diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-09-24 15:12:01 -0400 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2013-09-24 15:12:01 -0400 |
| commit | 7004991526be90ec2647d28c503936dc91bc9100 (patch) | |
| tree | 0ea5ef0737ab15422751b79cf5c3424897f28cd5 | |
| parent | bdc50fc12a621545feaf9925999723d45171c34d (diff) | |
| download | nfs-utils-7004991526be90ec2647d28c503936dc91bc9100.tar.gz nfs-utils-7004991526be90ec2647d28c503936dc91bc9100.tar.xz nfs-utils-7004991526be90ec2647d28c503936dc91bc9100.zip | |
exportfs: Fix the default authentication flavour setting
Commit 11ba3b1e01b67b7d19f26fba94fabdb60878e809 (Add a default flavor
to an export's e_secinfo list) breaks the ordering of security flavours
in the secinfo list, by reordering 'sec=sys' to always be the first
secinfo flavour if one fails to set a default 'sec' setting.
An export of the form:
/export -sync,no_subtree_check,mp \
192.168.1.0/24(sec=krb5p:krb5i:krb5,rw,sec=sys,ro)
ends up getting translated by exportfs into the following entry in
/var/lib/nfs/etab:
/export 192.168.1.0/24(ro,sync,wdelay,hide,nocrossmnt,\
secure,root_squash,no_all_squash,\
no_subtree_check,secure_locks,acl,\
mountpoint,anonuid=65534,anongid=65534,\
sec=sys,ro,root_squash,no_all_squash,\
sec=krb5p:krb5i:krb5,rw,root_squash,no_all_squash)
Note how the 'sec=sys' is now listed first...
The fix is to defer adding the default flavour until the call to
secinfo_show, when we can see if it is even needed at all.
With the patch, the above export is now correctly entered in
/var/lib/nfs/etab as:
/export 192.168.1.0/24(ro,sync,wdelay,hide,nocrossmnt,\
secure,root_squash,no_all_squash,\
no_subtree_check,secure_locks,acl,\
mountpoint,anonuid=65534,anongid=65534,\
sec=krb5p:krb5i:krb5,rw,root_squash,no_all_squash,\
sec=sys,ro,root_squash,no_all_squash)
Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
| -rw-r--r-- | support/nfs/exports.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/support/nfs/exports.c b/support/nfs/exports.c index 05178f7..d3160d3 100644 --- a/support/nfs/exports.c +++ b/support/nfs/exports.c @@ -63,6 +63,7 @@ static int parsesquash(char *list, int **idp, int *lenp, char **ep); static int parsenum(char **cpp); static void freesquash(void); static void syntaxerr(char *msg); +static struct flav_info *find_flavor(char *name); void setexportent(char *fname, char *type) @@ -226,6 +227,8 @@ void secinfo_show(FILE *fp, struct exportent *ep) ef = get_export_features(); + if (ep->e_secinfo[0].flav == NULL) + secinfo_addflavor(find_flavor("sys"), ep); for (p1=ep->e_secinfo; p1->flav; p1=p2) { fprintf(fp, ",sec=%s", p1->flav->flavour); @@ -663,8 +666,6 @@ bad_option: cp++; } - if (ep->e_secinfo[0].flav == NULL) - secinfo_addflavor(find_flavor("sys"), ep); fix_pseudoflavor_flags(ep); ep->e_squids = squids; ep->e_sqgids = sqgids; |