[PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups

[PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups

[NeilBrown]

With this patchset it becomes possible to list a number of different
security flavours that maybe used to access an exported filesystem,
and to attach different export options (e.g. readonly, rootsquash) to
different flavours.
Also, NFSv4 can report which flavours are available on a particular export.

They are suitable for 2.6.23.

NeilBrown



 [PATCH 001 of 20] knfsd: nfsd: make all exp_finding functions return -errno's on err
 [PATCH 002 of 20] knfsd: nfsd4: build rpcsec_gss whenever nfsd4 is built
 [PATCH 003 of 20] knfsd: nfsd4: store pseudoflavor in request
 [PATCH 004 of 20] knfsd: nfsd4: parse secinfo information in exports downcall
 [PATCH 005 of 20] knfsd: nfsd4: simplify exp_pseudoroot arguments
 [PATCH 006 of 20] knfsd: nfsd: remove superfluous assignment from nfsd_lookup
 [PATCH 007 of 20] knfsd: nfsd: provide export lookup wrappers which take a svc_rqst
 [PATCH 008 of 20] knfsd: nfsd: set rq_client to ip-address-determined-domain
 [PATCH 009 of 20] knfsd: nfsd: use ip-address-based domain in secinfo case
 [PATCH 010 of 20] knfsd: nfsd: factor nfsd_lookup into 2 pieces
 [PATCH 011 of 20] knfsd: nfsd4: return nfserr_wrongsec
 [PATCH 012 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor
 [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags
 [PATCH 014 of 20] knfsd: nfsd: display export secinfo information
 [PATCH 015 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor
 [PATCH 016 of 20] knfsd: rpc: add gss krb5 and spkm3 oid values
 [PATCH 017 of 20] knfsd: nfsd4: implement secinfo
 [PATCH 018 of 20] knfsd: nfsd4: secinfo handling without secinfo= option
 [PATCH 019 of 20] knfsd: nfsd: allow auth_sys nlm on rpcsec_gss exports
 [PATCH 020 of 20] knfsd: nfsd: enforce per-flavor id squashing

[PATCH 001 of 20] knfsd: nfsd: make all exp_finding functions return -errno's on err

[NeilBrown]

From: J. Bruce Fields <bfields@puzzle.fieldses.org>

Currently exp_find(), exp_get_by_name(), and friends, return an export on
success, and on failure return:

	errors -EAGAIN (drop this request pending an upcall) or
		-ETIMEDOUT (an upcall has timed out), or
	return NULL, which can mean either that there was a memory allocation
		failure, or that an export was not found, or that a passed-in
		export lacks an auth_domain.

Many callers seem to assume that NULL means that an export was not found, which
may lead to bugs in the case of a memory allocation failure.

Modify these functions to distinguish between the two NULL cases by returning
either  -ENOENT or -ENOMEM.  They now never return NULL.  We get to simplify
some code in the process.

We return -ENOENT in the case of a missing auth_domain.  This case should
probably be removed (or converted to a bug) after confirming that it can never
happen.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/export.c |   58 +++++++++++++++++++++--------------------------------
 ./fs/nfsd/nfsfh.c  |   11 ++++------
 ./fs/nfsd/vfs.c    |    9 +++-----
 3 files changed, 32 insertions(+), 46 deletions(-)

diff .prev/fs/nfsd/export.c ./fs/nfsd/export.c
--- .prev/fs/nfsd/export.c	2007-07-10 11:19:59.000000000 +1000
+++ ./fs/nfsd/export.c	2007-07-10 11:20:09.000000000 +1000
@@ -739,16 +739,18 @@ exp_find_key(svc_client *clp, int fsid_t
 	int err;
 	
 	if (!clp)
-		return NULL;
+		return ERR_PTR(-ENOENT);
 
 	key.ek_client = clp;
 	key.ek_fsidtype = fsid_type;
 	memcpy(key.ek_fsid, fsidv, key_len(fsid_type));
 
 	ek = svc_expkey_lookup(&key);
-	if (ek != NULL)
-		if ((err = cache_check(&svc_expkey_cache, &ek->h, reqp)))
-			ek = ERR_PTR(err);
+	if (ek == NULL)
+		return ERR_PTR(-ENOMEM);
+	err = cache_check(&svc_expkey_cache, &ek->h, reqp);
+	if (err)
+		return ERR_PTR(err);
 	return ek;
 }
 
@@ -809,30 +811,21 @@ exp_get_by_name(svc_client *clp, struct 
 		struct cache_req *reqp)
 {
 	struct svc_export *exp, key;
+	int err;
 	
 	if (!clp)
-		return NULL;
+		return ERR_PTR(-ENOENT);
 
 	key.ex_client = clp;
 	key.ex_mnt = mnt;
 	key.ex_dentry = dentry;
 
 	exp = svc_export_lookup(&key);
-	if (exp != NULL)  {
-		int err;
-
-		err = cache_check(&svc_export_cache, &exp->h, reqp);
-		switch (err) {
-		case 0: break;
-		case -EAGAIN:
-		case -ETIMEDOUT:
-			exp = ERR_PTR(err);
-			break;
-		default:
-			exp = NULL;
-		}
-	}
-
+	if (exp == NULL)
+		return ERR_PTR(-ENOMEM);
+	err = cache_check(&svc_export_cache, &exp->h, reqp);
+	if (err)
+		return ERR_PTR(err);
 	return exp;
 }
 
@@ -848,7 +841,7 @@ exp_parent(svc_client *clp, struct vfsmo
 	dget(dentry);
 	exp = exp_get_by_name(clp, mnt, dentry, reqp);
 
-	while (exp == NULL && !IS_ROOT(dentry)) {
+	while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(dentry)) {
 		struct dentry *parent;
 
 		parent = dget_parent(dentry);
@@ -901,7 +894,7 @@ static void exp_fsid_unhash(struct svc_e
 		return;
 
 	ek = exp_get_fsid_key(exp->ex_client, exp->ex_fsid);
-	if (ek && !IS_ERR(ek)) {
+	if (!IS_ERR(ek)) {
 		ek->h.expiry_time = get_seconds()-1;
 		cache_put(&ek->h, &svc_expkey_cache);
 	}
@@ -939,7 +932,7 @@ static void exp_unhash(struct svc_export
 	struct inode *inode = exp->ex_dentry->d_inode;
 
 	ek = exp_get_key(exp->ex_client, inode->i_sb->s_dev, inode->i_ino);
-	if (ek && !IS_ERR(ek)) {
+	if (!IS_ERR(ek)) {
 		ek->h.expiry_time = get_seconds()-1;
 		cache_put(&ek->h, &svc_expkey_cache);
 	}
@@ -990,13 +983,12 @@ exp_export(struct nfsctl_export *nxp)
 
 	/* must make sure there won't be an ex_fsid clash */
 	if ((nxp->ex_flags & NFSEXP_FSID) &&
-	    (fsid_key = exp_get_fsid_key(clp, nxp->ex_dev)) &&
-	    !IS_ERR(fsid_key) &&
+	    (!IS_ERR(fsid_key = exp_get_fsid_key(clp, nxp->ex_dev))) &&
 	    fsid_key->ek_mnt &&
 	    (fsid_key->ek_mnt != nd.mnt || fsid_key->ek_dentry != nd.dentry) )
 		goto finish;
 
-	if (exp) {
+	if (!IS_ERR(exp)) {
 		/* just a flags/id/fsid update */
 
 		exp_fsid_unhash(exp);
@@ -1105,7 +1097,7 @@ exp_unexport(struct nfsctl_export *nxp)
 	err = -EINVAL;
 	exp = exp_get_by_name(dom, nd.mnt, nd.dentry, NULL);
 	path_release(&nd);
-	if (!exp)
+	if (IS_ERR(exp))
 		goto out_domain;
 
 	exp_do_unexport(exp);
@@ -1150,10 +1142,6 @@ exp_rootfh(svc_client *clp, char *path, 
 		err = PTR_ERR(exp);
 		goto out;
 	}
-	if (!exp) {
-		dprintk("nfsd: exp_rootfh export not found.\n");
-		goto out;
-	}
 
 	/*
 	 * fh must be initialized before calling fh_compose
@@ -1177,13 +1165,13 @@ exp_find(struct auth_domain *clp, int fs
 {
 	struct svc_export *exp;
 	struct svc_expkey *ek = exp_find_key(clp, fsid_type, fsidv, reqp);
-	if (!ek || IS_ERR(ek))
+	if (IS_ERR(ek))
 		return ERR_PTR(PTR_ERR(ek));
 
 	exp = exp_get_by_name(clp, ek->ek_mnt, ek->ek_dentry, reqp);
 	cache_put(&ek->h, &svc_expkey_cache);
 
-	if (!exp || IS_ERR(exp))
+	if (IS_ERR(exp))
 		return ERR_PTR(PTR_ERR(exp));
 	return exp;
 }
@@ -1205,10 +1193,10 @@ exp_pseudoroot(struct auth_domain *clp, 
 	mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL);
 
 	exp = exp_find(clp, FSID_NUM, fsidv, creq);
+	if (PTR_ERR(exp) == -ENOENT)
+		return nfserr_perm;
 	if (IS_ERR(exp))
 		return nfserrno(PTR_ERR(exp));
-	if (exp == NULL)
-		return nfserr_perm;
 	rv = fh_compose(fhp, exp, exp->ex_dentry, NULL);
 	exp_put(exp);
 	return rv;

diff .prev/fs/nfsd/nfsfh.c ./fs/nfsd/nfsfh.c
--- .prev/fs/nfsd/nfsfh.c	2007-07-10 11:19:59.000000000 +1000
+++ ./fs/nfsd/nfsfh.c	2007-07-10 11:20:09.000000000 +1000
@@ -160,15 +160,14 @@ fh_verify(struct svc_rqst *rqstp, struct
 				       &rqstp->rq_chandle);
 		}
 
-		if (IS_ERR(exp) && (PTR_ERR(exp) == -EAGAIN
-				|| PTR_ERR(exp) == -ETIMEDOUT)) {
-			error = nfserrno(PTR_ERR(exp));
+		error = nfserr_stale;
+		if (PTR_ERR(exp) == -ENOENT)
 			goto out;
-		}
 
-		error = nfserr_stale; 
-		if (!exp || IS_ERR(exp))
+		if (IS_ERR(exp)) {
+			error = nfserrno(PTR_ERR(exp));
 			goto out;
+		}
 
 		/* Check if the request originated from a secure port. */
 		error = nfserr_perm;

diff .prev/fs/nfsd/vfs.c ./fs/nfsd/vfs.c
--- .prev/fs/nfsd/vfs.c	2007-07-10 11:19:59.000000000 +1000
+++ ./fs/nfsd/vfs.c	2007-07-10 11:20:09.000000000 +1000
@@ -192,15 +192,14 @@ nfsd_lookup(struct svc_rqst *rqstp, stru
 
 			exp2 = exp_parent(exp->ex_client, mnt, dentry,
 					  &rqstp->rq_chandle);
-			if (IS_ERR(exp2)) {
+			if (PTR_ERR(exp2) == -ENOENT) {
+				dput(dentry);
+				dentry = dget(dparent);
+			} else if (IS_ERR(exp2)) {
 				host_err = PTR_ERR(exp2);
 				dput(dentry);
 				mntput(mnt);
 				goto out_nfserr;
-			}
-			if (!exp2) {
-				dput(dentry);
-				dentry = dget(dparent);
 			} else {
 				exp_put(exp);
 				exp = exp2;

[PATCH 002 of 20] knfsd: nfsd4: build rpcsec_gss whenever nfsd4 is built

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

Select rpcsec_gss support whenever asked for NFSv4 support.  The rfc
actually requires gss, and gss is also the main reason to migrate to v4.
We already do this on the client side.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/Kconfig |    1 +
 1 file changed, 1 insertion(+)

diff .prev/fs/Kconfig ./fs/Kconfig
--- .prev/fs/Kconfig	2007-07-10 11:19:59.000000000 +1000
+++ ./fs/Kconfig	2007-07-10 11:26:04.000000000 +1000
@@ -1725,6 +1725,7 @@ config NFSD_V3_ACL
 config NFSD_V4
 	bool "Provide NFSv4 server support (EXPERIMENTAL)"
 	depends on NFSD_V3 && EXPERIMENTAL
+	select RPCSEC_GSS_KRB5
 	help
 	  If you would like to include the NFSv4 server as well as the NFSv2
 	  and NFSv3 servers, say Y here.  This feature is experimental, and

[PATCH 003 of 20] knfsd: nfsd4: store pseudoflavor in request

[NeilBrown]

From: andros@citi.umich.edu <andros@citi.umich.edu>

Add a new field to the svc_rqst structure to record the pseudoflavor that
the request was made with.  For now we record the pseudoflavor but don't
use it for anything.

Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./include/linux/sunrpc/gss_api.h        |    1 +
 ./include/linux/sunrpc/svc.h            |    1 +
 ./net/sunrpc/auth_gss/gss_mech_switch.c |   14 ++++++++++++++
 ./net/sunrpc/auth_gss/svcauth_gss.c     |    2 ++
 ./net/sunrpc/svcauth_unix.c             |    3 +++
 5 files changed, 21 insertions(+)

diff .prev/include/linux/sunrpc/gss_api.h ./include/linux/sunrpc/gss_api.h
--- .prev/include/linux/sunrpc/gss_api.h	2007-07-10 11:28:10.000000000 +1000
+++ ./include/linux/sunrpc/gss_api.h	2007-07-10 11:27:13.000000000 +1000
@@ -58,6 +58,7 @@ u32 gss_unwrap(
 u32 gss_delete_sec_context(
 		struct gss_ctx		**ctx_id);
 
+u32 gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 service);
 u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
 char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
 

diff .prev/include/linux/sunrpc/svc.h ./include/linux/sunrpc/svc.h
--- .prev/include/linux/sunrpc/svc.h	2007-07-10 11:28:10.000000000 +1000
+++ ./include/linux/sunrpc/svc.h	2007-07-10 11:27:13.000000000 +1000
@@ -212,6 +212,7 @@ struct svc_rqst {
 	struct svc_pool *	rq_pool;	/* thread pool */
 	struct svc_procedure *	rq_procinfo;	/* procedure info */
 	struct auth_ops *	rq_authop;	/* authentication flavour */
+	u32			rq_flavor;	/* pseudoflavor */
 	struct svc_cred		rq_cred;	/* auth info */
 	struct sk_buff *	rq_skbuff;	/* fast recv inet buffer */
 	struct svc_deferred_req*rq_deferred;	/* deferred request we are replaying */

diff .prev/net/sunrpc/auth_gss/gss_mech_switch.c ./net/sunrpc/auth_gss/gss_mech_switch.c
--- .prev/net/sunrpc/auth_gss/gss_mech_switch.c	2007-07-10 11:28:10.000000000 +1000
+++ ./net/sunrpc/auth_gss/gss_mech_switch.c	2007-07-10 11:28:53.000000000 +1000
@@ -200,6 +200,20 @@ gss_mech_get_by_pseudoflavor(u32 pseudof
 EXPORT_SYMBOL(gss_mech_get_by_pseudoflavor);
 
 u32
+gss_svc_to_pseudoflavor(struct gss_api_mech *gm, u32 service)
+{
+	int i;
+
+	for (i = 0; i < gm->gm_pf_num; i++) {
+		if (gm->gm_pfs[i].service == service) {
+			return gm->gm_pfs[i].pseudoflavor;
+		}
+	}
+	return RPC_AUTH_MAXFLAVOR; /* illegal value */
+}
+EXPORT_SYMBOL(gss_svc_to_pseudoflavor);
+
+u32
 gss_pseudoflavor_to_service(struct gss_api_mech *gm, u32 pseudoflavor)
 {
 	int i;

diff .prev/net/sunrpc/auth_gss/svcauth_gss.c ./net/sunrpc/auth_gss/svcauth_gss.c
--- .prev/net/sunrpc/auth_gss/svcauth_gss.c	2007-07-10 11:28:10.000000000 +1000
+++ ./net/sunrpc/auth_gss/svcauth_gss.c	2007-07-10 11:27:13.000000000 +1000
@@ -1145,6 +1145,8 @@ svcauth_gss_accept(struct svc_rqst *rqst
 		}
 		svcdata->rsci = rsci;
 		cache_get(&rsci->h);
+		rqstp->rq_flavor = gss_svc_to_pseudoflavor(
+					rsci->mechctx->mech_type, gc->gc_svc);
 		ret = SVC_OK;
 		goto out;
 	}

diff .prev/net/sunrpc/svcauth_unix.c ./net/sunrpc/svcauth_unix.c
--- .prev/net/sunrpc/svcauth_unix.c	2007-07-10 11:28:10.000000000 +1000
+++ ./net/sunrpc/svcauth_unix.c	2007-07-10 11:27:13.000000000 +1000
@@ -5,6 +5,7 @@
 #include <linux/sunrpc/xdr.h>
 #include <linux/sunrpc/svcsock.h>
 #include <linux/sunrpc/svcauth.h>
+#include <linux/sunrpc/gss_api.h>
 #include <linux/err.h>
 #include <linux/seq_file.h>
 #include <linux/hash.h>
@@ -707,6 +708,7 @@ svcauth_null_accept(struct svc_rqst *rqs
 	svc_putnl(resv, RPC_AUTH_NULL);
 	svc_putnl(resv, 0);
 
+	rqstp->rq_flavor = RPC_AUTH_NULL;
 	return SVC_OK;
 }
 
@@ -784,6 +786,7 @@ svcauth_unix_accept(struct svc_rqst *rqs
 	svc_putnl(resv, RPC_AUTH_NULL);
 	svc_putnl(resv, 0);
 
+	rqstp->rq_flavor = RPC_AUTH_UNIX;
 	return SVC_OK;
 
 badcred:

[PATCH 004 of 20] knfsd: nfsd4: parse secinfo information in exports downcall

[NeilBrown]

From: andros@citi.umich.edu <andros@citi.umich.edu>

We add a list of pseudoflavors to each export downcall, which will be used
both as a list of security flavors allowed on that export, and (in the
order given) as the list of pseudoflavors to return on secinfo calls.

