NFS: add support for multiple sec= mount options
This patch adds support for multiple security options which can be specified using a colon-delimited list of security flavors (the same syntax as nfsd's exports file). This is useful, for instance, when NFSv4.x mounts cross SECINFO boundaries. With this patch a user can use "sec=krb5i,krb5p" to mount a remote filesystem using krb5i, but can still cross into krb5p-only exports. New mounts will try all security options before failing. NFSv4.x SECINFO results will be compared against the sec= flavors to find the first flavor in both lists or if no match is found will return -EPERM. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
Weston Andros Adamson
Trond Myklebust
parent
5837f6dfcb
commit
4d4b69dd84
6 changed files with 145 additions and 71 deletions
|
|
@ -964,6 +964,9 @@ static int nfs4_init_server(struct nfs_server *server,
|
|||
server->options = data->options;
|
||||
server->auth_info = data->auth_info;
|
||||
|
||||
/* Use the first specified auth flavor. If this flavor isn't
|
||||
* allowed by the server, use the SECINFO path to try the
|
||||
* other specified flavors */
|
||||
if (data->auth_info.flavor_len >= 1)
|
||||
data->selected_flavor = data->auth_info.flavors[0];
|
||||
else
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue