diff options
author | bc Wong <bcwong@cisco.com> | 2008-03-18 09:30:44 -0400 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2008-03-18 09:30:44 -0400 |
commit | 3c1bb23c0379864722e79d19f74c180edcf2c36e (patch) | |
tree | b7f9d9440a94798465d88c3f26f10bd35877d72a /utils/mount | |
parent | 3aeea1c463420aaab447ab61333f5e82bc5c241b (diff) | |
download | nfs-utils-3c1bb23c0379864722e79d19f74c180edcf2c36e.tar.gz nfs-utils-3c1bb23c0379864722e79d19f74c180edcf2c36e.tar.xz nfs-utils-3c1bb23c0379864722e79d19f74c180edcf2c36e.zip |
There were 2 things wrong with auth flavour ordering:
- Mountd used to advertise AUTH_NULL as the first flavour on
the list, which means that it prefers AUTH_NULL to anything
else (as per RFC 2623 section 2.7).
- Mount.nfs used to scan the returned list in reverse order,
and stopping at the first AUTH_NULL or AUTH_SYS encountered.
If a server advertises (AUTH_SYS, AUTH_NULL), it will by
default choose AUTH_NULL and have degraded access.
I've fixed mount.nfs to scan from the beginning. For mountd,
it does not advertise AUTH_NULL anymore. This is necessary
to avoid backward compatibility issue. If AUTH_NULL appears
in the list, either the new or the old client will choose
that over AUTH_SYS.
Tested the server/client combination against the previous
versions, as well as Solaris and FreeBSD.
Signed-off-by: bc Wong <bcwong@cisco.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'utils/mount')
-rw-r--r-- | utils/mount/nfsmount.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/utils/mount/nfsmount.c b/utils/mount/nfsmount.c index d1d43c6..ff0ff93 100644 --- a/utils/mount/nfsmount.c +++ b/utils/mount/nfsmount.c @@ -738,7 +738,7 @@ nfsmount(const char *spec, const char *node, int flags, #if NFS_MOUNT_VERSION >= 4 mountres3_ok *mountres; fhandle3 *fhandle; - int i, *flavor, yum = 0; + int i, n_flavors, *flavor, yum = 0; if (mntres.nfsv3.fhs_status != 0) { nfs_error(_("%s: %s:%s failed, reason given by server: %s"), progname, hostname, dirname, @@ -747,13 +747,16 @@ nfsmount(const char *spec, const char *node, int flags, } #if NFS_MOUNT_VERSION >= 5 mountres = &mntres.nfsv3.mountres3_u.mountinfo; - i = mountres->auth_flavors.auth_flavors_len; - if (i <= 0) + n_flavors = mountres->auth_flavors.auth_flavors_len; + if (n_flavors <= 0) goto noauth_flavors; flavor = mountres->auth_flavors.auth_flavors_val; - while (--i >= 0) { - /* If no flavour requested, use first simple + for (i = 0; i < n_flavors; ++i) { + /* + * Per RFC2623, section 2.7, we should prefer the + * flavour listed first. + * If no flavour requested, use the first simple * flavour that is offered. */ if (! (data.flags & NFS_MOUNT_SECFLAVOUR) && |