This patch parses the new downcall information and adds it to the export
structure, but doesn't use it for anything yet.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/export.c            |   56 ++++++++++++++++++++++++++++++++++++++++--
 ./include/linux/nfsd/export.h |   17 ++++++++++++
 2 files changed, 71 insertions(+), 2 deletions(-)

diff .prev/fs/nfsd/export.c ./fs/nfsd/export.c
--- .prev/fs/nfsd/export.c	2007-07-10 11:33:23.000000000 +1000
+++ ./fs/nfsd/export.c	2007-07-10 11:33:27.000000000 +1000
@@ -33,6 +33,8 @@
 #include <linux/nfsd/nfsfh.h>
 #include <linux/nfsd/syscall.h>
 #include <linux/lockd/bind.h>
+#include <linux/sunrpc/msg_prot.h>
+#include <linux/sunrpc/gss_api.h>
 
 #define NFSDDBG_FACILITY	NFSDDBG_EXPORT
 
@@ -452,8 +454,48 @@ out_free_all:
 	return err;
 }
 
+static int secinfo_parse(char **mesg, char *buf, struct svc_export *exp)
+{
+	int listsize, err;
+	struct exp_flavor_info *f;
+
+	err = get_int(mesg, &listsize);
+	if (err)
+		return err;
+	if (listsize < 0 || listsize > MAX_SECINFO_LIST)
+		return -EINVAL;
+
+	for (f = exp->ex_flavors; f < exp->ex_flavors + listsize; f++) {
+		err = get_int(mesg, &f->pseudoflavor);
+		if (err)
+			return err;
+		/*
+		 * Just a quick sanity check; we could also try to check
+		 * whether this pseudoflavor is supported, but at worst
+		 * an unsupported pseudoflavor on the export would just
+		 * be a pseudoflavor that won't match the flavor of any
+		 * authenticated request.  The administrator will
+		 * probably discover the problem when someone fails to
+		 * authenticate.
+		 */
+		if (f->pseudoflavor < 0)
+			return -EINVAL;
+		err = get_int(mesg, &f->flags);
+		if (err)
+			return err;
+		/* Only some flags are allowed to differ between flavors: */
+		if (~NFSEXP_SECINFO_FLAGS & (f->flags ^ exp->ex_flags))
+			return -EINVAL;
+	}
+	exp->ex_nflavors = listsize;
+	return 0;
+}
+
 #else /* CONFIG_NFSD_V4 */
-static inline int fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc) { return 0; }
+static inline int
+fsloc_parse(char **mesg, char *buf, struct nfsd4_fs_locations *fsloc){return 0;}
+static inline int
+secinfo_parse(char **mesg, char *buf, struct svc_export *exp) { return 0; }
 #endif
 
 static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
@@ -477,6 +519,9 @@ static int svc_export_parse(struct cache
 
 	exp.ex_uuid = NULL;
 
+	/* secinfo */
+	exp.ex_nflavors = 0;
+
 	if (mesg[mlen-1] != '\n')
 		return -EINVAL;
 	mesg[mlen-1] = 0;
@@ -554,7 +599,9 @@ static int svc_export_parse(struct cache
 					if (exp.ex_uuid == NULL)
 						err = -ENOMEM;
 				}
-			} else
+			} else if (strcmp(buf, "secinfo") == 0)
+				err = secinfo_parse(&mesg, buf, &exp);
+			else
 				/* quietly ignore unknown words and anything
 				 * following. Newer user-space can try to set
 				 * new values, then see what the result was.
@@ -655,6 +702,7 @@ static void export_update(struct cache_h
 {
 	struct svc_export *new = container_of(cnew, struct svc_export, h);
 	struct svc_export *item = container_of(citem, struct svc_export, h);
+	int i;
 
 	new->ex_flags = item->ex_flags;
 	new->ex_anon_uid = item->ex_anon_uid;
@@ -670,6 +718,10 @@ static void export_update(struct cache_h
 	item->ex_fslocs.locations_count = 0;
 	new->ex_fslocs.migrated = item->ex_fslocs.migrated;
 	item->ex_fslocs.migrated = 0;
+	new->ex_nflavors = item->ex_nflavors;
+	for (i = 0; i < MAX_SECINFO_LIST; i++) {
+		new->ex_flavors[i] = item->ex_flavors[i];
+	}
 }
 
 static struct cache_head *svc_export_alloc(void)

diff .prev/include/linux/nfsd/export.h ./include/linux/nfsd/export.h
--- .prev/include/linux/nfsd/export.h	2007-07-10 11:33:23.000000000 +1000
+++ ./include/linux/nfsd/export.h	2007-07-10 11:29:02.000000000 +1000
@@ -42,6 +42,8 @@
 #define	NFSEXP_NOACL		0x8000	/* reserved for possible ACL related use */
 #define NFSEXP_ALLFLAGS		0xFE3F
 
+/* The flags that may vary depending on security flavor: */
+#define NFSEXP_SECINFO_FLAGS	0
 
 #ifdef __KERNEL__
 
@@ -64,6 +66,19 @@ struct nfsd4_fs_locations {
 	int migrated;
 };
 
+/*
+ * We keep an array of pseudoflavors with the export, in order from most
+ * to least preferred.  For the forseeable future, we don't expect more
+ * than the eight pseudoflavors null, unix, krb5, krb5i, krb5p, skpm3,
+ * spkm3i, and spkm3p (and using all 8 at once should be rare).
+ */
+#define MAX_SECINFO_LIST	8
+
+struct exp_flavor_info {
+	u32	pseudoflavor;
+	u32	flags;
+};
+
 struct svc_export {
 	struct cache_head	h;
 	struct auth_domain *	ex_client;
@@ -76,6 +91,8 @@ struct svc_export {
 	int			ex_fsid;
 	unsigned char *		ex_uuid; /* 16 byte fsid */
 	struct nfsd4_fs_locations ex_fslocs;
+	int			ex_nflavors;
+	struct exp_flavor_info	ex_flavors[MAX_SECINFO_LIST];
 };
 
 /* an "export key" (expkey) maps a filehandlefragement to an

[PATCH 005 of 20] knfsd: nfsd4: simplify exp_pseudoroot arguments

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

We're passing three arguments to exp_pseudoroot, two of which are just
fields of the svc_rqst.  Soon we'll want to pass in a third field as
well.  So let's just give up and pass in the whole struct svc_rqst.

Also sneak in some minor style cleanups while we're at it.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/export.c            |    5 ++---
 ./fs/nfsd/nfs4proc.c          |    7 +++----
 ./fs/nfsd/nfs4xdr.c           |    2 +-
 ./include/linux/nfsd/export.h |    2 +-
 4 files changed, 7 insertions(+), 9 deletions(-)

diff .prev/fs/nfsd/export.c ./fs/nfsd/export.c
--- .prev/fs/nfsd/export.c	2007-07-10 11:33:27.000000000 +1000
+++ ./fs/nfsd/export.c	2007-07-10 11:33:32.000000000 +1000
@@ -1235,8 +1235,7 @@ exp_find(struct auth_domain *clp, int fs
  * export point with fsid==0
  */
 __be32
-exp_pseudoroot(struct auth_domain *clp, struct svc_fh *fhp,
-	       struct cache_req *creq)
+exp_pseudoroot(struct svc_rqst *rqstp, struct svc_fh *fhp)
 {
 	struct svc_export *exp;
 	__be32 rv;
@@ -1244,7 +1243,7 @@ exp_pseudoroot(struct auth_domain *clp, 
 
 	mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL);
 
-	exp = exp_find(clp, FSID_NUM, fsidv, creq);
+	exp = exp_find(rqstp->rq_client, FSID_NUM, fsidv, rqstp->rq_chandle);
 	if (PTR_ERR(exp) == -ENOENT)
 		return nfserr_perm;
 	if (IS_ERR(exp))

diff .prev/fs/nfsd/nfs4proc.c ./fs/nfsd/nfs4proc.c
--- .prev/fs/nfsd/nfs4proc.c	2007-07-10 11:19:58.000000000 +1000
+++ ./fs/nfsd/nfs4proc.c	2007-07-10 11:33:32.000000000 +1000
@@ -286,8 +286,7 @@ nfsd4_putrootfh(struct svc_rqst *rqstp, 
 	__be32 status;
 
 	fh_put(&cstate->current_fh);
-	status = exp_pseudoroot(rqstp->rq_client, &cstate->current_fh,
-			      &rqstp->rq_chandle);
+	status = exp_pseudoroot(rqstp, &cstate->current_fh);
 	return status;
 }
 
@@ -474,8 +473,8 @@ nfsd4_lookupp(struct svc_rqst *rqstp, st
 	__be32 ret;
 
 	fh_init(&tmp_fh, NFS4_FHSIZE);
-	if((ret = exp_pseudoroot(rqstp->rq_client, &tmp_fh,
-			      &rqstp->rq_chandle)) != 0)
+	ret = exp_pseudoroot(rqstp, &tmp_fh);
+	if (ret)
 		return ret;
 	if (tmp_fh.fh_dentry == cstate->current_fh.fh_dentry) {
 		fh_put(&tmp_fh);

diff .prev/fs/nfsd/nfs4xdr.c ./fs/nfsd/nfs4xdr.c
--- .prev/fs/nfsd/nfs4xdr.c	2007-07-10 11:19:58.000000000 +1000
+++ ./fs/nfsd/nfs4xdr.c	2007-07-10 11:33:32.000000000 +1000
@@ -1296,7 +1296,7 @@ static char *nfsd4_path(struct svc_rqst 
 	char *path, *rootpath;
 
 	fh_init(&tmp_fh, NFS4_FHSIZE);
-	*stat = exp_pseudoroot(rqstp->rq_client, &tmp_fh, &rqstp->rq_chandle);
+	*stat = exp_pseudoroot(rqstp, &tmp_fh);
 	if (*stat)
 		return NULL;
 	rootpath = tmp_fh.fh_export->ex_path;

diff .prev/include/linux/nfsd/export.h ./include/linux/nfsd/export.h
--- .prev/include/linux/nfsd/export.h	2007-07-10 11:29:02.000000000 +1000
+++ ./include/linux/nfsd/export.h	2007-07-10 11:33:32.000000000 +1000
@@ -135,7 +135,7 @@ struct svc_export *	exp_parent(struct au
 				   struct cache_req *reqp);
 int			exp_rootfh(struct auth_domain *, 
 					char *path, struct knfsd_fh *, int maxsize);
-__be32			exp_pseudoroot(struct auth_domain *, struct svc_fh *fhp, struct cache_req *creq);
+__be32			exp_pseudoroot(struct svc_rqst *, struct svc_fh *);
 __be32			nfserrno(int errno);
 
 extern struct cache_detail svc_export_cache;

[PATCH 006 of 20] knfsd: nfsd: remove superfluous assignment from nfsd_lookup

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

The "err" variable will only be used in the final return, which always
happens after either the preceding

	err = fh_compose(...);

or after the following

	err = nfserrno(host_err);

So the earlier assignment to err is ignored.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/vfs.c |    2 --
 1 file changed, 2 deletions(-)

diff .prev/fs/nfsd/vfs.c ./fs/nfsd/vfs.c
--- .prev/fs/nfsd/vfs.c	2007-07-10 11:20:09.000000000 +1000
+++ ./fs/nfsd/vfs.c	2007-07-10 11:34:00.000000000 +1000
@@ -168,8 +168,6 @@ nfsd_lookup(struct svc_rqst *rqstp, stru
 	exp  = fhp->fh_export;
 	exp_get(exp);
 
-	err = nfserr_acces;
-
 	/* Lookup the name, but don't follow links */
 	if (isdotent(name, len)) {
 		if (len==1)

[PATCH 007 of 20] knfsd: nfsd: provide export lookup wrappers which take a svc_rqst

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

Split the callers of exp_get_by_name(), exp_find(), and exp_parent()
into those that are processing requests and those that are doing other
stuff (like looking up filehandles for mountd).

No change in behavior, just a (fairly pointless, on its own) cleanup.

(Note this has the effect of making nfsd_cross_mnt() pass
rqstp->rq_client instead of exp->ex_client into exp_find_by_name().
However, the two should have the same value at this point.)

