| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
It's caused by commit 4a1ad4aa30,
"mountd: Enable all auth flavors on pseudofs exports"
This patch removes duplicate secinfo and invalid secinfo (zero).
Acked-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the current mountd code it's possible to craft exports in such a
manner that clients will be unable to mount exports that they *should*
be able to mount.
Consider the following example:
/foo *(rw,insecure,no_root_squash,sec=krb5p)
/bar client.example.com(rw,insecure,no_root_squash)
Initially, client.example.com will be able to mount the /foo export
using sec=krb5p, but attempts to mount /bar using sec=sys will return
EPERM. Once the nfsd.export cache entry expires, client.example.com
will then be able to mount /bar using sec=sys but attempts to mount /foo
using sec=krb5p will return EPERM.
The reason this happens is because the initial nfsd.export cache entry
is actually pre-populated by nfsd_fh(), which is the handler for the
nfsd.fh cache, while later cache requests (once the initial entry
expires) are handled by nfsd_export(). These functions have slightly
different logic in how they select a v4root export from the cache --
nfsd_fh() takes last matching v4root export it finds, while
nfsd_export() (actually lookup_export()) takes the first. Either way
it's wrong because the client should be able to mount both exports.
Both rfc3503bis and rfc5661 say:
A common and convenient practice, unless strong security requirements
dictate otherwise, is to make the entire pseudo file system
accessible by all of the valid security mechanisms.
...so lets do that.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Clean up. set_pseudofs_security() and pseudofs_update() have no
call sites outside of v4root.c, and there are no header declarations
for either function. Define both as static.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
From: "J. Bruce Fields" <bfields@redhat.com>
If root squashing is turned off on a export that
has multiple directories, the parent directories
of the pseudo exports that's built, also needs to
have root squashing turned off.
Tested-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The loop in v4root_add_parents() is a little odd.
The first time through, 'ptr' points immediately "beyond"
a '/' character (the first). For every other iterration it points
directly "at" a '/' character.
Such inconsistency is error prone and infact there is an error.
If "path" is precisely "/", then the first call to
ptr = strchr(ptr, '/')
will be given a 'ptr' which is beyond the '\0' at the end of
"path". This could potentially contain anything and the strchr()
could search well beyond a buffer (though this depends on exactly how
the string is set up which depends on separate code).
So change the loop to have 'ptr' always point at a '/', and
handle the special case of "/" explicitly.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
e_ttl is set to the default in init_exportent().
However V4ROOT exports never see init_exportent() as they are created
with dupexportent from a template. So e_ttl does not get set and
export entries expire immediately.
This results in an upcall to mountd every time a V4ROOT directory
in accessed.
So set e_ttl in the template.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When "fsid=0" is not explicitly given in /etc/exports,
v4set_root creates a pseudo (NFSEXP_V4ROOT) export for '/'
with fsid 0 so that an NFSv4 client can find the root.
However if '/' is explicitly exported to the client, then that
explicit export must be used, and it will not have fsid=0.
So we must impose fsid=0 on all exports of '/'.
Without this, if '/' is exported to a client, that client will
not be able to mount '/' with NFSv4.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Valgrind reports that the memory allocated for eep's e_hostname field
was not being freed. eep is not visible outside of v4root_create(),
so we don't need to strdup() that string.
Introduced by commit 3b777b0 "exports: NFSv4 pseudoroot support
routines" (Dec 1, 2009).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
v4root.c:176:9: warning: variable 'ret' set but not used
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Move more of v4root_set into a helper function.
Also, check the return value from strdup. (We don't really handle the
error well yet--we'll end up giving negative replies to export upcalls
when we should be giving the kernel exports, resulting in spurious
-ENOENTs or -ESTALE's--but that's better than crashing with a NULL
dereference.)
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
|
| |
|
|
|
|
|
| |
We're adding new entries, but not deleting them, so we don't need to do
the usual double-counter trick here.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we're adding new exports as we traverse the export list, it's
possible we may find ourselves revisiting an export we just added. It's
harmless to reprocess those exports, as we're currently doing. But it's
also pointless.
(Actually, the current code appears to always add new export entries at
the head of each list, so we shouldn't hit this case. It still may be a
good idea to keep this check, though, as insulation against future
changes to that data structure.)
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
|
|
|
Create v4root exports for each directory that is a parent of an explicit
export. Give each the minimal security required to traverse to any of
its children.
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
|
