From 4d4b69dd847a098cdca341c45326f6c6f61b8691 Mon Sep 17 00:00:00 2001 From: Weston Andros Adamson Date: Fri, 18 Oct 2013 15:15:19 -0400 Subject: NFS: add support for multiple sec= mount options This patch adds support for multiple security options which can be specified using a colon-delimited list of security flavors (the same syntax as nfsd's exports file). This is useful, for instance, when NFSv4.x mounts cross SECINFO boundaries. With this patch a user can use "sec=krb5i,krb5p" to mount a remote filesystem using krb5i, but can still cross into krb5p-only exports. New mounts will try all security options before failing. NFSv4.x SECINFO results will be compared against the sec= flavors to find the first flavor in both lists or if no match is found will return -EPERM. Signed-off-by: Weston Andros Adamson Signed-off-by: Trond Myklebust --- fs/nfs/nfs4client.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'fs/nfs/nfs4client.c') diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c index f6cc77c7d802..b4a160a405ce 100644 --- a/fs/nfs/nfs4client.c +++ b/fs/nfs/nfs4client.c @@ -964,6 +964,9 @@ static int nfs4_init_server(struct nfs_server *server, server->options = data->options; server->auth_info = data->auth_info; + /* Use the first specified auth flavor. If this flavor isn't + * allowed by the server, use the SECINFO path to try the + * other specified flavors */ if (data->auth_info.flavor_len >= 1) data->selected_flavor = data->auth_info.flavors[0]; else -- cgit v1.2.3