linux/fs/nfs
Weston Andros Adamson d497ab9751 NFSv3: match sec= flavor against server list
Older linux clients match the 'sec=' mount option flavor against the server's
flavor list (if available) and return EPERM if the specified flavor or AUTH_NULL
(which "matches" any flavor) is not found.

Recent changes skip this step and allow the vfs mount even though no operations
will succeed, creating a 'dud' mount.

This patch reverts back to the old behavior of matching specified flavors
against the server list and also returns EPERM when no sec= is specified and
none of the flavors returned by the server are supported by the client.

Example of behavior change:

the server's /etc/exports:

/export/krb5      *(sec=krb5,rw,no_root_squash)

old client behavior:

$ uname -a
Linux one.apikia.fake 3.8.8-202.fc18.x86_64 #1 SMP Wed Apr 17 23:25:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
$ sudo mount -v -o sec=sys,vers=3 zero:/export/krb5 /mnt
mount.nfs: timeout set for Sun May  5 17:32:04 2013
mount.nfs: trying text-based options 'sec=sys,vers=3,addr=192.168.100.10'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.100.10 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.100.10 prog 100005 vers 3 prot UDP port 20048
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting zero:/export/krb5

recently changed behavior:

$ uname -a
Linux one.apikia.fake 3.9.0-testing+ #2 SMP Fri May 3 20:29:32 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux
$ sudo mount -v -o sec=sys,vers=3 zero:/export/krb5 /mnt
mount.nfs: timeout set for Sun May  5 17:37:17 2013
mount.nfs: trying text-based options 'sec=sys,vers=3,addr=192.168.100.10'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.100.10 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.100.10 prog 100005 vers 3 prot UDP port 20048
$ ls /mnt
ls: cannot open directory /mnt: Permission denied
$ sudo ls /mnt
ls: cannot open directory /mnt: Permission denied
$ sudo df /mnt
df: ‘/mnt’: Permission denied
df: no file systems processed
$ sudo umount /mnt
$

Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-05-06 17:24:36 -04:00
..
blocklayout pnfs-block: removing DM device maybe cause oops when call dev_remove 2013-03-21 10:11:06 -04:00
objlayout umount oops when remove blocklayoutdriver first 2013-02-17 15:40:15 -05:00
cache_lib.c NFS: simplify and clean cache library 2013-02-15 10:43:36 -05:00
cache_lib.h NFS: simplify and clean cache library 2013-02-15 10:43:36 -05:00
callback_proc.c NFSv4: Fix CB_RECALL_ANY to only return delegations that are not in use 2013-04-05 17:03:57 -04:00
callback_xdr.c NFSv4.1: Move slot table and session struct definitions to nfs4session.h 2012-12-06 00:30:46 +01:00
callback.c nfs: allow the v4.1 callback thread to freeze 2013-04-05 17:03:52 -04:00
callback.h NFSv4.1: Clean up session draining 2012-12-06 00:30:44 +01:00
client.c NFSv4.1: Set the RPC_CLNT_CREATE_INFINITE_SLOTS flag for NFSv4.1 transports 2013-04-14 12:59:28 -04:00
delegation.c nfs: remove unnecessary check for NULL inode->i_flock from nfs_delegation_claim_locks 2013-04-10 15:40:31 -04:00
delegation.h NFSv4: Fix CB_RECALL_ANY to only return delegations that are not in use 2013-04-05 17:03:57 -04:00
dir.c NFSv4.1: Enable open-by-filehandle 2013-03-25 12:04:11 -04:00
direct.c nfs: fix page dirtying in NFS DIO read codepath 2012-12-12 12:56:19 -05:00
dns_resolve.c SUNRPC: remove "cache_request" argument in sunrpc_cache_pipe_upcall() function 2013-02-15 10:43:47 -05:00
dns_resolve.h NFS: DNS resolver cache per network namespace context introduced 2012-01-31 18:20:26 -05:00
file.c NFS: Ensure that NFS file unlock waits for readahead to complete 2013-04-08 22:12:42 -04:00
fscache-index.c NFS: Use the inode->i_version to cache NFSv4 change attribute information 2011-10-18 09:14:34 -07:00
fscache.c NFS4: Open files for fscaching 2012-12-20 22:19:42 +00:00
fscache.h NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n 2012-12-21 08:06:48 -08:00
getroot.c nfs: remove kfree() redundant null checks 2013-02-17 15:27:21 -05:00
idmap.c NFSv4: Fix the string length returned by the idmapper 2013-03-20 16:45:16 -04:00
inode.c NFS: Add functionality to allow waiting on all outstanding reads to complete 2013-04-08 22:12:33 -04:00
internal.h NFS: Add functionality to allow waiting on all outstanding reads to complete 2013-04-08 22:12:33 -04:00
iostat.h NFS: Squelch compiler warning in nfs_add_server_stats() 2010-05-14 15:09:31 -04:00
Kconfig NFSv4.1: Remove the dependency on CONFIG_EXPERIMENTAL 2012-10-03 10:54:50 -07:00
Makefile NFSv4.1: Cleanup move session slot management to fs/nfs/nfs4session.c 2012-12-06 00:30:45 +01:00
mount_clnt.c NFS: Remove the BUG_ON() in the mount code 2012-11-04 14:43:39 -05:00
namespace.c NFS: Don't silently fail setattr() requests on mountpoints 2013-01-30 17:41:04 -05:00
netns.h nfs: include NFSv4 header in netns.h 2012-10-02 08:17:02 -07:00
nfs2super.c NFS: Convert v2 into a module 2012-07-30 19:06:41 -04:00
nfs2xdr.c nfs: Convert nfs2xdr to use kuids and kgids 2013-02-13 06:15:30 -08:00
nfs3acl.c userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr 2012-09-18 01:01:35 -07:00
nfs3client.c NFS: Only initialize the ACL client in the v3 case 2012-07-30 19:05:54 -04:00
nfs3proc.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
nfs3super.c NFS: Convert v3 into a module 2012-07-30 19:06:46 -04:00
nfs3xdr.c nfs: Convert nfs3xdr to use kuids and kgids 2013-02-13 06:15:31 -08:00
nfs4_fs.h NFSv4.1: Ensure that we free the lock stateid on the server 2013-05-06 17:24:27 -04:00
nfs4client.c Merge branch 'bugfixes' into linux-next 2013-04-23 15:52:14 -04:00
nfs4file.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
nfs4filelayout.c NFSv4: The stateid must remain the same for replayed RPC calls 2013-03-25 12:04:10 -04:00
nfs4filelayout.h PNFS: set the default DS timeout to 60 seconds 2013-02-28 17:35:00 -08:00
nfs4filelayoutdev.c sunrpc: move address copy/cmp/convert routines and prototypes from clnt.h to addr.h 2013-02-05 09:41:14 -05:00
nfs4getroot.c NFSv4: fs/nfs/nfs4getroot.c needs to include "internal.h" 2012-10-16 12:37:59 -04:00
nfs4namespace.c SUNRPC: Introduce rpcauth_get_pseudoflavor() 2013-03-29 15:43:07 -04:00
nfs4proc.c NFSv4.1: Ensure that we free the lock stateid on the server 2013-05-06 17:24:27 -04:00
nfs4renewd.c workqueue: use mod_delayed_work() instead of cancel + queue 2012-08-13 16:27:37 -07:00
nfs4session.c NFSv4.1: Deal effectively with interrupted RPC calls. 2012-12-15 15:39:59 -05:00
nfs4session.h NFSv4.1: Deal effectively with interrupted RPC calls. 2012-12-15 15:39:59 -05:00
nfs4state.c NFSv4.1: Ensure that we free the lock stateid on the server 2013-05-06 17:24:27 -04:00
nfs4super.c NFS: Use server-recommended security flavor by default (NFSv3) 2013-04-04 17:01:01 -04:00
nfs4sysctl.c nfs: include nfs4_fh.h in nfs4sysctl.c 2012-10-02 08:17:03 -07:00
nfs4xdr.c NFSv4: Convert nfs41_free_stateid to use an asynchronous RPC call 2013-05-06 17:24:22 -04:00
nfs.h NFS: Convert v4 into a module 2012-07-30 19:06:52 -04:00
nfsroot.c SUNRPC/NFS: Add Kbuild dependencies for NFS_DEBUG/RPC_DEBUG 2012-03-20 13:08:26 -04:00
pagelist.c NFS: Add functionality to allow waiting on all outstanding reads to complete 2013-04-08 22:12:33 -04:00
pnfs_dev.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
pnfs.c NFSv4: Fail I/O if the state recovery fails irrevocably 2013-03-25 12:04:10 -04:00
pnfs.h NFSv4.1: Add a helper pnfs_commit_and_return_layout 2013-03-21 10:31:21 -04:00
proc.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
read.c NFS: Don't accept more reads/writes if the open context recovery failed 2013-03-25 12:04:10 -04:00
super.c NFSv3: match sec= flavor against server list 2013-05-06 17:24:36 -04:00
symlink.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
sysctl.c NFS: Initialize v4 sysctls from nfs_init_v4() 2012-07-17 13:33:18 -04:00
unlink.c NFS: Don't allow NFS silly-renamed files to be deleted, no signal 2013-02-22 14:55:34 -05:00
write.c NFS: Don't accept more reads/writes if the open context recovery failed 2013-03-25 12:04:10 -04:00