandle,
struct nfs_fsinfo *info) struct nfs_fsinfo *info)
{ {
struct rpc_message msg = { struct rpc_message msg = {
@ -711,11 +711,27 @@ nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
dprintk("NFS call fsinfo\n"); dprintk("NFS call fsinfo\n");
nfs_fattr_init(info->fattr); nfs_fattr_init(info->fattr);
status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0); status = rpc_call_sync(client, &msg, 0);
dprintk("NFS reply fsinfo: %d\n", status); dprintk("NFS reply fsinfo: %d\n", status);
return status; return status;
} }
/*
* Bare-bones access to fsinfo: this is for nfs_get_root/nfs_get_sb via
* nfs_create_server
*/
static int
nfs3_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle,
struct nfs_fsinfo *info)
{
int status;
status = do_proc_fsinfo(server->client, fhandle, info);
if (status && server->nfs_client->cl_rpcclient != server->client)
status = do_proc_fsinfo(server->nfs_client->cl_rpcclient, fhandle, info);
return status;
}
static int static int
nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle, nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
struct nfs_pathconf *info) struct nfs_pathconf *info)

View File

@ -65,14 +65,20 @@ nfs_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
dprintk("%s: call getattr\n", __func__); dprintk("%s: call getattr\n", __func__);
nfs_fattr_init(fattr); nfs_fattr_init(fattr);
status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0); status = rpc_call_sync(server->client, &msg, 0);
/* Retry with default authentication if different */
if (status && server->nfs_client->cl_rpcclient != server->client)
status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
dprintk("%s: reply getattr: %d\n", __func__, status); dprintk("%s: reply getattr: %d\n", __func__, status);
if (status) if (status)
return status; return status;
dprintk("%s: call statfs\n", __func__); dprintk("%s: call statfs\n", __func__);
msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS]; msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS];
msg.rpc_resp = &fsinfo; msg.rpc_resp = &fsinfo;
status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0); status = rpc_call_sync(server->client, &msg, 0);
/* Retry with default authentication if different */
if (status && server->nfs_client->cl_rpcclient != server->client)
status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
dprintk("%s: reply statfs: %d\n", __func__, status); dprintk("%s: reply statfs: %d\n", __func__, status);
if (status) if (status)
return status; return status;