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/export.c            |   28 +++++++++++++++++++++++++++-
 ./fs/nfsd/nfsfh.c             |    5 ++---
 ./fs/nfsd/vfs.c               |    5 ++---
 ./include/linux/nfsd/export.h |    7 +++++++
 4 files changed, 38 insertions(+), 7 deletions(-)

diff .prev/fs/nfsd/export.c ./fs/nfsd/export.c
--- .prev/fs/nfsd/export.c	2007-07-10 11:33:32.000000000 +1000
+++ ./fs/nfsd/export.c	2007-07-10 11:34:22.000000000 +1000
@@ -1228,6 +1228,32 @@ exp_find(struct auth_domain *clp, int fs
 	return exp;
 }
 
+/*
+ * Called from functions that handle requests; functions that do work on
+ * behalf of mountd are passed a single client name to use, and should
+ * use exp_get_by_name() or exp_find().
+ */
+struct svc_export *
+rqst_exp_get_by_name(struct svc_rqst *rqstp, struct vfsmount *mnt,
+		struct dentry *dentry)
+{
+	return exp_get_by_name(rqstp->rq_client, mnt, dentry,
+						&rqstp->rq_chandle);
+}
+
+struct svc_export *
+rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv)
+{
+	return exp_find(rqstp->rq_client, fsid_type, fsidv,
+						&rqstp->rq_chandle);
+}
+
+struct svc_export *
+rqst_exp_parent(struct svc_rqst *rqstp, struct vfsmount *mnt,
+		struct dentry *dentry)
+{
+	return exp_parent(rqstp->rq_client, mnt, dentry, &rqstp->rq_chandle);
+}
 
 /*
  * Called when we need the filehandle for the root of the pseudofs,
@@ -1243,7 +1269,7 @@ exp_pseudoroot(struct svc_rqst *rqstp, s
 
 	mk_fsid(FSID_NUM, fsidv, 0, 0, 0, NULL);
 
-	exp = exp_find(rqstp->rq_client, FSID_NUM, fsidv, rqstp->rq_chandle);
+	exp = rqst_exp_find(rqstp, FSID_NUM, fsidv);
 	if (PTR_ERR(exp) == -ENOENT)
 		return nfserr_perm;
 	if (IS_ERR(exp))

diff .prev/fs/nfsd/nfsfh.c ./fs/nfsd/nfsfh.c
--- .prev/fs/nfsd/nfsfh.c	2007-07-10 11:20:09.000000000 +1000
+++ ./fs/nfsd/nfsfh.c	2007-07-10 11:34:22.000000000 +1000
@@ -145,7 +145,7 @@ fh_verify(struct svc_rqst *rqstp, struct
 				fh->fh_fsid[1] = fh->fh_fsid[2];
 			}
 			if ((data_left -= len)<0) goto out;
-			exp = exp_find(rqstp->rq_client, fh->fh_fsid_type, datap, &rqstp->rq_chandle);
+			exp = rqst_exp_find(rqstp, fh->fh_fsid_type, datap);
 			datap += len;
 		} else {
 			dev_t xdev;
@@ -156,8 +156,7 @@ fh_verify(struct svc_rqst *rqstp, struct
 			xdev = old_decode_dev(fh->ofh_xdev);
 			xino = u32_to_ino_t(fh->ofh_xino);
 			mk_fsid(FSID_DEV, tfh, xdev, xino, 0, NULL);
-			exp = exp_find(rqstp->rq_client, FSID_DEV, tfh,
-				       &rqstp->rq_chandle);
+			exp = rqst_exp_find(rqstp, FSID_DEV, tfh);
 		}
 
 		error = nfserr_stale;

diff .prev/fs/nfsd/vfs.c ./fs/nfsd/vfs.c
--- .prev/fs/nfsd/vfs.c	2007-07-10 11:34:00.000000000 +1000
+++ ./fs/nfsd/vfs.c	2007-07-10 11:34:22.000000000 +1000
@@ -113,7 +113,7 @@ nfsd_cross_mnt(struct svc_rqst *rqstp, s
 
 	while (follow_down(&mnt,&mounts)&&d_mountpoint(mounts));
 
-	exp2 = exp_get_by_name(exp->ex_client, mnt, mounts, &rqstp->rq_chandle);
+	exp2 = rqst_exp_get_by_name(rqstp, mnt, mounts);
 	if (IS_ERR(exp2)) {
 		err = PTR_ERR(exp2);
 		dput(mounts);
@@ -188,8 +188,7 @@ nfsd_lookup(struct svc_rqst *rqstp, stru
 			dput(dentry);
 			dentry = dp;
 
-			exp2 = exp_parent(exp->ex_client, mnt, dentry,
-					  &rqstp->rq_chandle);
+			exp2 = rqst_exp_parent(rqstp, mnt, dentry);
 			if (PTR_ERR(exp2) == -ENOENT) {
 				dput(dentry);
 				dentry = dget(dparent);

diff .prev/include/linux/nfsd/export.h ./include/linux/nfsd/export.h
--- .prev/include/linux/nfsd/export.h	2007-07-10 11:33:32.000000000 +1000
+++ ./include/linux/nfsd/export.h	2007-07-10 11:34:22.000000000 +1000
@@ -129,10 +129,16 @@ struct svc_export *	exp_get_by_name(stru
 					struct vfsmount *mnt,
 					struct dentry *dentry,
 					struct cache_req *reqp);
+struct svc_export *	rqst_exp_get_by_name(struct svc_rqst *,
+					     struct vfsmount *,
+					     struct dentry *);
 struct svc_export *	exp_parent(struct auth_domain *clp,
 				   struct vfsmount *mnt,
 				   struct dentry *dentry,
 				   struct cache_req *reqp);
+struct svc_export *	rqst_exp_parent(struct svc_rqst *,
+					struct vfsmount *mnt,
+					struct dentry *dentry);
 int			exp_rootfh(struct auth_domain *, 
 					char *path, struct knfsd_fh *, int maxsize);
 __be32			exp_pseudoroot(struct svc_rqst *, struct svc_fh *);
@@ -152,6 +158,7 @@ static inline void exp_get(struct svc_ex
 extern struct svc_export *
 exp_find(struct auth_domain *clp, int fsid_type, u32 *fsidv,
 	 struct cache_req *reqp);
+struct svc_export * rqst_exp_find(struct svc_rqst *, int, u32 *);
 
 #endif /* __KERNEL__ */
 

[PATCH 008 of 20] knfsd: nfsd: set rq_client to ip-address-determined-domain

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

We want it to be possible for users to restrict exports both by IP
address and by pseudoflavor.  The pseudoflavor information has
previously been passed using special auth_domains stored in the
rq_client field.  After the preceding patch that stored the pseudoflavor
in rq_pflavor, that's now superfluous; so now we use rq_client for the
ip information, as auth_null and auth_unix do.

However, we keep around the special auth_domain in the rq_gssclient
field for backwards compatibility purposes, so we can still do upcalls
using the old "gss/pseudoflavor" auth_domain if upcalls using the unix
domain to give us an appropriate export.  This allows us to continue
supporting old mountd.

In fact, for this first patch, we always use the "gss/pseudoflavor"
auth_domain (and only it) if it is available; thus rq_client is ignored
in the auth_gss case, and this patch on its own makes no change in
behavior; that will be left to later patches.

Note on idmap: I'm almost tempted to just replace the auth_domain in the
idmap upcall by a dummy value--no version of idmapd has ever used it,
and it's unlikely anyone really wants to perform idmapping differently
depending on the where the client is (they may want to perform
*credential* mapping differently, but that's a different matter--the
idmapper just handles id's used in getattr and setattr).  But I'm
updating the idmapd code anyway, just out of general
backwards-compatibility paranoia.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/export.c                  |   15 +++++++++++----
 ./fs/nfsd/nfs4idmap.c               |   13 +++++++++++--
 ./fs/nfsd/nfsfh.c                   |    2 --
 ./include/linux/sunrpc/svc.h        |    1 +
 ./include/linux/sunrpc/svcauth.h    |    1 +
 ./net/sunrpc/auth_gss/svcauth_gss.c |   21 ++++++++++++++++++---
 ./net/sunrpc/svcauth_unix.c         |    4 +++-
 7 files changed, 45 insertions(+), 12 deletions(-)

diff .prev/fs/nfsd/export.c ./fs/nfsd/export.c
--- .prev/fs/nfsd/export.c	2007-07-10 11:34:22.000000000 +1000
+++ ./fs/nfsd/export.c	2007-07-10 11:35:37.000000000 +1000
@@ -1237,21 +1237,28 @@ struct svc_export *
 rqst_exp_get_by_name(struct svc_rqst *rqstp, struct vfsmount *mnt,
 		struct dentry *dentry)
 {
-	return exp_get_by_name(rqstp->rq_client, mnt, dentry,
-						&rqstp->rq_chandle);
+	struct auth_domain *clp;
+
+	clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
+	return exp_get_by_name(clp, mnt, dentry, &rqstp->rq_chandle);
 }
 
 struct svc_export *
 rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv)
 {
-	return exp_find(rqstp->rq_client, fsid_type, fsidv,
-						&rqstp->rq_chandle);
+	struct auth_domain *clp;
+
+	clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
+	return exp_find(clp, fsid_type, fsidv, &rqstp->rq_chandle);
 }
 
 struct svc_export *
 rqst_exp_parent(struct svc_rqst *rqstp, struct vfsmount *mnt,
 		struct dentry *dentry)
 {
+	struct auth_domain *clp;
+
+	clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
 	return exp_parent(rqstp->rq_client, mnt, dentry, &rqstp->rq_chandle);
 }
 

diff .prev/fs/nfsd/nfs4idmap.c ./fs/nfsd/nfs4idmap.c
--- .prev/fs/nfsd/nfs4idmap.c	2007-07-10 11:19:57.000000000 +1000
+++ ./fs/nfsd/nfs4idmap.c	2007-07-10 11:35:37.000000000 +1000
@@ -587,6 +587,15 @@ idmap_lookup(struct svc_rqst *rqstp,
 	return ret;
 }
 
+static char *
+rqst_authname(struct svc_rqst *rqstp)
+{
+	struct auth_domain *clp;
+
+	clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
+	return clp->name;
+}
+
 static int
 idmap_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen,
 		uid_t *id)
@@ -600,7 +609,7 @@ idmap_name_to_id(struct svc_rqst *rqstp,
 		return -EINVAL;
 	memcpy(key.name, name, namelen);
 	key.name[namelen] = '\0';
-	strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname));
+	strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname));
 	ret = idmap_lookup(rqstp, nametoid_lookup, &key, &nametoid_cache, &item);
 	if (ret == -ENOENT)
 		ret = -ESRCH; /* nfserr_badname */
@@ -620,7 +629,7 @@ idmap_id_to_name(struct svc_rqst *rqstp,
 	};
 	int ret;
 
-	strlcpy(key.authname, rqstp->rq_client->name, sizeof(key.authname));
+	strlcpy(key.authname, rqst_authname(rqstp), sizeof(key.authname));
 	ret = idmap_lookup(rqstp, idtoname_lookup, &key, &idtoname_cache, &item);
 	if (ret == -ENOENT)
 		return sprintf(name, "%u", id);

diff .prev/fs/nfsd/nfsfh.c ./fs/nfsd/nfsfh.c
--- .prev/fs/nfsd/nfsfh.c	2007-07-10 11:34:22.000000000 +1000
+++ ./fs/nfsd/nfsfh.c	2007-07-10 11:35:37.000000000 +1000
@@ -120,8 +120,6 @@ fh_verify(struct svc_rqst *rqstp, struct
 		int data_left = fh->fh_size/4;
 
 		error = nfserr_stale;
-		if (rqstp->rq_client == NULL)
-			goto out;
 		if (rqstp->rq_vers > 2)
 			error = nfserr_badhandle;
 		if (rqstp->rq_vers == 4 && fh->fh_size == 0)

diff .prev/include/linux/sunrpc/svcauth.h ./include/linux/sunrpc/svcauth.h
--- .prev/include/linux/sunrpc/svcauth.h	2007-07-10 11:19:57.000000000 +1000
+++ ./include/linux/sunrpc/svcauth.h	2007-07-10 11:35:37.000000000 +1000
@@ -127,6 +127,7 @@ extern struct auth_domain *auth_unix_loo
 extern int auth_unix_forget_old(struct auth_domain *dom);
 extern void svcauth_unix_purge(void);
 extern void svcauth_unix_info_release(void *);
+extern int svcauth_unix_set_client(struct svc_rqst *rqstp);
 
 static inline unsigned long hash_str(char *name, int bits)
 {

diff .prev/include/linux/sunrpc/svc.h ./include/linux/sunrpc/svc.h
--- .prev/include/linux/sunrpc/svc.h	2007-07-10 11:27:13.000000000 +1000
+++ ./include/linux/sunrpc/svc.h	2007-07-10 11:35:37.000000000 +1000
@@ -249,6 +249,7 @@ struct svc_rqst {
 						 */
 	/* Catering to nfsd */
 	struct auth_domain *	rq_client;	/* RPC peer info */
+	struct auth_domain *	rq_gssclient;	/* "gss/"-style peer info */
 	struct svc_cacherep *	rq_cacherep;	/* cache info */
 	struct knfsd_fh *	rq_reffh;	/* Referrence filehandle, used to
 						 * determine what device number

diff .prev/net/sunrpc/auth_gss/svcauth_gss.c ./net/sunrpc/auth_gss/svcauth_gss.c
--- .prev/net/sunrpc/auth_gss/svcauth_gss.c	2007-07-10 11:27:13.000000000 +1000
+++ ./net/sunrpc/auth_gss/svcauth_gss.c	2007-07-10 11:35:37.000000000 +1000
@@ -927,10 +927,23 @@ svcauth_gss_set_client(struct svc_rqst *
 	struct gss_svc_data *svcdata = rqstp->rq_auth_data;
 	struct rsc *rsci = svcdata->rsci;
 	struct rpc_gss_wire_cred *gc = &svcdata->clcred;
+	int stat;
 
-	rqstp->rq_client = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);
-	if (rqstp->rq_client == NULL)
+	/*
+	 * A gss export can be specified either by:
+	 * 	export	*(sec=krb5,rw)
+	 * or by
+	 * 	export gss/krb5(rw)
+	 * The latter is deprecated; but for backwards compatibility reasons
+	 * the nfsd code will still fall back on trying it if the former
+	 * doesn't work; so we try to make both available to nfsd, below.
+	 */
+	rqstp->rq_gssclient = find_gss_auth_domain(rsci->mechctx, gc->gc_svc);
+	if (rqstp->rq_gssclient == NULL)
 		return SVC_DENIED;
+	stat = svcauth_unix_set_client(rqstp);
+	if (stat == SVC_DROP)
+		return stat;
 	return SVC_OK;
 }
 
@@ -1102,7 +1115,6 @@ svcauth_gss_accept(struct svc_rqst *rqst
 			svc_putnl(resv, GSS_SEQ_WIN);
 			if (svc_safe_putnetobj(resv, &rsip->out_token))
 				goto drop;
-			rqstp->rq_client = NULL;
 		}
 		goto complete;
 	case RPC_GSS_PROC_DESTROY:
@@ -1333,6 +1345,9 @@ out_err:
 	if (rqstp->rq_client)
 		auth_domain_put(rqstp->rq_client);
 	rqstp->rq_client = NULL;
+	if (rqstp->rq_gssclient)
+		auth_domain_put(rqstp->rq_gssclient);
+	rqstp->rq_gssclient = NULL;
 	if (rqstp->rq_cred.cr_group_info)
 		put_group_info(rqstp->rq_cred.cr_group_info);
 	rqstp->rq_cred.cr_group_info = NULL;

diff .prev/net/sunrpc/svcauth_unix.c ./net/sunrpc/svcauth_unix.c
--- .prev/net/sunrpc/svcauth_unix.c	2007-07-10 11:27:13.000000000 +1000
+++ ./net/sunrpc/svcauth_unix.c	2007-07-10 11:35:37.000000000 +1000
@@ -638,7 +638,7 @@ static int unix_gid_find(uid_t uid, stru
 	}
 }
 
-static int
+int
 svcauth_unix_set_client(struct svc_rqst *rqstp)
 {
 	struct sockaddr_in *sin = svc_addr_in(rqstp);
@@ -673,6 +673,8 @@ svcauth_unix_set_client(struct svc_rqst 
 	return SVC_OK;
 }
 
+EXPORT_SYMBOL(svcauth_unix_set_client);
+
 static int
 svcauth_null_accept(struct svc_rqst *rqstp, __be32 *authp)
 {

[PATCH 009 of 20] knfsd: nfsd: use ip-address-based domain in secinfo case

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

With this patch, we fall back on using the gss/pseudoflavor only if we
fail to find a matching auth_unix export that has a secinfo list.

As long as sec= options aren't used, there's still no change in behavior
here (except possibly for some additional auth_unix cache lookups, whose
results will be ignored).

The sec= option, however, is not actually enforced yet; later patches
will add the necessary checks.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/export.c |   76 ++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 67 insertions(+), 9 deletions(-)

diff .prev/fs/nfsd/export.c ./fs/nfsd/export.c
--- .prev/fs/nfsd/export.c	2007-07-10 11:35:37.000000000 +1000
+++ ./fs/nfsd/export.c	2007-07-10 11:37:38.000000000 +1000
@@ -1229,6 +1229,10 @@ exp_find(struct auth_domain *clp, int fs
 }
 
 /*
+ * Uses rq_client and rq_gssclient to find an export; uses rq_client (an
+ * auth_unix client) if it's available and has secinfo information;
+ * otherwise, will try to use rq_gssclient.
+ *
  * Called from functions that handle requests; functions that do work on
  * behalf of mountd are passed a single client name to use, and should
  * use exp_get_by_name() or exp_find().
@@ -1237,29 +1241,83 @@ struct svc_export *
 rqst_exp_get_by_name(struct svc_rqst *rqstp, struct vfsmount *mnt,
 		struct dentry *dentry)
 {
-	struct auth_domain *clp;
+	struct svc_export *gssexp, *exp = NULL;
 
-	clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
-	return exp_get_by_name(clp, mnt, dentry, &rqstp->rq_chandle);
+	if (rqstp->rq_client == NULL)
+		goto gss;
+
+	/* First try the auth_unix client: */
+	exp = exp_get_by_name(rqstp->rq_client, mnt, dentry,
+						&rqstp->rq_chandle);
+	if (PTR_ERR(exp) == -ENOENT)
+		goto gss;
+	if (IS_ERR(exp))
+		return exp;
+	/* If it has secinfo, assume there are no gss/... clients */
+	if (exp->ex_nflavors > 0)
+		return exp;
+gss:
+	/* Otherwise, try falling back on gss client */
+	if (rqstp->rq_gssclient == NULL)
+		return exp;
+	gssexp = exp_get_by_name(rqstp->rq_gssclient, mnt, dentry,
+						&rqstp->rq_chandle);
+	if (PTR_ERR(gssexp) == -ENOENT)
+		return exp;
+	if (exp)
+		exp_put(exp);
+	return gssexp;
 }
 
 struct svc_export *
 rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv)
 {
-	struct auth_domain *clp;
+	struct svc_export *gssexp, *exp = NULL;
 
-	clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
-	return exp_find(clp, fsid_type, fsidv, &rqstp->rq_chandle);
+	if (rqstp->rq_client == NULL)
+		goto gss;
+
+	/* First try the auth_unix client: */
+	exp = exp_find(rqstp->rq_client, fsid_type, fsidv, &rqstp->rq_chandle);
+	if (PTR_ERR(exp) == -ENOENT)
+		goto gss;
+	if (IS_ERR(exp))
+		return exp;
+	/* If it has secinfo, assume there are no gss/... clients */
+	if (exp->ex_nflavors > 0)
+		return exp;
+gss:
+	/* Otherwise, try falling back on gss client */
+	if (rqstp->rq_gssclient == NULL)
+		return exp;
+	gssexp = exp_find(rqstp->rq_gssclient, fsid_type, fsidv,
+						&rqstp->rq_chandle);
+	if (PTR_ERR(gssexp) == -ENOENT)
+		return exp;
+	if (exp)
+		exp_put(exp);
+	return gssexp;
 }
 
 struct svc_export *
 rqst_exp_parent(struct svc_rqst *rqstp, struct vfsmount *mnt,
 		struct dentry *dentry)
 {
-	struct auth_domain *clp;
+	struct svc_export *exp;
+
+	dget(dentry);
+	exp = rqst_exp_get_by_name(rqstp, mnt, dentry);
 
-	clp = rqstp->rq_gssclient ? rqstp->rq_gssclient : rqstp->rq_client;
-	return exp_parent(rqstp->rq_client, mnt, dentry, &rqstp->rq_chandle);
+	while (PTR_ERR(exp) == -ENOENT && !IS_ROOT(dentry)) {
+		struct dentry *parent;
+
+		parent = dget_parent(dentry);
+		dput(dentry);
+		dentry = parent;
+		exp = rqst_exp_get_by_name(rqstp, mnt, dentry);
+	}
+	dput(dentry);
+	return exp;
 }
 
 /*

[PATCH 010 of 20] knfsd: nfsd: factor nfsd_lookup into 2 pieces

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

Factor nfsd_lookup into nfsd_lookup_dentry, which finds the right dentry
and export, and a second part which composes the filehandle (and which
will later check the security flavor on the new export).

No change in behavior.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/vfs.c |   55 ++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 36 insertions(+), 19 deletions(-)

diff .prev/fs/nfsd/vfs.c ./fs/nfsd/vfs.c
--- .prev/fs/nfsd/vfs.c	2007-07-10 11:34:22.000000000 +1000
+++ ./fs/nfsd/vfs.c	2007-07-10 11:38:15.000000000 +1000
@@ -135,21 +135,10 @@ out:
 	return err;
 }
 
-/*
- * Look up one component of a pathname.
- * N.B. After this call _both_ fhp and resfh need an fh_put
- *
- * If the lookup would cross a mountpoint, and the mounted filesystem
- * is exported to the client with NFSEXP_NOHIDE, then the lookup is
- * accepted as it stands and the mounted directory is
- * returned. Otherwise the covered directory is returned.
- * NOTE: this mountpoint crossing is not supported properly by all
- *   clients and is explicitly disallowed for NFSv3
- *      NeilBrown <neilb@cse.unsw.edu.au>
- */
 __be32
-nfsd_lookup(struct svc_rqst *rqstp, struct svc_fh *fhp, const char *name,
-					int len, struct svc_fh *resfh)
+nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp,
+		   const char *name, int len,
+		   struct svc_export **exp_ret, struct dentry **dentry_ret)
 {
 	struct svc_export	*exp;
 	struct dentry		*dparent;
@@ -219,6 +208,38 @@ nfsd_lookup(struct svc_rqst *rqstp, stru
 			}
 		}
 	}
+	*dentry_ret = dentry;
+	*exp_ret = exp;
+	return 0;
+
+out_nfserr:
+	exp_put(exp);
+	return nfserrno(host_err);
+}
+
+/*
+ * Look up one component of a pathname.
+ * N.B. After this call _both_ fhp and resfh need an fh_put
+ *
+ * If the lookup would cross a mountpoint, and the mounted filesystem
+ * is exported to the client with NFSEXP_NOHIDE, then the lookup is
+ * accepted as it stands and the mounted directory is
+ * returned. Otherwise the covered directory is returned.
+ * NOTE: this mountpoint crossing is not supported properly by all
+ *   clients and is explicitly disallowed for NFSv3
+ *      NeilBrown <neilb@cse.unsw.edu.au>
+ */
+__be32
+nfsd_lookup(struct svc_rqst *rqstp, struct svc_fh *fhp, const char *name,
+					int len, struct svc_fh *resfh)
+{
+	struct svc_export	*exp;
+	struct dentry		*dentry;
+	__be32 err;
+
+	err = nfsd_lookup_dentry(rqstp, fhp, name, len, &exp, &dentry);
+	if (err)
+		return err;
 	/*
 	 * Note: we compose the file handle now, but as the
 	 * dentry may be negative, it may need to be updated.
@@ -227,15 +248,11 @@ nfsd_lookup(struct svc_rqst *rqstp, stru
 	if (!err && !dentry->d_inode)
 		err = nfserr_noent;
 	dput(dentry);
-out:
 	exp_put(exp);
 	return err;
-
-out_nfserr:
-	err = nfserrno(host_err);
-	goto out;
 }
 
+
 /*
  * Set various file attributes.
  * N.B. After this call fhp needs an fh_put

[PATCH 011 of 20] knfsd: nfsd4: return nfserr_wrongsec

[NeilBrown]

From: andros@citi.umich.edu <andros@citi.umich.edu>

Make the first actual use of the secinfo information by using it to
return nfserr_wrongsec when an export is found that doesn't allow the
flavor used on this request.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/export.c            |   26 ++++++++++++++++++++++++++
 ./fs/nfsd/nfsfh.c             |    6 ++++++
 ./fs/nfsd/nfssvc.c            |   10 ++++++++++
 ./fs/nfsd/vfs.c               |    4 ++++
 ./include/linux/nfsd/export.h |    1 +
 ./include/linux/nfsd/nfsd.h   |    1 +
 6 files changed, 48 insertions(+)

diff .prev/fs/nfsd/export.c ./fs/nfsd/export.c
--- .prev/fs/nfsd/export.c	2007-07-10 11:37:38.000000000 +1000
+++ ./fs/nfsd/export.c	2007-07-10 11:39:34.000000000 +1000
@@ -1228,6 +1228,28 @@ exp_find(struct auth_domain *clp, int fs
 	return exp;
 }
 
+__be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp)
+{
+	struct exp_flavor_info *f;
+	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
+
+	/* legacy gss-only clients are always OK: */
+	if (exp->ex_client == rqstp->rq_gssclient)
+		return 0;
+	/* ip-address based client; check sec= export option: */
+	for (f = exp->ex_flavors; f < end; f++) {
+		if (f->pseudoflavor == rqstp->rq_flavor)
+			return 0;
+	}
+	/* defaults in absence of sec= options: */
+	if (exp->ex_nflavors == 0) {
+		if (rqstp->rq_flavor == RPC_AUTH_NULL ||
+		    rqstp->rq_flavor == RPC_AUTH_UNIX)
+			return 0;
+	}
+	return nfserr_wrongsec;
+}
+
 /*
  * Uses rq_client and rq_gssclient to find an export; uses rq_client (an
  * auth_unix client) if it's available and has secinfo information;
@@ -1340,6 +1362,10 @@ exp_pseudoroot(struct svc_rqst *rqstp, s
 	if (IS_ERR(exp))
 		return nfserrno(PTR_ERR(exp));
 	rv = fh_compose(fhp, exp, exp->ex_dentry, NULL);
+	if (rv)
+		goto out;
+	rv = check_nfsd_access(exp, rqstp);
+out:
 	exp_put(exp);
 	return rv;
 }

diff .prev/fs/nfsd/nfsfh.c ./fs/nfsd/nfsfh.c
--- .prev/fs/nfsd/nfsfh.c	2007-07-10 11:35:37.000000000 +1000
+++ ./fs/nfsd/nfsfh.c	2007-07-10 11:39:34.000000000 +1000
@@ -20,6 +20,7 @@
 
 #include <linux/sunrpc/clnt.h>
 #include <linux/sunrpc/svc.h>
+#include <linux/sunrpc/svcauth_gss.h>
 #include <linux/nfsd/nfsd.h>
 
 #define NFSDDBG_FACILITY		NFSDDBG_FH
@@ -248,6 +249,11 @@ fh_verify(struct svc_rqst *rqstp, struct
 	if (error)
 		goto out;
 
+	/* Check security flavor */
+	error = check_nfsd_access(exp, rqstp);
+	if (error)
+		goto out;
+
 	/* Finally, check access permissions. */
 	error = nfsd_permission(exp, dentry, access);
 

diff .prev/fs/nfsd/nfssvc.c ./fs/nfsd/nfssvc.c
--- .prev/fs/nfsd/nfssvc.c	2007-07-10 11:19:56.000000000 +1000
+++ ./fs/nfsd/nfssvc.c	2007-07-10 11:39:34.000000000 +1000
@@ -494,6 +494,15 @@ out:
 	module_put_and_exit(0);
 }
 
+static __be32 map_new_errors(u32 vers, __be32 nfserr)
+{
+	if (nfserr == nfserr_jukebox && vers == 2)
+		return nfserr_dropit;
+	if (nfserr == nfserr_wrongsec && vers < 4)
+		return nfserr_acces;
+	return nfserr;
+}
+
 int
 nfsd_dispatch(struct svc_rqst *rqstp, __be32 *statp)
 {
@@ -536,6 +545,7 @@ nfsd_dispatch(struct svc_rqst *rqstp, __
 
 	/* Now call the procedure handler, and encode NFS status. */
 	nfserr = proc->pc_func(rqstp, rqstp->rq_argp, rqstp->rq_resp);
+	nfserr = map_new_errors(rqstp->rq_vers, nfserr);
 	if (nfserr == nfserr_jukebox && rqstp->rq_vers == 2)
 		nfserr = nfserr_dropit;
 	if (nfserr == nfserr_dropit) {

diff .prev/fs/nfsd/vfs.c ./fs/nfsd/vfs.c
--- .prev/fs/nfsd/vfs.c	2007-07-10 11:38:15.000000000 +1000
+++ ./fs/nfsd/vfs.c	2007-07-10 11:39:34.000000000 +1000
@@ -240,6 +240,9 @@ nfsd_lookup(struct svc_rqst *rqstp, stru
 	err = nfsd_lookup_dentry(rqstp, fhp, name, len, &exp, &dentry);
 	if (err)
 		return err;
+	err = check_nfsd_access(exp, rqstp);
+	if (err)
+		goto out;
 	/*
 	 * Note: we compose the file handle now, but as the
 	 * dentry may be negative, it may need to be updated.
@@ -247,6 +250,7 @@ nfsd_lookup(struct svc_rqst *rqstp, stru
 	err = fh_compose(resfh, exp, dentry, fhp);
 	if (!err && !dentry->d_inode)
 		err = nfserr_noent;
+out:
 	dput(dentry);
 	exp_put(exp);
 	return err;

diff .prev/include/linux/nfsd/export.h ./include/linux/nfsd/export.h
--- .prev/include/linux/nfsd/export.h	2007-07-10 11:34:22.000000000 +1000
+++ ./include/linux/nfsd/export.h	2007-07-10 11:39:34.000000000 +1000
@@ -116,6 +116,7 @@ struct svc_expkey {
 #define EX_NOHIDE(exp)		((exp)->ex_flags & NFSEXP_NOHIDE)
 #define EX_WGATHER(exp)		((exp)->ex_flags & NFSEXP_GATHERED_WRITES)
 
+__be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp);
 
 /*
  * Function declarations

diff .prev/include/linux/nfsd/nfsd.h ./include/linux/nfsd/nfsd.h
--- .prev/include/linux/nfsd/nfsd.h	2007-07-10 11:19:56.000000000 +1000
+++ ./include/linux/nfsd/nfsd.h	2007-07-10 11:39:34.000000000 +1000
@@ -236,6 +236,7 @@ void		nfsd_lockd_shutdown(void);
 #define	nfserr_badname		__constant_htonl(NFSERR_BADNAME)
 #define	nfserr_cb_path_down	__constant_htonl(NFSERR_CB_PATH_DOWN)
 #define	nfserr_locked		__constant_htonl(NFSERR_LOCKED)
+#define	nfserr_wrongsec		__constant_htonl(NFSERR_WRONGSEC)
 #define	nfserr_replay_me	__constant_htonl(NFSERR_REPLAY_ME)
 
 /* error codes for internal use */

[PATCH 012 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

Allow readonly access to vary depending on the pseudoflavor, using the
flag passed with each pseudoflavor in the export downcall.  The rest of
the flags are ignored for now, though some day we might also allow id
squashing to vary based on the flavor.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/nfsfh.c             |    2 +-
 ./fs/nfsd/nfsproc.c           |    3 ++-
 ./fs/nfsd/vfs.c               |   13 +++++++------
 ./include/linux/nfsd/export.h |   13 ++++++++++++-
 ./include/linux/nfsd/nfsd.h   |    3 ++-
 5 files changed, 24 insertions(+), 10 deletions(-)

diff .prev/fs/nfsd/nfsfh.c ./fs/nfsd/nfsfh.c
--- .prev/fs/nfsd/nfsfh.c	2007-07-10 11:39:34.000000000 +1000
+++ ./fs/nfsd/nfsfh.c	2007-07-10 11:40:31.000000000 +1000
@@ -255,7 +255,7 @@ fh_verify(struct svc_rqst *rqstp, struct
 		goto out;
 
 	/* Finally, check access permissions. */
-	error = nfsd_permission(exp, dentry, access);
+	error = nfsd_permission(rqstp, exp, dentry, access);
 
 	if (error) {
 		dprintk("fh_verify: %s/%s permission failure, "

diff .prev/fs/nfsd/nfsproc.c ./fs/nfsd/nfsproc.c
--- .prev/fs/nfsd/nfsproc.c	2007-07-10 11:19:55.000000000 +1000
+++ ./fs/nfsd/nfsproc.c	2007-07-10 11:40:31.000000000 +1000
@@ -278,7 +278,8 @@ nfsd_proc_create(struct svc_rqst *rqstp,
 					 *   echo thing > device-special-file-or-pipe
 					 * by doing a CREATE with type==0
 					 */
-					nfserr = nfsd_permission(newfhp->fh_export,
+					nfserr = nfsd_permission(rqstp,
+								 newfhp->fh_export,
 								 newfhp->fh_dentry,
 								 MAY_WRITE|MAY_LOCAL_ACCESS);
 					if (nfserr && nfserr != nfserr_rofs)

diff .prev/fs/nfsd/vfs.c ./fs/nfsd/vfs.c
--- .prev/fs/nfsd/vfs.c	2007-07-10 11:39:34.000000000 +1000
+++ ./fs/nfsd/vfs.c	2007-07-10 11:40:31.000000000 +1000
@@ -328,7 +328,7 @@ nfsd_setattr(struct svc_rqst *rqstp, str
 	/* The size case is special. It changes the file as well as the attributes.  */
 	if (iap->ia_valid & ATTR_SIZE) {
 		if (iap->ia_size < inode->i_size) {
-			err = nfsd_permission(fhp->fh_export, dentry, MAY_TRUNC|MAY_OWNER_OVERRIDE);
+			err = nfsd_permission(rqstp, fhp->fh_export, dentry, MAY_TRUNC|MAY_OWNER_OVERRIDE);
 			if (err)
 				goto out;
 		}
@@ -616,7 +616,7 @@ nfsd_access(struct svc_rqst *rqstp, stru
 
 			sresult |= map->access;
 
-			err2 = nfsd_permission(export, dentry, map->how);
+			err2 = nfsd_permission(rqstp, export, dentry, map->how);
 			switch (err2) {
 			case nfs_ok:
 				result |= map->access;
@@ -1027,7 +1027,7 @@ nfsd_read(struct svc_rqst *rqstp, struct
 	__be32		err;
 
 	if (file) {
-		err = nfsd_permission(fhp->fh_export, fhp->fh_dentry,
+		err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
 				MAY_READ|MAY_OWNER_OVERRIDE);
 		if (err)
 			goto out;
@@ -1056,7 +1056,7 @@ nfsd_write(struct svc_rqst *rqstp, struc
 	__be32			err = 0;
 
 	if (file) {
-		err = nfsd_permission(fhp->fh_export, fhp->fh_dentry,
+		err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
 				MAY_WRITE|MAY_OWNER_OVERRIDE);
 		if (err)
 			goto out;
@@ -1785,7 +1785,8 @@ nfsd_statfs(struct svc_rqst *rqstp, stru
  * Check for a user's access permissions to this inode.
  */
 __be32
-nfsd_permission(struct svc_export *exp, struct dentry *dentry, int acc)
+nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
+					struct dentry *dentry, int acc)
 {
 	struct inode	*inode = dentry->d_inode;
 	int		err;
@@ -1816,7 +1817,7 @@ nfsd_permission(struct svc_export *exp, 
 	 */
 	if (!(acc & MAY_LOCAL_ACCESS))
 		if (acc & (MAY_WRITE | MAY_SATTR | MAY_TRUNC)) {
-			if (EX_RDONLY(exp) || IS_RDONLY(inode))
+			if (EX_RDONLY(exp, rqstp) || IS_RDONLY(inode))
 				return nfserr_rofs;
 			if (/* (acc & MAY_WRITE) && */ IS_IMMUTABLE(inode))
 				return nfserr_perm;

diff .prev/include/linux/nfsd/export.h ./include/linux/nfsd/export.h
--- .prev/include/linux/nfsd/export.h	2007-07-10 11:39:34.000000000 +1000
+++ ./include/linux/nfsd/export.h	2007-07-10 11:40:31.000000000 +1000
@@ -112,10 +112,21 @@ struct svc_expkey {
 
 #define EX_SECURE(exp)		(!((exp)->ex_flags & NFSEXP_INSECURE_PORT))
 #define EX_ISSYNC(exp)		(!((exp)->ex_flags & NFSEXP_ASYNC))
-#define EX_RDONLY(exp)		((exp)->ex_flags & NFSEXP_READONLY)
 #define EX_NOHIDE(exp)		((exp)->ex_flags & NFSEXP_NOHIDE)
 #define EX_WGATHER(exp)		((exp)->ex_flags & NFSEXP_GATHERED_WRITES)
 
+static inline int EX_RDONLY(struct svc_export *exp, struct svc_rqst *rqstp)
+{
+	struct exp_flavor_info *f;
+	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
+
+	for (f = exp->ex_flavors; f < end; f++) {
+		if (f->pseudoflavor == rqstp->rq_flavor)
+			return f->flags & NFSEXP_READONLY;
+	}
+	return exp->ex_flags & NFSEXP_READONLY;
+}
+
 __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp);
 
 /*

diff .prev/include/linux/nfsd/nfsd.h ./include/linux/nfsd/nfsd.h
--- .prev/include/linux/nfsd/nfsd.h	2007-07-10 11:39:34.000000000 +1000
+++ ./include/linux/nfsd/nfsd.h	2007-07-10 11:40:31.000000000 +1000
@@ -119,7 +119,8 @@ __be32		nfsd_statfs(struct svc_rqst *, s
 				struct kstatfs *);
 
 int		nfsd_notify_change(struct inode *, struct iattr *);
-__be32		nfsd_permission(struct svc_export *, struct dentry *, int);
+__be32		nfsd_permission(struct svc_rqst *, struct svc_export *,
+				struct dentry *, int);
 int		nfsd_sync_dir(struct dentry *dp);
 
 #if defined(CONFIG_NFSD_V2_ACL) || defined(CONFIG_NFSD_V3_ACL)

[PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

Factor out some code to be shared by secinfo display code.  Remove some
unnecessary conditional printing of commas where we know the condition
is true.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/export.c |   23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff .prev/fs/nfsd/export.c ./fs/nfsd/export.c
--- .prev/fs/nfsd/export.c	2007-07-10 11:39:34.000000000 +1000
+++ ./fs/nfsd/export.c	2007-07-10 11:46:05.000000000 +1000
@@ -1453,28 +1453,35 @@ static struct flags {
 	{ 0, {"", ""}}
 };
 
-static void exp_flags(struct seq_file *m, int flag, int fsid,
-		uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
+static void show_expflags(struct seq_file *m, int flags, int mask)
 {
-	int first = 0;
 	struct flags *flg;
+	int state, first = 0;
 
 	for (flg = expflags; flg->flag; flg++) {
-		int state = (flg->flag & flag)?0:1;
+		if (flg->flag & ~mask)
+			continue;
+		state = (flg->flag & flags) ? 0 : 1;
 		if (*flg->name[state])
 			seq_printf(m, "%s%s", first++?",":"", flg->name[state]);
 	}
+}
+
+static void exp_flags(struct seq_file *m, int flag, int fsid,
+		uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
+{
+	show_expflags(m, flag, NFSEXP_ALLFLAGS);
 	if (flag & NFSEXP_FSID)
-		seq_printf(m, "%sfsid=%d", first++?",":"", fsid);
+		seq_printf(m, ",fsid=%d", fsid);
 	if (anonu != (uid_t)-2 && anonu != (0x10000-2))
-		seq_printf(m, "%sanonuid=%d", first++?",":"", anonu);
+		seq_printf(m, ",sanonuid=%d", anonu);
 	if (anong != (gid_t)-2 && anong != (0x10000-2))
-		seq_printf(m, "%sanongid=%d", first++?",":"", anong);
+		seq_printf(m, ",sanongid=%d", anong);
 	if (fsloc && fsloc->locations_count > 0) {
 		char *loctype = (fsloc->migrated) ? "refer" : "replicas";
 		int i;
 
-		seq_printf(m, "%s%s=", first++?",":"", loctype);
+		seq_printf(m, ",%s=", loctype);
 		seq_escape(m, fsloc->locations[0].path, ",;@ \t\n\\");
 		seq_putc(m, '@');
 		seq_escape(m, fsloc->locations[0].hosts, ",;@ \t\n\\");

[PATCH 014 of 20] knfsd: nfsd: display export secinfo information

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

Add secinfo information to the display in proc/net/sunrpc/nfsd.export/content.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/export.c |   29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff .prev/fs/nfsd/export.c ./fs/nfsd/export.c
--- .prev/fs/nfsd/export.c	2007-07-10 11:46:05.000000000 +1000
+++ ./fs/nfsd/export.c	2007-07-10 11:48:23.000000000 +1000
@@ -641,6 +641,7 @@ static int svc_export_parse(struct cache
 
 static void exp_flags(struct seq_file *m, int flag, int fsid,
 		uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fslocs);
+static void show_secinfo(struct seq_file *m, struct svc_export *exp);
 
 static int svc_export_show(struct seq_file *m,
 			   struct cache_detail *cd,
@@ -670,6 +671,7 @@ static int svc_export_show(struct seq_fi
 				seq_printf(m, "%02x", exp->ex_uuid[i]);
 			}
 		}
+		show_secinfo(m, exp);
 	}
 	seq_puts(m, ")\n");
 	return 0;
@@ -1467,6 +1469,33 @@ static void show_expflags(struct seq_fil
 	}
 }
 
+static void show_secinfo_flags(struct seq_file *m, int flags)
+{
+	seq_printf(m, ",");
+	show_expflags(m, flags, NFSEXP_SECINFO_FLAGS);
+}
+
+static void show_secinfo(struct seq_file *m, struct svc_export *exp)
+{
+	struct exp_flavor_info *f;
+	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
+	int lastflags = 0, first = 0;
+
+	if (exp->ex_nflavors == 0)
+		return;
+	for (f = exp->ex_flavors; f < end; f++) {
+		if (first || f->flags != lastflags) {
+			if (!first)
+				show_secinfo_flags(m, lastflags);
+			seq_printf(m, ",sec=%d", f->pseudoflavor);
+			lastflags = f->flags;
+		} else {
+			seq_printf(m, ":%d", f->pseudoflavor);
+		}
+	}
+	show_secinfo_flags(m, lastflags);
+}
+
 static void exp_flags(struct seq_file *m, int flag, int fsid,
 		uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
 {

[PATCH 015 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

Allow readonly access to vary depending on the pseudoflavor, using the
flag passed with each pseudoflavor in the export downcall.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./include/linux/nfsd/export.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff .prev/include/linux/nfsd/export.h ./include/linux/nfsd/export.h
--- .prev/include/linux/nfsd/export.h	2007-07-10 11:40:31.000000000 +1000
+++ ./include/linux/nfsd/export.h	2007-07-10 11:50:43.000000000 +1000
@@ -43,7 +43,7 @@
 #define NFSEXP_ALLFLAGS		0xFE3F
 
 /* The flags that may vary depending on security flavor: */
-#define NFSEXP_SECINFO_FLAGS	0
+#define NFSEXP_SECINFO_FLAGS	NFSEXP_READONLY
 
 #ifdef __KERNEL__
 

[PATCH 016 of 20] knfsd: rpc: add gss krb5 and spkm3 oid values

[NeilBrown]

From: Usha Ketineni <ketineni@us.ibm.com>

Adds oid values to the gss_api mechanism structures.  On the NFSV4
server side, these are required as part of the security triple
(oid,qop,service) information being sent in the response of the SECINFO
operation.

Signed-off-by: Usha Ketineni <uketinen@us.ibm.com>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./net/sunrpc/auth_gss/gss_krb5_mech.c  |    1 +
 ./net/sunrpc/auth_gss/gss_spkm3_mech.c |    1 +
 2 files changed, 2 insertions(+)

diff .prev/net/sunrpc/auth_gss/gss_krb5_mech.c ./net/sunrpc/auth_gss/gss_krb5_mech.c
--- .prev/net/sunrpc/auth_gss/gss_krb5_mech.c	2007-07-10 11:19:53.000000000 +1000
+++ ./net/sunrpc/auth_gss/gss_krb5_mech.c	2007-07-10 11:51:00.000000000 +1000
@@ -231,6 +231,7 @@ static struct pf_desc gss_kerberos_pfs[]
 static struct gss_api_mech gss_kerberos_mech = {
 	.gm_name	= "krb5",
 	.gm_owner	= THIS_MODULE,
+	.gm_oid		= {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"},
 	.gm_ops		= &gss_kerberos_ops,
 	.gm_pf_num	= ARRAY_SIZE(gss_kerberos_pfs),
 	.gm_pfs		= gss_kerberos_pfs,

diff .prev/net/sunrpc/auth_gss/gss_spkm3_mech.c ./net/sunrpc/auth_gss/gss_spkm3_mech.c
--- .prev/net/sunrpc/auth_gss/gss_spkm3_mech.c	2007-07-10 11:19:53.000000000 +1000
+++ ./net/sunrpc/auth_gss/gss_spkm3_mech.c	2007-07-10 11:51:00.000000000 +1000
@@ -217,6 +217,7 @@ static struct pf_desc gss_spkm3_pfs[] = 
 static struct gss_api_mech gss_spkm3_mech = {
 	.gm_name	= "spkm3",
 	.gm_owner	= THIS_MODULE,
+	.gm_oid		= {7, "\053\006\001\005\005\001\003"},
 	.gm_ops		= &gss_spkm3_ops,
 	.gm_pf_num	= ARRAY_SIZE(gss_spkm3_pfs),
 	.gm_pfs		= gss_spkm3_pfs,

[PATCH 017 of 20] knfsd: nfsd4: implement secinfo

[NeilBrown]

From: Andy Adamson <andros@citi.umich.edu>

Implement the secinfo operation.

(Thanks to Usha Ketineni wrote an earlier version of this support.)

Cc: Usha Ketineni <uketinen@us.ibm.com>
Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/nfs4proc.c        |   28 ++++++++++++++++
 ./fs/nfsd/nfs4xdr.c         |   75 ++++++++++++++++++++++++++++++++++++++++++++
 ./include/linux/nfsd/nfsd.h |    3 +
 ./include/linux/nfsd/xdr4.h |    7 ++++
 4 files changed, 113 insertions(+)

diff .prev/fs/nfsd/nfs4proc.c ./fs/nfsd/nfs4proc.c
--- .prev/fs/nfsd/nfs4proc.c	2007-07-10 11:33:32.000000000 +1000
+++ ./fs/nfsd/nfs4proc.c	2007-07-10 11:51:37.000000000 +1000
@@ -47,6 +47,7 @@
 #include <linux/nfsd/state.h>
 #include <linux/nfsd/xdr4.h>
 #include <linux/nfs4_acl.h>
+#include <linux/sunrpc/gss_api.h>
 
 #define NFSDDBG_FACILITY		NFSDDBG_PROC
 
@@ -610,6 +611,30 @@ nfsd4_rename(struct svc_rqst *rqstp, str
 }
 
 static __be32
+nfsd4_secinfo(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
+	      struct nfsd4_secinfo *secinfo)
+{
+	struct svc_fh resfh;
+	struct svc_export *exp;
+	struct dentry *dentry;
+	__be32 err;
+
+	fh_init(&resfh, NFS4_FHSIZE);
+	err = nfsd_lookup_dentry(rqstp, &cstate->current_fh,
+				    secinfo->si_name, secinfo->si_namelen,
+				    &exp, &dentry);
+	if (err)
+		return err;
+	if (dentry->d_inode == NULL) {
+		exp_put(exp);
+		err = nfserr_noent;
+	} else
+		secinfo->si_exp = exp;
+	dput(dentry);
+	return err;
+}
+
+static __be32
 nfsd4_setattr(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
 	      struct nfsd4_setattr *setattr)
 {
@@ -1008,6 +1033,9 @@ static struct nfsd4_operation nfsd4_ops[
 	[OP_SAVEFH] = {
 		.op_func = (nfsd4op_func)nfsd4_savefh,
 	},
+	[OP_SECINFO] = {
+		.op_func = (nfsd4op_func)nfsd4_secinfo,
+	},
 	[OP_SETATTR] = {
 		.op_func = (nfsd4op_func)nfsd4_setattr,
 	},

diff .prev/fs/nfsd/nfs4xdr.c ./fs/nfsd/nfs4xdr.c
--- .prev/fs/nfsd/nfs4xdr.c	2007-07-10 11:33:32.000000000 +1000
+++ ./fs/nfsd/nfs4xdr.c	2007-07-10 11:52:23.000000000 +1000
@@ -56,6 +56,7 @@
 #include <linux/nfsd_idmap.h>
 #include <linux/nfs4.h>
 #include <linux/nfs4_acl.h>
+#include <linux/sunrpc/gss_api.h>
 
