[PATCH 09/20] nfsd: use ip-address-based domain in secinfo case
J. Bruce Fields
bfields at fieldses.org
Mon Jul 9 18:28:11 EDT 2007
On Thu, Jul 05, 2007 at 01:44:26PM -0400, J. Bruce Fields wrote:
> From: J. Bruce Fields <bfields at citi.umich.edu>
>
> With this patch, we fall back on using the gss/pseudoflavor only if we
> fail to find a matching auth_unix export that has a secinfo list.
>
> As long as sec= options aren't used, there's still no change in behavior
> here (except possibly for some additional auth_unix cache lookups, whose
> results will be ignored).
>
> The sec= option, however, is not actually enforced yet; later patches
> will add the necessary checks.
Ugh, this patch had a serious bug; the following could be applied at the
end of this series but would best be folded into this patch; I've done
the latter in the server-secinfo branch at
git://linux-nfs.org/~bfields/linux.git server-secinfo
Thanks to Olga for the testing that found this.
--b.
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index d9ed7f1..f6073c6 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -1285,7 +1285,7 @@ gss:
&rqstp->rq_chandle);
if (PTR_ERR(gssexp) == -ENOENT)
return exp;
- if (exp)
+ if (exp && !IS_ERR(exp))
exp_put(exp);
return gssexp;
}
@@ -1315,7 +1315,7 @@ gss:
&rqstp->rq_chandle);
if (PTR_ERR(gssexp) == -ENOENT)
return exp;
- if (exp)
+ if (exp && !IS_ERR(exp))
exp_put(exp);
return gssexp;
}
More information about the NFSv4
mailing list