nfsd: Do no try to us idmapd for sec=mariux

When the nfsd module parameter nfs4_disable_idmapping ist set, which is the default, than a user space idmapd is not required for AUTH_UNIX. The code used in nfsd to check whether the idmap cache and user space daemon should be used is if (nfs4_disable_idmapping && rqstp->rq_cred.cr_flavor < RPC_AUTH_GSS) However, we've added our own security flavor AUTH_MARIUX numerically after AUTH_GSS: enum rpc_auth_flavors { RPC_AUTH_NULL = 0, RPC_AUTH_UNIX = 1, RPC_AUTH_SHORT = 2, RPC_AUTH_DES = 3, RPC_AUTH_KRB = 4, RPC_AUTH_GSS = 6, RPC_AUTH_TLS = 7, RPC_AUTH_MARIUX = 8, RPC_AUTH_MAXFLAVOR = 9, /* pseudoflavors: */ RPC_AUTH_GSS_KRB5 = 390003, RPC_AUTH_GSS_KRB5I = 390004, RPC_AUTH_GSS_KRB5P = 390005, RPC_AUTH_GSS_LKEY = 390006, RPC_AUTH_GSS_LKEYI = 390007, RPC_AUTH_GSS_LKEYP = 390008, RPC_AUTH_GSS_SPKM = 390009, RPC_AUTH_GSS_SPKMI = 390010, RPC_AUTH_GSS_SPKMP = 390011, }; So the check fails for AUTH_MARIUX. Although it can and should work with numerical idents from the client, nfsd tries to use idmapd and this fails for certain operations, because we don't start idmapd in our environment Exlicitly allow RPC_AUTH_MARIUX to be used without idmapd.
mariux64 · Jan 5, 2023 · 6452026 · 6452026
1 parent 2375356
commit 6452026
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c
@@ -619,7 +619,7 @@ numeric_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namel
 static __be32
 do_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, u32 *id)
 {
-	if (nfs4_disable_idmapping && rqstp->rq_cred.cr_flavor < RPC_AUTH_GSS)
+	if (nfs4_disable_idmapping && (rqstp->rq_cred.cr_flavor < RPC_AUTH_GSS || rqstp->rq_cred.cr_flavor == RPC_AUTH_MARIUX))
 		if (numeric_name_to_id(rqstp, type, name, namelen, id))
 			return 0;
 		/*
@@ -632,7 +632,7 @@ do_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namelen, u
 static __be32 encode_name_from_id(struct xdr_stream *xdr,
 				  struct svc_rqst *rqstp, int type, u32 id)
 {
-	if (nfs4_disable_idmapping && rqstp->rq_cred.cr_flavor < RPC_AUTH_GSS)
+	if (nfs4_disable_idmapping && (rqstp->rq_cred.cr_flavor < RPC_AUTH_GSS || rqstp->rq_cred.cr_flavor == RPC_AUTH_MARIUX))
 		return encode_ascii_id(xdr, id);
 	return idmap_id_to_name(xdr, rqstp, type, id);
 }