 #define NFSDDBG_FACILITY		NFSDDBG_XDR
 
@@ -819,6 +820,23 @@ nfsd4_decode_renew(struct nfsd4_compound
 }
 
 static __be32
+nfsd4_decode_secinfo(struct nfsd4_compoundargs *argp,
+		     struct nfsd4_secinfo *secinfo)
+{
+	DECODE_HEAD;
+
+	READ_BUF(4);
+	READ32(secinfo->si_namelen);
+	READ_BUF(secinfo->si_namelen);
+	SAVEMEM(secinfo->si_name, secinfo->si_namelen);
+	status = check_filename(secinfo->si_name, secinfo->si_namelen,
+								nfserr_noent);
+	if (status)
+		return status;
+	DECODE_TAIL;
+}
+
+static __be32
 nfsd4_decode_setattr(struct nfsd4_compoundargs *argp, struct nfsd4_setattr *setattr)
 {
 	DECODE_HEAD;
@@ -1131,6 +1149,9 @@ nfsd4_decode_compound(struct nfsd4_compo
 		case OP_SAVEFH:
 			op->status = nfs_ok;
 			break;
+		case OP_SECINFO:
+			op->status = nfsd4_decode_secinfo(argp, &op->u.secinfo);
+			break;
 		case OP_SETATTR:
 			op->status = nfsd4_decode_setattr(argp, &op->u.setattr);
 			break;
@@ -1847,11 +1868,19 @@ nfsd4_encode_dirent_fattr(struct nfsd4_r
 	if (d_mountpoint(dentry)) {
 		int err;
 
+		/*
+		 * Why the heck aren't we just using nfsd_lookup??
+		 * Different "."/".." handling?  Something else?
+		 * At least, add a comment here to explain....
+		 */
 		err = nfsd_cross_mnt(cd->rd_rqstp, &dentry, &exp);
 		if (err) {
 			nfserr = nfserrno(err);
 			goto out_put;
 		}
+		nfserr = check_nfsd_access(exp, cd->rd_rqstp);
+		if (nfserr)
+			goto out_put;
 
 	}
 	nfserr = nfsd4_encode_fattr(NULL, exp, dentry, p, buflen, cd->rd_bmval,
@@ -2419,6 +2448,49 @@ nfsd4_encode_rename(struct nfsd4_compoun
 	}
 }
 
+static void
+nfsd4_encode_secinfo(struct nfsd4_compoundres *resp, int nfserr,
+		     struct nfsd4_secinfo *secinfo)
+{
+	int i = 0;
+	struct svc_export *exp = secinfo->si_exp;
+	ENCODE_HEAD;
+
+	if (nfserr)
+		goto out;
+	RESERVE_SPACE(4);
+	WRITE32(exp->ex_nflavors);
+	ADJUST_ARGS();
+	for (i = 0; i < exp->ex_nflavors; i++) {
+		u32 flav = exp->ex_flavors[i].pseudoflavor;
+		struct gss_api_mech *gm = gss_mech_get_by_pseudoflavor(flav);
+
+		if (gm) {
+			RESERVE_SPACE(4);
+			WRITE32(RPC_AUTH_GSS);
+			ADJUST_ARGS();
+			RESERVE_SPACE(4 + gm->gm_oid.len);
+			WRITE32(gm->gm_oid.len);
+			WRITEMEM(gm->gm_oid.data, gm->gm_oid.len);
+			ADJUST_ARGS();
+			RESERVE_SPACE(4);
+			WRITE32(0); /* qop */
+			ADJUST_ARGS();
+			RESERVE_SPACE(4);
+			WRITE32(gss_pseudoflavor_to_service(gm, flav));
+			ADJUST_ARGS();
+			gss_mech_put(gm);
+		} else {
+			RESERVE_SPACE(4);
+			WRITE32(flav);
+			ADJUST_ARGS();
+		}
+	}
+out:
+	if (exp)
+		exp_put(exp);
+}
+
 /*
  * The SETATTR encode routine is special -- it always encodes a bitmap,
  * regardless of the error status.
@@ -2559,6 +2631,9 @@ nfsd4_encode_operation(struct nfsd4_comp
 		break;
 	case OP_SAVEFH:
 		break;
+	case OP_SECINFO:
+		nfsd4_encode_secinfo(resp, op->status, &op->u.secinfo);
+		break;
 	case OP_SETATTR:
 		nfsd4_encode_setattr(resp, op->status, &op->u.setattr);
 		break;

diff .prev/include/linux/nfsd/nfsd.h ./include/linux/nfsd/nfsd.h
--- .prev/include/linux/nfsd/nfsd.h	2007-07-10 11:40:31.000000000 +1000
+++ ./include/linux/nfsd/nfsd.h	2007-07-10 11:51:19.000000000 +1000
@@ -71,6 +71,9 @@ int		nfsd_cross_mnt(struct svc_rqst *rqs
 		                struct svc_export **expp);
 __be32		nfsd_lookup(struct svc_rqst *, struct svc_fh *,
 				const char *, int, struct svc_fh *);
+__be32		 nfsd_lookup_dentry(struct svc_rqst *, struct svc_fh *,
+				const char *, int,
+				struct svc_export **, struct dentry **);
 __be32		nfsd_setattr(struct svc_rqst *, struct svc_fh *,
 				struct iattr *, int, time_t);
 #ifdef CONFIG_NFSD_V4

diff .prev/include/linux/nfsd/xdr4.h ./include/linux/nfsd/xdr4.h
--- .prev/include/linux/nfsd/xdr4.h	2007-07-10 11:19:53.000000000 +1000
+++ ./include/linux/nfsd/xdr4.h	2007-07-10 11:51:19.000000000 +1000
@@ -293,6 +293,12 @@ struct nfsd4_rename {
 	struct nfsd4_change_info  rn_tinfo; /* response */
 };
 
+struct nfsd4_secinfo {
+	u32 si_namelen;					/* request */
+	char *si_name;					/* request */
+	struct svc_export *si_exp;			/* response */
+};
+
 struct nfsd4_setattr {
 	stateid_t	sa_stateid;         /* request */
 	u32		sa_bmval[2];        /* request */
@@ -365,6 +371,7 @@ struct nfsd4_op {
 		struct nfsd4_remove		remove;
 		struct nfsd4_rename		rename;
 		clientid_t			renew;
+		struct nfsd4_secinfo		secinfo;
 		struct nfsd4_setattr		setattr;
 		struct nfsd4_setclientid	setclientid;
 		struct nfsd4_setclientid_confirm setclientid_confirm;

[PATCH 018 of 20] knfsd: nfsd4: secinfo handling without secinfo= option

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

We could return some sort of error in the case where someone asks for
secinfo on an export without the secinfo= option set--that'd be no worse
than what we've been doing.  But it's not really correct.  So, hack up
an approximate secinfo response in that case--it may not be complete,
but it'll tell the client at least one acceptable security flavor.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/nfs4xdr.c                  |   30 +++++++++++++++++++++++++++---
 ./include/linux/sunrpc/svcauth_gss.h |    1 +
 ./net/sunrpc/auth_gss/svcauth_gss.c  |    9 +++++++++
 3 files changed, 37 insertions(+), 3 deletions(-)

diff .prev/fs/nfsd/nfs4xdr.c ./fs/nfsd/nfs4xdr.c
--- .prev/fs/nfsd/nfs4xdr.c	2007-07-10 11:52:23.000000000 +1000
+++ ./fs/nfsd/nfs4xdr.c	2007-07-10 12:18:53.000000000 +1000
@@ -57,6 +57,7 @@
 #include <linux/nfs4.h>
 #include <linux/nfs4_acl.h>
 #include <linux/sunrpc/gss_api.h>
+#include <linux/sunrpc/svcauth_gss.h>
 
 #define NFSDDBG_FACILITY		NFSDDBG_XDR
 
@@ -2454,15 +2455,38 @@ nfsd4_encode_secinfo(struct nfsd4_compou
 {
 	int i = 0;
 	struct svc_export *exp = secinfo->si_exp;
+	u32 nflavs;
+	struct exp_flavor_info *flavs;
+	struct exp_flavor_info def_flavs[2];
 	ENCODE_HEAD;
 
 	if (nfserr)
 		goto out;
+	if (exp->ex_nflavors) {
+		flavs = exp->ex_flavors;
+		nflavs = exp->ex_nflavors;
+	} else { /* Handling of some defaults in absence of real secinfo: */
+		flavs = def_flavs;
+		if (exp->ex_client->flavour->flavour == RPC_AUTH_UNIX) {
+			nflavs = 2;
+			flavs[0].pseudoflavor = RPC_AUTH_UNIX;
+			flavs[1].pseudoflavor = RPC_AUTH_NULL;
+		} else if (exp->ex_client->flavour->flavour == RPC_AUTH_GSS) {
+			nflavs = 1;
+			flavs[0].pseudoflavor
+					= svcauth_gss_flavor(exp->ex_client);
+		} else {
+			nflavs = 1;
+			flavs[0].pseudoflavor
+					= exp->ex_client->flavour->flavour;
+		}
+	}
+
 	RESERVE_SPACE(4);
-	WRITE32(exp->ex_nflavors);
+	WRITE32(nflavs);
 	ADJUST_ARGS();
-	for (i = 0; i < exp->ex_nflavors; i++) {
-		u32 flav = exp->ex_flavors[i].pseudoflavor;
+	for (i = 0; i < nflavs; i++) {
+		u32 flav = flavs[i].pseudoflavor;
 		struct gss_api_mech *gm = gss_mech_get_by_pseudoflavor(flav);
 
 		if (gm) {

diff .prev/include/linux/sunrpc/svcauth_gss.h ./include/linux/sunrpc/svcauth_gss.h
--- .prev/include/linux/sunrpc/svcauth_gss.h	2007-07-10 11:19:39.000000000 +1000
+++ ./include/linux/sunrpc/svcauth_gss.h	2007-07-10 12:19:19.000000000 +1000
@@ -23,6 +23,7 @@ int gss_svc_init(void);
 void gss_svc_shutdown(void);
 int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name);
 void svcauth_gss_unregister_pseudoflavor(char *name);
+u32 svcauth_gss_flavor(struct auth_domain *dom);
 
 #endif /* __KERNEL__ */
 #endif /* _LINUX_SUNRPC_SVCAUTH_GSS_H */

diff .prev/net/sunrpc/auth_gss/svcauth_gss.c ./net/sunrpc/auth_gss/svcauth_gss.c
--- .prev/net/sunrpc/auth_gss/svcauth_gss.c	2007-07-10 11:35:37.000000000 +1000
+++ ./net/sunrpc/auth_gss/svcauth_gss.c	2007-07-10 12:18:53.000000000 +1000
@@ -743,6 +743,15 @@ find_gss_auth_domain(struct gss_ctx *ctx
 
 static struct auth_ops svcauthops_gss;
 
+u32 svcauth_gss_flavor(struct auth_domain *dom)
+{
+	struct gss_domain *gd = container_of(dom, struct gss_domain, h);
+
+	return gd->pseudoflavor;
+}
+
+EXPORT_SYMBOL(svcauth_gss_flavor);
+
 int
 svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
 {

[PATCH 019 of 20] knfsd: nfsd: allow auth_sys nlm on rpcsec_gss exports

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

Our clients (like other clients, as far as I know) use only auth_sys for
nlm, even when using rpcsec_gss for the main nfs operations.

Administrators that want to deny non-kerberos-authenticated locking
requests will need to turn off NFS protocol versions less than 4....

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/nfsfh.c |   14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff .prev/fs/nfsd/nfsfh.c ./fs/nfsd/nfsfh.c
--- .prev/fs/nfsd/nfsfh.c	2007-07-10 12:18:34.000000000 +1000
+++ ./fs/nfsd/nfsfh.c	2007-07-10 12:19:36.000000000 +1000
@@ -249,10 +249,16 @@ fh_verify(struct svc_rqst *rqstp, struct
 	if (error)
 		goto out;
 
-	/* Check security flavor */
-	error = check_nfsd_access(exp, rqstp);
-	if (error)
-		goto out;
+	if (!(access & MAY_LOCK)) {
+		/*
+		 * pseudoflavor restrictions are not enforced on NLM,
+		 * which clients virtually always use auth_sys for,
+		 * even while using RPCSEC_GSS for NFS.
+		 */
+		error = check_nfsd_access(exp, rqstp);
+		if (error)
+			goto out;
+	}
 
 	/* Finally, check access permissions. */
 	error = nfsd_permission(rqstp, exp, dentry, access);

[PATCH 020 of 20] knfsd: nfsd: enforce per-flavor id squashing

[NeilBrown]

From: J. Bruce Fields <bfields@citi.umich.edu>

Allow root squashing to vary per-pseudoflavor, so that you can (for
example) allow root access only when sufficiently strong security is in
use.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./fs/nfsd/auth.c              |   18 ++++++++++++++++--
 ./include/linux/nfsd/export.h |    3 ++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff .prev/fs/nfsd/auth.c ./fs/nfsd/auth.c
--- .prev/fs/nfsd/auth.c	2007-07-10 12:18:33.000000000 +1000
+++ ./fs/nfsd/auth.c	2007-07-10 12:19:40.000000000 +1000
@@ -12,17 +12,31 @@
 
 #define	CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
 
+static int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
+{
+	struct exp_flavor_info *f;
+	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
+
+	for (f = exp->ex_flavors; f < end; f++) {
+		if (f->pseudoflavor == rqstp->rq_flavor)
+			return f->flags;
+	}
+	return exp->ex_flags;
+
+}
+
 int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
 {
 	struct svc_cred	cred = rqstp->rq_cred;
 	int i;
+	int flags = nfsexp_flags(rqstp, exp);
 	int ret;
 
-	if (exp->ex_flags & NFSEXP_ALLSQUASH) {
+	if (flags & NFSEXP_ALLSQUASH) {
 		cred.cr_uid = exp->ex_anon_uid;
 		cred.cr_gid = exp->ex_anon_gid;
 		cred.cr_group_info = groups_alloc(0);
-	} else if (exp->ex_flags & NFSEXP_ROOTSQUASH) {
+	} else if (flags & NFSEXP_ROOTSQUASH) {
 		struct group_info *gi;
 		if (!cred.cr_uid)
 			cred.cr_uid = exp->ex_anon_uid;

diff .prev/include/linux/nfsd/export.h ./include/linux/nfsd/export.h
--- .prev/include/linux/nfsd/export.h	2007-07-10 12:18:33.000000000 +1000
+++ ./include/linux/nfsd/export.h	2007-07-10 12:19:40.000000000 +1000
@@ -43,7 +43,8 @@
 #define NFSEXP_ALLFLAGS		0xFE3F
 
 /* The flags that may vary depending on security flavor: */
-#define NFSEXP_SECINFO_FLAGS	NFSEXP_READONLY
+#define NFSEXP_SECINFO_FLAGS	(NFSEXP_READONLY | NFSEXP_ROOTSQUASH \
+					| NFSEXP_ALLSQUASH)
 
 #ifdef __KERNEL__
 

Re: [PATCH 009 of 20] knfsd: nfsd: use ip-address-based domain in secinfo case

[J. Bruce Fields]

Could you fold the below into this patch?  Without this the server can
oops on attempts to access a filesystem not exported to the request's
source address!  Thanks to Olga Kornievskaia for the testing that found
this.

--b.

diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index 333e5cf..582b494 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -1261,7 +1261,7 @@ gss:
 						&rqstp->rq_chandle);
 	if (PTR_ERR(gssexp) == -ENOENT)
 		return exp;
-	if (exp)
+	if (exp && !IS_ERR(exp))
 		exp_put(exp);
 	return gssexp;
 }
@@ -1291,7 +1291,7 @@ gss:
 						&rqstp->rq_chandle);
 	if (PTR_ERR(gssexp) == -ENOENT)
 		return exp;
-	if (exp)
+	if (exp && !IS_ERR(exp))
 		exp_put(exp);
 	return gssexp;
 }

Re: [PATCH 015 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor

[Andrew Morton]

On Tue, 10 Jul 2007 12:27:49 +1000 NeilBrown <neilb@suse.de> wrote:

> 
> From: J. Bruce Fields <bfields@citi.umich.edu>
> 
> Allow readonly access to vary depending on the pseudoflavor, using the
> flag passed with each pseudoflavor in the export downcall.
> 
> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
> Signed-off-by: Neil Brown <neilb@suse.de>
> 
> ### Diffstat output
>  ./include/linux/nfsd/export.h |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff .prev/include/linux/nfsd/export.h ./include/linux/nfsd/export.h
> --- .prev/include/linux/nfsd/export.h	2007-07-10 11:40:31.000000000 +1000
> +++ ./include/linux/nfsd/export.h	2007-07-10 11:50:43.000000000 +1000
> @@ -43,7 +43,7 @@
>  #define NFSEXP_ALLFLAGS		0xFE3F
>  
>  /* The flags that may vary depending on security flavor: */
> -#define NFSEXP_SECINFO_FLAGS	0
> +#define NFSEXP_SECINFO_FLAGS	NFSEXP_READONLY
>  
>  #ifdef __KERNEL__
>  

You have two patches called "knfsd: nfsd4: make readonly access depend on
pseudoflavor".  This one appears to have the wrong title and changelog.

