linux/fs/nfs
Weston Andros Adamson a5250def7c NFSv4: use the mach cred for SECINFO w/ integrity
Commit 5ec16a8500 introduced a regression
that causes SECINFO to fail without actualy sending an RPC if:

 1) the nfs_client's rpc_client was using KRB5i/p (now tried by default)
 2) the current user doesn't have valid kerberos credentials

This situation is quite common - as of now a sec=sys mount would use
krb5i for the nfs_client's rpc_client and a user would hardly be faulted
for not having run kinit.

The solution is to use the machine cred when trying to use an integrity
protected auth flavor for SECINFO.

Older servers may not support using the machine cred or an integrity
protected auth flavor for SECINFO in every circumstance, so we fall back
to using the user's cred and the filesystem's auth flavor in this case.

We run into another problem when running against linux nfs servers -
they return NFS4ERR_WRONGSEC when using integrity auth flavor (unless the
mount is also that flavor) even though that is not a valid error for
SECINFO*.  Even though it's against spec, handle WRONGSEC errors on SECINFO
by falling back to using the user cred and the filesystem's auth flavor.

Signed-off-by: Weston Andros Adamson <dros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2013-09-03 15:25:10 -04:00
..
blocklayout NFSv4.1 use pnfs_device maxcount for the blocklayout gdia_maxcount 2013-06-28 15:34:44 -04:00
objlayout NFSv4.1 use pnfs_device maxcount for the objectlayout gdia_maxcount 2013-06-28 15:34:45 -04:00
cache_lib.c NFS: simplify and clean cache library 2013-02-15 10:43:36 -05:00
cache_lib.h NFS: simplify and clean cache library 2013-02-15 10:43:36 -05:00
callback_proc.c NFSv4.1: Add tracepoints for debugging slot table operations 2013-08-22 08:58:27 -04:00
callback_xdr.c Merge branch 'labeled-nfs' into linux-next 2013-06-28 16:29:51 -04:00
callback.c NFS client updates for Linux 3.11 2013-07-09 12:09:43 -07:00
callback.h NFS: Add in v4.2 callback operation 2013-06-08 16:20:18 -04:00
client.c NFS Remove unused authflavour parameter from init_client 2013-08-07 13:09:30 -04:00
delegation.c NFSv4: Add tracepoints for debugging delegations 2013-08-22 08:58:24 -04:00
delegation.h NFSv4: Fix CB_RECALL_ANY to only return delegations that are not in use 2013-04-05 17:03:57 -04:00
dir.c NFS: Fix up two use-after-free issues with the new tracing code 2013-08-30 09:19:34 -04:00
direct.c nfs: fix page dirtying in NFS DIO read codepath 2012-12-12 12:56:19 -05:00
dns_resolve.c NFSv4: Move the DNS resolver into the NFSv4 module 2013-06-18 13:47:18 -04:00
dns_resolve.h NFS: DNS resolver cache per network namespace context introduced 2012-01-31 18:20:26 -05:00
file.c NFS avoid expired credential keys for buffered writes 2013-09-03 15:25:09 -04:00
fscache-index.c NFS: Use the inode->i_version to cache NFSv4 change attribute information 2011-10-18 09:14:34 -07:00
fscache.c NFS4: Open files for fscaching 2012-12-20 22:19:42 +00:00
fscache.h NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n 2012-12-21 08:06:48 -08:00
getroot.c NFS:Add labels to client function prototypes 2013-06-08 16:20:15 -04:00
idmap.c NFSv4: Convert idmapper to use the new framework for pipefs dentries 2013-09-01 11:12:42 -04:00
inode.c NFS: Add event tracing for generic NFS events 2013-08-22 08:58:17 -04:00
internal.h NFS avoid expired credential keys for buffered writes 2013-09-03 15:25:09 -04:00
iostat.h
Kconfig Kconfig: Add Kconfig entry for Labeled NFS V4 client 2013-06-08 16:20:17 -04:00
Makefile NFSv4: Add tracepoints for debugging state management problems 2013-08-22 08:58:21 -04:00
mount_clnt.c nfs: have nfs_mount fake up a auth_flavs list when the server didn't provide it 2013-06-28 15:51:51 -04:00
namespace.c NFS:Add labels to client function prototypes 2013-06-08 16:20:15 -04:00
netns.h nfs: include NFSv4 header in netns.h 2012-10-02 08:17:02 -07:00
nfs2super.c NFS: Convert v2 into a module 2012-07-30 19:06:41 -04:00
nfs2xdr.c nfs: Convert nfs2xdr to use kuids and kgids 2013-02-13 06:15:30 -08:00
nfs3acl.c userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr 2012-09-18 01:01:35 -07:00
nfs3client.c NFS: Only initialize the ACL client in the v3 case 2012-07-30 19:05:54 -04:00
nfs3proc.c NFSv3: Deal with a sparse warning in nfs3_proc_create 2013-08-21 20:00:16 -04:00
nfs3super.c NFS: Convert v3 into a module 2012-07-30 19:06:46 -04:00
nfs3xdr.c nfs: Convert nfs3xdr to use kuids and kgids 2013-02-13 06:15:31 -08:00
nfs4_fs.h NFS: Never use user credentials for lease renewal 2013-08-07 13:06:08 -04:00
nfs4client.c NFS Remove unused authflavour parameter from init_client 2013-08-07 13:09:30 -04:00
nfs4file.c NFSv4: Move dentry instantiation into the NFSv4-specific atomic open code 2013-06-06 16:24:43 -04:00
nfs4filelayout.c NFSv4: Add tracepoints for debugging reads and writes 2013-08-22 08:58:26 -04:00
nfs4filelayout.h NFSv4.1: Use layout credentials for get_deviceinfo calls 2013-06-06 16:24:37 -04:00
nfs4filelayoutdev.c NFSv4.1 Fix gdia_maxcount calculation to fit in ca_maxresponsesize 2013-06-28 15:34:43 -04:00
nfs4getroot.c NFSv4: fs/nfs/nfs4getroot.c needs to include "internal.h" 2012-10-16 12:37:59 -04:00
nfs4namespace.c SUNRPC: Introduce rpcauth_get_pseudoflavor() 2013-03-29 15:43:07 -04:00
nfs4proc.c NFSv4: use the mach cred for SECINFO w/ integrity 2013-09-03 15:25:10 -04:00
nfs4renewd.c workqueue: use mod_delayed_work() instead of cancel + queue 2012-08-13 16:27:37 -07:00
nfs4session.c NFS: Never use user credentials for lease renewal 2013-08-07 13:06:08 -04:00
nfs4session.h NFSv4.1: Add tracepoints for debugging slot table operations 2013-08-22 08:58:27 -04:00
nfs4state.c NFS: remove incorrect "Lock reclaim failed!" warning. 2013-08-22 14:34:14 -04:00
nfs4super.c NFSv4: Move the DNS resolver into the NFSv4 module 2013-06-18 13:47:18 -04:00
nfs4sysctl.c nfs: include nfs4_fh.h in nfs4sysctl.c 2012-10-02 08:17:03 -07:00
nfs4trace.c NFSv4.1: Add tracepoints for debugging slot table operations 2013-08-22 08:58:27 -04:00
nfs4trace.h NFSv4.1: Add tracepoints for debugging test_stateid events 2013-08-22 08:58:27 -04:00
nfs4xdr.c NFSv4: Fix an incorrect pointer declaration in decode_first_pnfs_layout_type 2013-08-22 08:58:15 -04:00
nfs.h NFS: Convert v4 into a module 2012-07-30 19:06:52 -04:00
nfsroot.c SUNRPC/NFS: Add Kbuild dependencies for NFS_DEBUG/RPC_DEBUG 2012-03-20 13:08:26 -04:00
nfstrace.c NFS: Add event tracing for generic NFS lookups 2013-08-22 08:58:18 -04:00
nfstrace.h NFS: Add tracepoints for debugging NFS hard links 2013-08-22 08:58:20 -04:00
pagelist.c NFS: Add functionality to allow waiting on all outstanding reads to complete 2013-04-08 22:12:33 -04:00
pnfs_dev.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
pnfs.c NFSv4: Add tracepoints for debugging reads and writes 2013-08-22 08:58:26 -04:00
pnfs.h NFSv4.1 Fix gdia_maxcount calculation to fit in ca_maxresponsesize 2013-06-28 15:34:43 -04:00
proc.c NFS:Add labels to client function prototypes 2013-06-08 16:20:15 -04:00
read.c NFS: Don't accept more reads/writes if the open context recovery failed 2013-03-25 12:04:10 -04:00
super.c NFSv4: Refuse mount attempts with proto=udp 2013-08-07 12:37:04 -04:00
symlink.c
sysctl.c NFS: Initialize v4 sysctls from nfs_init_v4() 2012-07-17 13:33:18 -04:00
unlink.c NFS: Add tracepoints for debugging NFS rename and sillyrename issues 2013-08-22 08:58:19 -04:00
write.c NFS avoid expired credential keys for buffered writes 2013-09-03 15:25:09 -04:00