summaryrefslogtreecommitdiff
path: root/fs/nfsd
AgeCommit message (Collapse)Author
2009-12-21nfsd: fix "insecure" export optionJ. Bruce Fields
A typo in 12045a6ee9908b "nfsd: let "insecure" flag vary by pseudoflavor" reversed the sense of the "insecure" flag. Reported-by: Michael Guntsche <mike@it-loops.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-12-16Merge branch 'master' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 * 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (38 commits) direct I/O fallback sync simplification ocfs: stop using do_sync_mapping_range cleanup blockdev_direct_IO locking make generic_acl slightly more generic sanitize xattr handler prototypes libfs: move EXPORT_SYMBOL for d_alloc_name vfs: force reval of target when following LAST_BIND symlinks (try #7) ima: limit imbalance msg Untangling ima mess, part 3: kill dead code in ima Untangling ima mess, part 2: deal with counters Untangling ima mess, part 1: alloc_file() O_TRUNC open shouldn't fail after file truncation ima: call ima_inode_free ima_inode_free IMA: clean up the IMA counts updating code ima: only insert at inode creation time ima: valid return code from ima_inode_alloc fs: move get_empty_filp() deffinition to internal.h Sanitize exec_permission_lite() Kill cached_lookup() and real_lookup() Kill path_lookup_open() ... Trivial conflicts in fs/direct-io.c
2009-12-16Untangling ima mess, part 3: kill dead code in imaAl Viro
Kill the 'update' argument of ima_path_check(), kill dead code in ima. Current rules: ima counters are bumped at the same time when the file switches from put_filp() fodder to fput() one. Which happens exactly in two places - alloc_file() and __dentry_open(). Nothing else needs to do that at all. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-12-16Untangling ima mess, part 2: deal with countersAl Viro
* do ima_get_count() in __dentry_open() * stop doing that in followups * move ima_path_check() to right after nameidata_to_filp() * don't bump counters on it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-12-15nfsd: remove pointless paths in file headersJ. Bruce Fields
The new .h files have paths at the top that are now out of date. While we're here, just remove all of those from fs/nfsd; they never served any purpose. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-15nfsd: move most of nfsfh.h to fs/nfsdJ. Bruce Fields
Most of this can be trivially moved to a private header as well. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-15nfsd: make V4ROOT exports read-onlyJ. Bruce Fields
I can't see any use for writeable V4ROOT exports. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-15nfsd: restrict filehandles accepted in V4ROOT caseSteve Dickson
On V4ROOT exports, only accept filehandles that are the *root* of some export. This allows mountd to allow or deny access to individual directories and symlinks on the pseudofilesystem. Note that the checks in readdir and lookup are not enough, since a malicious host with access to the network could guess filehandles that they weren't able to obtain through lookup or readdir. Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-15nfsd: allow exports of symlinksJ. Bruce Fields
We want to allow exports of symlinks, to allow mountd to communicate to the kernel which symlinks lead to exports, and hence which symlinks need to be visible on the pseudofilesystem. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-15nfsd: filter readdir results in V4ROOT caseJ. Bruce Fields
As with lookup, we treat every boject as a mountpoint and pretend it doesn't exist if it isn't exported. The preexisting code here is confusing, but I haven't yet figured out how to make it clearer. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-15nfsd: filter lookup results in V4ROOT caseJ. Bruce Fields
We treat every object as a mountpoint and pretend it doesn't exist if it isn't exported. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-15nfsd4: don't continue "under" mounts in V4ROOT caseJ. Bruce Fields
If /A/mount/point/ has filesystem "B" mounted on top of it, and if "A" is exported, but not "B", then the nfs server has always returned to the client a filehandle for the mountpoint, instead of for the root of "B", allowing the client to see the subtree of "A" that would otherwise be hidden by B. Disable this behavior in the case of V4ROOT exports; we implement the path restrictions of V4ROOT exports by treating *every* directory as if it were a mountpoint, and allowing traversal *only* if the new directory is exported. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-15nfsd: introduce export flag for v4 pseudorootSteve Dickson
NFSv4 differs from v2 and v3 in that it presents a single unified filesystem tree, whereas v2 and v3 exported multiple filesystem (whose roots could be found using a separate mount protocol). Our original NFSv4 server implementation asked the administrator to designate a single filesystem as the NFSv4 root, then to mount filesystems they wished to export underneath. (Often using bind mounts of already-existing filesystems.) This was conceptually simple, and allowed easy implementation, but created a serious obstacle to upgrading between v2/v3: since the paths to v4 filesystems were different, administrators would have to adjust all the paths in client-side mount commands when switching to v4. Various workarounds are possible. For example, the administrator could export "/" and designate it as the v4 root. However, the security risks of that approach are obvious, and in any case we shouldn't be requiring the administrator to take extra steps to fix this problem; instead, the server should present consistent paths across different versions by default. These patches take a modified version of that approach: we provide a new export option which exports only a subset of a filesystem. With this flag, it becomes safe for mountd to export "/" by default, with no need for additional configuration. We begin just by defining the new flag. Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-15nfsd: let "insecure" flag vary by pseudoflavorJ. Bruce Fields
This was an oversight; it should be among the export flags that can be allowed to vary by pseudoflavor. This allows an administrator to (for example) allow auth_sys mounts only from low ports, but allow auth_krb5 mounts to use any port. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-14nfsd: new interface to advertise export featuresJ. Bruce Fields
Soon we will add the new V4ROOT flag, and allow the INSECURE flag to vary by pseudoflavor. It would be useful for nfs-utils (for example, for improved exportfs error reporting) to be able to know when this happens. Use this new interface for that purpose. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-14nfsd: Move private headers to source directoryBoaz Harrosh
Lots of include/linux/nfsd/* headers are only used by nfsd module. Move them to the source directory Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-14nfsd: Source files #include cleanupsBoaz Harrosh
Now that the headers are fixed and carry their own wait, all fs/nfsd/ source files can include a minimal set of headers. and still compile just fine. This patch should improve the compilation speed of the nfsd module. Signed-off-by: Boaz Harrosh <bharrosh@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-12-14nfsd4: fix share mode permissionsJ. Bruce Fields
NFSv4 opens may function as locks denying other NFSv4 users the rights to open a file. We're requiring a user to have write permissions before they can deny write. We're *not* requiring a user to have write permissions to deny read, which is if anything a more drastic denial. What was intended was to require write permissions for DENY_READ. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-11-25nfsd: simplify fh_verify access checksJ. Bruce Fields
All nfsd security depends on the security checks in fh_verify, and especially on nfsd_setuser(). It therefore bothers me that the nfsd_setuser call may be made from three different places, depending on whether the filehandle has already been mapped to a dentry, and on whether subtreechecking is in force. Instead, make an unconditional call in fh_verify(), so it's trivial to verify that the call always occurs. That leaves us with a redundant nfsd_setuser() call in the subtreecheck case--it needs the correct user set earlier in order to check execute permissions on the path to this filehandle--but I'm willing to accept that minor inefficiency in the subtreecheck case in return for more straightforward permission checking. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-11-23Merge commit 'v2.6.32-rc8' into HEADJ. Bruce Fields
2009-11-14Fix memory corruption caused by nfsd readdir+Petr Vandrovec
Commit 8177e6d6dfb9cd03d9bdeb647c32161f8f58f686 ("nfsd: clean up readdirplus encoding") introduced single character typo in nfs3 readdir+ implementation. Unfortunately that typo has quite bad side effects: random memory corruption, followed (on my box) with immediate spontaneous box reboot. Using 'p1' instead of 'p' fixes my Linux box rebooting whenever VMware ESXi box tries to list contents of my home directory. Signed-off-by: Petr Vandrovec <petr@vandrovec.name> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Neil Brown <neilb@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-11-13nfsd: make fs/nfsd/vfs.h for common includesJ. Bruce Fields
None of this stuff is used outside nfsd, so move it out of the common linux include directory. Actually, probably none of the stuff in include/linux/nfsd/nfsd.h really belongs there, so later we may remove that file entirely. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-11-05nfsd: use STATEID_FMT and STATEID_VAL for printing stateidsBenny Halevy
Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-11-04nfsd: register NFS_ACL with rpcbindPeter Staubach
Modify the NFS server to register the NFS_ACL services with the rpcbind daemon. This allows the client to ping for the existence of the NFS_ACL support via commands such as "rpcinfo -t <server> nfs_acl". This patch also modifies the NFS_ACL support so that responses to version 2 NULLPROC requests can be made. The changelog for the patch which turned off this functionality mentioned something about not registering the NFS_ACL as being part of some tradition. I can't find this tradition and the only other implementation which supports NFS_ACL does register them with the rpcbind daemon. Signed-off-by: Peter Staubach <staubach@redhat.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-10-27nfsd: Fix sort_pacl in fs/nfsd/nf4acl.c to actually sort groupsFrank Filz
We have been doing some extensive testing of Linux support for ACLs on NFDS v4. We have noticed that the server rejects ACLs where the groups are out of order, for example, the following ACL is rejected: A::OWNER@:rwaxtTcCy A::user101@domain:rwaxtcy A::GROUP@:rwaxtcy A:g:group102@domain:rwaxtcy A:g:group101@domain:rwaxtcy A::EVERYONE@:rwaxtcy Examining the server code, I found that after converting an NFS v4 ACL to POSIX, sort_pacl is called to sort the user ACEs and group ACEs. Unfortunately, a minor bug causes the group sort to be skipped. Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-10-27nfsd4.1: common slot allocation size calculationJ. Bruce Fields
We do the same calculation in a couple places; use a helper function, and add a little documentation, in the hopes of preventing bugs like that fixed in the last patch. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-10-27nfsd4.1: fix session memory use calculationJ. Bruce Fields
Unbalanced calculations on creation and destruction of sessions could cause our estimate of cache memory used to become negative, sometimes resulting in spurious SERVERFAULT returns to client CREATE_SESSION requests. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-10-27Merge commit 'v2.6.32-rc5' into for-2.6.33J. Bruce Fields
2009-10-01const: constify remaining file_operationsAlexey Dobriyan
[akpm@linux-foundation.org: fix KVM] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-28nfsd41: use sv_max_mesg for forechannel max sizesAndy Adamson
ca_maxresponsesize and ca_maxrequest size include the RPC header. sv_max_mesg is sv_max_payolad plus a page for overhead and is used in svc_init_buffer to allocate server buffer space for both the request and reply. Note that this means we can service an RPC compound that requires ca_maxrequestsize (MAXWRITE) or ca_max_responsesize (MAXREAD) but that we do not support an RPC compound that requires both ca_maxrequestsize and ca_maxresponsesize. Signed-off-by: Andy Adamson <andros@netapp.com> [bfields@citi.umich.edu: more documentation updates] Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-28nfsd4: fix error return when pseudoroot missingJ. Bruce Fields
We really shouldn't hit this case at all, and forthcoming kernel and nfs-utils changes should eliminate this case; if it does happen, consider it a bug rather than reporting an error that doesn't really make sense for the operation (since there's no reason for a server to be accepting v4 traffic yet have no root filehandle). Also move some exp_pseudoroot code into a helper function while we're here. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-28nfsd: minor nfsd_lookup cleanupJ. Bruce Fields
Break out some of nfsd_lookup_dentry into helper functions. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-28nfsd4: cross mountpoints when looking up parentsJ. Bruce Fields
3c394ddaa7ea4205f933fd9b481166b2669368a9 "nfsd4: nfsv4 clients should cross mountpoints" forgot to handle lookups of parents directories. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-24headers: utsname.h reduxAlexey Dobriyan
* remove asm/atomic.h inclusion from linux/utsname.h -- not needed after kref conversion * remove linux/utsname.h inclusion from files which do not need it NOTE: it looks like fs/binfmt_elf.c do not need utsname.h, however due to some personality stuff it _is_ needed -- cowardly leave ELF-related headers and files alone. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-23seq_file: constify seq_operationsJames Morris
Make all seq_operations structs const, to help mitigate against revectoring user-triggerable function pointers. This is derived from the grsecurity patch, although generated from scratch because it's simpler than extracting the changes from there. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-22Merge branch 'for-2.6.32' of git://linux-nfs.org/~bfields/linuxLinus Torvalds
* 'for-2.6.32' of git://linux-nfs.org/~bfields/linux: (68 commits) nfsd4: nfsv4 clients should cross mountpoints nfsd: revise 4.1 status documentation sunrpc/cache: avoid variable over-loading in cache_defer_req sunrpc/cache: use list_del_init for the list_head entries in cache_deferred_req nfsd: return success for non-NFS4 nfs4_state_start nfsd41: Refactor create_client() nfsd41: modify nfsd4.1 backchannel to use new xprt class nfsd41: Backchannel: Implement cb_recall over NFSv4.1 nfsd41: Backchannel: cb_sequence callback nfsd41: Backchannel: Setup sequence information nfsd41: Backchannel: Server backchannel RPC wait queue nfsd41: Backchannel: Add sequence arguments to callback RPC arguments nfsd41: Backchannel: callback infrastructure nfsd4: use common rpc_cred for all callbacks nfsd4: allow nfs4 state startup to fail SUNRPC: Defer the auth_gss upcall when the RPC call is asynchronous nfsd4: fix null dereference creating nfsv4 callback client nfsd4: fix whitespace in NFSPROC4_CLNT_CB_NULL definition nfsd41: sunrpc: add new xprt class for nfsv4.1 backchannel sunrpc/cache: simplify cache_fresh_locked and cache_fresh_unlocked. ...
2009-09-22const: make lock_manager_operations constAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-09-21nfsd4: nfsv4 clients should cross mountpointsSteve Dickson
Allow NFS v4 clients to seamlessly cross mount point without have to set either the 'crossmnt' or the 'nohide' export options. Signed-Off-By: Steve Dickson <steved@redhat.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd41: Refactor create_client()Ricardo Labiaga
Move common initialization of 'struct nfs4_client' inside create_client(). Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> [nfsd41: Remember the auth flavor to use for callbacks] Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd41: modify nfsd4.1 backchannel to use new xprt classAlexandros Batsakis
This patch enables the use of the nfsv4.1 backchannel. Signed-off-by: Alexandros Batsakis <batsakis@netapp.com> [initialize rpc_create_args.bc_xprt too] Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd41: Backchannel: Implement cb_recall over NFSv4.1Ricardo Labiaga
Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> [nfsd41: cb_recall callback] [Share v4.0 and v4.1 back channel xdr] Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Ricardo Labiaga <ricardo.labiaga@netapp.com> Signed-off-by: Benny Halevy <bhalevy@panasas.com> [Share v4.0 and v4.1 back channel xdr] Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Benny Halevy <bhalevy@panasas.com> [nfsd41: use nfsd4_cb_sequence for callback minorversion] [nfsd41: conditionally decode_sequence in nfs4_xdr_dec_cb_recall] Signed-off-by: Benny Halevy <bhalevy@panasas.com> [nfsd41: Backchannel: Add sequence arguments to callback RPC arguments] Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> [pulled-in definition of nfsd4_cb_done] Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd41: Backchannel: cb_sequence callbackBenny Halevy
Implement the cb_sequence callback conforming to draft-ietf-nfsv4-minorversion1 Note: highest slot id and target highest slot id do not have to be 0 as was previously implemented. They can be greater than what the nfs server sent if the client supports a larger slot table on the backchannel. At this point we just ignore that. Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> [Rework the back channel xdr using the shared v4.0 and v4.1 framework.] Signed-off-by: Andy Adamson <andros@netapp.com> [fixed indentation] Signed-off-by: Benny Halevy <bhalevy@panasas.com> [nfsd41: use nfsd4_cb_sequence for callback minorversion] Signed-off-by: Benny Halevy <bhalevy@panasas.com> [nfsd41: fix verification of CB_SEQUENCE highest slot id[ Signed-off-by: Benny Halevy <bhalevy@panasas.com> [nfsd41: Backchannel: Remove old backchannel serialization] [nfsd41: Backchannel: First callback sequence ID should be 1] Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> Signed-off-by: Benny Halevy <bhalevy@panasas.com> [nfsd41: decode_cb_sequence does not need to actually decode ignored fields] Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd41: Backchannel: Setup sequence informationRicardo Labiaga
Follows the model used by the NFS client. Setup the RPC prepare and done function pointers so that we can populate the sequence information if minorversion == 1. rpc_run_task() is then invoked directly just like existing NFS client operations do. nfsd4_cb_prepare() determines if the sequence information needs to be setup. If the slot is in use, it adds itself to the wait queue. nfsd4_cb_done() wakes anyone sleeping on the callback channel wait queue after our RPC reply has been received. It also sets the task message result pointer to NULL to clearly indicate we're done using it. Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> [define and initialize cl_cb_seq_nr here] [pulled out unused defintion of nfsd4_cb_done] Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd41: Backchannel: Server backchannel RPC wait queueRicardo Labiaga
RPC callback requests will wait on this wait queue if the backchannel is out of slots. Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd41: Backchannel: Add sequence arguments to callback RPC argumentsRicardo Labiaga
Follow the model we use in the client. Make the sequence arguments part of the regular RPC arguments. None of the callbacks that are soon to be implemented expect results that need to be passed back to the caller, so we don't define a separate RPC results structure. For session validation, the cb_sequence decoding will use a pointer to the sequence arguments that are part of the RPC argument. Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> [define struct nfsd4_cb_sequence here] Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd41: Backchannel: callback infrastructureAndy Adamson
Keep the xprt used for create_session in cl_cb_xprt. Mark cl_callback.cb_minorversion = 1 and remember the client provided cl_callback.cb_prog rpc program number. Use it to probe the callback path. Use the client's network address to initialize as the callback's address as expected by the xprt creation routines. Define xdr sizes and code nfs4_cb_compound header to be able to send a null callback rpc. Signed-off-by: Andy Adamson<andros@netapp.com> Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com> [get callback minorversion from fore channel's] Signed-off-by: Benny Halevy <bhalevy@panasas.com> [nfsd41: change bc_sock to bc_xprt] Signed-off-by: Benny Halevy <bhalevy@panasas.com> [pulled definition for cl_cb_xprt] Signed-off-by: Benny Halevy <bhalevy@panasas.com> [nfsd41: set up backchannel's cb_addr] [moved rpc_create_args init to "nfsd: modify nfsd4.1 backchannel to use new xprt class"] Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd4: use common rpc_cred for all callbacksJ. Bruce Fields
Callbacks are always made using the machine's identity, so we can use a single auth_generic credential shared among callbacks to all clients and let the rpc code take care of the rest. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd4: allow nfs4 state startup to failJ. Bruce Fields
The failure here is pretty unlikely, but we should handle it anyway. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-16nfsd4: fix null dereference creating nfsv4 callback clientJ. Bruce Fields
On setting up the callback to the client, we attempt to use the same authentication flavor the client did. We find an rpc cred to use by calling rpcauth_lookup_credcache(), which assumes that the given authentication flavor has a credentials cache. However, this is not required to be true--in particular, auth_null does not use one. Instead, we should call the auth's lookup_cred() method. Without this, a client attempting to mount using nfsv4 and auth_null triggers a null dereference. Cc: stable@kernel.org Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2009-09-13nfsd4: fix whitespace in NFSPROC4_CLNT_CB_NULL definitionBenny Halevy
Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>