Re: [PATCH 012 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor

[Andrew Morton]

On Tue, 10 Jul 2007 12:26:15 +1000 NeilBrown <neilb@suse.de> wrote:

> +static inline int EX_RDONLY(struct svc_export *exp, struct svc_rqst *rqstp)
> +{
> +	struct exp_flavor_info *f;
> +	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
> +
> +	for (f = exp->ex_flavors; f < end; f++) {
> +		if (f->pseudoflavor == rqstp->rq_flavor)
> +			return f->flags & NFSEXP_READONLY;
> +	}
> +	return exp->ex_flags & NFSEXP_READONLY;
> +}

It is fortunate that this inlined monster has only one callsite.

otoh, given that it has only one callsite, perhaps it should be private
to fs/nfsd/vfs.c.

Re: [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags

[Andrew Morton]

On Tue, 10 Jul 2007 12:27:37 +1000 NeilBrown <neilb@suse.de> wrote:

> +static void exp_flags(struct seq_file *m, int flag, int fsid,
> +		uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
> +{
> +	show_expflags(m, flag, NFSEXP_ALLFLAGS);
>  	if (flag & NFSEXP_FSID)
> -		seq_printf(m, "%sfsid=%d", first++?",":"", fsid);
> +		seq_printf(m, ",fsid=%d", fsid);
>  	if (anonu != (uid_t)-2 && anonu != (0x10000-2))
> -		seq_printf(m, "%sanonuid=%d", first++?",":"", anonu);
> +		seq_printf(m, ",sanonuid=%d", anonu);

It's a bit presumptuous to print a uid_t with "%d".  Fortunately it
will work OK with all the present architectures.

But in general: be cautious when feeding opaque types to printk.

Re: [PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups

[Andrew Morton]

On Tue, 10 Jul 2007 12:22:37 +1000 NeilBrown <neilb@suse.de> wrote:

> With this patchset it becomes possible to list a number of different
> security flavours that maybe used to access an exported filesystem,
> and to attach different export options (e.g. readonly, rootsquash) to
> different flavours.
> Also, NFSv4 can report which flavours are available on a particular export.

Please consider feeding knfsd patches through checkpatch in the future.  It
did find several glitches in these patches which you might have chosen
to address.

Re: [PATCH 015 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor

[Andrew Morton]

On Fri, 13 Jul 2007 00:12:15 -0700 Andrew Morton <akpm@linux-foundation.org> wrote:

> On Tue, 10 Jul 2007 12:27:49 +1000 NeilBrown <neilb@suse.de> wrote:
> 
> > 
> > From: J. Bruce Fields <bfields@citi.umich.edu>
> > 
> > Allow readonly access to vary depending on the pseudoflavor, using the
> > flag passed with each pseudoflavor in the export downcall.
> > 
> > Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
> > Signed-off-by: Neil Brown <neilb@suse.de>
> > 
> > ### Diffstat output
> >  ./include/linux/nfsd/export.h |    2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff .prev/include/linux/nfsd/export.h ./include/linux/nfsd/export.h
> > --- .prev/include/linux/nfsd/export.h	2007-07-10 11:40:31.000000000 +1000
> > +++ ./include/linux/nfsd/export.h	2007-07-10 11:50:43.000000000 +1000
> > @@ -43,7 +43,7 @@
> >  #define NFSEXP_ALLFLAGS		0xFE3F
> >  
> >  /* The flags that may vary depending on security flavor: */
> > -#define NFSEXP_SECINFO_FLAGS	0
> > +#define NFSEXP_SECINFO_FLAGS	NFSEXP_READONLY
> >  
> >  #ifdef __KERNEL__
> >  
> 
> You have two patches called "knfsd: nfsd4: make readonly access depend on
> pseudoflavor".  This one appears to have the wrong title and changelog.

hm, I ended up accidentally losing this patch altogether.  But
knfsd-nfsd-enforce-per-flavor-id-squashing.patch rubs out its effects, so
we end up OK.

Re: [PATCH 012 of 20] knfsd: nfsd4: make readonly access depend on pseudoflavor

[Christoph Hellwig]

On Fri, Jul 13, 2007 at 12:27:04AM -0700, Andrew Morton wrote:
> On Tue, 10 Jul 2007 12:26:15 +1000 NeilBrown <neilb@suse.de> wrote:
> 
> > +static inline int EX_RDONLY(struct svc_export *exp, struct svc_rqst *rqstp)
> > +{
> > +	struct exp_flavor_info *f;
> > +	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
> > +
> > +	for (f = exp->ex_flavors; f < end; f++) {
> > +		if (f->pseudoflavor == rqstp->rq_flavor)
> > +			return f->flags & NFSEXP_READONLY;
> > +	}
> > +	return exp->ex_flags & NFSEXP_READONLY;
> > +}
> 
> It is fortunate that this inlined monster has only one callsite.
> 
> otoh, given that it has only one callsite, perhaps it should be private
> to fs/nfsd/vfs.c.

Absolutely.  Pluse a sane lower-case name and removing the inline qualifier
please.

Re: [PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups

[J. Bruce Fields]

On Fri, Jul 13, 2007 at 12:33:10AM -0700, Andrew Morton wrote:
> On Tue, 10 Jul 2007 12:22:37 +1000 NeilBrown <neilb@suse.de> wrote:
> 
> > With this patchset it becomes possible to list a number of different
> > security flavours that maybe used to access an exported filesystem,
> > and to attach different export options (e.g. readonly, rootsquash) to
> > different flavours.
> > Also, NFSv4 can report which flavours are available on a particular export.
> 
> Please consider feeding knfsd patches through checkpatch in the future.  It
> did find several glitches in these patches which you might have chosen
> to address.

OK.  I guess I'll wait till the next -mm is out, take a look, and
address your comments then.  Thanks.--b.

Re: [PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups

[Andrew Morton]

On Fri, 13 Jul 2007 14:10:25 -0400
"J. Bruce Fields" <bfields@fieldses.org> wrote:

> On Fri, Jul 13, 2007 at 12:33:10AM -0700, Andrew Morton wrote:
> > On Tue, 10 Jul 2007 12:22:37 +1000 NeilBrown <neilb@suse.de> wrote:
> > 
> > > With this patchset it becomes possible to list a number of different
> > > security flavours that maybe used to access an exported filesystem,
> > > and to attach different export options (e.g. readonly, rootsquash) to
> > > different flavours.
> > > Also, NFSv4 can report which flavours are available on a particular export.
> > 
> > Please consider feeding knfsd patches through checkpatch in the future.  It
> > did find several glitches in these patches which you might have chosen
> > to address.
> 
> OK.  I guess I'll wait till the next -mm is out, take a look, and
> address your comments then.

I probably won't get another -mm out until after the 2.6.23 merge window
closes.  One reason for this is all the extra time which I need to devote
to code-review, hint.

But I don't think there was anything which I identified in this nfsd batch
which needs attention prior to a 2.6.23-rc1 merge.  The checkpatch stuff is
more a "please do this next time" thing.

Re: [PATCH 000 of 20] knfsd: Support 'secinfo' exports with related cleanups

[J. Bruce Fields]

On Fri, 13 Jul 2007 11:42:28 -0700 Andrew Morton <akpm@linux-foundation.org> wrote:
> On Fri, 13 Jul 2007 14:10:25 -0400 "J. Bruce Fields" <bfields@fieldses.org> wrote:
> > On Fri, Jul 13, 2007 at 12:33:10AM -0700, Andrew Morton wrote:
> > > Please consider feeding knfsd patches through checkpatch in the
> > > future.  It did find several glitches in these patches which you
> > > might have chosen to address.
> >
> > OK.  I guess I'll wait till the next -mm is out, take a look, and
> > address your comments then.
>
> I probably won't get another -mm out until after the 2.6.23 merge window
> closes.  One reason for this is all the extra time which I need to
> devote to code-review, hint.
> 
> But I don't think there was anything which I identified in this nfsd
> batch which needs attention prior to a 2.6.23-rc1 merge.  The checkpatch
> stuff is more a "please do this next time" thing.

OK, so the following address the review comments.

The first two should really be applied before -rc1 if at all possible:

	- the first is a preexisting bug stumbled on while doing this
	  work, also suitable for stable.
	- the second is a fix for a regression introduced by my patches.
	  (Apologies!)

(The other three patches, as you say, can wait till after rc1.)

--b.

[PATCH 1/5] nfsd: fix possible read-ahead cache and export table corruption

[J. Bruce Fields]

From: J. Bruce Fields <bfields@citi.umich.edu>

The value of nperbucket calculated here is too small--we should be
rounding up instead of down--with the result that the index j in the
following loop can overflow the raparm_hash array.  At least in my case,
the next thing in memory turns out to be export_table, so the symptoms I
see are crashes caused by the appearance of four zeroed-out export
entries in the first bucket of the hash table of exports (which were
actually entries in the readahead cache, a pointer to which had been
written to the export table in this initialization code).

It looks like the bug was probably introduced with commit
fce1456a19f5c08b688c29f00ef90fdfa074c79b ("knfsd: make the readahead
params cache SMP-friendly").

Cc: stable@kernel.org
Cc: Greg Banks <gnb@melbourne.sgi.com>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
---
 fs/nfsd/vfs.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index e90f4a8..b8da5dd 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -1916,7 +1916,7 @@ nfsd_racache_init(int cache_size)
 		raparm_hash[i].pb_head = NULL;
 		spin_lock_init(&raparm_hash[i].pb_lock);
 	}
-	nperbucket = cache_size >> RAPARM_HASH_BITS;
+	nperbucket = DIV_ROUND_UP(cache_size, RAPARM_HASH_SIZE);
 	for (i = 0; i < cache_size - 1; i++) {
 		if (i % nperbucket == 0)
 			raparm_hash[j++].pb_head = raparml + i;
-- 
1.5.3.rc2

[PATCH 2/5] nfsd: return errors, not NULL, from export functions

[J. Bruce Fields]

From: J. Bruce Fields <bfields@citi.umich.edu>

I converted the various export-returning functions to return -ENOENT
instead of NULL, but missed a few cases.

This particular case could cause actual bugs in the case of a krb5
client that doesn't match any ip-based client and that is trying to
access a filesystem not exported to krb5 clients.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
---
 fs/nfsd/export.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index c7bbf46..6ab8de4 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -1265,7 +1265,7 @@ struct svc_export *
 rqst_exp_get_by_name(struct svc_rqst *rqstp, struct vfsmount *mnt,
 		struct dentry *dentry)
 {
-	struct svc_export *gssexp, *exp = NULL;
+	struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
 
 	if (rqstp->rq_client == NULL)
 		goto gss;
@@ -1288,7 +1288,7 @@ gss:
 						&rqstp->rq_chandle);
 	if (PTR_ERR(gssexp) == -ENOENT)
 		return exp;
-	if (exp && !IS_ERR(exp))
+	if (!IS_ERR(exp))
 		exp_put(exp);
 	return gssexp;
 }
@@ -1296,7 +1296,7 @@ gss:
 struct svc_export *
 rqst_exp_find(struct svc_rqst *rqstp, int fsid_type, u32 *fsidv)
 {
-	struct svc_export *gssexp, *exp = NULL;
+	struct svc_export *gssexp, *exp = ERR_PTR(-ENOENT);
 
 	if (rqstp->rq_client == NULL)
 		goto gss;
@@ -1318,7 +1318,7 @@ gss:
 						&rqstp->rq_chandle);
 	if (PTR_ERR(gssexp) == -ENOENT)
 		return exp;
-	if (exp && !IS_ERR(exp))
+	if (!IS_ERR(exp))
 		exp_put(exp);
 	return gssexp;
 }
-- 
1.5.3.rc2

[PATCH 3/5] nfsd: remove unnecessary NULL checks from nfsd_cross_mnt

[J. Bruce Fields]

From: J. Bruce Fields <bfields@citi.umich.edu>

We can now assume that rqst_exp_get_by_name() does not return NULL; so
clean up some unnecessary checks.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
---
 fs/nfsd/vfs.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index b8da5dd..5c97d0e 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -120,14 +120,14 @@ nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp,
 		mntput(mnt);
 		goto out;
 	}
-	if (exp2 && ((exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2))) {
+	if ((exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2)) {
 		/* successfully crossed mount point */
 		exp_put(exp);
 		*expp = exp2;
 		dput(dentry);
 		*dpp = mounts;
 	} else {
-		if (exp2) exp_put(exp2);
+		exp_put(exp2);
 		dput(mounts);
 	}
 	mntput(mnt);
-- 
1.5.3.rc2

[PATCH 4/5] knfsd: move EX_RDONLY out of header

[J. Bruce Fields]

From: J. Bruce Fields <bfields@citi.umich.edu>

EX_RDONLY is only called in one place; just put it there.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
---
 fs/nfsd/vfs.c               |   12 ++++++++++++
 include/linux/nfsd/export.h |   12 ------------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 5c97d0e..f2684e5 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -1797,6 +1797,18 @@ nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat)
 	return err;
 }
 
+static inline int EX_RDONLY(struct svc_export *exp, struct svc_rqst *rqstp)
+{
+	struct exp_flavor_info *f;
+	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
+
+	for (f = exp->ex_flavors; f < end; f++) {
+		if (f->pseudoflavor == rqstp->rq_flavor)
+			return f->flags & NFSEXP_READONLY;
+	}
+	return exp->ex_flags & NFSEXP_READONLY;
+}
+
 /*
  * Check for a user's access permissions to this inode.
  */
diff --git a/include/linux/nfsd/export.h b/include/linux/nfsd/export.h
index 78feb7b..fb4e930 100644
--- a/include/linux/nfsd/export.h
+++ b/include/linux/nfsd/export.h
@@ -116,18 +116,6 @@ struct svc_expkey {
 #define EX_NOHIDE(exp)		((exp)->ex_flags & NFSEXP_NOHIDE)
 #define EX_WGATHER(exp)		((exp)->ex_flags & NFSEXP_GATHERED_WRITES)
 
-static inline int EX_RDONLY(struct svc_export *exp, struct svc_rqst *rqstp)
-{
-	struct exp_flavor_info *f;
-	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
-
-	for (f = exp->ex_flavors; f < end; f++) {
-		if (f->pseudoflavor == rqstp->rq_flavor)
-			return f->flags & NFSEXP_READONLY;
-	}
-	return exp->ex_flags & NFSEXP_READONLY;
-}
-
 __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp);
 
 /*
-- 
1.5.3.rc2

[PATCH 5/5] knfsd: clean up EX_RDONLY

[J. Bruce Fields]

From: J. Bruce Fields <bfields@citi.umich.edu>

Share a little common code, reverse the arguments for consistency, drop
the unnecessary "inline", and lowercase the name.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
---
 fs/nfsd/auth.c              |    3 ++-
 fs/nfsd/vfs.c               |   13 +++----------
 include/linux/nfsd/export.h |    1 +
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index cf61dc8..2192805 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -9,10 +9,11 @@
 #include <linux/sunrpc/svc.h>
 #include <linux/sunrpc/svcauth.h>
 #include <linux/nfsd/nfsd.h>
+#include <linux/nfsd/export.h>
 
