Commit dd07c947 authored by Chuck Lever's avatar Chuck Lever Committed by Trond Myklebust

NFS: Set security flavor default for NFSv2/3 mounts like other defaults

Set the default security flavor when we set the other mount option default
values.  After this change, only the legacy user-space mount path needs to
set the NFS_MOUNT_SECFLAVOUR flag.
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 01060c89
...@@ -856,8 +856,7 @@ static void nfs_set_mount_transport_protocol(struct nfs_parsed_mount_data *mnt) ...@@ -856,8 +856,7 @@ static void nfs_set_mount_transport_protocol(struct nfs_parsed_mount_data *mnt)
/* /*
* Parse the value of the 'sec=' option. * Parse the value of the 'sec=' option.
* *
* The flags setting is for v2/v3. The flavor_len setting is for v4. * The flavor_len setting is for v4 mounts.
* v2/v3 also need to know the difference between NULL and UNIX.
*/ */
static int nfs_parse_security_flavors(char *value, static int nfs_parse_security_flavors(char *value,
struct nfs_parsed_mount_data *mnt) struct nfs_parsed_mount_data *mnt)
...@@ -868,57 +867,46 @@ static int nfs_parse_security_flavors(char *value, ...@@ -868,57 +867,46 @@ static int nfs_parse_security_flavors(char *value,
switch (match_token(value, nfs_secflavor_tokens, args)) { switch (match_token(value, nfs_secflavor_tokens, args)) {
case Opt_sec_none: case Opt_sec_none:
mnt->flags &= ~NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 0; mnt->auth_flavor_len = 0;
mnt->auth_flavors[0] = RPC_AUTH_NULL; mnt->auth_flavors[0] = RPC_AUTH_NULL;
break; break;
case Opt_sec_sys: case Opt_sec_sys:
mnt->flags &= ~NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 0; mnt->auth_flavor_len = 0;
mnt->auth_flavors[0] = RPC_AUTH_UNIX; mnt->auth_flavors[0] = RPC_AUTH_UNIX;
break; break;
case Opt_sec_krb5: case Opt_sec_krb5:
mnt->flags |= NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 1; mnt->auth_flavor_len = 1;
mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5; mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5;
break; break;
case Opt_sec_krb5i: case Opt_sec_krb5i:
mnt->flags |= NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 1; mnt->auth_flavor_len = 1;
mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5I; mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5I;
break; break;
case Opt_sec_krb5p: case Opt_sec_krb5p:
mnt->flags |= NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 1; mnt->auth_flavor_len = 1;
mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5P; mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5P;
break; break;
case Opt_sec_lkey: case Opt_sec_lkey:
mnt->flags |= NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 1; mnt->auth_flavor_len = 1;
mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEY; mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEY;
break; break;
case Opt_sec_lkeyi: case Opt_sec_lkeyi:
mnt->flags |= NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 1; mnt->auth_flavor_len = 1;
mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYI; mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYI;
break; break;
case Opt_sec_lkeyp: case Opt_sec_lkeyp:
mnt->flags |= NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 1; mnt->auth_flavor_len = 1;
mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYP; mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYP;
break; break;
case Opt_sec_spkm: case Opt_sec_spkm:
mnt->flags |= NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 1; mnt->auth_flavor_len = 1;
mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKM; mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKM;
break; break;
case Opt_sec_spkmi: case Opt_sec_spkmi:
mnt->flags |= NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 1; mnt->auth_flavor_len = 1;
mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMI; mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMI;
break; break;
case Opt_sec_spkmp: case Opt_sec_spkmp:
mnt->flags |= NFS_MOUNT_SECFLAVOUR;
mnt->auth_flavor_len = 1; mnt->auth_flavor_len = 1;
mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMP; mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMP;
break; break;
...@@ -1480,6 +1468,7 @@ static int nfs_validate_mount_data(void *options, ...@@ -1480,6 +1468,7 @@ static int nfs_validate_mount_data(void *options,
args->mount_server.port = 0; /* autobind unless user sets port */ args->mount_server.port = 0; /* autobind unless user sets port */
args->nfs_server.port = 0; /* autobind unless user sets port */ args->nfs_server.port = 0; /* autobind unless user sets port */
args->nfs_server.protocol = XPRT_TRANSPORT_TCP; args->nfs_server.protocol = XPRT_TRANSPORT_TCP;
args->auth_flavors[0] = RPC_AUTH_UNIX;
switch (data->version) { switch (data->version) {
case 1: case 1:
...@@ -1537,7 +1526,9 @@ static int nfs_validate_mount_data(void *options, ...@@ -1537,7 +1526,9 @@ static int nfs_validate_mount_data(void *options,
args->nfs_server.hostname = kstrdup(data->hostname, GFP_KERNEL); args->nfs_server.hostname = kstrdup(data->hostname, GFP_KERNEL);
args->namlen = data->namlen; args->namlen = data->namlen;
args->bsize = data->bsize; args->bsize = data->bsize;
args->auth_flavors[0] = data->pseudoflavor;
if (data->flags & NFS_MOUNT_SECFLAVOUR)
args->auth_flavors[0] = data->pseudoflavor;
if (!args->nfs_server.hostname) if (!args->nfs_server.hostname)
goto out_nomem; goto out_nomem;
...@@ -1601,9 +1592,6 @@ static int nfs_validate_mount_data(void *options, ...@@ -1601,9 +1592,6 @@ static int nfs_validate_mount_data(void *options,
} }
} }
if (!(args->flags & NFS_MOUNT_SECFLAVOUR))
args->auth_flavors[0] = RPC_AUTH_UNIX;
#ifndef CONFIG_NFS_V3 #ifndef CONFIG_NFS_V3
if (args->flags & NFS_MOUNT_VER3) if (args->flags & NFS_MOUNT_VER3)
goto out_v3_not_compiled; goto out_v3_not_compiled;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment