diff options
| -rw-r--r-- | utils/mount/nfsmount.c | 13 | ||||
| -rw-r--r-- | utils/mountd/mountd.c | 9 |
2 files changed, 16 insertions, 6 deletions
diff --git a/utils/mount/nfsmount.c b/utils/mount/nfsmount.c index d1d43c6..ff0ff93 100644 --- a/utils/mount/nfsmount.c +++ b/utils/mount/nfsmount.c @@ -738,7 +738,7 @@ nfsmount(const char *spec, const char *node, int flags, #if NFS_MOUNT_VERSION >= 4 mountres3_ok *mountres; fhandle3 *fhandle; - int i, *flavor, yum = 0; + int i, n_flavors, *flavor, yum = 0; if (mntres.nfsv3.fhs_status != 0) { nfs_error(_("%s: %s:%s failed, reason given by server: %s"), progname, hostname, dirname, @@ -747,13 +747,16 @@ nfsmount(const char *spec, const char *node, int flags, } #if NFS_MOUNT_VERSION >= 5 mountres = &mntres.nfsv3.mountres3_u.mountinfo; - i = mountres->auth_flavors.auth_flavors_len; - if (i <= 0) + n_flavors = mountres->auth_flavors.auth_flavors_len; + if (n_flavors <= 0) goto noauth_flavors; flavor = mountres->auth_flavors.auth_flavors_val; - while (--i >= 0) { - /* If no flavour requested, use first simple + for (i = 0; i < n_flavors; ++i) { + /* + * Per RFC2623, section 2.7, we should prefer the + * flavour listed first. + * If no flavour requested, use the first simple * flavour that is offered. */ if (! (data.flags & NFS_MOUNT_SECFLAVOUR) && diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c index 63d5ce1..8137f7f 100644 --- a/utils/mountd/mountd.c +++ b/utils/mountd/mountd.c @@ -342,7 +342,14 @@ mount_mnt_3_svc(struct svc_req *rqstp, dirpath *path, mountres3 *res) #define AUTH_GSS_KRB5 390003 #define AUTH_GSS_KRB5I 390004 #define AUTH_GSS_KRB5P 390005 - static int flavors[] = { AUTH_NULL, AUTH_UNIX, AUTH_GSS_KRB5, AUTH_GSS_KRB5I, AUTH_GSS_KRB5P}; + static int flavors[] = { AUTH_UNIX, AUTH_GSS_KRB5, AUTH_GSS_KRB5I, AUTH_GSS_KRB5P}; + /* + * We should advertise the preferred flavours first. (See RFC 2623 + * section 2.7.) AUTH_UNIX is arbitrarily ranked over the GSS's. + * AUTH_NULL is dropped from the list to avoid backward compatibility + * issue with older Linux clients, who inspect the list in reversed + * order. + */ struct nfs_fh_len *fh; xlog(D_CALL, "MNT3(%s) called", *path); |