 #define	CAP_NFSD_MASK (CAP_FS_MASK|CAP_TO_MASK(CAP_SYS_RESOURCE))
 
-static int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
+int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp)
 {
 	struct exp_flavor_info *f;
 	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index f2684e5..ee96a89 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -1797,16 +1797,9 @@ nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat)
 	return err;
 }
 
-static inline int EX_RDONLY(struct svc_export *exp, struct svc_rqst *rqstp)
+static int exp_rdonly(struct svc_rqst *rqstp, struct svc_export *exp)
 {
-	struct exp_flavor_info *f;
-	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
-
-	for (f = exp->ex_flavors; f < end; f++) {
-		if (f->pseudoflavor == rqstp->rq_flavor)
-			return f->flags & NFSEXP_READONLY;
-	}
-	return exp->ex_flags & NFSEXP_READONLY;
+	return nfsexp_flags(rqstp, exp) & NFSEXP_READONLY;
 }
 
 /*
@@ -1845,7 +1838,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
 	 */
 	if (!(acc & MAY_LOCAL_ACCESS))
 		if (acc & (MAY_WRITE | MAY_SATTR | MAY_TRUNC)) {
-			if (EX_RDONLY(exp, rqstp) || IS_RDONLY(inode))
+			if (exp_rdonly(rqstp, exp) || IS_RDONLY(inode))
 				return nfserr_rofs;
 			if (/* (acc & MAY_WRITE) && */ IS_IMMUTABLE(inode))
 				return nfserr_perm;
diff --git a/include/linux/nfsd/export.h b/include/linux/nfsd/export.h
index fb4e930..5cd1924 100644
--- a/include/linux/nfsd/export.h
+++ b/include/linux/nfsd/export.h
@@ -116,6 +116,7 @@ struct svc_expkey {
 #define EX_NOHIDE(exp)		((exp)->ex_flags & NFSEXP_NOHIDE)
 #define EX_WGATHER(exp)		((exp)->ex_flags & NFSEXP_GATHERED_WRITES)
 
+int nfsexp_flags(struct svc_rqst *rqstp, struct svc_export *exp);
 __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp);
 
 /*
-- 
1.5.3.rc2

Re: [NFS] [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags

[J. Bruce Fields]

On Fri, Jul 13, 2007 at 12:29:33AM -0700, Andrew Morton wrote:
> On Tue, 10 Jul 2007 12:27:37 +1000 NeilBrown <neilb@suse.de> wrote:
> 
> > +static void exp_flags(struct seq_file *m, int flag, int fsid,
> > +		uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
> > +{
> > +	show_expflags(m, flag, NFSEXP_ALLFLAGS);
> >  	if (flag & NFSEXP_FSID)
> > -		seq_printf(m, "%sfsid=%d", first++?",":"", fsid);
> > +		seq_printf(m, ",fsid=%d", fsid);
> >  	if (anonu != (uid_t)-2 && anonu != (0x10000-2))
> > -		seq_printf(m, "%sanonuid=%d", first++?",":"", anonu);
> > +		seq_printf(m, ",sanonuid=%d", anonu);
> 
> It's a bit presumptuous to print a uid_t with "%d".  Fortunately it
> will work OK with all the present architectures.
> 
> But in general: be cautious when feeding opaque types to printk.

OK, here I'm still confused--what should we be doing instead?

--b.

Re: [NFS] [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags

[Neil Brown]

On Wednesday July 18, bfields@fieldses.org wrote:
> On Fri, Jul 13, 2007 at 12:29:33AM -0700, Andrew Morton wrote:
> > On Tue, 10 Jul 2007 12:27:37 +1000 NeilBrown <neilb@suse.de> wrote:
> > 
> > > +static void exp_flags(struct seq_file *m, int flag, int fsid,
> > > +		uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
> > > +{
> > > +	show_expflags(m, flag, NFSEXP_ALLFLAGS);
> > >  	if (flag & NFSEXP_FSID)
> > > -		seq_printf(m, "%sfsid=%d", first++?",":"", fsid);
> > > +		seq_printf(m, ",fsid=%d", fsid);
> > >  	if (anonu != (uid_t)-2 && anonu != (0x10000-2))
> > > -		seq_printf(m, "%sanonuid=%d", first++?",":"", anonu);
> > > +		seq_printf(m, ",sanonuid=%d", anonu);
> > 
> > It's a bit presumptuous to print a uid_t with "%d".  Fortunately it
> > will work OK with all the present architectures.
> > 
> > But in general: be cautious when feeding opaque types to printk.
> 
> OK, here I'm still confused--what should we be doing instead?

Cast the variable to a type that printf knows about.
       seq_printf(m, ",anonuid=%d", (int)anonu);

Or maybe cast it to (long) and use %ld, just in case...

Note the stray 's' in the current patch, after the comma!

NeilBrown

Re: [NFS] [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags

[Andrew Morton]

On Wed, 18 Jul 2007 19:05:55 -0400
"J. Bruce Fields" <bfields@fieldses.org> wrote:

> On Fri, Jul 13, 2007 at 12:29:33AM -0700, Andrew Morton wrote:
> > On Tue, 10 Jul 2007 12:27:37 +1000 NeilBrown <neilb@suse.de> wrote:
> > 
> > > +static void exp_flags(struct seq_file *m, int flag, int fsid,
> > > +		uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
> > > +{
> > > +	show_expflags(m, flag, NFSEXP_ALLFLAGS);
> > >  	if (flag & NFSEXP_FSID)
> > > -		seq_printf(m, "%sfsid=%d", first++?",":"", fsid);
> > > +		seq_printf(m, ",fsid=%d", fsid);
> > >  	if (anonu != (uid_t)-2 && anonu != (0x10000-2))
> > > -		seq_printf(m, "%sanonuid=%d", first++?",":"", anonu);
> > > +		seq_printf(m, ",sanonuid=%d", anonu);
> > 
> > It's a bit presumptuous to print a uid_t with "%d".  Fortunately it
> > will work OK with all the present architectures.
> > 
> > But in general: be cautious when feeding opaque types to printk.
> 
> OK, here I'm still confused--what should we be doing instead?
> 

Nothing? I was just having a little self-muse.

If one was really anal, one could typecast it to an unsigned long long in
the printk, then feel smug when we switch to 64-bit uid's.

Re: [NFS] [PATCH 4/5] knfsd: move EX_RDONLY out of header

[Christoph Hellwig]

On Wed, Jul 18, 2007 at 06:57:29PM -0400, J. Bruce Fields wrote:
> From: J. Bruce Fields <bfields@citi.umich.edu>
> 
> EX_RDONLY is only called in one place; just put it there.
> 
> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
> ---
>  fs/nfsd/vfs.c               |   12 ++++++++++++
>  include/linux/nfsd/export.h |   12 ------------
>  2 files changed, 12 insertions(+), 12 deletions(-)
> 
> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
> index 5c97d0e..f2684e5 100644
> --- a/fs/nfsd/vfs.c
> +++ b/fs/nfsd/vfs.c
> @@ -1797,6 +1797,18 @@ nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat)
>  	return err;
>  }
>  
> +static inline int EX_RDONLY(struct svc_export *exp, struct svc_rqst *rqstp)
> +{
> +	struct exp_flavor_info *f;
> +	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
> +
> +	for (f = exp->ex_flavors; f < end; f++) {
> +		if (f->pseudoflavor == rqstp->rq_flavor)
> +			return f->flags & NFSEXP_READONLY;
> +	}
> +	return exp->ex_flags & NFSEXP_READONLY;
> +}

As mentioned last time lease remove the inline qualifier and give it a
lower-case name.

Re: [NFS] [PATCH 5/5] knfsd: clean up EX_RDONLY

[Christoph Hellwig]

On Wed, Jul 18, 2007 at 06:57:30PM -0400, J. Bruce Fields wrote:
> From: J. Bruce Fields <bfields@citi.umich.edu>
> 
> Share a little common code, reverse the arguments for consistency, drop
> the unnecessary "inline", and lowercase the name.

Ah, sorry - didn't notice this was a separate patch.

> @@ -1845,7 +1838,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
>  	 */
>  	if (!(acc & MAY_LOCAL_ACCESS))
>  		if (acc & (MAY_WRITE | MAY_SATTR | MAY_TRUNC)) {
> -			if (EX_RDONLY(exp, rqstp) || IS_RDONLY(inode))
> +			if (exp_rdonly(rqstp, exp) || IS_RDONLY(inode))

In fact with just a singler caller left and reduced to a one-liner we
could kill this function completely..

Re: [NFS] [PATCH 4/5] knfsd: move EX_RDONLY out of header

[Andrew Morton]

On Thu, 19 Jul 2007 09:28:38 +0100 Christoph Hellwig <hch@infradead.org> wrote:

> On Wed, Jul 18, 2007 at 06:57:29PM -0400, J. Bruce Fields wrote:
> > From: J. Bruce Fields <bfields@citi.umich.edu>
> > 
> > EX_RDONLY is only called in one place; just put it there.
> > 
> > Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
> > ---
> >  fs/nfsd/vfs.c               |   12 ++++++++++++
> >  include/linux/nfsd/export.h |   12 ------------
> >  2 files changed, 12 insertions(+), 12 deletions(-)
> > 
> > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
> > index 5c97d0e..f2684e5 100644
> > --- a/fs/nfsd/vfs.c
> > +++ b/fs/nfsd/vfs.c
> > @@ -1797,6 +1797,18 @@ nfsd_statfs(struct svc_rqst *rqstp, struct svc_fh *fhp, struct kstatfs *stat)
> >  	return err;
> >  }
> >  
> > +static inline int EX_RDONLY(struct svc_export *exp, struct svc_rqst *rqstp)
> > +{
> > +	struct exp_flavor_info *f;
> > +	struct exp_flavor_info *end = exp->ex_flavors + exp->ex_nflavors;
> > +
> > +	for (f = exp->ex_flavors; f < end; f++) {
> > +		if (f->pseudoflavor == rqstp->rq_flavor)
> > +			return f->flags & NFSEXP_READONLY;
> > +	}
> > +	return exp->ex_flags & NFSEXP_READONLY;
> > +}
> 
> As mentioned last time lease remove the inline qualifier and give it a
> lower-case name.

that's the next patch in the series.

Re: [NFS] [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags

[J. Bruce Fields]

On Thu, Jul 19, 2007 at 10:16:14AM +1000, Neil Brown wrote:
> On Wednesday July 18, bfields@fieldses.org wrote:
> > On Fri, Jul 13, 2007 at 12:29:33AM -0700, Andrew Morton wrote:
> > > On Tue, 10 Jul 2007 12:27:37 +1000 NeilBrown <neilb@suse.de> wrote:
> > > 
> > > > +static void exp_flags(struct seq_file *m, int flag, int fsid,
> > > > +		uid_t anonu, uid_t anong, struct nfsd4_fs_locations *fsloc)
> > > > +{
> > > > +	show_expflags(m, flag, NFSEXP_ALLFLAGS);
> > > >  	if (flag & NFSEXP_FSID)
> > > > -		seq_printf(m, "%sfsid=%d", first++?",":"", fsid);
> > > > +		seq_printf(m, ",fsid=%d", fsid);
> > > >  	if (anonu != (uid_t)-2 && anonu != (0x10000-2))
> > > > -		seq_printf(m, "%sanonuid=%d", first++?",":"", anonu);
> > > > +		seq_printf(m, ",sanonuid=%d", anonu);
> > > 
> > > It's a bit presumptuous to print a uid_t with "%d".  Fortunately it
> > > will work OK with all the present architectures.
> > > 
> > > But in general: be cautious when feeding opaque types to printk.
> > 
> > OK, here I'm still confused--what should we be doing instead?
> 
> Cast the variable to a type that printf knows about.
>        seq_printf(m, ",anonuid=%d", (int)anonu);
> 
> Or maybe cast it to (long) and use %ld, just in case...

OK.  In the event that uid_t some day ceases to eventually become an
int, will the casts help, or will they just suppress useful warnings?

> Note the stray 's' in the current patch, after the comma!

Sharp eyes, thanks!  I'll make a patch.  Uh, any objection if I print
all those uid's as unsigned while I'm at it?

--b.

Re: [NFS] [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags

[Neil Brown]

On Thursday July 19, bfields@fieldses.org wrote:
> On Thu, Jul 19, 2007 at 10:16:14AM +1000, Neil Brown wrote:
> > On Wednesday July 18, bfields@fieldses.org wrote:
> > > OK, here I'm still confused--what should we be doing instead?
> > 
> > Cast the variable to a type that printf knows about.
> >        seq_printf(m, ",anonuid=%d", (int)anonu);
> > 
> > Or maybe cast it to (long) and use %ld, just in case...
> 
> OK.  In the event that uid_t some day ceases to eventually become an
> int, will the casts help, or will they just suppress useful warnings?

Probably not.  Just leave it as it is.

> 
> > Note the stray 's' in the current patch, after the comma!
> 
> Sharp eyes, thanks!  I'll make a patch.  Uh, any objection if I print
> all those uid's as unsigned while I'm at it?

I wondered about that too.  I think we have completely removed the
fiction that 'nobody' is '-2' rather than '65534' so it should be both
safe and sensible to make them unsigned.

NeilBrown

Re: [NFS] [PATCH 013 of 20] knfsd: nfsd: factor out code from show_expflags

[Satyam Sharma]

On 7/20/07, Neil Brown <neilb@suse.de> wrote:
> On Thursday July 19, bfields@fieldses.org wrote:
> > On Thu, Jul 19, 2007 at 10:16:14AM +1000, Neil Brown wrote:
> > > On Wednesday July 18, bfields@fieldses.org wrote:
> > > > OK, here I'm still confused--what should we be doing instead?
> > >
> > > Cast the variable to a type that printf knows about.
> > >        seq_printf(m, ",anonuid=%d", (int)anonu);
> > >
> > > Or maybe cast it to (long) and use %ld, just in case...
> >
> > OK.  In the event that uid_t some day ceases to eventually become an
> > int, will the casts help, or will they just suppress useful warnings?
>
> Probably not.  Just leave it as it is.
>
> >
> > > Note the stray 's' in the current patch, after the comma!
> >
> > Sharp eyes, thanks!  I'll make a patch.  Uh, any objection if I print
> > all those uid's as unsigned while I'm at it?
>
> I wondered about that too.  I think we have completely removed the
> fiction that 'nobody' is '-2' rather than '65534' so it should be both
> safe and sensible to make them unsigned.

Ummm ... sorry for butting in here :-) But uid_t is always unsigned, yes.

[PATCH] knfsd: Fix typo in export display, print uid and gid as unsigned

[J. Bruce Fields]

From: J. Bruce Fields <bfields@citi.umich.edu>

For display purposes, treat uid's and gid's as unsigned ints for now.
Also fix a typo.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
---
 fs/nfsd/export.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

On Fri, Jul 20, 2007 at 12:21:16PM +1000, Neil Brown wrote:
> On Thursday July 19, bfields@fieldses.org wrote:
> > Sharp eyes, thanks!  I'll make a patch.  Uh, any objection if I print
> > all those uid's as unsigned while I'm at it?
> 
> I wondered about that too.  I think we have completely removed the
> fiction that 'nobody' is '-2' rather than '65534' so it should be both
> safe and sensible to make them unsigned.

OK!  Here's what I've got.--b.

diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index 6ab8de4..2d295dd 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -1503,9 +1503,9 @@ static void exp_flags(struct seq_file *m, int flag, int fsid,
 	if (flag & NFSEXP_FSID)
 		seq_printf(m, ",fsid=%d", fsid);
 	if (anonu != (uid_t)-2 && anonu != (0x10000-2))
-		seq_printf(m, ",sanonuid=%d", anonu);
+		seq_printf(m, ",anonuid=%u", anonu);
 	if (anong != (gid_t)-2 && anong != (0x10000-2))
-		seq_printf(m, ",sanongid=%d", anong);
+		seq_printf(m, ",anongid=%u", anong);
 	if (fsloc && fsloc->locations_count > 0) {
 		char *loctype = (fsloc->migrated) ? "refer" : "replicas";
 		int i;
-- 
1.5.3.rc2